Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/OFQXA-sv0lMcyg29RkkZs8iWr64.roa
File: OFQXA-sv0lMcyg29RkkZs8iWr64.roa (raw, json)
Hash identifier: vQ0fXVhYl4RaL4K4nlMDpuM0W6okM8Yxlhi+eSHCHQ8=
Subject key identifier: 38:54:17:03:EB:2F:D2:53:1C:CA:0D:BD:46:49:19:B3:C8:96:AF:AE
Certificate issuer: /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial: 0188303D767618219B8EEF50D561805DE911
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/OFQXA-sv0lMcyg29RkkZs8iWr64.roa
Signing time: Thu 18 May 2023 19:01:54 +0000
ROA not before: Thu 18 May 2023 19:01:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202656
IP address blocks: 45.137.55.0/24 maxlen: 24
45.137.53.0/24 maxlen: 24
45.137.52.0/24 maxlen: 24
45.140.171.0/24 maxlen: 24
45.137.191.0/24 maxlen: 24
85.202.166.0/24 maxlen: 24
85.202.167.0/24 maxlen: 24
45.139.28.0/24 maxlen: 24
45.139.31.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 25 May 2023 18:31:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:30:3d:76:76:18:21:9b:8e:ef:50:d5:61:80:5d:e9:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Validity
Not Before: May 18 19:01:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=38541703eb2fd2531cca0dbd464919b3c896afae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:53:cd:5f:d9:7e:33:f0:91:7f:5d:f7:88:3d:
04:d2:41:89:bb:6d:56:57:81:5e:e3:30:2d:35:92:
f7:24:2c:b5:18:01:1d:f3:9f:5f:bf:43:71:59:b2:
f1:0f:e4:0d:a7:e0:d2:fd:0d:ad:7a:2d:0c:19:0a:
a4:ea:f5:62:a8:69:af:ca:dd:ea:16:9b:17:0f:98:
d8:93:13:70:53:08:31:5e:f8:70:21:92:e9:bb:e1:
ca:d5:ac:09:0b:01:43:36:80:9e:be:49:60:b6:ed:
77:64:a7:1e:2e:3d:a2:7e:cf:b8:2d:52:7a:d6:b2:
6b:b6:5c:6e:0b:8b:40:e8:9a:8a:a1:d5:8d:02:f6:
67:7a:1f:42:f8:11:73:29:81:08:93:d7:75:be:d0:
65:4a:55:46:94:3a:eb:95:f2:3f:c0:17:f4:b9:cd:
a5:5a:e8:56:af:5b:71:b7:28:09:f3:02:2f:8f:1f:
70:64:5f:e6:1a:61:d2:2f:e0:c3:98:0a:4d:ac:a2:
f7:98:21:5b:d4:dd:1f:86:bf:d2:4f:4b:2c:03:fa:
00:10:ff:27:75:96:67:5a:fc:fc:1a:c3:a2:40:02:
42:40:3b:dc:1a:5a:9b:45:49:09:02:17:2e:63:28:
b2:e8:86:95:6c:e7:08:b3:0a:18:78:ca:be:2a:32:
d7:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:54:17:03:EB:2F:D2:53:1C:CA:0D:BD:46:49:19:B3:C8:96:AF:AE
X509v3 Authority Key Identifier:
keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/OFQXA-sv0lMcyg29RkkZs8iWr64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.52.0/23
45.137.55.0/24
45.137.191.0/24
45.139.28.0/24
45.139.31.0/24
45.140.171.0/24
85.202.166.0/23
Signature Algorithm: sha256WithRSAEncryption
28:29:13:9a:bb:10:0a:65:47:fe:55:bf:a1:ee:e5:82:a7:41:
19:21:24:4b:11:64:d5:b6:20:41:23:6a:17:0f:75:df:0f:a0:
47:02:42:2e:3e:2b:76:35:c4:4b:4d:04:66:44:da:e4:ad:48:
ae:d4:c1:2b:ae:68:82:ce:ad:6e:a5:90:86:8d:19:7b:1a:ab:
17:5e:10:cb:28:5d:e6:1c:32:db:08:8e:cd:f4:50:70:c9:b4:
8a:aa:26:a5:66:99:d8:f7:e2:c1:9c:62:43:33:40:17:68:39:
e8:9a:a8:c6:fc:9f:aa:a6:4e:5e:47:cb:33:85:f8:5e:a4:8a:
a2:bc:72:2e:8d:81:58:ef:ad:32:d8:dc:cd:01:83:c2:47:04:
cf:57:73:8f:7a:64:87:bb:a6:db:79:55:51:57:53:6f:19:d7:
f1:12:ff:05:db:e0:5b:73:9b:df:be:90:04:7f:62:90:23:c6:
d9:04:e9:ca:b1:b1:f8:1e:e9:c9:34:ac:02:8d:0d:98:e9:00:
9b:70:ae:f2:7b:9a:0e:f7:51:8a:2c:e6:95:29:ed:1f:82:ea:
47:41:2a:0d:4d:24:08:7a:76:f9:68:2e:bd:e7:ca:42:e9:32:
48:31:aa:2a:4b:5c:ad:72:58:db:46:bb:aa:00:87:66:41:f7:
7c:39:b5:f4
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYgwPXZ2GCGbju9Q1WGAXekRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjMwNTE4MTkwMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU0MTcwM2ViMmZkMjUzMWNjYTBkYmQ0NjQ5MTliM2M4OTZhZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFPNX9l+M/CRf133iD0E0kGJu21W
V4Fe4zAtNZL3JCy1GAEd859fv0NxWbLxD+QNp+DS/Q2tei0MGQqk6vViqGmvyt3q
FpsXD5jYkxNwUwgxXvhwIZLpu+HK1awJCwFDNoCevklgtu13ZKceLj2ifs+4LVJ6
1rJrtlxuC4tA6JqKodWNAvZneh9C+BFzKYEIk9d1vtBlSlVGlDrrlfI/wBf0uc2l
WuhWr1txtygJ8wIvjx9wZF/mGmHSL+DDmApNrKL3mCFb1N0fhr/ST0ssA/oAEP8n
dZZnWvz8GsOiQAJCQDvcGlqbRUkJAhcuYyiy6IaVbOcIswoYeMq+KjLXFwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDhUFwPrL9JTHMoNvUZJGbPIlq+uMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvT0ZRWEEtc3YwbE1jeWcyOVJra1pzOGlXcjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBLYk0AwQA
LYk3AwQALYm/AwQALYscAwQALYsfAwQALYyrAwQBVcqmMA0GCSqGSIb3DQEBCwUA
A4IBAQAoKROauxAKZUf+Vb+h7uWCp0EZISRLEWTVtiBBI2oXD3XfD6BHAkIuPit2
NcRLTQRmRNrkrUiu1MErrmiCzq1upZCGjRl7GqsXXhDLKF3mHDLbCI7N9FBwybSK
qialZpnY9+LBnGJDM0AXaDnomqjG/J+qpk5eR8szhfhepIqivHIujYFY760y2NzN
AYPCRwTPV3OPemSHu6bbeVVRV1NvGdfxEv8F2+Bbc5vfvpAEf2KQI8bZBOnKsbH4
HunJNKwCjQ2Y6QCbcK7ye5oO91GKLOaVKe0fgupHQSoNTSQIenb5aC6958pC6TJI
MaoqS1ytcljbRruqAIdmQfd8ObX0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:04 2024 by rpki-client on console-ams.rpki-client.org