Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/HlWfsMFH6XQhLarigeGDGXqvXHM.roa
File: HlWfsMFH6XQhLarigeGDGXqvXHM.roa (raw, json)
Hash identifier: ZwpjdvQNt/ygduL3+tEfApAFihDZb+dhkdLfnWI0G4M=
Subject key identifier: 1E:55:9F:B0:C1:47:E9:74:21:2D:AA:E2:81:E1:83:19:7A:AF:5C:73
Certificate issuer: /CN=13d83b225dd33860c51dc44aa88db5f03dc15a74
Certificate serial: 0185715E55CC917303AB3951986B67BA8A4D
Authority key identifier: 13:D8:3B:22:5D:D3:38:60:C5:1D:C4:4A:A8:8D:B5:F0:3D:C1:5A:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/E9g7Il3TOGDFHcRKqI218D3BWnQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/HlWfsMFH6XQhLarigeGDGXqvXHM.roa
Signing time: Mon 02 Jan 2023 07:24:45 +0000
ROA not before: Mon 02 Jan 2023 07:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43858
IP address blocks: 185.11.160.0/22 maxlen: 22
185.80.176.0/22 maxlen: 22
91.198.199.0/24 maxlen: 24
146.255.168.0/21 maxlen: 21
2a03:39c0::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:5e:55:cc:91:73:03:ab:39:51:98:6b:67:ba:8a:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=13d83b225dd33860c51dc44aa88db5f03dc15a74
Validity
Not Before: Jan 2 07:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1e559fb0c147e974212daae281e183197aaf5c73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ee:f6:b8:5b:e5:1a:9b:a6:e7:3a:d1:5e:3a:
8a:fe:59:89:7c:ae:67:d9:c2:e2:a2:45:35:4a:52:
80:8c:f6:5a:e8:96:79:9f:62:c6:3e:1a:79:83:08:
cd:8c:4c:97:f8:f4:6f:7f:32:b2:77:f5:bb:45:30:
ce:2f:59:7a:cb:3a:8b:eb:69:df:0b:ab:d4:99:20:
15:bf:c1:f4:9a:84:ed:0c:e6:e2:75:1b:73:fc:92:
b9:48:01:c8:8c:88:98:a1:7f:98:fb:40:ad:e1:72:
22:31:3c:61:c5:c3:7a:ab:4c:0c:db:82:c0:82:88:
94:a5:1b:5c:1e:3d:ab:96:3a:7b:21:43:40:fb:db:
d0:63:91:71:21:d4:1a:4e:17:69:0b:73:fb:0d:cd:
0d:00:47:fe:3c:ea:9a:b3:0b:c2:e0:6f:64:fa:70:
ca:05:ef:df:ad:48:bf:d4:a7:41:94:f8:e0:ef:7f:
9b:5a:03:88:48:76:a1:1c:f6:65:ea:d0:0f:6b:74:
ab:c2:54:f1:a4:c9:17:95:52:46:45:0f:b9:cc:cc:
02:d0:64:be:8d:68:c6:87:52:a5:e5:b2:3f:ca:eb:
05:3e:c3:fe:0c:12:38:9e:9c:57:7f:bc:f9:79:19:
76:e3:59:41:9a:99:1c:19:a4:74:9c:a6:93:4b:07:
b8:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:55:9F:B0:C1:47:E9:74:21:2D:AA:E2:81:E1:83:19:7A:AF:5C:73
X509v3 Authority Key Identifier:
keyid:13:D8:3B:22:5D:D3:38:60:C5:1D:C4:4A:A8:8D:B5:F0:3D:C1:5A:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E9g7Il3TOGDFHcRKqI218D3BWnQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/HlWfsMFH6XQhLarigeGDGXqvXHM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/f2111a-3f47-4ff0-a51d-b251377add86/1/E9g7Il3TOGDFHcRKqI218D3BWnQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.199.0/24
146.255.168.0/21
185.11.160.0/22
185.80.176.0/22
IPv6:
2a03:39c0::/29
Signature Algorithm: sha256WithRSAEncryption
05:82:59:8f:99:17:28:9e:d6:32:fe:58:ec:46:09:bd:f7:c0:
b8:5e:d3:0c:30:6b:11:2f:b5:c1:8f:5d:0d:c0:31:9e:65:cd:
e1:ac:08:fc:d6:fb:4c:77:1a:a6:43:ce:2e:38:47:7c:1a:83:
4d:b7:b2:e9:ae:11:78:dc:09:8a:03:67:d9:ac:3b:e2:c3:dd:
30:f9:15:e8:c4:22:fd:8e:51:1a:4a:23:bc:6d:6b:17:60:14:
37:41:b4:38:8d:00:7e:a3:61:aa:7f:89:95:d2:82:6f:c4:ce:
a4:43:8d:32:d0:17:1e:58:9b:bf:82:cd:96:ba:5c:1c:1f:e5:
3c:1c:93:32:59:39:61:b6:d3:7d:e7:9c:30:0b:e4:4f:87:04:
29:ba:d1:f2:f5:e4:fa:38:08:3c:94:73:f9:b8:cd:81:a5:52:
ed:f6:23:03:8e:18:d5:b5:0d:9e:f7:99:4c:96:00:7d:f5:1c:
9f:80:7a:a8:12:b3:37:cd:70:23:05:c0:b3:bf:2f:42:85:9e:
97:1f:fe:9b:9f:29:c7:55:96:61:54:41:c3:b8:a4:3e:b0:68:
fe:e3:aa:14:76:e7:da:50:7b:dd:82:d4:c4:00:df:71:1b:94:
94:16:36:1b:31:0e:46:94:09:e4:eb:b8:2f:ab:ea:da:e3:df:
8b:eb:a5:b3
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVxXlXMkXMDqzlRmGtnuopNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZDgzYjIyNWRkMzM4NjBjNTFkYzQ0YWE4OGRiNWYwM2Rj
MTVhNzQwHhcNMjMwMTAyMDcyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTU1OWZiMGMxNDdlOTc0MjEyZGFhZTI4MWUxODMxOTdhYWY1YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAve72uFvlGpum5zrRXjqK/lmJfK5n
2cLiokU1SlKAjPZa6JZ5n2LGPhp5gwjNjEyX+PRvfzKyd/W7RTDOL1l6yzqL62nf
C6vUmSAVv8H0moTtDObidRtz/JK5SAHIjIiYoX+Y+0Ct4XIiMTxhxcN6q0wM24LA
goiUpRtcHj2rljp7IUNA+9vQY5FxIdQaThdpC3P7Dc0NAEf+POqaswvC4G9k+nDK
Be/frUi/1KdBlPjg73+bWgOISHahHPZl6tAPa3SrwlTxpMkXlVJGRQ+5zMwC0GS+
jWjGh1Kl5bI/yusFPsP+DBI4npxXf7z5eRl241lBmpkcGaR0nKaTSwe4LQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFB5Vn7DBR+l0IS2q4oHhgxl6r1xzMB8GA1UdIwQY
MBaAFBPYOyJd0zhgxR3ESqiNtfA9wVp0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTlnN0lsM1RPR0RGSGNSS3FJMjE4RDNCV25RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9mMjExMWEtM2Y0Ny00ZmYwLWE1MWQt
YjI1MTM3N2FkZDg2LzEvSGxXZnNNRkg2WFFoTGFyaWdlR0RHWHF2WEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9mMjExMWEtM2Y0Ny00ZmYwLWE1MWQtYjI1MTM3N2FkZDg2
LzEvRTlnN0lsM1RPR0RGSGNSS3FJMjE4RDNCV25RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW8bHAwQD
kv+oAwQCuQugAwQCuVCwMA0EAgACMAcDBQMqAznAMA0GCSqGSIb3DQEBCwUAA4IB
AQAFglmPmRcontYy/ljsRgm998C4XtMMMGsRL7XBj10NwDGeZc3hrAj81vtMdxqm
Q84uOEd8GoNNt7LprhF43AmKA2fZrDviw90w+RXoxCL9jlEaSiO8bWsXYBQ3QbQ4
jQB+o2Gqf4mV0oJvxM6kQ40y0BceWJu/gs2WulwcH+U8HJMyWTlhttN955wwC+RP
hwQputHy9eT6OAg8lHP5uM2BpVLt9iMDjhjVtQ2e95lMlgB99RyfgHqoErM3zXAj
BcCzvy9ChZ6XH/6bnynHVZZhVEHDuKQ+sGj+46oUdufaUHvdgtTEAN9xG5SUFjYb
MQ5GlAnk67gvq+ra49+L66Wz
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:51:06 2024 by rpki-client on console-fra.rpki-client.org