Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/O76IblAF4FwPxkDGh-fzaXXWtzE.roa
File: O76IblAF4FwPxkDGh-fzaXXWtzE.roa (raw, json)
Hash identifier: DOKhFvePnrSNC5FK4ncZa+CZ19isaRTlF+mXsUiDpdI=
Subject key identifier: 3B:BE:88:6E:50:05:E0:5C:0F:C6:40:C6:87:E7:F3:69:75:D6:B7:31
Certificate issuer: /CN=d50cda48c35e54eb802575aaa408cce579927216
Certificate serial: 018C4A43680908014BCB92B2B04135ABB5A8
Authority key identifier: D5:0C:DA:48:C3:5E:54:EB:80:25:75:AA:A4:08:CC:E5:79:92:72:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1QzaSMNeVOuAJXWqpAjM5XmSchY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/O76IblAF4FwPxkDGh-fzaXXWtzE.roa
Signing time: Fri 08 Dec 2023 16:29:40 +0000
ROA not before: Fri 08 Dec 2023 16:29:40 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48932
IP address blocks: 217.12.226.0/24 maxlen: 24
217.12.224.0/24 maxlen: 24
217.12.225.0/24 maxlen: 24
217.12.227.0/24 maxlen: 24
217.12.234.0/24 maxlen: 24
217.12.234.0/23 maxlen: 23
217.12.235.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:4a:43:68:09:08:01:4b:cb:92:b2:b0:41:35:ab:b5:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d50cda48c35e54eb802575aaa408cce579927216
Validity
Not Before: Dec 8 16:29:40 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3bbe886e5005e05c0fc640c687e7f36975d6b731
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:06:97:8f:6a:8c:ac:4e:87:51:6f:90:87:4d:
10:e9:de:44:d8:37:fb:81:8e:53:34:63:2e:8f:12:
9c:e5:2d:88:69:b3:0c:01:70:c7:be:23:cb:16:64:
2e:d0:37:fd:da:97:0c:c4:be:79:12:dd:c1:83:04:
ad:ae:bc:41:33:71:c4:d6:a0:ef:74:6f:d8:62:fa:
83:b9:a9:61:58:b0:91:7e:5d:23:dc:51:e1:c0:21:
dc:4c:19:01:14:3a:12:62:cb:31:9b:47:c6:5c:ac:
81:4f:97:6d:88:4c:b5:62:1c:41:ed:3a:20:0c:b0:
3e:39:c8:91:c6:68:61:d4:7d:d6:d1:ed:59:c9:2f:
e9:13:20:52:4d:af:be:6f:af:12:86:a4:fd:5b:a3:
42:8f:ed:8b:0c:02:96:67:5d:6e:3c:f9:ff:82:e4:
39:2f:1a:bd:3d:28:44:b2:3c:ef:04:63:d8:79:a1:
8a:73:1c:2d:86:ce:5d:ef:6b:68:5b:3a:85:b0:b7:
d3:aa:c7:6d:f2:e6:9f:9d:ce:08:5c:1a:39:c6:8a:
66:82:aa:c9:bc:4a:7b:39:5a:38:08:98:4d:c4:d3:
35:c4:e1:4d:b1:75:26:1c:3f:2a:38:15:78:99:a9:
17:1f:b3:6a:bb:62:85:8b:07:0f:5e:4a:34:5a:68:
fd:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:BE:88:6E:50:05:E0:5C:0F:C6:40:C6:87:E7:F3:69:75:D6:B7:31
X509v3 Authority Key Identifier:
keyid:D5:0C:DA:48:C3:5E:54:EB:80:25:75:AA:A4:08:CC:E5:79:92:72:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QzaSMNeVOuAJXWqpAjM5XmSchY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/O76IblAF4FwPxkDGh-fzaXXWtzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/3587eb-ebd4-40ab-a19b-22920565cda4/1/1QzaSMNeVOuAJXWqpAjM5XmSchY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.12.224.0/22
217.12.234.0/23
Signature Algorithm: sha256WithRSAEncryption
6f:be:92:de:e5:66:6a:dc:e1:7b:24:f2:0d:68:75:ad:7a:ce:
ed:c2:7c:b8:1f:83:3d:cf:bf:3a:67:b8:fb:c8:c3:a8:fa:8f:
86:8f:51:e4:21:08:2e:1f:0a:95:73:da:53:47:c2:77:a0:93:
83:6d:40:e1:c9:3e:87:95:43:70:18:89:a5:3d:f2:2a:fa:54:
df:b9:69:5b:ac:1d:c6:d1:60:f4:ca:fd:75:25:57:53:82:d0:
09:14:0f:a8:11:8a:b8:19:5c:85:d1:c5:3a:07:05:bc:33:95:
7a:0c:70:0d:18:f1:b5:1d:0e:20:3b:1f:24:71:7a:73:ea:a9:
48:7d:ad:a1:68:67:0f:f5:1b:14:fd:dc:46:a3:c5:0f:15:4d:
b5:5b:74:96:10:5d:1c:53:4f:ce:00:ae:64:61:2c:1b:49:95:
d7:0e:50:30:a1:75:53:4f:b1:ce:45:ae:22:f4:3c:97:79:af:
fa:33:af:5b:3f:7b:a6:7a:61:5f:27:0c:f4:03:30:7b:14:9f:
47:4b:7a:e0:0b:0a:e1:e9:a2:cd:4a:ac:94:a3:73:68:2f:e0:
30:da:7d:2e:c9:75:88:36:54:ad:fe:f3:ab:12:24:d3:a4:94:
5b:fe:89:e7:a7:c0:5f:a9:6f:0f:a0:5a:02:62:c5:b9:1d:14:
0b:84:07:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYxKQ2gJCAFLy5KysEE1q7WoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MGNkYTQ4YzM1ZTU0ZWI4MDI1NzVhYWE0MDhjY2U1Nzk5
MjcyMTYwHhcNMjMxMjA4MTYyOTQwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmJlODg2ZTUwMDVlMDVjMGZjNjQwYzY4N2U3ZjM2OTc1ZDZiNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAaXj2qMrE6HUW+Qh00Q6d5E2Df7
gY5TNGMujxKc5S2IabMMAXDHviPLFmQu0Df92pcMxL55Et3BgwStrrxBM3HE1qDv
dG/YYvqDualhWLCRfl0j3FHhwCHcTBkBFDoSYssxm0fGXKyBT5dtiEy1YhxB7Tog
DLA+OciRxmhh1H3W0e1ZyS/pEyBSTa++b68ShqT9W6NCj+2LDAKWZ11uPPn/guQ5
Lxq9PShEsjzvBGPYeaGKcxwths5d72toWzqFsLfTqsdt8uafnc4IXBo5xopmgqrJ
vEp7OVo4CJhNxNM1xOFNsXUmHD8qOBV4makXH7Nqu2KFiwcPXko0Wmj9HwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDu+iG5QBeBcD8ZAxofn82l11rcxMB8GA1UdIwQY
MBaAFNUM2kjDXlTrgCV1qqQIzOV5knIWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVF6YVNNTmVWT3VBSlhXcXBBak01WG1TY2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zNTg3ZWItZWJkNC00MGFiLWExOWIt
MjI5MjA1NjVjZGE0LzEvTzc2SWJsQUY0RndQeGtER2gtZnphWFhXdHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zNTg3ZWItZWJkNC00MGFiLWExOWItMjI5MjA1NjVjZGE0
LzEvMVF6YVNNTmVWT3VBSlhXcXBBak01WG1TY2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQC2QzgAwQB
2QzqMA0GCSqGSIb3DQEBCwUAA4IBAQBvvpLe5WZq3OF7JPINaHWtes7twny4H4M9
z786Z7j7yMOo+o+Gj1HkIQguHwqVc9pTR8J3oJODbUDhyT6HlUNwGImlPfIq+lTf
uWlbrB3G0WD0yv11JVdTgtAJFA+oEYq4GVyF0cU6BwW8M5V6DHANGPG1HQ4gOx8k
cXpz6qlIfa2haGcP9RsU/dxGo8UPFU21W3SWEF0cU0/OAK5kYSwbSZXXDlAwoXVT
T7HORa4i9DyXea/6M69bP3umemFfJwz0AzB7FJ9HS3rgCwrh6aLNSqyUo3NoL+Aw
2n0uyXWINlSt/vOrEiTTpJRb/onnp8BfqW8PoFoCYsW5HRQLhAdS
-----END CERTIFICATE-----
Generated at Mon Jan 1 06:31:16 2024 by rpki-client on console-fra.rpki-client.org