Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_ahGfrwzbqwK5yRb1DXf_UAsaIQ.roa
File: _ahGfrwzbqwK5yRb1DXf_UAsaIQ.roa (raw, json)
Hash identifier: M40p1hBrP4Gr3Go4LfB3yuijY5mDqa7JvJmXqeNR2dg=
Subject key identifier: FD:A8:46:7E:BC:33:6E:AC:0A:E7:24:5B:D4:35:DF:FD:40:2C:68:84
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 01856CC1776319C9E4FC548E91FEB830D7E1
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_ahGfrwzbqwK5yRb1DXf_UAsaIQ.roa
Signing time: Sun 01 Jan 2023 09:54:56 +0000
ROA not before: Sun 01 Jan 2023 09:54:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12222
IP address blocks: 80.67.64.0/24 maxlen: 24
80.67.65.0/24 maxlen: 24
80.67.70.0/24 maxlen: 24
88.221.208.0/24 maxlen: 24
80.67.73.0/24 maxlen: 24
88.221.209.0/24 maxlen: 24
2.22.60.0/24 maxlen: 24
2.16.37.0/24 maxlen: 24
2.16.36.0/24 maxlen: 24
2.22.226.0/24 maxlen: 24
2.22.227.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:c1:77:63:19:c9:e4:fc:54:8e:91:fe:b8:30:d7:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Jan 1 09:54:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fda8467ebc336eac0ae7245bd435dffd402c6884
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:cb:c4:64:09:7f:86:e7:bf:3b:89:57:23:ac:
ce:dc:9e:25:28:6c:59:61:d3:c8:ad:e1:1b:d4:45:
a7:ba:1a:e2:43:7f:b2:9f:3c:9b:4c:e6:4a:64:d3:
6b:3f:66:88:1c:d7:23:ca:8f:78:bf:ff:f7:48:89:
5f:10:a9:7f:93:0b:05:65:e0:c8:7a:17:b9:07:2e:
e4:94:d7:e6:1a:35:57:31:a4:1d:05:1c:ff:73:35:
fc:00:17:76:0c:a6:40:92:df:e9:07:c2:37:37:b6:
f1:9b:df:7e:fd:9f:a3:66:a8:ca:5f:6f:4b:c5:27:
9b:2e:de:2e:73:00:11:fc:3f:d3:e0:71:0a:e7:f5:
36:1a:d6:dd:6e:4d:90:22:58:1b:ec:0b:9b:7d:2e:
9d:73:76:dc:b1:50:ac:9f:56:43:4d:08:9e:a3:41:
a2:21:8a:1b:ff:43:aa:da:5c:68:b8:c4:52:8d:ee:
c7:ee:3d:4a:60:3e:91:0e:03:e8:28:19:9c:22:ae:
1d:ea:94:54:1e:d2:29:dd:c0:00:e4:a0:f8:ce:36:
23:29:fd:a9:27:d6:cf:b6:63:0b:76:20:12:bb:54:
66:e9:36:24:48:e4:59:ca:a4:a0:f5:cf:24:41:62:
fb:05:dd:4a:c8:0b:06:f1:96:7b:57:fa:fd:b3:6e:
97:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:A8:46:7E:BC:33:6E:AC:0A:E7:24:5B:D4:35:DF:FD:40:2C:68:84
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/_ahGfrwzbqwK5yRb1DXf_UAsaIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.16.36.0/23
2.22.60.0/24
2.22.226.0/23
80.67.64.0/23
80.67.70.0/24
80.67.73.0/24
88.221.208.0/23
Signature Algorithm: sha256WithRSAEncryption
4e:a6:a2:07:ae:a3:5d:c3:31:ef:b8:0b:ab:18:f8:ea:91:c0:
67:6f:70:43:93:2d:34:f0:26:0c:f3:f6:f3:e5:63:f7:0b:58:
43:eb:f0:84:fd:f7:e3:66:cc:fe:2f:91:bb:30:68:06:1e:15:
d5:20:44:bf:e2:90:8c:21:d0:e8:07:44:76:b5:95:55:6b:01:
c7:7f:cc:b5:1d:37:8b:44:f4:e0:bb:c9:af:65:15:5f:33:e2:
eb:f1:7a:c1:09:a7:44:57:74:8f:88:36:21:2b:9a:9a:52:64:
b7:43:cb:01:99:35:c0:11:8e:3d:fa:d6:d3:0b:d4:ab:06:63:
ae:67:39:25:ed:09:b6:ab:ac:5a:b3:4a:6b:44:03:f7:f9:78:
1e:6a:29:a7:4b:74:c3:f4:f6:60:c8:1c:dd:f4:2c:cd:3a:96:
30:84:52:e4:67:f1:55:d6:11:20:55:bf:4a:20:b9:e1:c2:4c:
81:64:dc:83:31:b4:4a:30:a6:dd:de:2b:a4:db:04:80:cb:15:
64:37:4d:f3:c6:9a:6f:e5:81:04:bc:ed:46:68:4d:c4:5f:d4:
fd:a1:c7:f5:b1:d8:73:a7:3b:49:61:6a:19:c3:bd:27:a5:86:
65:54:1d:ec:f5:13:8f:18:71:a3:af:b4:01:d1:45:e1:1d:ea:
50:8e:b5:e0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVswXdjGcnk/FSOkf64MNfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjMwMTAxMDk1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGE4NDY3ZWJjMzM2ZWFjMGFlNzI0NWJkNDM1ZGZmZDQwMmM2ODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8vEZAl/hue/O4lXI6zO3J4lKGxZ
YdPIreEb1EWnuhriQ3+ynzybTOZKZNNrP2aIHNcjyo94v//3SIlfEKl/kwsFZeDI
ehe5By7klNfmGjVXMaQdBRz/czX8ABd2DKZAkt/pB8I3N7bxm99+/Z+jZqjKX29L
xSebLt4ucwAR/D/T4HEK5/U2Gtbdbk2QIlgb7AubfS6dc3bcsVCsn1ZDTQieo0Gi
IYob/0Oq2lxouMRSje7H7j1KYD6RDgPoKBmcIq4d6pRUHtIp3cAA5KD4zjYjKf2p
J9bPtmMLdiASu1Rm6TYkSORZyqSg9c8kQWL7Bd1KyAsG8ZZ7V/r9s26XRQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFP2oRn68M26sCuckW9Q13/1ALGiEMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvX2FoR2Zyd3picXdLNXlSYjFEWGZfVUFzYUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBAhAkAwQA
AhY8AwQBAhbiAwQBUENAAwQAUENGAwQAUENJAwQBWN3QMA0GCSqGSIb3DQEBCwUA
A4IBAQBOpqIHrqNdwzHvuAurGPjqkcBnb3BDky008CYM8/bz5WP3C1hD6/CE/ffj
Zsz+L5G7MGgGHhXVIES/4pCMIdDoB0R2tZVVawHHf8y1HTeLRPTgu8mvZRVfM+Lr
8XrBCadEV3SPiDYhK5qaUmS3Q8sBmTXAEY49+tbTC9SrBmOuZzkl7Qm2q6xas0pr
RAP3+XgeaimnS3TD9PZgyBzd9CzNOpYwhFLkZ/FV1hEgVb9KILnhwkyBZNyDMbRK
MKbd3iuk2wSAyxVkN03zxppv5YEEvO1GaE3EX9T9ocf1sdhzpztJYWoZw70npYZl
VB3s9ROPGHGjr7QB0UXhHepQjrXg
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:40:22 2024 by rpki-client on console-ams.rpki-client.org