Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/z87va17UWy_Kl-0fIzwUlUvAeeo.roa
File: z87va17UWy_Kl-0fIzwUlUvAeeo.roa (raw, json)
Hash identifier: EwJIADBBDNpmYl37lPxIBzzeTqnVp41URGcG/lFuYNU=
Subject key identifier: CF:CE:EF:6B:5E:D4:5B:2F:CA:97:ED:1F:23:3C:14:95:4B:C0:79:EA
Certificate issuer: /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial: 01856C813B802E7CE2A0BBC060F85D196B38
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/z87va17UWy_Kl-0fIzwUlUvAeeo.roa
Signing time: Sun 01 Jan 2023 08:44:46 +0000
ROA not before: Sun 01 Jan 2023 08:44:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3333
IP address blocks: 193.0.0.0/21 maxlen: 21
193.0.10.0/23 maxlen: 23
193.0.12.0/23 maxlen: 23
193.0.20.0/23 maxlen: 23
193.0.18.0/23 maxlen: 23
193.0.22.0/23 maxlen: 23
2a13:27c0::/29 maxlen: 48
2a13:27c0:10::/44 maxlen: 44
2001:67c:2e8::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 02 Jan 2024 02:31:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:81:3b:80:2e:7c:e2:a0:bb:c0:60:f8:5d:19:6b:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Validity
Not Before: Jan 1 08:44:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cfceef6b5ed45b2fca97ed1f233c14954bc079ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:c8:e1:43:be:5c:19:27:9f:97:a8:4a:01:7b:
0d:cc:e7:53:8f:95:90:75:4c:6b:be:bd:47:6b:f0:
0a:33:a7:32:c3:05:b9:92:20:9a:55:e7:12:63:62:
ae:42:51:82:b4:c5:40:74:f1:72:bf:74:33:55:b8:
d3:69:4f:41:a9:66:8b:77:f2:02:88:ef:2e:9c:ad:
71:5d:43:4a:17:3a:27:01:27:8a:55:69:37:05:75:
d4:a1:b7:24:ca:6a:6b:88:e6:c9:35:3c:f6:bc:7f:
7c:79:3c:05:e2:e2:fd:af:c9:51:ae:37:31:ae:f6:
a9:5e:6c:41:28:ae:c9:73:6f:dc:13:bd:33:64:61:
02:95:83:90:10:ac:68:18:a0:23:7e:42:5d:ee:c6:
69:d4:d4:3d:62:93:5f:19:bf:79:bc:08:a4:34:05:
24:2c:2b:a8:f4:05:e3:0e:fa:f7:29:61:e7:67:66:
9e:02:47:55:83:fe:08:0d:54:8e:62:07:91:92:ee:
70:35:1e:89:1f:47:e0:a4:18:d9:53:30:18:b9:02:
9e:1e:ca:cc:6a:5d:a8:13:a3:65:11:d9:1e:70:9a:
94:2c:76:1a:19:23:13:f0:16:5f:dd:7f:dd:e7:7a:
ee:5a:00:c7:b6:69:66:f3:dd:c9:b7:17:5f:74:da:
10:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:CE:EF:6B:5E:D4:5B:2F:CA:97:ED:1F:23:3C:14:95:4B:C0:79:EA
X509v3 Authority Key Identifier:
keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/z87va17UWy_Kl-0fIzwUlUvAeeo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.0.0/21
193.0.10.0-193.0.13.255
193.0.18.0-193.0.23.255
IPv6:
2001:67c:2e8::/48
2a13:27c0::/29
Signature Algorithm: sha256WithRSAEncryption
2e:f3:7e:35:15:c4:b8:5a:5b:e3:45:ac:d5:2b:17:01:a4:69:
9e:e7:0e:14:09:65:25:a1:d8:7c:b1:62:e5:76:b0:19:7b:dd:
05:9a:24:33:62:21:9a:38:f1:8b:b7:76:f3:77:42:a0:4f:fa:
8c:bf:d4:82:b0:41:4d:f1:bc:89:0e:90:c5:fc:29:b7:28:82:
68:53:25:e4:2d:27:46:ff:c2:9e:51:5d:69:1d:62:8c:64:27:
b7:ff:08:e1:5a:bd:1c:be:81:08:ac:09:24:77:d4:7f:ff:1e:
c3:87:20:75:ed:6f:07:18:ae:a6:c8:74:dc:bc:41:fe:5a:f8:
87:f8:4d:6a:d0:f0:cf:5d:ef:e2:09:cc:bc:e6:b1:bd:fa:da:
2a:11:d2:c2:3a:3d:f5:80:f6:f0:3a:97:9d:da:20:90:9d:2d:
af:6f:be:74:e4:82:75:05:fb:3d:e5:b9:35:77:67:2d:30:04:
fc:c6:45:6e:bc:ad:12:aa:cd:b8:fc:96:a4:4c:ac:f4:67:cd:
7a:c8:b1:c5:3a:9c:7f:18:cf:74:db:79:50:b3:99:20:f2:94:
d1:7c:48:21:cf:9b:51:a9:a8:b7:b3:58:92:a4:e2:6a:3c:06:
8e:a4:74:81:cf:b3:75:0a:82:3e:f9:d1:8a:a1:17:e1:bb:4f:
08:73:37:9d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVsgTuALnzioLvAYPhdGWs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjMwMTAxMDg0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmNlZWY2YjVlZDQ1YjJmY2E5N2VkMWYyMzNjMTQ5NTRiYzA3OWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusjhQ75cGSefl6hKAXsNzOdTj5WQ
dUxrvr1Ha/AKM6cywwW5kiCaVecSY2KuQlGCtMVAdPFyv3QzVbjTaU9BqWaLd/IC
iO8unK1xXUNKFzonASeKVWk3BXXUobckympriObJNTz2vH98eTwF4uL9r8lRrjcx
rvapXmxBKK7Jc2/cE70zZGEClYOQEKxoGKAjfkJd7sZp1NQ9YpNfGb95vAikNAUk
LCuo9AXjDvr3KWHnZ2aeAkdVg/4IDVSOYgeRku5wNR6JH0fgpBjZUzAYuQKeHsrM
al2oE6NlEdkecJqULHYaGSMT8BZf3X/d53ruWgDHtmlm893JtxdfdNoQLwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFM/O72te1FsvypftHyM8FJVLwHnqMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvejg3dmExN1VXeV9LbC0wZkl6d1VsVXZBZWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAoBAIAATAiAwQDwQAAMAwD
BAHBAAoDBAHBAAwwDAMEAcEAEgMEA8EAEDAWBAIAAjAQAwcAIAEGfALoAwUDKhMn
wDANBgkqhkiG9w0BAQsFAAOCAQEALvN+NRXEuFpb40Ws1SsXAaRpnucOFAllJaHY
fLFi5XawGXvdBZokM2Ihmjjxi7d283dCoE/6jL/UgrBBTfG8iQ6QxfwptyiCaFMl
5C0nRv/CnlFdaR1ijGQnt/8I4Vq9HL6BCKwJJHfUf/8ew4cgde1vBxiupsh03LxB
/lr4h/hNatDwz13v4gnMvOaxvfraKhHSwjo99YD28DqXndogkJ0tr2++dOSCdQX7
PeW5NXdnLTAE/MZFbrytEqrNuPyWpEys9GfNesixxTqcfxjPdNt5ULOZIPKU0XxI
Ic+bUamot7NYkqTiajwGjqR0gc+zdQqCPvnRiqEX4btPCHM3nQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:59 2024 by rpki-client on console-ams.rpki-client.org