Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/iGWZKxmCQCt4-GTq0BA590BkO4A.roa
File: iGWZKxmCQCt4-GTq0BA590BkO4A.roa (raw, json)
Hash identifier: +f8JgzFO5hGlfK6fDvYaAwi7hXe840tU1cXtFTHSQJY=
Subject key identifier: 88:65:99:2B:19:82:40:2B:78:F8:64:EA:D0:10:39:F7:40:64:3B:80
Certificate issuer: /CN=09dcf1e897e598ec3f1ab60bd443328726dedae4
Certificate serial: 01856BD36CBB8B248093DA6DA87CEB52995C
Authority key identifier: 09:DC:F1:E8:97:E5:98:EC:3F:1A:B6:0B:D4:43:32:87:26:DE:DA:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cdzx6JflmOw_GrYL1EMyhybe2uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/iGWZKxmCQCt4-GTq0BA590BkO4A.roa
Signing time: Sun 01 Jan 2023 05:34:56 +0000
ROA not before: Sun 01 Jan 2023 05:34:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202914
IP address blocks: 141.98.12.0/24 maxlen: 24
141.98.12.0/22 maxlen: 22
141.98.13.0/24 maxlen: 24
141.98.14.0/23 maxlen: 24
185.121.172.0/22 maxlen: 22
185.121.172.0/23 maxlen: 24
185.121.174.0/24 maxlen: 24
185.121.174.0/23 maxlen: 23
185.121.175.0/24 maxlen: 24
185.150.196.0/22 maxlen: 24
91.210.56.0/22 maxlen: 24
2a0d:3e80::/29 maxlen: 64
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:d3:6c:bb:8b:24:80:93:da:6d:a8:7c:eb:52:99:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09dcf1e897e598ec3f1ab60bd443328726dedae4
Validity
Not Before: Jan 1 05:34:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8865992b1982402b78f864ead01039f740643b80
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:d8:2d:df:23:02:05:b0:40:57:cd:7b:32:dc:
f0:ed:b6:99:8c:1b:65:87:66:56:e9:43:bc:67:0a:
fd:e9:1e:07:79:1c:f8:38:bd:09:91:f2:4c:6a:e2:
fa:8c:e5:8c:51:b5:ef:c5:fb:23:ba:be:bf:a1:fe:
78:a4:76:3c:fb:b5:07:db:1d:d7:c3:e4:ed:8f:95:
9f:bf:69:d5:81:ef:a2:03:5b:44:97:07:f7:93:f3:
03:3b:4d:7f:3a:7a:2b:aa:49:e6:a7:48:a9:1f:d8:
05:a3:0a:31:97:d9:f7:10:7c:2b:2b:60:e3:7f:a4:
82:9e:3e:4e:a0:ab:18:24:01:e1:02:35:72:cf:41:
62:11:16:3b:66:7f:f6:be:78:81:13:b1:cb:47:9a:
b0:c8:cf:5c:d6:2d:2b:fb:1d:5e:bd:90:b9:13:bd:
8a:51:d3:3f:d1:fd:7f:04:c6:14:d9:d7:30:20:f0:
ec:03:b4:46:5c:fb:50:fb:7e:38:80:99:46:3e:06:
7a:57:71:3a:b9:eb:ec:dd:25:34:98:d4:58:87:71:
1d:13:48:43:5c:0c:7b:8c:be:9d:1f:26:55:01:21:
a0:0b:a9:ad:72:9a:a4:50:57:31:cb:d1:3a:51:5f:
c1:0d:03:4e:4a:aa:39:69:35:8d:9f:39:c4:74:38:
23:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:65:99:2B:19:82:40:2B:78:F8:64:EA:D0:10:39:F7:40:64:3B:80
X509v3 Authority Key Identifier:
keyid:09:DC:F1:E8:97:E5:98:EC:3F:1A:B6:0B:D4:43:32:87:26:DE:DA:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cdzx6JflmOw_GrYL1EMyhybe2uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/iGWZKxmCQCt4-GTq0BA590BkO4A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/9bc4cc-b646-4701-8975-623e199fdbe9/1/Cdzx6JflmOw_GrYL1EMyhybe2uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.56.0/22
141.98.12.0/22
185.121.172.0/22
185.150.196.0/22
IPv6:
2a0d:3e80::/29
Signature Algorithm: sha256WithRSAEncryption
27:bb:6e:c4:21:40:02:9f:0a:19:ca:5d:c0:85:f9:bc:06:43:
0a:4d:7f:6e:e2:71:c8:37:2e:dd:d6:57:82:d1:5c:11:e8:67:
b7:ed:2e:c2:56:bd:7b:2d:b0:39:dd:9e:34:6e:bb:97:48:f4:
f9:77:1d:cd:2e:38:23:b6:58:fd:7f:e1:8f:35:29:02:0c:c6:
e7:09:63:11:18:91:96:31:1c:6f:e1:aa:67:12:e2:88:b6:f5:
18:d4:b5:55:6e:cb:16:79:b9:2e:97:67:0c:b0:da:6a:7d:7b:
4d:3e:6e:f9:a5:66:0b:e0:c9:3c:7d:78:77:14:42:80:9e:47:
9f:80:a4:72:f5:b3:73:21:92:89:fd:2d:d0:b7:33:c9:5b:a8:
7a:dc:5b:0b:57:fb:28:81:0f:37:c5:9e:d9:70:45:5f:cd:16:
f8:ff:b9:da:a6:7b:01:1c:3c:0c:b1:57:25:4b:f1:47:cd:2c:
11:18:7c:d4:d6:16:4c:d8:fd:b0:19:45:e0:1f:9b:69:7a:91:
97:8d:b1:ba:6a:99:1f:28:8a:0c:77:a1:08:9e:5d:32:50:d8:
a2:d0:98:0d:9e:ed:78:2f:b7:7b:7f:e7:a5:df:57:3d:72:38:
8a:8f:17:54:5f:f3:69:83:51:43:ca:3c:c4:dc:e2:60:5a:a0:
02:c9:c5:ea
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVr02y7iySAk9ptqHzrUplcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZGNmMWU4OTdlNTk4ZWMzZjFhYjYwYmQ0NDMzMjg3MjZk
ZWRhZTQwHhcNMjMwMTAxMDUzNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODY1OTkyYjE5ODI0MDJiNzhmODY0ZWFkMDEwMzlmNzQwNjQzYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9gt3yMCBbBAV817Mtzw7baZjBtl
h2ZW6UO8Zwr96R4HeRz4OL0JkfJMauL6jOWMUbXvxfsjur6/of54pHY8+7UH2x3X
w+Ttj5Wfv2nVge+iA1tElwf3k/MDO01/Onorqknmp0ipH9gFowoxl9n3EHwrK2Dj
f6SCnj5OoKsYJAHhAjVyz0FiERY7Zn/2vniBE7HLR5qwyM9c1i0r+x1evZC5E72K
UdM/0f1/BMYU2dcwIPDsA7RGXPtQ+344gJlGPgZ6V3E6uevs3SU0mNRYh3EdE0hD
XAx7jL6dHyZVASGgC6mtcpqkUFcxy9E6UV/BDQNOSqo5aTWNnznEdDgj5wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFIhlmSsZgkArePhk6tAQOfdAZDuAMB8GA1UdIwQY
MBaAFAnc8eiX5ZjsPxq2C9RDMocm3trkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2R6eDZKZmxtT3dfR3JZTDFFTXloeWJlMnVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85YmM0Y2MtYjY0Ni00NzAxLTg5NzUt
NjIzZTE5OWZkYmU5LzEvaUdXWkt4bUNRQ3Q0LUdUcTBCQTU5MEJrTzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85YmM0Y2MtYjY0Ni00NzAxLTg5NzUtNjIzZTE5OWZkYmU5
LzEvQ2R6eDZKZmxtT3dfR3JZTDFFTXloeWJlMnVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCW9I4AwQC
jWIMAwQCuXmsAwQCuZbEMA0EAgACMAcDBQMqDT6AMA0GCSqGSIb3DQEBCwUAA4IB
AQAnu27EIUACnwoZyl3Ahfm8BkMKTX9u4nHINy7d1leC0VwR6Ge37S7CVr17LbA5
3Z40bruXSPT5dx3NLjgjtlj9f+GPNSkCDMbnCWMRGJGWMRxv4apnEuKItvUY1LVV
bssWebkul2cMsNpqfXtNPm75pWYL4Mk8fXh3FEKAnkefgKRy9bNzIZKJ/S3QtzPJ
W6h63FsLV/sogQ83xZ7ZcEVfzRb4/7napnsBHDwMsVclS/FHzSwRGHzU1hZM2P2w
GUXgH5tpepGXjbG6apkfKIoMd6EInl0yUNii0JgNnu14L7d7f+el31c9cjiKjxdU
X/Npg1FDyjzE3OJgWqACycXq
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:59 2023 by rpki-client on console-fra.rpki-client.org