Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/iJzfdXO_pUE__r0uKSrNbFVPK7E.roa
File: iJzfdXO_pUE__r0uKSrNbFVPK7E.roa (raw, json)
Hash identifier: oozF0eimqRjYqGVqVJMRCOjuRPMzKJ+MyWncfVJ/4Ag=
Subject key identifier: 88:9C:DF:75:73:BF:A5:41:3F:FE:BD:2E:29:2A:CD:6C:55:4F:2B:B1
Certificate issuer: /CN=dd97c7ca05bcc3d6a2ad1ba235bed8feab694550
Certificate serial: 018BA4E99F369BB37DA99455B1838D1183F6
Authority key identifier: DD:97:C7:CA:05:BC:C3:D6:A2:AD:1B:A2:35:BE:D8:FE:AB:69:45:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/iJzfdXO_pUE__r0uKSrNbFVPK7E.roa
Signing time: Mon 06 Nov 2023 13:54:15 +0000
ROA not before: Mon 06 Nov 2023 13:54:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211057
IP address blocks: 185.21.120.0/24 maxlen: 24
185.21.121.0/24 maxlen: 24
185.21.122.0/24 maxlen: 24
185.21.123.0/24 maxlen: 24
46.253.88.0/23 maxlen: 23
46.253.88.0/24 maxlen: 24
46.253.89.0/24 maxlen: 24
185.71.141.0/24 maxlen: 24
185.71.140.0/24 maxlen: 24
185.71.140.0/25 maxlen: 25
185.71.140.128/25 maxlen: 25
185.71.141.0/25 maxlen: 25
185.71.141.128/25 maxlen: 25
185.71.140.0/23 maxlen: 23
185.71.140.0/22 maxlen: 22
185.71.142.0/25 maxlen: 25
185.71.142.0/24 maxlen: 24
185.71.142.128/25 maxlen: 25
185.71.143.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:a4:e9:9f:36:9b:b3:7d:a9:94:55:b1:83:8d:11:83:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd97c7ca05bcc3d6a2ad1ba235bed8feab694550
Validity
Not Before: Nov 6 13:54:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=889cdf7573bfa5413ffebd2e292acd6c554f2bb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:12:51:f8:72:fc:1d:9e:88:40:99:2e:7f:c8:
87:1b:9d:be:04:78:99:c8:fc:2f:72:8b:e8:92:a0:
74:c5:92:3d:49:6a:1b:f2:73:f9:42:05:8e:23:49:
63:ad:22:0b:66:6e:00:41:f9:00:b8:29:dd:d7:53:
b4:7c:70:0a:9a:cf:a5:88:01:7a:9f:59:ab:0d:24:
7f:1c:13:58:89:93:ad:a2:e9:25:65:15:d1:15:46:
f4:bc:97:49:d7:ef:f1:f8:c2:81:65:27:01:27:c1:
c7:60:b5:b7:f7:4e:3b:43:f1:87:f6:f9:63:17:9a:
42:37:c6:c5:02:36:34:3e:6a:02:9b:91:f6:9a:f4:
6b:d4:e3:80:1a:43:60:ec:5d:42:21:15:58:9e:cd:
cc:1d:31:df:45:51:7e:9b:8c:5f:a7:1d:4f:3f:2e:
80:07:52:8a:3e:a9:59:06:27:73:03:4e:b5:86:52:
ba:b8:a7:71:57:58:d2:3b:61:38:be:6a:27:a6:9a:
28:2c:9c:50:00:2d:31:e4:97:e3:80:7c:9d:b8:d0:
3d:45:a3:de:5d:48:34:d7:c7:c6:01:0e:8b:62:92:
1f:62:0f:be:e0:1b:6e:33:e9:65:71:ab:70:3c:3a:
20:42:36:ac:6c:05:0f:a2:26:1c:8b:2b:f1:b7:a5:
d9:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:9C:DF:75:73:BF:A5:41:3F:FE:BD:2E:29:2A:CD:6C:55:4F:2B:B1
X509v3 Authority Key Identifier:
keyid:DD:97:C7:CA:05:BC:C3:D6:A2:AD:1B:A2:35:BE:D8:FE:AB:69:45:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/iJzfdXO_pUE__r0uKSrNbFVPK7E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.253.88.0/23
185.21.120.0/22
185.71.140.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:ff:8d:6d:f4:18:29:bf:8e:a2:b8:9a:f6:7a:6e:9a:0f:a3:
1d:9d:d5:63:75:c9:e9:24:6e:01:17:e1:cd:2f:04:84:35:be:
10:ce:e7:d9:42:fb:72:43:49:41:45:f1:1f:01:4b:4d:ca:ba:
a8:e1:d3:5d:c2:82:8a:1d:c2:ed:a8:b0:2e:fe:33:47:14:28:
98:86:2a:28:ac:36:d3:2a:52:e3:c7:d0:eb:44:46:64:92:58:
95:ef:c3:15:44:c6:c3:ae:bf:ab:62:a2:2e:35:cc:bf:f1:7b:
c9:65:3b:1e:fd:d5:7d:68:23:6c:64:35:5a:96:99:f0:f1:8d:
0a:25:d4:af:5c:20:6d:0f:0c:68:13:5c:0f:22:a6:09:10:1b:
86:97:1f:5f:b3:e4:b4:04:2d:1b:d1:c1:d1:17:f5:8e:40:a5:
39:fc:a0:76:8e:9a:3e:c1:bb:fe:ee:fc:e1:46:62:27:37:d1:
26:b2:a1:9f:b9:86:1a:c4:0c:3d:f0:77:3c:20:3f:ed:6c:a9:
ed:7e:f6:53:2b:4d:21:57:ac:9d:41:3f:6d:ab:81:44:5a:2b:
1e:2a:34:4e:a6:c3:6c:7b:68:9e:ea:dc:a3:03:42:ef:93:5a:
97:48:4e:e4:f4:2e:15:69:29:2e:2b:92:65:bc:e1:11:1d:2e:
68:c8:12:d8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYuk6Z82m7N9qZRVsYONEYP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOTdjN2NhMDViY2MzZDZhMmFkMWJhMjM1YmVkOGZlYWI2
OTQ1NTAwHhcNMjMxMTA2MTM1NDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODljZGY3NTczYmZhNTQxM2ZmZWJkMmUyOTJhY2Q2YzU1NGYyYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBJR+HL8HZ6IQJkuf8iHG52+BHiZ
yPwvcovokqB0xZI9SWob8nP5QgWOI0ljrSILZm4AQfkAuCnd11O0fHAKms+liAF6
n1mrDSR/HBNYiZOtouklZRXRFUb0vJdJ1+/x+MKBZScBJ8HHYLW39047Q/GH9vlj
F5pCN8bFAjY0PmoCm5H2mvRr1OOAGkNg7F1CIRVYns3MHTHfRVF+m4xfpx1PPy6A
B1KKPqlZBidzA061hlK6uKdxV1jSO2E4vmonppooLJxQAC0x5JfjgHyduNA9RaPe
XUg018fGAQ6LYpIfYg++4BtuM+llcatwPDogQjasbAUPoiYciyvxt6XZWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIic33Vzv6VBP/69LikqzWxVTyuxMB8GA1UdIwQY
MBaAFN2Xx8oFvMPWoq0bojW+2P6raUVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1pmSHlnVzh3OWFpclJ1aU5iN1lfcXRwUlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9lMzJhOWEtODNlMC00ZmI5LWFjNzEt
NGQ0YjE2MTQ0ZDY4LzEvaUp6ZmRYT19wVUVfX3IwdUtTck5iRlZQSzdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9lMzJhOWEtODNlMC00ZmI5LWFjNzEtNGQ0YjE2MTQ0ZDY4
LzEvM1pmSHlnVzh3OWFpclJ1aU5iN1lfcXRwUlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLv1YAwQC
uRV4AwQCuUeMMA0GCSqGSIb3DQEBCwUAA4IBAQCa/41t9Bgpv46iuJr2em6aD6Md
ndVjdcnpJG4BF+HNLwSENb4QzufZQvtyQ0lBRfEfAUtNyrqo4dNdwoKKHcLtqLAu
/jNHFCiYhioorDbTKlLjx9DrREZkkliV78MVRMbDrr+rYqIuNcy/8XvJZTse/dV9
aCNsZDValpnw8Y0KJdSvXCBtDwxoE1wPIqYJEBuGlx9fs+S0BC0b0cHRF/WOQKU5
/KB2jpo+wbv+7vzhRmInN9EmsqGfuYYaxAw98Hc8ID/tbKntfvZTK00hV6ydQT9t
q4FEWiseKjROpsNse2ie6tyjA0Lvk1qXSE7k9C4VaSkuK5JlvOERHS5oyBLY
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:35:11 2024 by rpki-client on console-ams.rpki-client.org