Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/oqCVkXZpUXBPKPZPFi0UXvFJBrs.roa
File: oqCVkXZpUXBPKPZPFi0UXvFJBrs.roa (raw, json)
Hash identifier: FckrKnojPoroGTU1+XQapQf+aCLXLHDMkjikAkd8y5M=
Subject key identifier: A2:A0:95:91:76:69:51:70:4F:28:F6:4F:16:2D:14:5E:F1:49:06:BB
Certificate issuer: /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial: 018ACBD647E69E05A7E2764FC5746167B6F6
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/oqCVkXZpUXBPKPZPFi0UXvFJBrs.roa
Signing time: Mon 25 Sep 2023 10:15:32 +0000
ROA not before: Mon 25 Sep 2023 10:15:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209709
IP address blocks: 195.69.78.0/24 maxlen: 24
195.69.77.0/24 maxlen: 24
202.170.196.0/22 maxlen: 23
185.170.108.0/22 maxlen: 22
115.124.32.0/22 maxlen: 23
103.243.204.0/22 maxlen: 23
91.247.40.0/21 maxlen: 21
91.247.48.0/22 maxlen: 22
5.182.12.0/22 maxlen: 22
185.99.28.0/22 maxlen: 22
Validation: Failed, certificate revoked on Mon 01 Jan 2024 00:29:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:cb:d6:47:e6:9e:05:a7:e2:76:4f:c5:74:61:67:b6:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Validity
Not Before: Sep 25 10:15:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a2a09591766951704f28f64f162d145ef14906bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:bb:77:c7:90:7e:5c:3a:23:69:a7:5e:68:f2:
6f:a8:87:9c:de:64:6b:15:ed:f9:f6:c2:27:99:02:
70:38:93:c0:93:70:cc:7e:f5:82:de:8d:d5:5c:15:
97:dd:99:bc:c2:a4:77:47:24:2a:a6:ba:ac:c2:6c:
6e:73:42:a6:19:73:11:ef:e4:19:e1:7b:d8:a5:1f:
22:2d:31:97:2e:7d:e5:3b:46:78:78:2a:99:90:9d:
27:89:45:9d:63:6c:a4:cf:8a:18:90:27:84:c6:a0:
b2:af:89:9e:23:3d:96:dc:c6:8b:11:ae:52:81:ea:
6e:80:ec:25:02:58:c8:6f:20:0d:70:09:82:a8:a9:
b0:6c:85:2d:d9:39:bf:19:bf:ee:15:54:ec:da:8a:
d0:d7:0e:20:fb:7a:6a:d2:3a:ac:02:ab:24:52:73:
4e:54:79:9d:fe:51:1b:36:15:b4:3f:4c:47:c9:62:
3b:92:44:7f:aa:fd:1b:2c:7f:ad:f1:4a:01:52:db:
8a:c0:82:14:31:18:76:b8:89:53:ee:73:73:11:4a:
e5:c4:26:a4:08:f9:b5:a3:85:83:88:a6:d4:bc:09:
5c:31:c3:01:63:ea:23:a8:bd:7d:1c:02:5a:84:a3:
c3:55:83:8f:4b:94:c1:61:d5:c1:d3:71:51:71:23:
3b:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:A0:95:91:76:69:51:70:4F:28:F6:4F:16:2D:14:5E:F1:49:06:BB
X509v3 Authority Key Identifier:
keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/oqCVkXZpUXBPKPZPFi0UXvFJBrs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.12.0/22
91.247.40.0-91.247.51.255
103.243.204.0/22
115.124.32.0/22
185.99.28.0/22
185.170.108.0/22
195.69.77.0-195.69.78.255
202.170.196.0/22
Signature Algorithm: sha256WithRSAEncryption
49:4a:ef:6d:96:9b:a5:0f:bd:2c:cc:81:e3:de:ed:15:61:dc:
19:f5:d5:5e:40:e5:33:de:22:d2:58:a9:ed:85:5b:20:bb:65:
cb:ea:0a:9e:94:f3:86:ca:a7:6a:55:5c:a3:f2:86:22:ef:c5:
90:b5:b5:1e:ab:2f:7f:c2:c7:4c:78:ee:07:67:0f:e2:31:6e:
f4:f9:e4:15:99:66:9e:97:6c:e6:e9:99:59:00:b3:00:9c:58:
bb:30:a6:2e:1d:c7:20:ac:6e:4d:da:e8:cf:e3:a5:53:55:2b:
a0:25:c8:60:11:b9:55:9f:23:fc:c6:ac:3d:a9:87:64:78:3f:
8c:fe:50:dd:c2:ec:e1:32:d1:9c:27:d1:20:a3:b8:96:64:55:
59:d5:26:72:18:c3:70:a1:f6:9a:cf:a9:6e:b7:78:8a:4e:50:
2a:cd:70:66:41:e8:3c:d6:d3:dd:b3:10:ad:1f:01:3e:fd:8a:
99:e9:40:d8:e1:42:53:86:e2:97:1c:b3:60:4e:8c:e1:6d:63:
a1:e7:e1:66:69:24:1a:93:1e:d3:95:c9:24:71:11:fb:55:12:
7d:79:33:f4:9e:a6:19:da:16:0a:01:17:7b:fb:27:0d:97:ec:
d4:2d:0b:a7:78:79:97:b8:3c:b7:6c:a8:0b:e6:65:6e:68:97:
6e:7a:a4:74
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYrL1kfmngWn4nZPxXRhZ7b2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjMwOTI1MTAxNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmEwOTU5MTc2Njk1MTcwNGYyOGY2NGYxNjJkMTQ1ZWYxNDkwNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7t3x5B+XDojaadeaPJvqIec3mRr
Fe359sInmQJwOJPAk3DMfvWC3o3VXBWX3Zm8wqR3RyQqprqswmxuc0KmGXMR7+QZ
4XvYpR8iLTGXLn3lO0Z4eCqZkJ0niUWdY2ykz4oYkCeExqCyr4meIz2W3MaLEa5S
gepugOwlAljIbyANcAmCqKmwbIUt2Tm/Gb/uFVTs2orQ1w4g+3pq0jqsAqskUnNO
VHmd/lEbNhW0P0xHyWI7kkR/qv0bLH+t8UoBUtuKwIIUMRh2uIlT7nNzEUrlxCak
CPm1o4WDiKbUvAlcMcMBY+ojqL19HAJahKPDVYOPS5TBYdXB03FRcSM73QIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFKKglZF2aVFwTyj2TxYtFF7xSQa7MB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvb3FDVmtYWnBVWEJQS1BaUEZpMFVYdkZKQnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQCBbYMMAwD
BANb9ygDBAJb9zADBAJn88wDBAJzfCADBAK5YxwDBAK5qmwwDAMEAMNFTQMEAMNF
TgMEAsqqxDANBgkqhkiG9w0BAQsFAAOCAQEASUrvbZabpQ+9LMyB497tFWHcGfXV
XkDlM94i0lip7YVbILtly+oKnpTzhsqnalVco/KGIu/FkLW1Hqsvf8LHTHjuB2cP
4jFu9PnkFZlmnpds5umZWQCzAJxYuzCmLh3HIKxuTdroz+OlU1UroCXIYBG5VZ8j
/MasPamHZHg/jP5Q3cLs4TLRnCfRIKO4lmRVWdUmchjDcKH2ms+pbrd4ik5QKs1w
ZkHoPNbT3bMQrR8BPv2KmelA2OFCU4bilxyzYE6M4W1joefhZmkkGpMe05XJJHER
+1USfXkz9J6mGdoWCgEXe/snDZfs1C0Lp3h5l7g8t2yoC+ZlbmiXbnqkdA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:35 2024 by rpki-client on console-ams.rpki-client.org