Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/1529c6-8082-4f3a-bc92-423fca224041/1/rT2Pgx5SDJXA6qtTDBDNOCIu0dQ.roa
File: rT2Pgx5SDJXA6qtTDBDNOCIu0dQ.roa (raw, json)
Hash identifier: 8dQ6yqO3qYkxI9SDFb3lwt6VHnxglipAtky8JD+6RJs=
Subject key identifier: AD:3D:8F:83:1E:52:0C:95:C0:EA:AB:53:0C:10:CD:38:22:2E:D1:D4
Certificate issuer: /CN=6e9a558ad546dcc9abc0b8a131067af02e407007
Certificate serial: 01856ECBA986B6FF4C90D8A8A4FFFFDBC7B9
Authority key identifier: 6E:9A:55:8A:D5:46:DC:C9:AB:C0:B8:A1:31:06:7A:F0:2E:40:70:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bppVitVG3MmrwLihMQZ68C5AcAc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/1529c6-8082-4f3a-bc92-423fca224041/1/rT2Pgx5SDJXA6qtTDBDNOCIu0dQ.roa
Signing time: Sun 01 Jan 2023 19:25:18 +0000
ROA not before: Sun 01 Jan 2023 19:25:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43892
IP address blocks: 185.67.182.0/24 maxlen: 24
185.67.183.0/24 maxlen: 24
185.67.180.0/22 maxlen: 22
185.130.14.0/24 maxlen: 24
185.130.12.0/23 maxlen: 23
185.130.12.0/22 maxlen: 24
185.62.60.0/22 maxlen: 24
79.171.96.0/24 maxlen: 24
79.171.96.0/22 maxlen: 22
79.171.96.0/21 maxlen: 21
79.171.100.0/22 maxlen: 22
79.171.101.0/24 maxlen: 24
2a02:3c8::/32 maxlen: 32
2a06:d700::/29 maxlen: 30
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:cb:a9:86:b6:ff:4c:90:d8:a8:a4:ff:ff:db:c7:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e9a558ad546dcc9abc0b8a131067af02e407007
Validity
Not Before: Jan 1 19:25:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ad3d8f831e520c95c0eaab530c10cd38222ed1d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:4a:be:fd:ea:14:5e:ea:d7:b5:f2:db:26:d2:
65:b3:2e:8c:6b:cd:90:f6:66:93:e3:d4:b6:8e:c8:
ce:e6:f1:47:4c:e9:f0:bb:69:25:8f:20:e7:a3:fe:
61:c3:34:f8:82:6f:20:45:b9:ba:84:f7:40:75:2f:
50:f6:a0:57:a1:52:ee:ad:b4:06:27:c3:9d:66:50:
d0:a9:b8:14:af:ce:65:17:21:00:7d:67:04:e9:cc:
a8:10:cd:39:32:67:19:a7:96:8a:57:70:00:15:89:
0f:9b:1c:51:05:de:d1:bf:79:64:e6:0d:3b:87:fa:
08:48:77:90:43:41:ac:98:5a:3f:72:80:3b:f4:63:
38:fc:38:d6:a7:ed:a0:b3:38:b2:41:ac:4c:27:99:
27:8e:34:30:16:66:1c:de:68:25:08:03:c3:ac:64:
e4:7e:2b:85:85:48:96:51:d7:f9:e8:17:ac:0c:1a:
bc:2e:f1:04:95:4a:44:f4:35:8d:de:29:21:11:c6:
b5:ed:3f:79:c2:07:1a:b5:ab:1f:d5:e0:1b:16:b4:
34:6b:e4:20:17:a3:43:20:69:19:4e:08:5f:df:cf:
6d:d9:f2:df:24:ab:b3:cb:06:1e:74:70:8f:c9:89:
c7:9b:84:13:b6:93:58:d4:83:74:fe:10:23:93:ad:
18:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:3D:8F:83:1E:52:0C:95:C0:EA:AB:53:0C:10:CD:38:22:2E:D1:D4
X509v3 Authority Key Identifier:
keyid:6E:9A:55:8A:D5:46:DC:C9:AB:C0:B8:A1:31:06:7A:F0:2E:40:70:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bppVitVG3MmrwLihMQZ68C5AcAc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1529c6-8082-4f3a-bc92-423fca224041/1/rT2Pgx5SDJXA6qtTDBDNOCIu0dQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1529c6-8082-4f3a-bc92-423fca224041/1/bppVitVG3MmrwLihMQZ68C5AcAc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.171.96.0/21
185.62.60.0/22
185.67.180.0/22
185.130.12.0/22
IPv6:
2a02:3c8::/32
2a06:d700::/29
Signature Algorithm: sha256WithRSAEncryption
22:92:35:85:16:1b:db:37:77:f4:b7:15:8b:07:91:74:e6:16:
88:25:35:1d:92:7b:38:5b:40:30:85:4b:55:9c:ef:e3:a4:f7:
80:a7:83:c9:af:51:ec:6a:50:90:7c:31:d9:96:89:6c:cc:49:
b9:1e:b9:41:5a:5a:56:94:7a:dc:2a:60:aa:99:15:c2:3c:15:
6b:ab:6d:d9:be:74:ff:f7:ac:21:d6:11:1f:f6:5b:55:13:14:
09:c3:b8:e4:77:6c:55:63:05:02:b0:c6:d5:6b:bd:2b:2f:e6:
c0:7f:47:82:79:f3:de:ff:ab:a4:db:c2:38:61:c8:4a:3e:85:
c8:6f:b5:67:98:ca:ae:a1:c8:5e:55:27:ca:2d:b9:c1:56:ea:
af:f4:d7:54:3c:67:9c:8b:6b:0f:b6:08:c1:80:86:47:ad:32:
c2:93:05:8d:ba:dc:fe:56:ed:01:6a:88:39:eb:62:19:78:3d:
55:22:b5:2b:8a:bc:21:ad:37:2a:ae:ff:78:05:4e:f9:2e:14:
c0:6c:ed:fb:5d:ba:69:9a:54:b9:39:66:06:01:fe:8c:4b:8e:
28:30:04:fc:fc:68:6a:73:2f:bd:88:6a:24:db:4a:d8:e9:43:
d5:1b:94:93:df:73:98:9d:1a:63:7b:4c:13:0e:98:2a:84:4f:
16:e7:9e:75
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVuy6mGtv9MkNiopP//28e5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlOWE1NThhZDU0NmRjYzlhYmMwYjhhMTMxMDY3YWYwMmU0
MDcwMDcwHhcNMjMwMTAxMTkyNTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNkOGY4MzFlNTIwYzk1YzBlYWFiNTMwYzEwY2QzODIyMmVkMWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0q+/eoUXurXtfLbJtJlsy6Ma82Q
9maT49S2jsjO5vFHTOnwu2kljyDno/5hwzT4gm8gRbm6hPdAdS9Q9qBXoVLurbQG
J8OdZlDQqbgUr85lFyEAfWcE6cyoEM05MmcZp5aKV3AAFYkPmxxRBd7Rv3lk5g07
h/oISHeQQ0GsmFo/coA79GM4/DjWp+2gsziyQaxMJ5knjjQwFmYc3mglCAPDrGTk
fiuFhUiWUdf56BesDBq8LvEElUpE9DWN3ikhEca17T95wgcatasf1eAbFrQ0a+Qg
F6NDIGkZTghf389t2fLfJKuzywYedHCPyYnHm4QTtpNY1IN0/hAjk60YVQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFK09j4MeUgyVwOqrUwwQzTgiLtHUMB8GA1UdIwQY
MBaAFG6aVYrVRtzJq8C4oTEGevAuQHAHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnBwVml0VkczTW1yd0xpaE1RWjY4QzVBY0FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xNTI5YzYtODA4Mi00ZjNhLWJjOTIt
NDIzZmNhMjI0MDQxLzEvclQyUGd4NVNESlhBNnF0VERCRE5PQ0l1MGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xNTI5YzYtODA4Mi00ZjNhLWJjOTItNDIzZmNhMjI0MDQx
LzEvYnBwVml0VkczTW1yd0xpaE1RWjY4QzVBY0FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQDT6tgAwQC
uT48AwQCuUO0AwQCuYIMMBQEAgACMA4DBQAqAgPIAwUDKgbXADANBgkqhkiG9w0B
AQsFAAOCAQEAIpI1hRYb2zd39LcViweRdOYWiCU1HZJ7OFtAMIVLVZzv46T3gKeD
ya9R7GpQkHwx2ZaJbMxJuR65QVpaVpR63CpgqpkVwjwVa6tt2b50//esIdYRH/Zb
VRMUCcO45HdsVWMFArDG1Wu9Ky/mwH9Hgnnz3v+rpNvCOGHISj6FyG+1Z5jKrqHI
XlUnyi25wVbqr/TXVDxnnItrD7YIwYCGR60ywpMFjbrc/lbtAWqIOetiGXg9VSK1
K4q8Ia03Kq7/eAVO+S4UwGzt+126aZpUuTlmBgH+jEuOKDAE/PxoanMvvYhqJNtK
2OlD1RuUk99zmJ0aY3tMEw6YKoRPFueedQ==
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:10:10 2024 by rpki-client on console-ams.rpki-client.org