Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/IX11_Lpb41cj9DeBVSN0E9D6K30.roa
File: IX11_Lpb41cj9DeBVSN0E9D6K30.roa (raw, json)
Hash identifier: PE4b854AVe0XxVfOLx58qhXfGtJ5pJhIpmplUoAtC/c=
Subject key identifier: 21:7D:75:FC:BA:5B:E3:57:23:F4:37:81:55:23:74:13:D0:FA:2B:7D
Certificate issuer: /CN=583d76051017d0afa915fcfb790a00f4667b0a88
Certificate serial: 01857139CCE2817673B44213E9ED3A6CFF50
Authority key identifier: 58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/IX11_Lpb41cj9DeBVSN0E9D6K30.roa
Signing time: Mon 02 Jan 2023 06:44:51 +0000
ROA not before: Mon 02 Jan 2023 06:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 56765
IP address blocks: 194.225.24.0/21 maxlen: 24
94.184.112.0/21 maxlen: 24
2001:14e8:5::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:39:cc:e2:81:76:73:b4:42:13:e9:ed:3a:6c:ff:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=583d76051017d0afa915fcfb790a00f4667b0a88
Validity
Not Before: Jan 2 06:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=217d75fcba5be35723f4378155237413d0fa2b7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:c3:ce:c7:eb:f0:c8:6d:f9:a5:d0:96:92:70:
c6:5a:b2:71:29:59:61:10:c2:8b:8b:d4:9e:db:c2:
59:56:56:56:3c:30:a3:f5:87:ce:94:92:a4:b1:ba:
50:03:8d:44:3a:f4:01:44:35:a6:76:81:82:dc:3c:
ed:1b:7b:b3:7b:5d:cc:33:e4:39:da:9f:e6:68:84:
1e:14:17:14:fa:eb:a6:2f:c7:e0:58:6a:18:8a:32:
cb:30:d4:96:b5:88:ef:8a:7a:08:7a:e3:1d:84:1e:
9b:54:21:f9:b1:f9:66:3a:a1:f6:f3:2f:87:f7:aa:
dd:53:58:51:4a:dd:0c:a0:32:e7:f2:78:d6:cb:b9:
38:f4:07:6e:9d:12:4f:3d:75:3b:8d:a5:72:eb:92:
f8:44:11:78:10:0f:63:c3:d3:9e:a6:e8:8d:16:a5:
a0:f1:2d:db:4d:0d:ed:c0:ee:08:5e:40:43:47:ea:
11:c5:dc:e9:3e:b3:e8:37:2e:9a:44:aa:8e:a6:41:
63:34:70:36:fd:e0:41:8e:7e:e6:0f:77:fb:ba:84:
61:f9:04:39:7b:fa:2d:ee:e8:c7:67:60:b1:61:f7:
39:32:18:bd:35:37:e4:43:80:22:fe:8d:e5:da:a7:
cf:31:e7:52:44:fc:aa:6a:39:d5:29:9b:ab:1e:41:
4f:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:7D:75:FC:BA:5B:E3:57:23:F4:37:81:55:23:74:13:D0:FA:2B:7D
X509v3 Authority Key Identifier:
keyid:58:3D:76:05:10:17:D0:AF:A9:15:FC:FB:79:0A:00:F4:66:7B:0A:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD12BRAX0K-pFfz7eQoA9GZ7Cog.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/IX11_Lpb41cj9DeBVSN0E9D6K30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/4f1b27-326a-4679-a64b-da6153885f3b/1/WD12BRAX0K-pFfz7eQoA9GZ7Cog.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.184.112.0/21
194.225.24.0/21
IPv6:
2001:14e8:5::/48
Signature Algorithm: sha256WithRSAEncryption
43:15:da:bf:a0:ad:84:76:e1:4e:af:05:2a:02:f2:72:4c:0d:
6c:c0:74:f7:57:12:9f:4b:22:e2:46:f3:5a:91:30:35:87:c1:
e6:b6:70:9b:e6:ac:c7:68:6b:fb:ae:9b:03:9f:53:48:fb:bf:
40:90:db:4d:96:ac:f7:86:87:d1:13:81:f1:90:e4:8f:56:fc:
21:ff:95:c2:76:aa:01:11:d3:b8:8d:b8:43:21:81:fb:78:f0:
88:5a:03:60:d7:ba:63:c7:aa:ec:ca:40:3a:c9:4d:be:14:ea:
c0:bc:bd:8d:b5:a4:86:d4:e0:aa:20:d0:08:31:80:7a:b9:98:
c1:c3:24:dc:97:29:95:1f:c0:4c:94:81:c6:d8:ce:e8:69:e7:
7e:ac:ea:51:12:26:d7:8f:fe:78:dd:55:c2:2d:64:f1:c8:6f:
86:58:5c:a3:88:fc:13:51:4f:fe:f8:97:2e:1e:de:cd:a6:12:
06:26:c6:85:6d:10:6f:fa:0e:0c:12:f6:30:3f:e8:d3:16:83:
e2:77:89:0b:06:18:f3:f8:74:7b:bf:34:75:b5:33:96:e0:ab:
31:1f:12:a5:64:4d:57:f0:72:f6:4d:52:79:0b:7a:4b:12:3a:
23:28:16:76:1b:c0:b0:f3:89:f7:a1:f0:39:d3:a6:c2:ac:de:
73:0d:82:8e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVxOczigXZztEIT6e06bP9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2Q3NjA1MTAxN2QwYWZhOTE1ZmNmYjc5MGEwMGY0NjY3
YjBhODgwHhcNMjMwMTAyMDY0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTdkNzVmY2JhNWJlMzU3MjNmNDM3ODE1NTIzNzQxM2QwZmEyYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8POx+vwyG35pdCWknDGWrJxKVlh
EMKLi9Se28JZVlZWPDCj9YfOlJKksbpQA41EOvQBRDWmdoGC3DztG3uze13MM+Q5
2p/maIQeFBcU+uumL8fgWGoYijLLMNSWtYjvinoIeuMdhB6bVCH5sflmOqH28y+H
96rdU1hRSt0MoDLn8njWy7k49AdunRJPPXU7jaVy65L4RBF4EA9jw9OepuiNFqWg
8S3bTQ3twO4IXkBDR+oRxdzpPrPoNy6aRKqOpkFjNHA2/eBBjn7mD3f7uoRh+QQ5
e/ot7ujHZ2CxYfc5Mhi9NTfkQ4Ai/o3l2qfPMedSRPyqajnVKZurHkFPDQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFCF9dfy6W+NXI/Q3gVUjdBPQ+it9MB8GA1UdIwQY
MBaAFFg9dgUQF9CvqRX8+3kKAPRmewqIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGIt
ZGE2MTUzODg1ZjNiLzEvSVgxMV9McGI0MWNqOURlQlZTTjBFOUQ2SzMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC80ZjFiMjctMzI2YS00Njc5LWE2NGItZGE2MTUzODg1ZjNi
LzEvV0QxMkJSQVgwSy1wRmZ6N2VRb0E5R1o3Q29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDXrhwAwQD
wuEYMA8EAgACMAkDBwAgARToAAUwDQYJKoZIhvcNAQELBQADggEBAEMV2r+grYR2
4U6vBSoC8nJMDWzAdPdXEp9LIuJG81qRMDWHwea2cJvmrMdoa/uumwOfU0j7v0CQ
202WrPeGh9ETgfGQ5I9W/CH/lcJ2qgER07iNuEMhgft48IhaA2DXumPHquzKQDrJ
Tb4U6sC8vY21pIbU4Kog0AgxgHq5mMHDJNyXKZUfwEyUgcbYzuhp536s6lESJteP
/njdVcItZPHIb4ZYXKOI/BNRT/74ly4e3s2mEgYmxoVtEG/6DgwS9jA/6NMWg+J3
iQsGGPP4dHu/NHW1M5bgqzEfEqVkTVfwcvZNUnkLeksSOiMoFnYbwLDzifeh8DnT
psKs3nMNgo4=
-----END CERTIFICATE-----
Generated at Tue Jan 2 17:35:00 2024 by rpki-client on console-fra.rpki-client.org