Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/XfOkQaLRUs8_rp6T-ezxTPRhgI4.roa
File: XfOkQaLRUs8_rp6T-ezxTPRhgI4.roa (raw, json)
Hash identifier: U6rordZ+Fb7O0R108QswNhYHEe+rRRrmVrqK74sEDhE=
Subject key identifier: 5D:F3:A4:41:A2:D1:52:CF:3F:AE:9E:93:F9:EC:F1:4C:F4:61:80:8E
Certificate issuer: /CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Certificate serial: 01856F670B617A965DFE5E2A7324530D9174
Authority key identifier: 33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/XfOkQaLRUs8_rp6T-ezxTPRhgI4.roa
Signing time: Sun 01 Jan 2023 22:15:02 +0000
ROA not before: Sun 01 Jan 2023 22:15:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210278
IP address blocks: 101.60.0.0/14 maxlen: 14
101.56.192.0/18 maxlen: 18
101.56.128.0/18 maxlen: 18
101.59.0.0/16 maxlen: 16
101.56.0.0/13 maxlen: 13
195.162.92.0/22 maxlen: 22
101.56.64.0/18 maxlen: 18
101.58.0.0/16 maxlen: 16
101.56.0.0/18 maxlen: 18
101.62.194.0/23 maxlen: 23
101.62.196.0/23 maxlen: 23
101.57.0.0/16 maxlen: 16
2a0e:400::/25 maxlen: 25
Validation: Failed, certificate revoked on Wed 31 May 2023 12:15:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:67:0b:61:7a:96:5d:fe:5e:2a:73:24:53:0d:91:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=330e640f9d63ba943a97b3dc10d4c6844a5d3dc1
Validity
Not Before: Jan 1 22:15:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5df3a441a2d152cf3fae9e93f9ecf14cf461808e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:21:e2:e9:08:52:17:40:dc:ac:9d:8d:4c:75:
e3:e9:47:c8:22:3c:fe:8c:e1:a2:e5:f5:cf:f4:05:
3c:8c:82:d1:a0:2d:a4:b5:8b:b5:67:b6:eb:7b:90:
a3:dc:c2:56:98:2b:6e:b3:b4:72:96:d8:13:fe:09:
d0:ae:1d:8d:23:f7:ff:52:00:f9:c3:0a:61:f9:c3:
92:64:89:de:ab:d9:79:0d:20:f1:ef:af:ed:5e:8d:
af:27:f9:a7:63:9c:ce:ca:fc:24:f2:56:f0:0b:be:
6a:c0:55:64:d6:aa:98:f1:ce:9e:73:bf:87:ea:8c:
ae:80:62:23:e4:ce:a6:56:11:fc:38:f7:d2:36:6f:
10:16:92:bb:15:bb:20:91:59:13:0b:22:96:20:a1:
0c:bc:9f:b5:22:0b:25:50:42:22:5e:42:8a:4e:96:
4b:cc:4d:d9:98:9e:1f:b7:ea:53:6b:ff:cd:85:f8:
b8:a7:df:95:0a:b4:04:04:79:07:64:67:5b:49:df:
91:10:9e:df:01:19:2e:25:e2:52:1a:ae:ac:72:40:
58:73:2d:5b:b1:90:d5:3a:28:1e:91:69:03:e6:10:
d2:5d:1e:00:e6:3e:cb:26:68:66:14:11:85:db:17:
e4:83:68:35:14:5f:69:3a:69:ee:1b:73:3a:9d:91:
9b:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:F3:A4:41:A2:D1:52:CF:3F:AE:9E:93:F9:EC:F1:4C:F4:61:80:8E
X509v3 Authority Key Identifier:
keyid:33:0E:64:0F:9D:63:BA:94:3A:97:B3:DC:10:D4:C6:84:4A:5D:3D:C1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mw5kD51jupQ6l7PcENTGhEpdPcE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/XfOkQaLRUs8_rp6T-ezxTPRhgI4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e718e4-53b7-47bb-a336-5a17719d449e/1/Mw5kD51jupQ6l7PcENTGhEpdPcE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
101.56.0.0/13
195.162.92.0/22
IPv6:
2a0e:400::/25
Signature Algorithm: sha256WithRSAEncryption
22:c2:7a:1a:8c:1f:e2:8a:f5:ca:c0:00:8b:8c:b5:38:5d:5b:
52:17:0d:26:6a:61:01:a6:db:55:53:a3:eb:af:84:90:38:1e:
85:97:be:2f:6a:d8:1a:b6:4a:bd:b5:0a:8a:0c:61:8e:c1:dc:
2b:82:30:ef:86:93:7b:62:e8:6d:f5:3b:fb:66:68:42:8f:13:
54:a0:f0:00:2e:59:53:cf:b6:15:27:ca:47:88:21:0e:64:a9:
d6:a2:a6:de:27:cf:9a:ee:02:41:08:38:3d:a6:44:2b:df:2d:
fe:3f:61:e4:9f:52:ac:5f:82:39:c0:0c:26:12:82:6d:b1:bf:
88:7c:7d:16:48:ee:0a:4f:8d:ae:b2:8e:50:33:43:c0:23:40:
53:9f:a2:fe:0e:1f:87:cd:c9:39:c6:fc:85:a7:ae:2f:a7:1f:
20:0d:bd:17:6d:1c:27:d3:7f:fc:e0:b0:f9:f6:8b:ab:a7:e6:
b7:79:07:e1:b9:31:cb:d2:08:12:21:8f:18:61:1e:2b:9f:c4:
af:87:75:36:90:db:9b:19:39:b1:ea:e9:fe:c5:3f:6b:0a:a1:
9c:b5:2b:bd:ef:4a:a2:ca:11:27:25:d4:e1:d2:15:05:52:c2:
20:f7:1b:8f:ae:d2:b7:4d:b9:6d:d7:a0:40:64:bc:c0:91:38:
5e:c3:fa:29
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVvZwthepZd/l4qcyRTDZF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMGU2NDBmOWQ2M2JhOTQzYTk3YjNkYzEwZDRjNjg0NGE1
ZDNkYzEwHhcNMjMwMTAxMjIxNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGYzYTQ0MWEyZDE1MmNmM2ZhZTllOTNmOWVjZjE0Y2Y0NjE4MDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSHi6QhSF0DcrJ2NTHXj6UfIIjz+
jOGi5fXP9AU8jILRoC2ktYu1Z7bre5Cj3MJWmCtus7RyltgT/gnQrh2NI/f/UgD5
wwph+cOSZIneq9l5DSDx76/tXo2vJ/mnY5zOyvwk8lbwC75qwFVk1qqY8c6ec7+H
6oyugGIj5M6mVhH8OPfSNm8QFpK7FbsgkVkTCyKWIKEMvJ+1IgslUEIiXkKKTpZL
zE3ZmJ4ft+pTa//Nhfi4p9+VCrQEBHkHZGdbSd+REJ7fARkuJeJSGq6sckBYcy1b
sZDVOigekWkD5hDSXR4A5j7LJmhmFBGF2xfkg2g1FF9pOmnuG3M6nZGbgQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFF3zpEGi0VLPP66ek/ns8Uz0YYCOMB8GA1UdIwQY
MBaAFDMOZA+dY7qUOpez3BDUxoRKXT3BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYt
NWExNzcxOWQ0NDllLzEvWGZPa1FhTFJVczhfcnA2VC1lenhUUFJoZ0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lNzE4ZTQtNTNiNy00N2JiLWEzMzYtNWExNzcxOWQ0NDll
LzEvTXc1a0Q1MWp1cFE2bDdQY0VOVEdoRXBkUGNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMDZTgDBALD
olwwDQQCAAIwBwMFByoOBAAwDQYJKoZIhvcNAQELBQADggEBACLCehqMH+KK9crA
AIuMtThdW1IXDSZqYQGm21VTo+uvhJA4HoWXvi9q2Bq2Sr21CooMYY7B3CuCMO+G
k3ti6G31O/tmaEKPE1Sg8AAuWVPPthUnykeIIQ5kqdaipt4nz5ruAkEIOD2mRCvf
Lf4/YeSfUqxfgjnADCYSgm2xv4h8fRZI7gpPja6yjlAzQ8AjQFOfov4OH4fNyTnG
/IWnri+nHyANvRdtHCfTf/zgsPn2i6un5rd5B+G5McvSCBIhjxhhHiufxK+HdTaQ
25sZObHq6f7FP2sKoZy1K73vSqLKEScl1OHSFQVSwiD3G4+u0rdNuW3XoEBkvMCR
OF7D+ik=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:26 2024 by rpki-client on console-ams.rpki-client.org