Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/wtV0ZlKY124S7JaFYh1czr7hncg.roa
File: wtV0ZlKY124S7JaFYh1czr7hncg.roa (raw, json)
Hash identifier: SrDDfD9Hxac4Usl45ZfNB6EWo4e+/HlvTtPlo+agVXE=
Subject key identifier: C2:D5:74:66:52:98:D7:6E:12:EC:96:85:62:1D:5C:CE:BE:E1:9D:C8
Certificate issuer: /CN=3cc94ff479778651a605121f1ffe678196328f35
Certificate serial: 018570CBF8162365D561A9E933703A061B8F
Authority key identifier: 3C:C9:4F:F4:79:77:86:51:A6:05:12:1F:1F:FE:67:81:96:32:8F:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/wtV0ZlKY124S7JaFYh1czr7hncg.roa
Signing time: Mon 02 Jan 2023 04:44:53 +0000
ROA not before: Mon 02 Jan 2023 04:44:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28929
IP address blocks: 94.73.127.0/24 maxlen: 24
188.228.128.0/17 maxlen: 17
78.26.111.0/24 maxlen: 24
37.77.208.0/20 maxlen: 20
185.29.104.0/22 maxlen: 22
94.73.64.0/18 maxlen: 18
193.25.178.0/23 maxlen: 23
78.26.64.0/18 maxlen: 18
195.47.199.0/24 maxlen: 24
2a02:f8::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cb:f8:16:23:65:d5:61:a9:e9:33:70:3a:06:1b:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3cc94ff479778651a605121f1ffe678196328f35
Validity
Not Before: Jan 2 04:44:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c2d574665298d76e12ec9685621d5ccebee19dc8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e6:5f:0b:2c:8e:26:ce:ff:05:40:28:0d:69:
a4:c5:91:eb:6f:26:4e:cf:02:10:cf:89:b5:f5:2b:
a6:08:ac:e7:b4:92:81:0b:f1:5c:25:87:1f:c4:f2:
12:5e:db:43:ab:82:ac:2b:35:02:ca:68:ff:0f:57:
da:5b:71:f2:c8:3c:0a:22:85:82:d1:bf:0c:4e:ca:
71:0a:fb:a4:e8:12:13:b2:80:b2:14:3c:4b:65:8d:
e2:1b:e4:eb:01:29:dc:d3:7b:fe:ff:cd:7c:3b:28:
83:fb:38:73:be:aa:a2:57:c7:0e:69:ed:e8:82:13:
77:ee:2e:7d:25:9e:71:e1:0c:39:5c:39:5e:4b:9f:
d9:92:92:76:4d:ec:8d:62:3c:93:0e:bd:cf:a9:ec:
f7:30:0f:67:72:e1:85:ae:4a:d9:19:c7:25:2e:1f:
0e:5b:ea:a3:27:4e:98:8f:89:2c:4e:ca:15:e2:7f:
34:7d:b5:35:98:54:7c:78:10:ae:f1:60:0a:f2:59:
de:99:d3:60:9c:93:f9:3e:28:d2:6a:ad:10:89:42:
27:22:b9:28:09:f4:1b:d2:2f:9d:71:38:dd:ff:71:
77:9c:ae:df:e2:99:eb:9a:ca:b6:c3:92:24:26:21:
40:5b:c7:ab:c8:eb:60:21:26:60:1f:88:5e:c4:fa:
d2:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:D5:74:66:52:98:D7:6E:12:EC:96:85:62:1D:5C:CE:BE:E1:9D:C8
X509v3 Authority Key Identifier:
keyid:3C:C9:4F:F4:79:77:86:51:A6:05:12:1F:1F:FE:67:81:96:32:8F:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/wtV0ZlKY124S7JaFYh1czr7hncg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/1e63b6-3956-4d12-b19f-5bef6420a028/1/PMlP9Hl3hlGmBRIfH_5ngZYyjzU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.77.208.0/20
78.26.64.0/18
94.73.64.0/18
185.29.104.0/22
188.228.128.0/17
193.25.178.0/23
195.47.199.0/24
IPv6:
2a02:f8::/32
Signature Algorithm: sha256WithRSAEncryption
d7:3e:c5:1c:f6:7b:5a:ff:21:44:23:3c:24:23:ba:38:4f:6c:
d0:eb:c2:cf:b2:ee:28:7b:c5:c4:a0:8f:2a:21:c2:46:6e:58:
bd:de:a0:d1:af:0b:44:eb:cf:f8:92:c0:aa:15:13:1f:ad:68:
d3:29:76:c2:32:e7:4c:80:70:e6:80:a8:08:0f:9c:88:f1:de:
1e:39:4d:9b:32:f4:c6:60:fa:d0:e0:87:04:27:82:66:d1:a9:
4c:5a:97:de:5d:c2:bb:13:b7:64:62:93:36:80:da:b1:58:1d:
f0:b3:c3:26:32:be:65:4d:dc:89:2d:3b:8b:43:ad:f8:e9:7d:
56:99:1b:60:6a:b2:d8:4d:a7:f1:43:c9:e9:4d:19:b9:39:fe:
68:05:9d:68:59:42:7b:56:df:45:8d:ce:6e:84:b0:f1:ed:61:
7c:ca:60:bf:3d:a5:d4:33:02:01:e0:a1:d1:f8:48:13:b4:b5:
09:fe:43:bf:ed:14:a8:7c:5e:90:62:7d:a1:7b:b9:9a:a4:77:
f0:aa:ed:7f:74:a3:88:73:9f:03:ca:ec:09:d5:3c:79:27:16:
70:e0:c3:7f:54:bc:f1:29:03:75:95:e7:86:40:6c:b3:ad:99:
7a:25:7c:4e:e6:e9:9f:d1:f9:82:88:34:f5:45:40:cc:b1:a6:
52:34:53:f2
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVwy/gWI2XVYanpM3A6BhuPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjYzk0ZmY0Nzk3Nzg2NTFhNjA1MTIxZjFmZmU2NzgxOTYz
MjhmMzUwHhcNMjMwMTAyMDQ0NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQ1NzQ2NjUyOThkNzZlMTJlYzk2ODU2MjFkNWNjZWJlZTE5ZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueZfCyyOJs7/BUAoDWmkxZHrbyZO
zwIQz4m19SumCKzntJKBC/FcJYcfxPISXttDq4KsKzUCymj/D1faW3HyyDwKIoWC
0b8MTspxCvuk6BITsoCyFDxLZY3iG+TrASnc03v+/818OyiD+zhzvqqiV8cOae3o
ghN37i59JZ5x4Qw5XDleS5/ZkpJ2TeyNYjyTDr3Pqez3MA9ncuGFrkrZGcclLh8O
W+qjJ06Yj4ksTsoV4n80fbU1mFR8eBCu8WAK8lnemdNgnJP5PijSaq0QiUInIrko
CfQb0i+dcTjd/3F3nK7f4pnrmsq2w5IkJiFAW8eryOtgISZgH4hexPrSLwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFMLVdGZSmNduEuyWhWIdXM6+4Z3IMB8GA1UdIwQY
MBaAFDzJT/R5d4ZRpgUSHx/+Z4GWMo81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE1sUDlIbDNobEdtQlJJZkhfNW5nWll5anpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8xZTYzYjYtMzk1Ni00ZDEyLWIxOWYt
NWJlZjY0MjBhMDI4LzEvd3RWMFpsS1kxMjRTN0phRlloMWN6cjdobmNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8xZTYzYjYtMzk1Ni00ZDEyLWIxOWYtNWJlZjY0MjBhMDI4
LzEvUE1sUDlIbDNobEdtQlJJZkhfNW5nWll5anpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEJU3QAwQG
ThpAAwQGXklAAwQCuR1oAwQHvOSAAwQBwRmyAwQAwy/HMA0EAgACMAcDBQAqAgD4
MA0GCSqGSIb3DQEBCwUAA4IBAQDXPsUc9nta/yFEIzwkI7o4T2zQ68LPsu4oe8XE
oI8qIcJGbli93qDRrwtE68/4ksCqFRMfrWjTKXbCMudMgHDmgKgID5yI8d4eOU2b
MvTGYPrQ4IcEJ4Jm0alMWpfeXcK7E7dkYpM2gNqxWB3ws8MmMr5lTdyJLTuLQ634
6X1WmRtgarLYTafxQ8npTRm5Of5oBZ1oWUJ7Vt9Fjc5uhLDx7WF8ymC/PaXUMwIB
4KHR+EgTtLUJ/kO/7RSofF6QYn2he7mapHfwqu1/dKOIc58DyuwJ1Tx5JxZw4MN/
VLzxKQN1leeGQGyzrZl6JXxO5umf0fmCiDT1RUDMsaZSNFPy
-----END CERTIFICATE-----
Generated at Mon Jan 1 02:54:05 2024 by rpki-client on console-ams.rpki-client.org