Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/K31aG0CBzU-AaLrzY20Cnb-5SpY.roa
File: K31aG0CBzU-AaLrzY20Cnb-5SpY.roa (raw, json)
Hash identifier: SCtFns1MAwJrYli6r42DPlYDVBQN9qlDNVS6EPtu3eo=
Subject key identifier: 2B:7D:5A:1B:40:81:CD:4F:80:68:BA:F3:63:6D:02:9D:BF:B9:4A:96
Certificate issuer: /CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
Certificate serial: 0185778A7AE617BE00B29BC75A2CB0813144
Authority key identifier: 62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/K31aG0CBzU-AaLrzY20Cnb-5SpY.roa
Signing time: Tue 03 Jan 2023 12:10:42 +0000
ROA not before: Tue 03 Jan 2023 12:10:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 398559
IP address blocks: 2a11:fb04::/30 maxlen: 30
2a11:fb00::/30 maxlen: 30
2a0f:306::/32 maxlen: 32
2a0f:305::/32 maxlen: 32
2a0f:302::/32 maxlen: 32
2a0f:303::/32 maxlen: 32
2a0f:301::/32 maxlen: 32
2a11:f900::/29 maxlen: 29
2a0f:307::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 04:30:14 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:77:8a:7a:e6:17:be:00:b2:9b:c7:5a:2c:b0:81:31:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=62becc4ba8a4d52498a0d2983a68b61383aa7fd7
Validity
Not Before: Jan 3 12:10:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2b7d5a1b4081cd4f8068baf3636d029dbfb94a96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:0e:a8:a4:19:13:c2:49:11:b9:6b:14:b1:88:
61:21:38:6f:37:49:fe:c5:4d:1f:55:07:86:91:23:
26:19:52:9e:91:b7:b3:89:73:8f:c9:7e:37:ce:be:
68:28:f2:c7:0d:69:2d:34:d5:8e:b1:8b:3c:94:6b:
40:ed:22:fa:b8:39:b3:36:79:21:a1:70:0d:50:c3:
ed:6d:32:4e:a8:53:a5:ed:da:84:e7:5d:7a:39:89:
2a:88:1a:e2:10:8e:82:28:f2:4b:a7:62:fb:9e:f3:
b1:bf:7f:38:c2:a8:8f:d3:2a:13:0b:ce:cc:5a:2c:
fe:5b:cd:9d:da:9b:c7:e1:11:b7:3a:70:82:e7:bb:
be:c7:ba:4e:62:b5:fb:83:2d:a2:f8:d5:41:b2:1b:
be:2f:ca:66:f9:3a:32:57:4f:56:fc:0c:76:73:6f:
2d:7e:60:13:23:13:4d:53:2e:01:ea:2f:88:2b:61:
a8:70:82:4e:b3:d7:a2:72:2e:bb:49:e7:a4:24:9d:
bb:eb:69:3e:3b:e6:b9:25:b4:7d:3e:61:3f:cd:b3:
d3:4e:e5:dc:1a:ab:fd:6f:b0:25:61:06:f5:e9:08:
e1:2c:00:ac:1d:ee:de:20:83:f6:34:69:4d:70:2f:
14:7e:6c:4d:b8:c9:9f:38:78:83:d0:0b:f3:80:bb:
86:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:7D:5A:1B:40:81:CD:4F:80:68:BA:F3:63:6D:02:9D:BF:B9:4A:96
X509v3 Authority Key Identifier:
keyid:62:BE:CC:4B:A8:A4:D5:24:98:A0:D2:98:3A:68:B6:13:83:AA:7F:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/K31aG0CBzU-AaLrzY20Cnb-5SpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9c493b-417b-4af6-9f43-2ff14c218719/1/Yr7MS6ik1SSYoNKYOmi2E4Oqf9c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:301::-2a0f:303:ffff:ffff:ffff:ffff:ffff:ffff
2a0f:305::-2a0f:307:ffff:ffff:ffff:ffff:ffff:ffff
2a11:f900::/29
2a11:fb00::/29
Signature Algorithm: sha256WithRSAEncryption
3c:d6:c0:df:42:2c:8b:46:0f:ca:3f:56:c6:83:bb:05:18:69:
8b:8a:d9:1d:98:ff:8a:f6:60:49:97:37:cb:ff:89:0a:f2:cf:
d4:f6:16:1c:c2:27:4a:52:ca:28:a5:25:ae:ed:a8:5b:a9:dc:
dc:d6:1c:87:26:25:90:c7:53:46:8e:ef:ac:88:dd:c4:6c:57:
04:cd:3c:fe:4d:29:bd:1f:6c:6e:15:0a:3a:14:89:5e:03:97:
45:93:a1:6e:bd:59:d1:da:ee:b3:71:17:75:52:90:d4:ea:2c:
17:0d:1c:19:6b:7e:f1:5c:c2:cf:1d:46:ea:52:31:89:4e:32:
3c:9a:67:b6:48:0c:71:0c:31:b4:8d:32:0f:35:f4:60:a7:43:
60:cc:76:c3:5d:6a:30:41:9f:b4:67:65:a0:5e:d9:41:9b:5b:
6c:02:2f:e4:93:69:4a:7a:13:45:13:d4:ac:1f:09:d2:30:aa:
ab:d8:19:0a:3f:1d:28:1e:b6:e4:b4:fa:13:e9:5a:e5:7f:29:
48:c3:cf:bc:fa:26:0d:05:7c:f3:34:84:d9:de:3d:54:91:2c:
f9:41:85:46:c0:90:7f:37:24:17:b7:ee:78:c9:51:3f:84:76:
fe:2a:be:a9:77:fb:21:f8:6f:f1:97:69:59:cb:dd:7c:23:6e:
ab:61:b6:bd
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYV3inrmF74AspvHWiywgTFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYmVjYzRiYThhNGQ1MjQ5OGEwZDI5ODNhNjhiNjEzODNh
YTdmZDcwHhcNMjMwMTAzMTIxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjdkNWExYjQwODFjZDRmODA2OGJhZjM2MzZkMDI5ZGJmYjk0YTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlA6opBkTwkkRuWsUsYhhIThvN0n+
xU0fVQeGkSMmGVKekbeziXOPyX43zr5oKPLHDWktNNWOsYs8lGtA7SL6uDmzNnkh
oXANUMPtbTJOqFOl7dqE5116OYkqiBriEI6CKPJLp2L7nvOxv384wqiP0yoTC87M
Wiz+W82d2pvH4RG3OnCC57u+x7pOYrX7gy2i+NVBshu+L8pm+ToyV09W/Ax2c28t
fmATIxNNUy4B6i+IK2GocIJOs9eici67SeekJJ2762k+O+a5JbR9PmE/zbPTTuXc
Gqv9b7AlYQb16QjhLACsHe7eIIP2NGlNcC8UfmxNuMmfOHiD0AvzgLuGwwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFCt9WhtAgc1PgGi682NtAp2/uUqWMB8GA1UdIwQY
MBaAFGK+zEuopNUkmKDSmDpothODqn/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXI3TVM2aWsxU1NZb05LWU9taTJFNE9xZjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85YzQ5M2ItNDE3Yi00YWY2LTlmNDMt
MmZmMTRjMjE4NzE5LzEvSzMxYUcwQ0J6VS1BYUxyelkyMENuYi01U3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85YzQ5M2ItNDE3Yi00YWY2LTlmNDMtMmZmMTRjMjE4NzE5
LzEvWXI3TVM2aWsxU1NZb05LWU9taTJFNE9xZjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAAjAuMA4DBQAqDwMB
AwUCKg8DADAOAwUAKg8DBQMFAyoPAwADBQMqEfkAAwUDKhH7ADANBgkqhkiG9w0B
AQsFAAOCAQEAPNbA30Isi0YPyj9WxoO7BRhpi4rZHZj/ivZgSZc3y/+JCvLP1PYW
HMInSlLKKKUlru2oW6nc3NYchyYlkMdTRo7vrIjdxGxXBM08/k0pvR9sbhUKOhSJ
XgOXRZOhbr1Z0drus3EXdVKQ1OosFw0cGWt+8VzCzx1G6lIxiU4yPJpntkgMcQwx
tI0yDzX0YKdDYMx2w11qMEGftGdloF7ZQZtbbAIv5JNpSnoTRRPUrB8J0jCqq9gZ
Cj8dKB625LT6E+la5X8pSMPPvPomDQV88zSE2d49VJEs+UGFRsCQfzckF7fueMlR
P4R2/iq+qXf7Ifhv8ZdpWcvdfCNuq2G2vQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:35 2024 by rpki-client on console-ams.rpki-client.org