Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/KkhXv5JBp2iXJvGet-QbhRxTvxg.roa
File: KkhXv5JBp2iXJvGet-QbhRxTvxg.roa (raw, json)
Hash identifier: LIGNVIoByX4RhJgqYY+TCQ6QrtANgoKTeP/EGOco5iA=
Subject key identifier: 2A:48:57:BF:92:41:A7:68:97:26:F1:9E:B7:E4:1B:85:1C:53:BF:18
Certificate issuer: /CN=168600dfac9d3d1a75e6630d697102f2f2132c48
Certificate serial: 0185C6716EC13C8362859D23EBE675CFD38D
Authority key identifier: 16:86:00:DF:AC:9D:3D:1A:75:E6:63:0D:69:71:02:F2:F2:13:2C:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/KkhXv5JBp2iXJvGet-QbhRxTvxg.roa
Signing time: Wed 18 Jan 2023 19:53:20 +0000
ROA not before: Wed 18 Jan 2023 19:53:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203576
IP address blocks: 83.150.213.0/24 maxlen: 24
83.150.212.0/24 maxlen: 24
83.150.215.0/24 maxlen: 24
83.150.214.0/24 maxlen: 24
89.252.188.0/24 maxlen: 32
89.252.191.0/24 maxlen: 32
89.252.190.0/24 maxlen: 32
89.252.189.0/24 maxlen: 32
185.165.46.0/24 maxlen: 32
185.126.218.0/24 maxlen: 32
185.126.217.0/24 maxlen: 32
185.126.216.0/24 maxlen: 32
185.126.219.0/24 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:c6:71:6e:c1:3c:83:62:85:9d:23:eb:e6:75:cf:d3:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=168600dfac9d3d1a75e6630d697102f2f2132c48
Validity
Not Before: Jan 18 19:53:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a4857bf9241a7689726f19eb7e41b851c53bf18
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:49:98:21:27:40:18:f4:fa:62:9d:fe:2e:63:
5e:2b:8e:25:9c:5c:76:83:87:1a:6f:79:a8:0f:bb:
44:b6:ee:99:16:fa:c1:3c:8f:53:7d:9a:55:56:8d:
8d:38:b8:14:7e:1c:fe:33:06:be:b0:ba:04:50:64:
9d:9d:4e:4a:a5:45:4a:3e:e2:7c:23:7b:a3:78:98:
d8:bc:02:37:c3:21:cc:8e:9e:fc:28:74:00:68:90:
79:86:d1:8a:9b:36:37:41:12:b9:17:68:d0:e7:b9:
2d:4a:d8:a6:87:a2:d7:a0:ab:85:9c:28:11:30:fa:
63:91:5b:be:a2:30:ab:6c:64:7c:da:fd:10:ea:13:
1d:f0:f2:e4:66:78:34:83:ff:8b:45:12:51:6a:21:
6a:b6:ec:41:14:4a:c6:5d:a9:b1:13:48:04:2e:98:
65:1c:59:7b:16:14:99:43:a6:25:1c:63:b0:8c:c3:
f1:49:b9:e6:f0:4d:cd:62:71:7a:c4:21:8c:2e:a9:
ba:e0:29:b5:c3:20:ed:2c:47:cb:96:c5:ef:55:58:
ed:1d:17:7e:17:fc:b0:7e:b0:67:6e:89:88:51:e2:
d6:e7:2a:b9:05:5c:57:61:47:64:a9:8e:42:af:f2:
c1:4b:02:46:cf:10:43:b1:e7:49:e6:e2:a7:1d:af:
65:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:48:57:BF:92:41:A7:68:97:26:F1:9E:B7:E4:1B:85:1C:53:BF:18
X509v3 Authority Key Identifier:
keyid:16:86:00:DF:AC:9D:3D:1A:75:E6:63:0D:69:71:02:F2:F2:13:2C:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FoYA36ydPRp15mMNaXEC8vITLEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/KkhXv5JBp2iXJvGet-QbhRxTvxg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/af35c3-7f81-4829-8dba-18dbe6504bb4/1/FoYA36ydPRp15mMNaXEC8vITLEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.150.212.0/22
89.252.188.0/22
185.126.216.0/22
185.165.46.0/24
Signature Algorithm: sha256WithRSAEncryption
43:a0:07:88:0b:d3:4e:84:17:dc:5b:cf:f8:4b:91:c9:b9:24:
f5:ea:ab:e1:d9:4d:10:df:18:18:03:1e:80:42:f9:58:c5:94:
0c:d8:15:d5:b1:48:7d:85:de:42:96:0f:55:8c:82:f1:1c:6b:
0f:e2:43:f9:cd:71:6b:bf:bb:23:48:f3:05:25:3c:3e:33:85:
83:c2:63:29:f0:ab:0f:ac:43:2c:c2:63:37:1c:a1:cd:67:37:
e9:f0:4c:1e:ca:80:47:7a:74:5b:f0:fd:2e:ad:5e:ad:c0:63:
e6:b1:e3:b8:71:0f:50:d8:84:03:65:06:1f:62:3f:da:04:5f:
84:34:f9:07:f1:50:ea:de:c1:7a:d5:7b:b9:d0:6e:37:23:be:
5f:18:29:54:ac:11:fa:3f:07:1b:a1:58:31:e4:91:04:8f:fd:
18:9d:ca:d1:ac:f5:75:78:3e:2d:27:85:0f:eb:ee:40:82:96:
72:73:6a:fd:ef:1c:4d:1b:21:1e:91:9f:96:9c:c2:b7:bd:a6:
46:ea:a8:f2:77:2a:a7:62:c5:4c:b5:5e:78:99:2d:67:8a:c7:
02:de:6f:05:94:ea:d2:7a:46:2f:4c:1c:d3:b6:d8:cc:23:9e:
2f:3e:78:cf:e3:35:dc:e4:f7:a5:b5:ef:9d:7a:b2:4b:27:47:
e8:0b:62:06
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYXGcW7BPINihZ0j6+Z1z9ONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ODYwMGRmYWM5ZDNkMWE3NWU2NjMwZDY5NzEwMmYyZjIx
MzJjNDgwHhcNMjMwMTE4MTk1MzIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ4NTdiZjkyNDFhNzY4OTcyNmYxOWViN2U0MWI4NTFjNTNiZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkmYISdAGPT6Yp3+LmNeK44lnFx2
g4cab3moD7tEtu6ZFvrBPI9TfZpVVo2NOLgUfhz+Mwa+sLoEUGSdnU5KpUVKPuJ8
I3ujeJjYvAI3wyHMjp78KHQAaJB5htGKmzY3QRK5F2jQ57ktStimh6LXoKuFnCgR
MPpjkVu+ojCrbGR82v0Q6hMd8PLkZng0g/+LRRJRaiFqtuxBFErGXamxE0gELphl
HFl7FhSZQ6YlHGOwjMPxSbnm8E3NYnF6xCGMLqm64Cm1wyDtLEfLlsXvVVjtHRd+
F/ywfrBnbomIUeLW5yq5BVxXYUdkqY5Cr/LBSwJGzxBDsedJ5uKnHa9lJQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCpIV7+SQadolybxnrfkG4UcU78YMB8GA1UdIwQY
MBaAFBaGAN+snT0adeZjDWlxAvLyEyxIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm9ZQTM2eWRQUnAxNW1NTmFYRUM4dklUTEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9hZjM1YzMtN2Y4MS00ODI5LThkYmEt
MThkYmU2NTA0YmI0LzEvS2toWHY1SkJwMmlYSnZHZXQtUWJoUnhUdnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9hZjM1YzMtN2Y4MS00ODI5LThkYmEtMThkYmU2NTA0YmI0
LzEvRm9ZQTM2eWRQUnAxNW1NTmFYRUM4dklUTEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCU5bUAwQC
Wfy8AwQCuX7YAwQAuaUuMA0GCSqGSIb3DQEBCwUAA4IBAQBDoAeIC9NOhBfcW8/4
S5HJuST16qvh2U0Q3xgYAx6AQvlYxZQM2BXVsUh9hd5Clg9VjILxHGsP4kP5zXFr
v7sjSPMFJTw+M4WDwmMp8KsPrEMswmM3HKHNZzfp8EweyoBHenRb8P0urV6twGPm
seO4cQ9Q2IQDZQYfYj/aBF+ENPkH8VDq3sF61Xu50G43I75fGClUrBH6PwcboVgx
5JEEj/0YncrRrPV1eD4tJ4UP6+5AgpZyc2r97xxNGyEekZ+WnMK3vaZG6qjydyqn
YsVMtV54mS1niscC3m8FlOrSekYvTBzTttjMI54vPnjP4zXc5Pelte+derJLJ0fo
C2IG
-----END CERTIFICATE-----
Generated at Tue Jan 2 09:01:17 2024 by rpki-client on console-ams.rpki-client.org