Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/KcElw3PRaN4TAHMLnalLVmay_iQ.roa
File: KcElw3PRaN4TAHMLnalLVmay_iQ.roa (raw, json)
Hash identifier: FBS31fg6NZ4xOR09tKZcSr18SXv1P3XlwkWUvCgz2AM=
Subject key identifier: 29:C1:25:C3:73:D1:68:DE:13:00:73:0B:9D:A9:4B:56:66:B2:FE:24
Certificate issuer: /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial: 01856EAFC32CBA6ADEC65D20969FCE0FCA2F
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/KcElw3PRaN4TAHMLnalLVmay_iQ.roa
Signing time: Sun 01 Jan 2023 18:54:50 +0000
ROA not before: Sun 01 Jan 2023 18:54:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31365
IP address blocks: 85.153.33.0/24 maxlen: 24
85.153.43.0/24 maxlen: 24
85.153.58.0/24 maxlen: 24
85.153.1.0/24 maxlen: 24
85.153.3.0/24 maxlen: 24
85.153.2.0/24 maxlen: 24
85.153.5.0/24 maxlen: 24
85.153.10.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:af:c3:2c:ba:6a:de:c6:5d:20:96:9f:ce:0f:ca:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Validity
Not Before: Jan 1 18:54:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=29c125c373d168de1300730b9da94b5666b2fe24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:40:de:9c:15:db:43:13:47:6b:69:10:23:93:
7e:e3:d9:6c:8b:83:6e:ce:33:98:52:1e:0a:88:02:
ce:75:9c:35:17:78:19:9e:1b:be:bf:cc:96:8f:6d:
52:a8:b0:c1:7a:20:6d:87:56:20:19:dd:ed:e7:a3:
39:43:10:51:03:54:ea:80:b9:45:ba:8b:7b:34:a7:
29:da:97:26:50:54:2c:4a:aa:7a:a4:87:da:4f:8d:
cb:c8:d2:df:8d:5f:6d:68:72:82:94:62:2d:91:2c:
2b:e6:aa:80:1b:18:8f:27:47:f7:9c:84:2f:84:ce:
58:5e:b4:72:89:77:b4:d7:8e:01:8e:ac:a4:dc:3f:
13:fa:25:f0:88:25:aa:75:66:72:57:b2:80:4c:a6:
4c:83:32:6c:05:71:6c:85:38:7e:35:ee:ae:bc:9b:
03:6a:1a:0b:7a:97:1e:86:85:68:58:a3:6e:89:45:
69:8b:2d:b8:4b:b4:08:7a:da:da:97:2e:e0:c6:f2:
73:10:5d:ac:7b:f6:f1:93:eb:67:d3:88:f3:1d:fb:
27:98:80:9a:39:6d:2e:27:de:49:e0:9b:6e:c5:b0:
e3:20:2e:ed:6f:7b:5b:fc:43:09:2c:fb:32:81:c6:
65:b9:c7:96:86:f0:fd:b9:a3:0b:33:50:88:3c:0f:
ad:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:C1:25:C3:73:D1:68:DE:13:00:73:0B:9D:A9:4B:56:66:B2:FE:24
X509v3 Authority Key Identifier:
keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/KcElw3PRaN4TAHMLnalLVmay_iQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.153.1.0-85.153.3.255
85.153.5.0/24
85.153.10.0/24
85.153.33.0/24
85.153.43.0/24
85.153.58.0/24
Signature Algorithm: sha256WithRSAEncryption
43:41:8f:7c:e6:a3:db:38:a7:d7:fc:d7:be:23:e2:1f:7c:a8:
52:85:6f:03:a9:45:ee:f8:e4:2d:a5:9d:04:0c:d9:62:88:00:
cc:85:bc:26:44:e4:8e:f7:52:04:92:15:17:d6:b9:06:4c:1f:
71:e0:cd:7a:80:82:c0:df:3f:77:b1:d1:6b:48:4a:d3:ff:52:
f8:d9:f6:72:7c:ed:ad:b5:76:43:e7:c4:14:ab:17:ed:9a:1c:
01:7f:27:07:39:f3:b5:26:b3:d8:4a:6b:23:6f:ab:77:f0:68:
e7:16:65:d4:c0:05:8b:85:85:da:1e:2f:a3:b2:e7:6b:3c:b9:
e4:bd:67:34:07:89:15:03:6b:84:af:18:e5:1e:4f:f9:a9:80:
eb:a4:97:41:67:6a:9b:06:ea:be:3a:95:9d:4f:af:b5:c4:52:
e9:fd:9a:5c:01:fb:2b:0a:99:12:16:c4:73:94:e4:32:f0:dd:
19:e8:36:79:9f:ff:40:09:fc:ff:80:1c:ce:21:b0:fc:aa:76:
bb:1d:d0:81:c0:e5:49:d9:0f:d4:3d:0b:da:b7:ee:38:56:77:
63:3f:f0:e7:1d:dc:4c:17:90:b2:0e:c0:82:53:b1:1b:0d:ef:
dd:1d:d9:07:2b:06:ba:a6:77:f0:7b:f9:ce:c1:5b:3a:72:bb:
ba:d6:cb:45
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVur8Msumrexl0glp/OD8ovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjMwMTAxMTg1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWMxMjVjMzczZDE2OGRlMTMwMDczMGI5ZGE5NGI1NjY2YjJmZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUDenBXbQxNHa2kQI5N+49lsi4Nu
zjOYUh4KiALOdZw1F3gZnhu+v8yWj21SqLDBeiBth1YgGd3t56M5QxBRA1TqgLlF
uot7NKcp2pcmUFQsSqp6pIfaT43LyNLfjV9taHKClGItkSwr5qqAGxiPJ0f3nIQv
hM5YXrRyiXe0144Bjqyk3D8T+iXwiCWqdWZyV7KATKZMgzJsBXFshTh+Ne6uvJsD
ahoLepcehoVoWKNuiUVpiy24S7QIetraly7gxvJzEF2se/bxk+tn04jzHfsnmICa
OW0uJ95J4JtuxbDjIC7tb3tb/EMJLPsygcZluceWhvD9uaMLM1CIPA+tEwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFCnBJcNz0WjeEwBzC52pS1Zmsv4kMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvS2NFbHczUFJhTjRUQUhNTG5hbExWbWF5X2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBABVmQED
BAJVmQADBABVmQUDBABVmQoDBABVmSEDBABVmSsDBABVmTowDQYJKoZIhvcNAQEL
BQADggEBAENBj3zmo9s4p9f8174j4h98qFKFbwOpRe745C2lnQQM2WKIAMyFvCZE
5I73UgSSFRfWuQZMH3HgzXqAgsDfP3ex0WtIStP/UvjZ9nJ87a21dkPnxBSrF+2a
HAF/Jwc587Ums9hKayNvq3fwaOcWZdTABYuFhdoeL6Oy52s8ueS9ZzQHiRUDa4Sv
GOUeT/mpgOukl0FnapsG6r46lZ1Pr7XEUun9mlwB+ysKmRIWxHOU5DLw3RnoNnmf
/0AJ/P+AHM4hsPyqdrsd0IHA5UnZD9Q9C9q37jhWd2M/8Ocd3EwXkLIOwIJTsRsN
790d2QcrBrqmd/B7+c7BWzpyu7rWy0U=
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:22:58 2024 by rpki-client on console-fra.rpki-client.org