Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/m9Qg6DwozL_qvZ6LW93qNeLTyX0.roa
File: m9Qg6DwozL_qvZ6LW93qNeLTyX0.roa (raw, json)
Hash identifier: FeSJM0AN669lzpuqomBsyOfJWOSWbxC4wKpBR/Jx9wU=
Subject key identifier: 9B:D4:20:E8:3C:28:CC:BF:EA:BD:9E:8B:5B:DD:EA:35:E2:D3:C9:7D
Certificate issuer: /CN=ebdfa7c0ad7ef674dd5b4194960f2ffd4115f261
Certificate serial: 0185ED42C47A797F033B8EB7EEBC00E726DB
Authority key identifier: EB:DF:A7:C0:AD:7E:F6:74:DD:5B:41:94:96:0F:2F:FD:41:15:F2:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/69-nwK1-9nTdW0GUlg8v_UEV8mE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/m9Qg6DwozL_qvZ6LW93qNeLTyX0.roa
Signing time: Thu 26 Jan 2023 08:47:33 +0000
ROA not before: Thu 26 Jan 2023 08:47:33 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43201
IP address blocks: 195.158.222.0/23 maxlen: 23
195.158.223.0/24 maxlen: 24
195.158.220.0/24 maxlen: 24
195.158.221.0/24 maxlen: 24
195.158.220.0/23 maxlen: 23
195.158.220.0/22 maxlen: 22
195.158.222.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ed:42:c4:7a:79:7f:03:3b:8e:b7:ee:bc:00:e7:26:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebdfa7c0ad7ef674dd5b4194960f2ffd4115f261
Validity
Not Before: Jan 26 08:47:33 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9bd420e83c28ccbfeabd9e8b5bddea35e2d3c97d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:7c:57:eb:c3:cb:7e:e1:e0:c6:f6:d2:80:e6:
f2:dd:da:c0:29:1d:19:c1:41:05:65:b1:f6:63:90:
b8:ed:3e:96:82:81:14:ad:a5:e8:24:2d:06:c1:88:
ee:9e:1d:65:48:64:f9:9d:e5:f6:f2:9c:7a:42:fa:
8f:f3:19:f1:0f:36:6e:da:d9:80:e9:95:88:c6:8b:
09:a0:b8:d3:1e:0a:84:8c:59:16:9a:a2:d5:f8:8d:
96:a3:3c:0a:97:4e:d1:61:7e:2c:bb:fa:20:24:d3:
e8:13:e6:d0:80:ee:f2:9f:a5:65:a2:1d:b2:2e:68:
fc:57:68:4d:dd:f2:3c:47:69:f2:78:bc:81:f9:3c:
ce:61:ce:e6:24:ca:fb:0f:44:72:f4:69:9e:5d:59:
5c:4a:ad:f5:22:58:18:8c:b6:b0:c6:e0:8b:1b:00:
30:53:4e:f5:6e:d0:73:f9:c3:dd:80:77:bc:5c:d4:
c4:70:98:f3:7d:ba:71:14:75:55:1f:c7:64:64:a7:
19:c3:fb:3f:4b:34:35:37:57:ae:0d:72:62:ec:7b:
43:87:17:d1:4c:7e:ce:2c:82:45:36:16:ab:3c:38:
b2:b4:46:a3:2e:34:0e:75:7f:b7:02:5a:bc:c8:c8:
a9:78:72:2e:5e:69:ac:b2:7f:1d:a8:58:54:99:bd:
56:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:D4:20:E8:3C:28:CC:BF:EA:BD:9E:8B:5B:DD:EA:35:E2:D3:C9:7D
X509v3 Authority Key Identifier:
keyid:EB:DF:A7:C0:AD:7E:F6:74:DD:5B:41:94:96:0F:2F:FD:41:15:F2:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/69-nwK1-9nTdW0GUlg8v_UEV8mE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/m9Qg6DwozL_qvZ6LW93qNeLTyX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/434fed-877d-4a0f-a256-85345f660655/1/69-nwK1-9nTdW0GUlg8v_UEV8mE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.158.220.0/22
Signature Algorithm: sha256WithRSAEncryption
b1:6c:c1:e3:91:87:1c:60:44:13:d4:1e:4c:63:2f:90:c2:65:
3b:f3:d9:ff:cd:e5:8e:4b:ca:cf:78:1f:3a:00:a9:cd:ba:54:
2e:d4:c2:3d:23:e3:f8:bf:75:80:99:c5:3d:13:f0:82:fa:44:
1f:c9:82:eb:90:3a:5d:dd:f8:9c:e9:e2:bb:9c:de:ee:3b:04:
95:d7:27:63:c7:66:e0:c5:12:83:c7:e8:f4:ff:5b:ee:48:a5:
b4:eb:1a:ec:fc:3d:8d:bb:58:5b:4c:5f:f9:3a:67:ee:6b:71:
aa:7f:76:f4:ab:17:ee:8c:c2:b3:eb:fe:e7:5d:5f:4a:d6:cb:
de:de:02:b7:46:73:e2:a0:d2:7d:46:23:b9:23:80:4e:53:8a:
5d:9e:79:f3:40:6b:03:05:1d:63:90:2b:17:73:bb:d2:b7:f0:
ec:21:68:92:14:3a:36:5f:e8:44:9f:5f:6c:39:a5:f5:b2:24:
d1:38:80:cd:dd:a0:8c:90:03:3f:2b:d8:60:36:bf:00:f8:5e:
62:f4:fc:b8:c7:38:b9:31:3a:98:65:33:18:d8:ac:ec:a7:5d:
cf:95:3f:eb:ea:88:1b:64:1f:68:81:71:9e:9b:56:81:a5:fa:
39:3b:34:c7:01:2a:f9:f5:c5:e2:85:2c:7d:41:89:bc:4a:40:
ea:61:9a:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYXtQsR6eX8DO4637rwA5ybbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZGZhN2MwYWQ3ZWY2NzRkZDViNDE5NDk2MGYyZmZkNDEx
NWYyNjEwHhcNMjMwMTI2MDg0NzMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmQ0MjBlODNjMjhjY2JmZWFiZDllOGI1YmRkZWEzNWUyZDNjOTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnxX68PLfuHgxvbSgOby3drAKR0Z
wUEFZbH2Y5C47T6WgoEUraXoJC0GwYjunh1lSGT5neX28px6QvqP8xnxDzZu2tmA
6ZWIxosJoLjTHgqEjFkWmqLV+I2WozwKl07RYX4su/ogJNPoE+bQgO7yn6Vloh2y
Lmj8V2hN3fI8R2nyeLyB+TzOYc7mJMr7D0Ry9GmeXVlcSq31IlgYjLawxuCLGwAw
U071btBz+cPdgHe8XNTEcJjzfbpxFHVVH8dkZKcZw/s/SzQ1N1euDXJi7HtDhxfR
TH7OLIJFNharPDiytEajLjQOdX+3Alq8yMipeHIuXmmssn8dqFhUmb1WcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvUIOg8KMy/6r2ei1vd6jXi08l9MB8GA1UdIwQY
MBaAFOvfp8CtfvZ03VtBlJYPL/1BFfJhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjktbndLMS05blRkVzBHVWxnOHZfVUVWOG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny80MzRmZWQtODc3ZC00YTBmLWEyNTYt
ODUzNDVmNjYwNjU1LzEvbTlRZzZEd296TF9xdlo2TFc5M3FOZUxUeVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny80MzRmZWQtODc3ZC00YTBmLWEyNTYtODUzNDVmNjYwNjU1
LzEvNjktbndLMS05blRkVzBHVWxnOHZfVUVWOG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw57cMA0G
CSqGSIb3DQEBCwUAA4IBAQCxbMHjkYccYEQT1B5MYy+QwmU789n/zeWOS8rPeB86
AKnNulQu1MI9I+P4v3WAmcU9E/CC+kQfyYLrkDpd3fic6eK7nN7uOwSV1ydjx2bg
xRKDx+j0/1vuSKW06xrs/D2Nu1hbTF/5Omfua3Gqf3b0qxfujMKz6/7nXV9K1sve
3gK3RnPioNJ9RiO5I4BOU4pdnnnzQGsDBR1jkCsXc7vSt/DsIWiSFDo2X+hEn19s
OaX1siTROIDN3aCMkAM/K9hgNr8A+F5i9Py4xzi5MTqYZTMY2Kzsp13PlT/r6ogb
ZB9ogXGem1aBpfo5OzTHASr59cXihSx9QYm8SkDqYZoK
-----END CERTIFICATE-----
Generated at Mon Jan 1 11:16:04 2024 by rpki-client on console-ams.rpki-client.org