Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/eJcE45fZwGUistzeAG8zdJZfnes.roa
File: eJcE45fZwGUistzeAG8zdJZfnes.roa (raw, json)
Hash identifier: omDrf+EtqFBFOjuDUuOq5L1LHIJHbNpHduemMKYATqY=
Subject key identifier: 78:97:04:E3:97:D9:C0:65:22:B2:DC:DE:00:6F:33:74:96:5F:9D:EB
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 01856B80FA469636283A9BF9DE9B1E679EA1
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/eJcE45fZwGUistzeAG8zdJZfnes.roa
Signing time: Sun 01 Jan 2023 04:04:52 +0000
ROA not before: Sun 01 Jan 2023 04:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49690
IP address blocks: 159.151.0.0/18 maxlen: 18
159.151.224.0/20 maxlen: 20
159.151.240.0/21 maxlen: 21
159.151.248.0/23 maxlen: 23
159.151.252.0/24 maxlen: 24
159.151.253.0/24 maxlen: 24
192.109.140.0/24 maxlen: 24
192.109.141.0/24 maxlen: 24
159.151.192.0/19 maxlen: 19
2a07:8140::/36 maxlen: 36
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:80:fa:46:96:36:28:3a:9b:f9:de:9b:1e:67:9e:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Jan 1 04:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=789704e397d9c06522b2dcde006f3374965f9deb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:98:66:1f:ff:01:a9:6a:4f:e9:e7:4b:8f:c4:
d7:dc:73:e4:47:31:2d:81:07:1d:c3:30:e8:bf:25:
3d:37:eb:f6:2b:ca:d5:58:ad:6b:40:27:f4:a4:27:
0d:af:11:b7:e8:db:f4:e4:4b:43:94:47:30:58:da:
d0:e9:42:f7:6c:16:8d:7a:3e:40:40:ca:13:c0:c2:
b0:f0:9e:ec:7b:ed:b2:b3:fe:38:8c:41:0d:87:df:
62:03:fb:24:08:ed:a3:72:e2:b2:b3:ea:79:84:29:
c0:97:c9:76:ea:09:13:d7:9e:ba:08:d5:a7:6d:09:
99:d0:00:e2:98:69:01:6f:90:89:0f:83:90:2a:11:
5e:ea:c0:cc:0e:5b:da:e8:67:25:fe:fe:7b:7d:67:
1a:a8:68:25:32:ba:38:63:c7:75:97:64:66:85:a1:
f5:0a:eb:98:58:5c:5a:a8:09:f9:61:e9:f4:cf:a2:
da:69:b3:48:e4:9d:0f:98:d3:3f:8a:cd:24:de:ae:
b4:a0:d0:4a:5b:79:21:1b:e3:8f:f9:1a:c8:be:28:
c7:67:88:41:62:1c:4c:2a:f4:0c:b3:e9:dc:b4:d3:
40:7f:f8:9f:f6:bf:a1:da:8a:2b:aa:27:98:f7:4e:
61:c9:01:81:1a:16:ea:0e:90:b3:b1:b0:89:e5:4d:
a8:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:97:04:E3:97:D9:C0:65:22:B2:DC:DE:00:6F:33:74:96:5F:9D:EB
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/eJcE45fZwGUistzeAG8zdJZfnes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.0.0/18
159.151.192.0-159.151.249.255
159.151.252.0/23
192.109.140.0/23
IPv6:
2a07:8140::/36
Signature Algorithm: sha256WithRSAEncryption
01:e0:3e:a6:71:f3:df:4e:62:04:49:4d:2f:2d:09:ea:1b:a8:
5c:ae:f4:8a:cf:fa:10:34:96:37:5e:50:c6:7a:bf:7f:b1:8f:
87:83:de:87:05:b8:9f:28:20:a0:8d:03:12:fc:eb:1d:ff:00:
a1:89:e9:25:28:f7:0a:95:55:b5:42:8d:00:80:2c:d2:5b:cf:
a9:6f:96:8c:a4:85:c8:33:ef:31:98:7a:62:62:f3:9e:5b:f0:
8e:8c:c3:10:ad:7b:83:46:56:68:1e:7c:96:35:d0:da:0c:7c:
88:ae:0e:7f:92:28:12:74:4f:75:1a:cd:4a:5e:e1:e1:8a:5c:
ee:6a:56:98:e6:81:e7:62:8e:aa:96:2b:fe:89:d1:c6:32:f2:
c7:aa:64:aa:4e:a4:6c:80:a0:b3:02:08:17:f1:ec:0d:f2:f1:
9d:5f:5f:0f:1a:51:42:58:8b:72:3d:a5:79:77:90:f2:e2:be:
1e:15:13:f5:a3:a8:d3:c2:bc:86:00:38:1a:f2:b1:e2:63:7b:
ae:27:b3:66:0d:4f:fa:34:a8:44:33:23:e5:63:8d:d9:ea:5a:
69:bb:ed:d5:a7:b6:03:71:09:cb:c9:89:83:75:50:0f:e3:f0:
bc:f6:4a:0d:59:02:a9:6d:8f:23:91:5f:38:8a:2a:43:18:cd:
12:45:44:4a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVrgPpGljYoOpv53pseZ56hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjMwMTAxMDQwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODk3MDRlMzk3ZDljMDY1MjJiMmRjZGUwMDZmMzM3NDk2NWY5ZGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJhmH/8BqWpP6edLj8TX3HPkRzEt
gQcdwzDovyU9N+v2K8rVWK1rQCf0pCcNrxG36Nv05EtDlEcwWNrQ6UL3bBaNej5A
QMoTwMKw8J7se+2ys/44jEENh99iA/skCO2jcuKys+p5hCnAl8l26gkT1566CNWn
bQmZ0ADimGkBb5CJD4OQKhFe6sDMDlva6Gcl/v57fWcaqGglMro4Y8d1l2RmhaH1
CuuYWFxaqAn5Yen0z6LaabNI5J0PmNM/is0k3q60oNBKW3khG+OP+RrIvijHZ4hB
YhxMKvQMs+nctNNAf/if9r+h2oorqieY905hyQGBGhbqDpCzsbCJ5U2o+wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHiXBOOX2cBlIrLc3gBvM3SWX53rMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvZUpjRTQ1Zlp3R1Vpc3R6ZUFHOHpkSlpmbmVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAmBAIAATAgAwQGn5cAMAwD
BAafl8ADBAGfl/gDBAGfl/wDBAHAbYwwDgQCAAIwCAMGBCoHgUAAMA0GCSqGSIb3
DQEBCwUAA4IBAQAB4D6mcfPfTmIESU0vLQnqG6hcrvSKz/oQNJY3XlDGer9/sY+H
g96HBbifKCCgjQMS/Osd/wChieklKPcKlVW1Qo0AgCzSW8+pb5aMpIXIM+8xmHpi
YvOeW/COjMMQrXuDRlZoHnyWNdDaDHyIrg5/kigSdE91Gs1KXuHhilzualaY5oHn
Yo6qliv+idHGMvLHqmSqTqRsgKCzAggX8ewN8vGdX18PGlFCWItyPaV5d5Dy4r4e
FRP1o6jTwryGADga8rHiY3uuJ7NmDU/6NKhEMyPlY43Z6lppu+3Vp7YDcQnLyYmD
dVAP4/C89koNWQKpbY8jkV84iipDGM0SRURK
-----END CERTIFICATE-----
Generated at Tue Jan 2 01:41:03 2024 by rpki-client on console-ams.rpki-client.org