Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/q3KjXpSZpqbs56U0lpbvLIn1WQM.roa
File: q3KjXpSZpqbs56U0lpbvLIn1WQM.roa (raw, json)
Hash identifier: uUq+qc5uNu6myMaTHcBgNtRLZt2iCtaMEcCSqr2ZHWU=
Subject key identifier: AB:72:A3:5E:94:99:A6:A6:EC:E7:A5:34:96:96:EF:2C:89:F5:59:03
Certificate issuer: /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial: 01856FE7299A9FA8A3FDA36381604F87FE84
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/q3KjXpSZpqbs56U0lpbvLIn1WQM.roa
Signing time: Mon 02 Jan 2023 00:34:58 +0000
ROA not before: Mon 02 Jan 2023 00:34:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44712
IP address blocks: 185.91.204.0/22 maxlen: 22
151.249.104.0/21 maxlen: 21
2a01:a8c0::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:e7:29:9a:9f:a8:a3:fd:a3:63:81:60:4f:87:fe:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Validity
Not Before: Jan 2 00:34:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ab72a35e9499a6a6ece7a5349696ef2c89f55903
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:a4:40:16:d3:b6:22:1e:d8:8f:d1:57:d2:11:
34:70:f0:b2:19:d7:fc:04:9a:14:fa:f7:e2:fa:61:
ba:94:3c:1f:0b:94:16:e6:e9:e6:04:df:76:e7:29:
6d:a9:5c:e0:0d:40:e5:9c:ee:b4:09:33:15:5b:c1:
46:df:52:f6:00:cc:16:1f:22:06:cc:27:d0:46:ae:
7a:22:0f:18:20:c7:a5:6c:3e:71:c7:c4:00:1a:d6:
d1:0c:52:d6:98:25:d1:37:38:83:6d:ec:22:da:07:
ea:a3:24:3f:6c:ea:ae:7c:fa:f5:47:0d:48:5a:79:
aa:e6:48:20:72:4a:7d:75:02:90:aa:7c:0b:bd:91:
9f:ac:be:74:5d:49:27:03:f8:ad:cc:43:e5:12:ba:
cf:c8:44:db:ed:32:0a:61:1b:ab:5a:8d:ee:b6:9a:
7b:8f:6e:00:47:04:9d:39:02:ae:64:b7:96:de:ee:
65:48:7f:d3:55:76:da:5a:59:9f:e5:b6:df:64:45:
ed:5f:a1:30:bd:7d:9f:e3:ef:42:1d:dd:74:29:21:
06:7a:40:09:d7:88:f3:e6:21:7a:77:dd:8e:6c:3e:
04:cb:0f:b4:76:63:5c:fb:1d:0e:e6:ca:8f:0a:3c:
e5:27:e0:fa:cb:56:92:7f:db:76:bf:a3:9f:ac:6b:
84:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:72:A3:5E:94:99:A6:A6:EC:E7:A5:34:96:96:EF:2C:89:F5:59:03
X509v3 Authority Key Identifier:
keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/q3KjXpSZpqbs56U0lpbvLIn1WQM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.249.104.0/21
185.91.204.0/22
IPv6:
2a01:a8c0::/29
Signature Algorithm: sha256WithRSAEncryption
22:69:df:5a:35:e1:da:b9:4e:a1:79:5e:3e:2f:e1:8e:53:83:
07:e8:17:fa:0a:6b:97:48:b9:6a:2e:7a:ef:39:78:bf:00:7d:
78:44:2e:81:e1:dc:41:56:08:0b:94:a6:55:97:54:a4:06:c9:
7d:e3:b3:d2:bd:00:91:f0:0d:f4:b6:6f:32:99:8e:64:98:36:
76:90:91:44:10:8b:71:e4:73:c1:ba:11:4b:02:16:4a:bc:73:
ec:f2:33:66:4b:34:cf:e9:fc:6a:0a:fd:60:37:06:da:aa:85:
a1:21:01:91:e2:0d:ae:b7:b4:85:5b:de:77:12:62:e2:23:19:
40:4b:a0:c5:2a:6f:44:2e:87:45:09:02:f4:ea:0c:50:8f:21:
32:b7:e1:cb:a1:0d:e3:b9:7c:7c:7a:d6:44:fc:55:2f:30:88:
3c:8e:e0:ae:1b:84:c2:01:8e:fd:b6:89:8c:95:9a:8d:be:b4:
89:bd:d5:7e:fc:0e:f4:c5:cb:90:03:18:c2:8f:67:e7:74:66:
e3:c0:58:a3:cf:69:04:6c:e6:27:8f:71:c0:ed:1e:ff:cf:30:
02:54:14:73:46:6b:75:ad:bc:15:91:36:cb:13:fc:b5:c3:0e:
74:fd:fc:28:35:64:0a:29:1c:2e:a4:86:6b:f1:16:41:29:cc:
44:ae:53:97
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVv5yman6ij/aNjgWBPh/6EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjMwMTAyMDAzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjcyYTM1ZTk0OTlhNmE2ZWNlN2E1MzQ5Njk2ZWYyYzg5ZjU1OTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6RAFtO2Ih7Yj9FX0hE0cPCyGdf8
BJoU+vfi+mG6lDwfC5QW5unmBN925yltqVzgDUDlnO60CTMVW8FG31L2AMwWHyIG
zCfQRq56Ig8YIMelbD5xx8QAGtbRDFLWmCXRNziDbewi2gfqoyQ/bOqufPr1Rw1I
Wnmq5kggckp9dQKQqnwLvZGfrL50XUknA/itzEPlErrPyETb7TIKYRurWo3utpp7
j24ARwSdOQKuZLeW3u5lSH/TVXbaWlmf5bbfZEXtX6EwvX2f4+9CHd10KSEGekAJ
14jz5iF6d92ObD4Eyw+0dmNc+x0O5sqPCjzlJ+D6y1aSf9t2v6OfrGuE8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKtyo16Umaam7OelNJaW7yyJ9VkDMB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvcTNLalhwU1pwcWJzNTZVMGxwYnZMSW4xV1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDl/loAwQC
uVvMMA0EAgACMAcDBQMqAajAMA0GCSqGSIb3DQEBCwUAA4IBAQAiad9aNeHauU6h
eV4+L+GOU4MH6Bf6CmuXSLlqLnrvOXi/AH14RC6B4dxBVggLlKZVl1SkBsl947PS
vQCR8A30tm8ymY5kmDZ2kJFEEItx5HPBuhFLAhZKvHPs8jNmSzTP6fxqCv1gNwba
qoWhIQGR4g2ut7SFW953EmLiIxlAS6DFKm9ELodFCQL06gxQjyEyt+HLoQ3juXx8
etZE/FUvMIg8juCuG4TCAY79tomMlZqNvrSJvdV+/A70xcuQAxjCj2fndGbjwFij
z2kEbOYnj3HA7R7/zzACVBRzRmt1rbwVkTbLE/y1ww50/fwoNWQKKRwupIZr8RZB
KcxErlOX
-----END CERTIFICATE-----
Generated at Tue Jan 2 09:01:22 2024 by rpki-client on console-ams.rpki-client.org