Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/KxEBcIXgyKgcUsjA4YEiqKVKHQs.roa
File: KxEBcIXgyKgcUsjA4YEiqKVKHQs.roa (raw, json)
Hash identifier: qDGEmVCkgtHzoAnC8A7XvCpPIq6I8GW6zc6a8B+3BEw=
Subject key identifier: 2B:11:01:70:85:E0:C8:A8:1C:52:C8:C0:E1:81:22:A8:A5:4A:1D:0B
Certificate issuer: /CN=acf910f36291c3c224ddb596d956543197f163de
Certificate serial: 01856E1453DE2CEDAF56F2C9B02C1A296ABE
Authority key identifier: AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/KxEBcIXgyKgcUsjA4YEiqKVKHQs.roa
Signing time: Sun 01 Jan 2023 16:05:03 +0000
ROA not before: Sun 01 Jan 2023 16:05:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19551
IP address blocks: 91.109.251.0/24 maxlen: 24
91.109.250.0/24 maxlen: 24
91.109.249.0/24 maxlen: 24
91.109.248.0/24 maxlen: 24
91.109.253.0/24 maxlen: 24
91.109.252.0/24 maxlen: 24
91.109.254.0/24 maxlen: 24
217.147.125.0/24 maxlen: 24
217.147.124.0/24 maxlen: 24
217.147.124.0/22 maxlen: 22
217.147.127.0/24 maxlen: 24
217.147.126.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jan 2024 22:31:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:14:53:de:2c:ed:af:56:f2:c9:b0:2c:1a:29:6a:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=acf910f36291c3c224ddb596d956543197f163de
Validity
Not Before: Jan 1 16:05:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2b11017085e0c8a81c52c8c0e18122a8a54a1d0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:3b:96:d0:d1:6e:7f:29:1b:9e:27:31:f8:ab:
5f:2a:6c:e9:ff:64:43:c1:af:20:26:61:c0:2c:97:
c9:fa:58:61:34:0b:ac:e0:f2:60:7f:b2:01:30:a0:
4d:49:d8:3b:f5:74:3a:28:23:56:cf:3a:f7:3e:30:
5e:af:28:e2:4b:8a:18:3e:a1:81:a9:6a:23:7a:93:
d6:4f:54:27:1b:ef:70:46:0a:a7:58:dc:b6:33:73:
58:98:e6:eb:46:45:ab:7c:e8:06:8d:a2:57:54:7e:
29:65:56:c7:26:40:0c:06:b2:91:78:7a:15:d5:c0:
e3:66:d4:c0:ac:b0:50:de:14:bb:15:be:b7:eb:2e:
3a:eb:08:7e:66:0c:f3:3e:62:59:ad:c2:55:66:b2:
bb:86:6a:d4:14:2c:60:d9:d0:a3:9c:09:ce:8b:30:
02:95:16:70:34:6a:9e:db:ff:75:d5:29:69:26:cd:
2f:2b:db:e3:45:ff:fa:e2:0b:ec:e7:df:b7:f6:a8:
6a:72:17:4e:54:79:b8:72:dd:eb:2e:e9:ba:f0:ed:
29:85:b7:34:df:f2:a5:6e:7f:d4:0c:04:72:aa:7a:
2d:cb:7b:a3:ac:ee:08:50:c4:3b:01:53:88:02:48:
b4:a2:b8:91:87:69:f8:e3:2b:85:08:33:a1:07:1d:
12:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:11:01:70:85:E0:C8:A8:1C:52:C8:C0:E1:81:22:A8:A5:4A:1D:0B
X509v3 Authority Key Identifier:
keyid:AC:F9:10:F3:62:91:C3:C2:24:DD:B5:96:D9:56:54:31:97:F1:63:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rPkQ82KRw8Ik3bWW2VZUMZfxY94.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/KxEBcIXgyKgcUsjA4YEiqKVKHQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1f5e07-32b6-4114-8b0d-d3b58f698148/1/rPkQ82KRw8Ik3bWW2VZUMZfxY94.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.109.248.0-91.109.254.255
217.147.124.0/22
Signature Algorithm: sha256WithRSAEncryption
24:de:b6:0b:d5:df:d2:b5:ab:84:96:f7:76:eb:52:ce:58:f2:
8e:12:72:a8:3b:82:52:ea:5d:6c:66:2c:09:38:01:f7:65:bf:
70:3d:c2:23:38:ee:35:5e:20:a9:46:ec:fa:e8:63:fb:fe:32:
fd:eb:d6:74:6b:be:ed:92:e9:51:58:f2:db:9f:c8:24:a2:27:
f7:2d:92:84:34:be:5d:12:a6:3a:b6:fe:b8:49:71:37:87:91:
e7:b6:58:f1:09:28:01:b0:4d:18:cf:26:fa:82:b9:da:90:52:
fb:67:5f:6c:c3:71:ce:98:3f:fa:c7:38:cb:b0:86:4a:2a:ae:
4c:a1:0e:97:59:14:7e:bf:91:47:02:04:42:5d:6c:39:5d:c6:
37:2f:8c:98:24:be:da:a3:74:42:a9:a3:b5:8d:1f:4f:ab:27:
61:f3:55:5d:37:a6:86:83:a4:b1:0b:21:77:91:d4:cb:03:66:
e2:b8:63:95:4c:df:19:8d:0f:ed:ef:fd:67:3f:e3:6b:44:22:
b9:46:b8:8d:c2:ca:b9:c2:3b:2e:59:38:42:3f:22:fa:9e:cb:
57:ae:91:b1:05:8d:12:2e:9b:14:49:ff:30:93:2a:23:d8:dd:
d4:c9:b8:03:4d:93:8f:01:3f:d4:1f:47:34:bb:7f:8b:62:52:
cb:64:a6:22
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVuFFPeLO2vVvLJsCwaKWq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZjkxMGYzNjI5MWMzYzIyNGRkYjU5NmQ5NTY1NDMxOTdm
MTYzZGUwHhcNMjMwMTAxMTYwNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjExMDE3MDg1ZTBjOGE4MWM1MmM4YzBlMTgxMjJhOGE1NGExZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DuW0NFufykbnicx+KtfKmzp/2RD
wa8gJmHALJfJ+lhhNAus4PJgf7IBMKBNSdg79XQ6KCNWzzr3PjBeryjiS4oYPqGB
qWojepPWT1QnG+9wRgqnWNy2M3NYmObrRkWrfOgGjaJXVH4pZVbHJkAMBrKReHoV
1cDjZtTArLBQ3hS7Fb636y466wh+ZgzzPmJZrcJVZrK7hmrUFCxg2dCjnAnOizAC
lRZwNGqe2/911SlpJs0vK9vjRf/64gvs59+39qhqchdOVHm4ct3rLum68O0phbc0
3/Klbn/UDARyqnoty3ujrO4IUMQ7AVOIAki0oriRh2n44yuFCDOhBx0S9QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCsRAXCF4MioHFLIwOGBIqilSh0LMB8GA1UdIwQY
MBaAFKz5EPNikcPCJN21ltlWVDGX8WPeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQt
ZDNiNThmNjk4MTQ4LzEvS3hFQmNJWGd5S2djVXNqQTRZRWlxS1ZLSFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xZjVlMDctMzJiNi00MTE0LThiMGQtZDNiNThmNjk4MTQ4
LzEvclBrUTgyS1J3OElrM2JXVzJWWlVNWmZ4WTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANbbfgD
BABbbf4DBALZk3wwDQYJKoZIhvcNAQELBQADggEBACTetgvV39K1q4SW93brUs5Y
8o4Scqg7glLqXWxmLAk4Afdlv3A9wiM47jVeIKlG7ProY/v+Mv3r1nRrvu2S6VFY
8tufyCSiJ/ctkoQ0vl0Spjq2/rhJcTeHkee2WPEJKAGwTRjPJvqCudqQUvtnX2zD
cc6YP/rHOMuwhkoqrkyhDpdZFH6/kUcCBEJdbDldxjcvjJgkvtqjdEKpo7WNH0+r
J2HzVV03poaDpLELIXeR1MsDZuK4Y5VM3xmND+3v/Wc/42tEIrlGuI3CyrnCOy5Z
OEI/Ivqey1eukbEFjRIumxRJ/zCTKiPY3dTJuANNk48BP9QfRzS7f4tiUstkpiI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:17 2024 by rpki-client on console-ams.rpki-client.org