Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/3S-9dmUMCMRS8LlAfbznzUnaDVw.roa
File: 3S-9dmUMCMRS8LlAfbznzUnaDVw.roa (raw, json)
Hash identifier: TJIlqaePj2wtOg+pHjxpqf/W4zEnTWNqzPNlHGGf9XU=
Subject key identifier: DD:2F:BD:76:65:0C:08:C4:52:F0:B9:40:7D:BC:E7:CD:49:DA:0D:5C
Certificate issuer: /CN=323ab5ba98bef5d0d9bd0cea031a1fe13777a486
Certificate serial: 01856F2FD21FECD578CF8438C712C8697AB3
Authority key identifier: 32:3A:B5:BA:98:BE:F5:D0:D9:BD:0C:EA:03:1A:1F:E1:37:77:A4:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/3S-9dmUMCMRS8LlAfbznzUnaDVw.roa
Signing time: Sun 01 Jan 2023 21:14:43 +0000
ROA not before: Sun 01 Jan 2023 21:14:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199139
IP address blocks: 5.172.216.0/21 maxlen: 21
185.64.192.0/22 maxlen: 22
185.122.152.0/22 maxlen: 22
2a02:f600::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:2f:d2:1f:ec:d5:78:cf:84:38:c7:12:c8:69:7a:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=323ab5ba98bef5d0d9bd0cea031a1fe13777a486
Validity
Not Before: Jan 1 21:14:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd2fbd76650c08c452f0b9407dbce7cd49da0d5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:89:bf:d8:b8:2f:e1:6d:ed:4e:36:68:a1:b9:
bc:51:57:4c:4f:ce:38:2f:c8:70:1d:e2:4e:92:fc:
bb:c6:f9:bd:85:96:af:d5:6f:f6:dd:36:31:db:85:
bf:a9:93:d5:bc:89:27:ce:8c:c1:d2:62:0a:fc:fa:
43:32:00:77:03:df:e7:09:2a:72:93:5c:07:d2:c4:
c4:62:70:fc:10:7f:4d:62:03:49:41:6c:13:37:c9:
05:0b:58:6a:79:bc:ec:ef:3c:80:71:e8:13:a0:e5:
1c:02:ed:5e:46:9a:0c:32:6f:3e:39:0e:73:c2:e4:
6f:ff:e9:09:9c:35:c7:f0:e4:15:8e:54:a1:d8:07:
1e:83:01:6e:4d:7a:e9:5d:42:a4:85:a6:70:73:76:
09:17:41:21:91:a2:5f:30:ea:96:d9:d1:22:1b:be:
c2:78:22:a2:f2:36:6f:f3:6d:11:f9:25:c2:ff:96:
90:98:e3:f5:6b:05:a5:6e:e2:73:b4:e2:28:78:ad:
df:5a:3c:f4:f5:0e:9e:95:b6:0c:82:d5:71:a1:0c:
d2:1b:05:69:b3:14:7a:21:ff:22:2c:69:83:6d:97:
cb:fd:bc:53:fe:02:6f:64:91:c5:b9:56:b2:2e:bb:
76:21:1d:6a:67:f7:b4:3e:fd:6d:a9:ce:43:a8:bb:
51:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:2F:BD:76:65:0C:08:C4:52:F0:B9:40:7D:BC:E7:CD:49:DA:0D:5C
X509v3 Authority Key Identifier:
keyid:32:3A:B5:BA:98:BE:F5:D0:D9:BD:0C:EA:03:1A:1F:E1:37:77:A4:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mjq1upi-9dDZvQzqAxof4Td3pIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/3S-9dmUMCMRS8LlAfbznzUnaDVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/b01290-d76d-42d8-a234-f9512499e05c/1/Mjq1upi-9dDZvQzqAxof4Td3pIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.216.0/21
185.64.192.0/22
185.122.152.0/22
IPv6:
2a02:f600::/29
Signature Algorithm: sha256WithRSAEncryption
9d:d6:17:18:6a:ea:90:d0:11:29:3f:da:c8:51:ae:a9:e6:7e:
dd:0c:a3:80:1d:fe:a1:16:74:a4:1f:c4:ff:4b:49:22:3e:66:
60:1b:d7:88:26:c8:11:2d:57:bb:8f:78:0a:b6:5b:98:12:c7:
4f:fb:d5:e0:33:39:d9:52:87:20:10:97:08:eb:e1:89:6a:92:
4b:48:34:30:d0:56:5f:d2:9b:5c:07:86:a6:40:95:46:42:60:
7e:e6:9d:a7:18:2b:13:3b:1b:27:52:b1:03:80:54:1e:fd:10:
ea:cb:2f:1b:45:fb:8e:01:fa:bf:07:50:17:eb:11:44:ed:99:
c4:8f:40:e0:65:63:60:7b:31:89:f8:c0:08:c2:78:d8:ea:38:
c9:c4:ea:11:85:d5:70:94:ba:af:22:3f:8d:81:13:a7:25:69:
0b:4a:da:39:40:1a:0b:3b:c8:81:e6:ff:7d:51:fa:37:db:8d:
50:c7:51:a6:1d:8a:54:17:3c:b2:7a:d3:be:ad:c4:90:bc:e3:
64:72:24:26:87:8a:2b:7c:a0:08:f9:38:95:e6:34:6d:bf:44:
58:1a:73:0c:43:51:6a:b9:e1:1b:36:34:d1:08:a1:d6:9a:6f:
90:dc:7e:2e:92:eb:78:5d:e3:4c:15:ce:fa:14:34:f9:43:16:
f1:e8:34:e6
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvL9If7NV4z4Q4xxLIaXqzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyM2FiNWJhOThiZWY1ZDBkOWJkMGNlYTAzMWExZmUxMzc3
N2E0ODYwHhcNMjMwMTAxMjExNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJmYmQ3NjY1MGMwOGM0NTJmMGI5NDA3ZGJjZTdjZDQ5ZGEwZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIm/2Lgv4W3tTjZoobm8UVdMT844
L8hwHeJOkvy7xvm9hZav1W/23TYx24W/qZPVvIknzozB0mIK/PpDMgB3A9/nCSpy
k1wH0sTEYnD8EH9NYgNJQWwTN8kFC1hqebzs7zyAcegToOUcAu1eRpoMMm8+OQ5z
wuRv/+kJnDXH8OQVjlSh2AcegwFuTXrpXUKkhaZwc3YJF0EhkaJfMOqW2dEiG77C
eCKi8jZv820R+SXC/5aQmOP1awWlbuJztOIoeK3fWjz09Q6elbYMgtVxoQzSGwVp
sxR6If8iLGmDbZfL/bxT/gJvZJHFuVayLrt2IR1qZ/e0Pv1tqc5DqLtRlwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN0vvXZlDAjEUvC5QH28581J2g1cMB8GA1UdIwQY
MBaAFDI6tbqYvvXQ2b0M6gMaH+E3d6SGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWpxMXVwaS05ZERadlF6cUF4b2Y0VGQzcElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9iMDEyOTAtZDc2ZC00MmQ4LWEyMzQt
Zjk1MTI0OTllMDVjLzEvM1MtOWRtVU1DTVJTOExsQWZiem56VW5hRFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9iMDEyOTAtZDc2ZC00MmQ4LWEyMzQtZjk1MTI0OTllMDVj
LzEvTWpxMXVwaS05ZERadlF6cUF4b2Y0VGQzcElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBazYAwQC
uUDAAwQCuXqYMA0EAgACMAcDBQMqAvYAMA0GCSqGSIb3DQEBCwUAA4IBAQCd1hcY
auqQ0BEpP9rIUa6p5n7dDKOAHf6hFnSkH8T/S0kiPmZgG9eIJsgRLVe7j3gKtluY
EsdP+9XgMznZUocgEJcI6+GJapJLSDQw0FZf0ptcB4amQJVGQmB+5p2nGCsTOxsn
UrEDgFQe/RDqyy8bRfuOAfq/B1AX6xFE7ZnEj0DgZWNgezGJ+MAIwnjY6jjJxOoR
hdVwlLqvIj+NgROnJWkLSto5QBoLO8iB5v99Ufo3241Qx1GmHYpUFzyyetO+rcSQ
vONkciQmh4orfKAI+TiV5jRtv0RYGnMMQ1FqueEbNjTRCKHWmm+Q3H4ukut4XeNM
Fc76FDT5Qxbx6DTm
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:56:46 2024 by rpki-client on console-fra.rpki-client.org