Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/e5725b-3128-44b3-9f83-5aa620a81149/1/xKl1QGtbgNEW3TZcpiw49wtWJK4.roa
File: xKl1QGtbgNEW3TZcpiw49wtWJK4.roa (raw, json)
Hash identifier: 5RbfhS2vPaQkTscIH6cA/oYnR1JpRtXm7TDvMnxFcYk=
Subject key identifier: C4:A9:75:40:6B:5B:80:D1:16:DD:36:5C:A6:2C:38:F7:0B:56:24:AE
Certificate issuer: /CN=d87821a7c8761e08121e70c9ff42ff9b6ad34e51
Certificate serial: 018B80911DF2707FFFBFA5D82E05DD71FB84
Authority key identifier: D8:78:21:A7:C8:76:1E:08:12:1E:70:C9:FF:42:FF:9B:6A:D3:4E:51
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2Hghp8h2HggSHnDJ_0L_m2rTTlE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/96/e5725b-3128-44b3-9f83-5aa620a81149/1/xKl1QGtbgNEW3TZcpiw49wtWJK4.roa
Signing time: Mon 30 Oct 2023 12:31:15 +0000
ROA not before: Mon 30 Oct 2023 12:31:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 14618
IP address blocks: 217.147.180.0/24 maxlen: 24
217.147.181.0/24 maxlen: 24
217.147.180.0/23 maxlen: 24
2a0b:2900:ff00::/40 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:80:91:1d:f2:70:7f:ff:bf:a5:d8:2e:05:dd:71:fb:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d87821a7c8761e08121e70c9ff42ff9b6ad34e51
Validity
Not Before: Oct 30 12:31:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c4a975406b5b80d116dd365ca62c38f70b5624ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:8f:50:a6:99:31:3c:3b:9f:21:24:f8:f7:6e:
46:56:9f:bd:99:ab:b6:ab:46:b0:b2:ec:8f:8a:e9:
1b:e9:1e:4d:1e:2e:33:94:98:87:54:4b:c1:e1:2f:
8b:07:a2:b5:6e:c0:e0:f3:2f:20:6c:ee:8a:7b:ab:
b9:69:9a:bd:3c:71:c0:3b:6d:66:9f:57:ee:e8:a9:
dc:f6:8c:e8:89:db:c6:b0:45:91:91:6f:d5:dd:87:
75:04:20:05:21:35:08:92:18:d1:d7:76:58:60:4b:
68:77:17:ea:af:e2:94:c1:00:c2:71:e9:31:fd:93:
b9:e1:3b:55:d8:15:29:71:6d:c2:f6:2a:77:ea:5e:
17:9c:65:11:43:68:70:ee:f5:75:33:78:ea:85:15:
7e:8f:2c:c6:bb:32:a3:7e:ce:b3:52:2a:cd:85:0d:
6f:1a:58:0e:89:08:c0:24:64:57:c4:23:26:8d:ad:
45:d9:74:bb:27:d1:87:d8:bb:3b:9f:16:6d:2e:c5:
15:24:65:78:8c:4b:c8:41:8d:86:46:25:a6:78:85:
1d:70:79:7f:ce:c0:16:3b:ab:4b:6f:af:37:82:69:
12:5f:ec:6a:0f:05:ad:2b:85:b2:47:9f:29:af:bd:
86:43:1e:b2:e2:d5:f2:a6:53:b9:c9:66:6d:5f:a6:
c1:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:A9:75:40:6B:5B:80:D1:16:DD:36:5C:A6:2C:38:F7:0B:56:24:AE
X509v3 Authority Key Identifier:
keyid:D8:78:21:A7:C8:76:1E:08:12:1E:70:C9:FF:42:FF:9B:6A:D3:4E:51
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Hghp8h2HggSHnDJ_0L_m2rTTlE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/e5725b-3128-44b3-9f83-5aa620a81149/1/xKl1QGtbgNEW3TZcpiw49wtWJK4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/96/e5725b-3128-44b3-9f83-5aa620a81149/1/2Hghp8h2HggSHnDJ_0L_m2rTTlE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.147.180.0/23
IPv6:
2a0b:2900:ff00::/40
Signature Algorithm: sha256WithRSAEncryption
82:d3:95:3b:e1:bf:4e:47:5c:8d:f0:95:5a:6a:1f:70:fe:03:
ca:82:c5:d2:c7:de:85:54:31:7b:7b:dd:f8:6b:cd:e3:a5:b8:
78:c1:58:7a:6a:10:4e:42:c5:65:29:6d:f8:14:24:8d:71:22:
eb:fb:47:ae:39:34:e7:7a:c7:79:64:21:47:49:01:9e:f4:1b:
bb:53:98:56:05:a2:95:58:8f:44:a2:dc:f0:9c:02:a1:cc:e1:
6e:f8:56:79:ef:07:c8:ff:d2:1d:a5:12:08:5f:8d:71:b7:72:
ce:ac:20:2e:24:1f:03:11:92:97:8a:34:e3:95:7e:07:28:5f:
93:cd:ea:aa:d5:ea:ca:11:2d:55:47:19:9b:73:4c:fb:0e:c3:
82:4e:d3:d8:0c:6e:26:90:aa:77:81:2f:00:80:29:d5:ea:6a:
f6:e3:78:af:34:0d:b2:a5:81:6a:2c:5b:4b:e4:b8:85:bc:58:
30:45:b8:55:60:f7:81:9f:18:88:ef:b6:5e:b0:61:cf:a9:f6:
de:3a:82:a6:a7:ac:4b:23:57:0a:65:91:75:71:a1:c6:f6:c5:
b1:0f:eb:0c:4f:48:fa:44:07:07:98:74:79:9e:f1:b3:48:42:
ba:26:e6:9c:b4:de:e6:21:71:52:2a:c6:d1:d4:48:46:45:27:
a9:4f:ec:35
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYuAkR3ycH//v6XYLgXdcfuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4NzgyMWE3Yzg3NjFlMDgxMjFlNzBjOWZmNDJmZjliNmFk
MzRlNTEwHhcNMjMxMDMwMTIzMTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE5NzU0MDZiNWI4MGQxMTZkZDM2NWNhNjJjMzhmNzBiNTYyNGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI9QppkxPDufIST4925GVp+9mau2
q0awsuyPiukb6R5NHi4zlJiHVEvB4S+LB6K1bsDg8y8gbO6Ke6u5aZq9PHHAO21m
n1fu6Knc9ozoidvGsEWRkW/V3Yd1BCAFITUIkhjR13ZYYEtodxfqr+KUwQDCcekx
/ZO54TtV2BUpcW3C9ip36l4XnGURQ2hw7vV1M3jqhRV+jyzGuzKjfs6zUirNhQ1v
GlgOiQjAJGRXxCMmja1F2XS7J9GH2Ls7nxZtLsUVJGV4jEvIQY2GRiWmeIUdcHl/
zsAWO6tLb683gmkSX+xqDwWtK4WyR58pr72GQx6y4tXyplO5yWZtX6bBpwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMSpdUBrW4DRFt02XKYsOPcLViSuMB8GA1UdIwQY
MBaAFNh4IafIdh4IEh5wyf9C/5tq005RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkhnaHA4aDJIZ2dTSG5ESl8wTF9tMnJUVGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9lNTcyNWItMzEyOC00NGIzLTlmODMt
NWFhNjIwYTgxMTQ5LzEveEtsMVFHdGJnTkVXM1RaY3BpdzQ5d3RXSks0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9lNTcyNWItMzEyOC00NGIzLTlmODMtNWFhNjIwYTgxMTQ5
LzEvMkhnaHA4aDJIZ2dTSG5ESl8wTF9tMnJUVGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQB2ZO0MA4E
AgACMAgDBgAqCykA/zANBgkqhkiG9w0BAQsFAAOCAQEAgtOVO+G/TkdcjfCVWmof
cP4DyoLF0sfehVQxe3vd+GvN46W4eMFYemoQTkLFZSlt+BQkjXEi6/tHrjk053rH
eWQhR0kBnvQbu1OYVgWilViPRKLc8JwCoczhbvhWee8HyP/SHaUSCF+Ncbdyzqwg
LiQfAxGSl4o045V+Byhfk83qqtXqyhEtVUcZm3NM+w7Dgk7T2AxuJpCqd4EvAIAp
1epq9uN4rzQNsqWBaixbS+S4hbxYMEW4VWD3gZ8YiO+2XrBhz6n23jqCpqesSyNX
CmWRdXGhxvbFsQ/rDE9I+kQHB5h0eZ7xs0hCuibmnLTe5iFxUirG0dRIRkUnqU/s
NQ==
-----END CERTIFICATE-----
Generated at Tue Jan 2 14:37:09 2024 by rpki-client on console-fra.rpki-client.org