Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/hLnMdw1T2CfmtFfQ9HqgVwXT8-c.roa
File: hLnMdw1T2CfmtFfQ9HqgVwXT8-c.roa (raw, json)
Hash identifier: GGD/2c94BenlpIFmntwmTc4FZt5Y99BbDNTunaU7G3k=
Subject key identifier: 84:B9:CC:77:0D:53:D8:27:E6:B4:57:D0:F4:7A:A0:57:05:D3:F3:E7
Certificate issuer: /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial: 0185DDB61A99D4AA3321E38DDA80D18DF5CD
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/hLnMdw1T2CfmtFfQ9HqgVwXT8-c.roa
Signing time: Mon 23 Jan 2023 08:19:37 +0000
ROA not before: Mon 23 Jan 2023 08:19:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204916
IP address blocks: 84.54.36.0/24 maxlen: 24
194.113.105.0/24 maxlen: 24
83.171.240.0/24 maxlen: 24
83.171.240.0/22 maxlen: 22
83.171.243.0/24 maxlen: 24
83.171.242.0/24 maxlen: 24
2a11:201::/32 maxlen: 32
2a10:c0c3::/32 maxlen: 32
2a10:c0c0::/29 maxlen: 29
2a10:c0c1::/32 maxlen: 32
2a10:c0c7:3000::/36 maxlen: 36
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:dd:b6:1a:99:d4:aa:33:21:e3:8d:da:80:d1:8d:f5:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Validity
Not Before: Jan 23 08:19:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84b9cc770d53d827e6b457d0f47aa05705d3f3e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:ae:2b:81:46:41:be:68:1d:3f:04:a8:50:6d:
91:0a:9d:69:49:df:7e:52:ec:96:13:90:cc:be:08:
09:9f:d7:eb:0f:58:36:56:ab:07:12:74:bd:de:d6:
49:a5:55:4d:c0:01:d7:78:77:6c:d2:f4:d2:61:f9:
fd:57:79:78:a9:96:4c:8e:0f:1c:79:d4:b5:57:d8:
23:81:c9:53:fd:77:45:11:3c:2e:f8:87:28:8c:28:
b9:b6:3e:96:ed:b8:bb:00:2c:3b:8d:77:ba:8b:ae:
4d:f9:94:89:91:7b:a5:51:8f:93:34:3c:3d:b6:7f:
ee:e9:d8:a2:08:13:d8:a9:df:f0:a9:9e:b4:01:ff:
a5:f0:86:07:79:ba:4b:fa:0e:e0:96:7a:2d:ec:63:
54:d2:23:9f:ad:d2:b4:b5:65:d0:bc:d7:80:cb:f4:
d1:96:9a:bc:85:93:01:cf:a8:42:37:f2:5e:e7:ab:
2d:46:dc:98:8e:f1:b1:33:3c:c1:65:f3:5b:77:ed:
d8:d2:e7:50:5f:4f:6a:3f:a7:68:1e:64:2a:c9:32:
81:d7:17:d0:f7:5b:ac:ec:28:75:36:d2:67:ab:68:
e8:7b:72:2e:ea:23:e8:2d:a4:65:c3:f0:16:ff:58:
c9:fd:53:61:0d:80:b8:c0:e5:84:15:21:34:07:80:
85:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:B9:CC:77:0D:53:D8:27:E6:B4:57:D0:F4:7A:A0:57:05:D3:F3:E7
X509v3 Authority Key Identifier:
keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/hLnMdw1T2CfmtFfQ9HqgVwXT8-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.171.240.0/22
84.54.36.0/24
194.113.105.0/24
IPv6:
2a10:c0c0::/29
2a11:201::/32
Signature Algorithm: sha256WithRSAEncryption
3d:45:7c:52:3c:1f:43:17:36:45:67:62:67:5d:70:ef:20:2f:
df:a2:b2:94:97:af:f6:e4:b4:2e:c9:e3:66:9c:20:66:1e:5d:
a4:71:cb:0a:74:df:cf:41:aa:0a:50:2e:c0:b6:95:9c:6f:16:
e3:bf:04:42:1e:85:48:65:31:7f:36:c4:36:0a:4f:69:95:2b:
1b:9e:27:8b:19:0e:be:05:ed:16:80:22:2c:ae:70:0f:95:f0:
43:b1:28:a2:db:17:a2:4e:b3:00:58:53:9e:84:05:20:55:86:
05:3d:5a:e5:a2:95:3f:9d:cb:59:5e:27:a0:f2:2a:37:9d:82:
7c:e6:75:3f:b8:1d:bc:54:61:d0:a9:76:25:2a:0f:17:7b:39:
f1:9c:40:cc:6d:22:bb:2c:33:3b:8b:34:02:87:48:37:64:12:
19:60:47:7d:eb:19:bc:0c:5e:0d:32:87:24:47:8b:39:86:fa:
81:7e:38:38:b1:63:6c:ae:11:20:25:e7:13:10:78:f3:1c:82:
ac:ab:02:0d:47:11:94:a6:7a:bf:af:9c:68:54:4f:58:b2:6b:
a0:15:7f:59:05:e7:97:65:b0:66:93:7e:99:18:9f:24:d9:d9:
79:98:60:b3:a1:d0:85:e2:9a:78:61:f8:aa:e3:19:19:90:33:
ff:52:47:f7
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYXdthqZ1KozIeON2oDRjfXNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjMwMTIzMDgxOTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI5Y2M3NzBkNTNkODI3ZTZiNDU3ZDBmNDdhYTA1NzA1ZDNmM2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAia4rgUZBvmgdPwSoUG2RCp1pSd9+
UuyWE5DMvggJn9frD1g2VqsHEnS93tZJpVVNwAHXeHds0vTSYfn9V3l4qZZMjg8c
edS1V9gjgclT/XdFETwu+IcojCi5tj6W7bi7ACw7jXe6i65N+ZSJkXulUY+TNDw9
tn/u6diiCBPYqd/wqZ60Af+l8IYHebpL+g7glnot7GNU0iOfrdK0tWXQvNeAy/TR
lpq8hZMBz6hCN/Je56stRtyYjvGxMzzBZfNbd+3Y0udQX09qP6doHmQqyTKB1xfQ
91us7Ch1NtJnq2joe3Iu6iPoLaRlw/AW/1jJ/VNhDYC4wOWEFSE0B4CF4wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFIS5zHcNU9gn5rRX0PR6oFcF0/PnMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvaExuTWR3MVQyQ2ZtdEZmUTlIcWdWd1hUOC1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQCU6vwAwQA
VDYkAwQAwnFpMBQEAgACMA4DBQMqEMDAAwUAKhECATANBgkqhkiG9w0BAQsFAAOC
AQEAPUV8UjwfQxc2RWdiZ11w7yAv36KylJev9uS0LsnjZpwgZh5dpHHLCnTfz0Gq
ClAuwLaVnG8W478EQh6FSGUxfzbENgpPaZUrG54nixkOvgXtFoAiLK5wD5XwQ7Eo
otsXok6zAFhTnoQFIFWGBT1a5aKVP53LWV4noPIqN52CfOZ1P7gdvFRh0Kl2JSoP
F3s58ZxAzG0iuywzO4s0AodIN2QSGWBHfesZvAxeDTKHJEeLOYb6gX44OLFjbK4R
ICXnExB48xyCrKsCDUcRlKZ6v6+caFRPWLJroBV/WQXnl2WwZpN+mRifJNnZeZhg
s6HQheKaeGH4quMZGZAz/1JH9w==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:32 2023 by rpki-client on console-ams.rpki-client.org