Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa
File: Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa (raw, json)
Hash identifier: VKqFnbivCJXLGvkvKioIKULnFWKRBJ6PzRLPT6qde/g=
Subject key identifier: 26:7F:CA:21:72:2F:A7:D4:FE:6D:2F:12:13:09:DA:64:31:9D:89:F5
Certificate issuer: /CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Certificate serial: 018A17BFDF67AEAF9E5D0F761B9101AEFF04
Authority key identifier: DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa
Signing time: Mon 21 Aug 2023 10:59:25 +0000
ROA not before: Mon 21 Aug 2023 10:59:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25521
IP address blocks: 185.223.112.0/22 maxlen: 22
46.30.160.0/21 maxlen: 21
93.188.32.0/21 maxlen: 21
176.115.96.0/21 maxlen: 21
193.0.216.0/22 maxlen: 22
193.106.136.0/22 maxlen: 22
91.224.24.0/23 maxlen: 23
82.193.96.0/19 maxlen: 19
195.64.148.0/23 maxlen: 23
2a02:2610::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:17:bf:df:67:ae:af:9e:5d:0f:76:1b:91:01:ae:ff:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd1daecd30aeb74652bbdda5dad9676ce488aa49
Validity
Not Before: Aug 21 10:59:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=267fca21722fa7d4fe6d2f121309da64319d89f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:36:74:e7:e5:7d:ae:3d:cb:e4:8a:3a:df:6d:
6c:74:b1:6a:97:38:c0:89:02:b9:80:f7:d7:1a:e7:
52:08:7b:e3:78:2a:ba:92:27:25:0c:09:ac:db:b3:
14:32:39:ca:c4:2a:9c:4c:64:38:7b:6a:ae:e0:54:
0c:81:20:df:98:c7:34:33:22:77:34:59:50:1b:bb:
f3:b7:19:60:d0:37:dd:24:bb:f5:d8:90:ff:e6:7e:
7d:6b:3e:a4:20:2d:7f:a9:46:56:da:53:b3:71:dc:
69:65:1b:eb:9c:7a:14:b6:d4:6c:7b:89:d1:d4:b3:
c4:42:45:d6:7e:88:87:3f:1a:cc:05:e0:aa:8c:89:
76:29:d4:aa:e7:f2:79:82:49:09:e1:57:6f:f3:1e:
e4:a7:0e:19:1b:a8:a3:4a:b0:fd:b2:38:83:da:b8:
70:cf:f3:6d:43:ab:b9:d5:30:21:35:71:cd:1e:10:
29:2c:6d:ad:ee:c9:01:66:79:55:1b:51:72:c1:39:
aa:0c:ee:0b:d1:7a:59:f5:3d:a4:6f:60:63:b2:cf:
b8:73:d3:f1:30:4d:ac:7b:07:62:b6:43:3f:ff:49:
bb:c2:11:5e:3f:ca:51:4c:eb:4b:aa:b0:05:05:d1:
08:be:fb:20:df:26:73:e7:cd:7a:35:82:ef:a6:11:
69:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:7F:CA:21:72:2F:A7:D4:FE:6D:2F:12:13:09:DA:64:31:9D:89:F5
X509v3 Authority Key Identifier:
keyid:DD:1D:AE:CD:30:AE:B7:46:52:BB:DD:A5:DA:D9:67:6C:E4:88:AA:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3R2uzTCut0ZSu92l2tlnbOSIqkk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/Jn_KIXIvp9T-bS8SEwnaZDGdifU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/4a7539-b149-48e9-88e7-060ac0890966/1/3R2uzTCut0ZSu92l2tlnbOSIqkk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.30.160.0/21
82.193.96.0/19
91.224.24.0/23
93.188.32.0/21
176.115.96.0/21
185.223.112.0/22
193.0.216.0/22
193.106.136.0/22
195.64.148.0/23
IPv6:
2a02:2610::/32
Signature Algorithm: sha256WithRSAEncryption
3d:59:e9:f9:85:c3:f2:1d:5b:7b:fb:27:2a:98:a6:65:d8:57:
54:1b:d8:9f:d8:d9:a1:a1:06:7d:7f:f5:ec:8f:48:c5:4c:97:
b7:27:62:40:0c:c7:92:8b:da:43:f7:bc:1a:01:6a:95:75:69:
5b:73:10:00:5a:e9:44:55:25:fd:10:33:f9:14:0d:9e:78:98:
89:4c:18:64:0d:77:3e:3c:e6:1e:93:93:e1:db:59:02:45:8d:
85:4d:d4:12:36:0f:91:95:d5:ad:69:60:c9:45:4b:46:a3:ca:
ba:39:2a:64:a0:b6:a8:a6:d5:d8:85:19:28:42:12:2b:e6:7c:
a1:0f:0f:7b:0e:26:10:76:f5:e9:54:44:b1:8e:4e:d1:1f:3b:
4a:da:77:17:d0:58:01:6d:9c:e2:bb:a5:21:44:0e:91:dc:52:
ed:e7:6e:26:3f:76:15:89:6d:a8:96:06:17:5d:ea:05:93:c4:
b4:34:a2:c7:d8:e9:4b:ff:62:50:06:e8:2d:b7:c2:86:bb:e7:
60:ca:b2:cc:d9:d1:87:c5:ff:74:28:7d:c9:f0:42:99:81:e5:
28:ba:05:98:49:2a:90:f9:d9:04:7e:f7:e2:1d:57:0a:10:1f:
78:c0:6a:4e:83:2b:cc:4d:68:bc:8d:63:cc:25:91:f5:69:05:
b8:c4:9f:57
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYoXv99nrq+eXQ92G5EBrv8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMWRhZWNkMzBhZWI3NDY1MmJiZGRhNWRhZDk2NzZjZTQ4
OGFhNDkwHhcNMjMwODIxMTA1OTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdmY2EyMTcyMmZhN2Q0ZmU2ZDJmMTIxMzA5ZGE2NDMxOWQ4OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojZ05+V9rj3L5Io6321sdLFqlzjA
iQK5gPfXGudSCHvjeCq6kiclDAms27MUMjnKxCqcTGQ4e2qu4FQMgSDfmMc0MyJ3
NFlQG7vztxlg0DfdJLv12JD/5n59az6kIC1/qUZW2lOzcdxpZRvrnHoUttRse4nR
1LPEQkXWfoiHPxrMBeCqjIl2KdSq5/J5gkkJ4Vdv8x7kpw4ZG6ijSrD9sjiD2rhw
z/NtQ6u51TAhNXHNHhApLG2t7skBZnlVG1FywTmqDO4L0XpZ9T2kb2Bjss+4c9Px
ME2sewditkM//0m7whFeP8pRTOtLqrAFBdEIvvsg3yZz5816NYLvphFpcQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFCZ/yiFyL6fU/m0vEhMJ2mQxnYn1MB8GA1UdIwQY
MBaAFN0drs0wrrdGUrvdpdrZZ2zkiKpJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTct
MDYwYWMwODkwOTY2LzEvSm5fS0lYSXZwOVQtYlM4U0V3bmFaREdkaWZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80YTc1MzktYjE0OS00OGU5LTg4ZTctMDYwYWMwODkwOTY2
LzEvM1IydXpUQ3V0MFpTdTkybDJ0bG5iT1NJcWtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQDLh6gAwQF
UsFgAwQBW+AYAwQDXbwgAwQDsHNgAwQCud9wAwQCwQDYAwQCwWqIAwQBw0CUMA0E
AgACMAcDBQAqAiYQMA0GCSqGSIb3DQEBCwUAA4IBAQA9Wen5hcPyHVt7+ycqmKZl
2FdUG9if2NmhoQZ9f/Xsj0jFTJe3J2JADMeSi9pD97waAWqVdWlbcxAAWulEVSX9
EDP5FA2eeJiJTBhkDXc+POYek5Ph21kCRY2FTdQSNg+RldWtaWDJRUtGo8q6OSpk
oLaoptXYhRkoQhIr5nyhDw97DiYQdvXpVESxjk7RHztK2ncX0FgBbZziu6UhRA6R
3FLt524mP3YViW2olgYXXeoFk8S0NKLH2OlL/2JQBugtt8KGu+dgyrLM2dGHxf90
KH3J8EKZgeUougWYSSqQ+dkEfvfiHVcKEB94wGpOgyvMTWi8jWPMJZH1aQW4xJ9X
-----END CERTIFICATE-----
Generated at Thu Aug 24 09:39:24 2023 by rpki-client on console-ams.rpki-client.org