Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/HIiU0yqCtrtkYo2SJ-lWm4fXx-g.roa
File: HIiU0yqCtrtkYo2SJ-lWm4fXx-g.roa (raw, json)
Hash identifier: o0MN4k1DvPoWVpxxu0J0xuMCA1AXXNUGXMmr2ODbnD8=
Subject key identifier: 1C:88:94:D3:2A:82:B6:BB:64:62:8D:92:27:E9:56:9B:87:D7:C7:E8
Certificate issuer: /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial: 01856B8105B484AE2E826C38C8D2D0AF1FCB
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/HIiU0yqCtrtkYo2SJ-lWm4fXx-g.roa
Signing time: Sun 01 Jan 2023 04:04:55 +0000
ROA not before: Sun 01 Jan 2023 04:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34700
IP address blocks: 31.202.0.0/17 maxlen: 17
46.160.88.0/21 maxlen: 21
178.165.0.0/17 maxlen: 18
31.202.128.0/18 maxlen: 18
185.147.96.0/22 maxlen: 22
5.255.160.0/20 maxlen: 20
79.171.120.0/21 maxlen: 21
2a00:1210::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 14 Apr 2023 17:32:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:81:05:b4:84:ae:2e:82:6c:38:c8:d2:d0:af:1f:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Validity
Not Before: Jan 1 04:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1c8894d32a82b6bb64628d9227e9569b87d7c7e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:d2:3d:4c:c4:0b:94:5d:d0:da:47:dc:6b:c0:
47:71:e1:18:14:f1:68:03:db:2c:6c:0b:54:68:f1:
ae:a1:6f:59:1a:47:6f:ee:f1:29:fb:67:e8:de:d4:
45:fb:2e:49:1e:d3:11:45:d1:f0:35:8c:b9:86:42:
51:ec:8c:d6:a3:f8:36:12:72:37:05:d6:89:96:91:
2c:92:cc:06:b1:74:42:3a:05:69:64:ef:82:2b:ef:
69:22:d8:91:cd:80:80:75:91:21:5e:5b:99:66:b8:
82:d0:03:b9:4e:47:e2:4f:65:fc:1e:40:43:df:ed:
7b:1a:f9:1d:93:23:2a:0b:46:3b:73:14:6d:74:15:
32:75:a2:e4:68:cd:f1:ce:44:39:9d:b4:f7:c2:d0:
47:e4:48:bb:03:a8:a4:48:48:56:1b:32:79:fd:ae:
20:0e:6f:64:e6:56:65:69:56:72:d3:af:ff:7b:e9:
f8:56:0c:c8:d4:5d:f2:dd:4a:1c:c1:ff:75:1a:31:
cc:64:74:7d:5d:76:19:59:b9:32:d6:ce:eb:36:6b:
6f:a5:7c:97:a7:d3:9d:31:81:a4:e1:c5:e8:10:d4:
29:ce:fb:05:19:43:14:8e:22:3c:48:3b:72:99:10:
54:82:cd:15:32:bc:c1:84:de:fb:a9:b6:37:cc:70:
09:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:88:94:D3:2A:82:B6:BB:64:62:8D:92:27:E9:56:9B:87:D7:C7:E8
X509v3 Authority Key Identifier:
keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/HIiU0yqCtrtkYo2SJ-lWm4fXx-g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.255.160.0/20
31.202.0.0-31.202.191.255
46.160.88.0/21
79.171.120.0/21
178.165.0.0/17
185.147.96.0/22
IPv6:
2a00:1210::/32
Signature Algorithm: sha256WithRSAEncryption
b6:a8:0a:39:15:3c:04:4b:c2:43:3e:b2:dc:5d:7e:8b:9d:13:
21:7e:97:7b:fd:f3:a1:37:4a:91:13:29:63:20:ce:dc:ca:0a:
1b:77:93:8a:76:68:93:98:9c:61:f4:d1:43:97:84:f0:16:4c:
e8:f6:4d:8d:29:c4:10:03:04:64:3b:c1:9a:88:33:32:3d:57:
8b:8a:b8:81:b3:51:0f:fe:51:09:6c:c0:85:16:76:11:bc:87:
39:ca:14:1f:d5:dc:b9:c9:4a:91:60:ba:81:46:ca:cb:02:e0:
97:53:19:fa:5d:be:54:06:e2:72:41:40:dc:a2:05:5a:05:df:
22:30:31:e7:69:25:92:a9:05:82:29:22:53:52:4a:96:c0:4e:
4c:c3:0d:80:d6:fc:a1:33:52:88:bd:43:16:2d:69:f8:ac:74:
cf:e2:6f:9a:21:07:2a:e1:23:b3:31:1e:dd:49:e1:07:18:0d:
f3:bf:b3:13:f6:da:7f:a6:0c:56:d0:51:09:88:dc:2a:9d:25:
67:a0:e3:63:a7:a5:85:27:6e:da:3b:6b:ae:73:a4:f2:ef:36:
20:12:1e:0d:f6:5a:34:32:f6:0a:da:a2:f8:3e:f9:ab:74:91:
ad:57:f5:75:2d:4d:58:ac:59:48:4e:9e:d4:18:f5:9b:3e:0a:
37:b0:bf:41
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVrgQW0hK4ugmw4yNLQrx/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjMwMTAxMDQwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzg4OTRkMzJhODJiNmJiNjQ2MjhkOTIyN2U5NTY5Yjg3ZDdjN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNI9TMQLlF3Q2kfca8BHceEYFPFo
A9ssbAtUaPGuoW9ZGkdv7vEp+2fo3tRF+y5JHtMRRdHwNYy5hkJR7IzWo/g2EnI3
BdaJlpEskswGsXRCOgVpZO+CK+9pItiRzYCAdZEhXluZZriC0AO5TkfiT2X8HkBD
3+17GvkdkyMqC0Y7cxRtdBUydaLkaM3xzkQ5nbT3wtBH5Ei7A6ikSEhWGzJ5/a4g
Dm9k5lZlaVZy06//e+n4VgzI1F3y3Uocwf91GjHMZHR9XXYZWbky1s7rNmtvpXyX
p9OdMYGk4cXoENQpzvsFGUMUjiI8SDtymRBUgs0VMrzBhN77qbY3zHAJXwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFByIlNMqgra7ZGKNkifpVpuH18foMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvSElpVTB5cUN0cnRrWW8yU0otbFdtNGZYeC1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArAwQEBf+gMAsD
AwEfygMEBh/KgAMEAy6gWAMEA0+reAMEB7KlAAMEArmTYDANBAIAAjAHAwUAKgAS
EDANBgkqhkiG9w0BAQsFAAOCAQEAtqgKORU8BEvCQz6y3F1+i50TIX6Xe/3zoTdK
kRMpYyDO3MoKG3eTinZok5icYfTRQ5eE8BZM6PZNjSnEEAMEZDvBmogzMj1Xi4q4
gbNRD/5RCWzAhRZ2EbyHOcoUH9XcuclKkWC6gUbKywLgl1MZ+l2+VAbickFA3KIF
WgXfIjAx52klkqkFgikiU1JKlsBOTMMNgNb8oTNSiL1DFi1p+Kx0z+JvmiEHKuEj
szEe3UnhBxgN87+zE/baf6YMVtBRCYjcKp0lZ6DjY6elhSdu2jtrrnOk8u82IBIe
DfZaNDL2Ctqi+D75q3SRrVf1dS1NWKxZSE6e1Bj1mz4KN7C/QQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:04 2024 by rpki-client on console-ams.rpki-client.org