Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sOkkbYaBRQSe-Q7Y09aYwQhLMTk.roa
File: sOkkbYaBRQSe-Q7Y09aYwQhLMTk.roa (raw, json)
Hash identifier: MilryOC2ag7HkVGVfN1P1zqLQ4glFmm80Pa5ORwc+DA=
Subject key identifier: B0:E9:24:6D:86:81:45:04:9E:F9:0E:D8:D3:D6:98:C1:08:4B:31:39
Certificate issuer: /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial: 01856F7974473F485FD4B2E1002853A5390A
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sOkkbYaBRQSe-Q7Y09aYwQhLMTk.roa
Signing time: Sun 01 Jan 2023 22:35:08 +0000
ROA not before: Sun 01 Jan 2023 22:35:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9009
IP address blocks: 45.92.228.0/24 maxlen: 24
193.176.210.0/24 maxlen: 24
45.85.124.0/22 maxlen: 24
45.130.136.0/24 maxlen: 24
45.91.20.0/24 maxlen: 24
45.91.21.0/24 maxlen: 24
45.91.22.0/24 maxlen: 24
45.132.193.0/24 maxlen: 24
2a07:e341::/32 maxlen: 32
2a07:e340::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:79:74:47:3f:48:5f:d4:b2:e1:00:28:53:a5:39:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Validity
Not Before: Jan 1 22:35:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b0e9246d868145049ef90ed8d3d698c1084b3139
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:89:34:40:d3:ca:24:52:d8:ed:ae:f3:03:ef:
08:f1:c5:2f:1b:62:13:f2:47:00:02:14:b6:0a:e6:
b5:ce:81:a1:64:11:33:d3:05:1e:bb:79:c3:33:aa:
73:64:de:8d:d8:6e:09:b3:48:73:25:39:72:8c:83:
da:56:e8:33:a3:25:7a:53:ea:37:c3:2f:e5:63:58:
54:9f:3a:54:98:2e:b0:ce:57:eb:73:f5:1e:c4:7f:
5d:94:69:58:64:d7:1b:50:93:84:b5:22:32:6d:23:
30:3d:62:9a:93:23:7a:0a:75:be:f0:46:5f:a9:0d:
d7:d3:6f:c4:0a:f5:99:7b:e5:11:47:26:d3:fb:1d:
52:45:11:68:1c:9b:bd:09:f5:66:4b:57:71:3d:a1:
52:c8:17:bd:4f:4b:06:54:61:20:61:4f:f1:68:ef:
0a:7b:22:98:36:d2:e2:8c:20:db:21:19:6f:65:d1:
86:c7:bd:0d:ed:58:90:71:3e:05:f5:e2:ee:82:27:
eb:67:25:16:88:0a:a5:84:80:d8:16:28:e4:77:da:
ae:c5:c3:29:66:e2:6e:20:fd:b0:af:e6:3f:ba:05:
b4:db:dc:b3:60:e9:74:81:67:11:9d:9e:00:e1:b5:
63:f4:1e:27:ea:7f:cb:c5:9a:c6:d0:71:07:16:3e:
a4:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:E9:24:6D:86:81:45:04:9E:F9:0E:D8:D3:D6:98:C1:08:4B:31:39
X509v3 Authority Key Identifier:
keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sOkkbYaBRQSe-Q7Y09aYwQhLMTk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.124.0/22
45.91.20.0-45.91.22.255
45.92.228.0/24
45.130.136.0/24
45.132.193.0/24
193.176.210.0/24
IPv6:
2a07:e340::/31
Signature Algorithm: sha256WithRSAEncryption
84:55:85:c8:dc:e2:27:9c:a8:b3:df:f5:37:52:50:10:4d:d8:
60:65:7e:ca:65:4e:ad:7e:08:49:e0:a5:a6:a2:bf:61:be:79:
b2:01:89:39:a3:12:61:bd:43:65:8f:c6:42:f7:b8:30:74:f8:
67:42:71:86:49:1a:9e:a7:04:d6:52:64:ea:bf:80:35:98:68:
37:50:68:24:19:8a:0a:d3:28:ed:8f:b1:60:65:2c:e0:e0:cf:
6a:98:84:7d:f2:01:a6:0d:76:47:cd:a6:50:d4:09:77:82:57:
bb:96:13:f0:10:bd:98:80:80:00:92:66:e3:05:98:f2:dc:04:
f2:68:6c:1b:fe:45:64:d0:05:3f:d2:d4:8e:53:58:08:dc:0d:
c8:45:b9:7c:b9:fb:09:13:78:90:12:0b:15:97:56:37:f5:e3:
27:f7:9a:29:75:54:30:c2:8c:4d:76:3d:c5:2b:93:9c:ba:25:
78:33:87:c6:59:b4:6c:6d:f9:78:3a:5a:63:8d:e9:95:6d:f3:
30:03:67:3a:e2:60:94:d0:09:82:6b:d3:db:f7:2d:f6:3c:4f:
fa:ed:db:b8:31:10:82:8e:e7:26:90:fb:43:2a:20:c5:7a:ea:
ce:36:81:9b:57:6b:91:09:1c:af:de:75:b0:16:82:f8:77:ad:
1a:ed:b9:0d
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVveXRHP0hf1LLhAChTpTkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjMwMTAxMjIzNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGU5MjQ2ZDg2ODE0NTA0OWVmOTBlZDhkM2Q2OThjMTA4NGIzMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxok0QNPKJFLY7a7zA+8I8cUvG2IT
8kcAAhS2Cua1zoGhZBEz0wUeu3nDM6pzZN6N2G4Js0hzJTlyjIPaVugzoyV6U+o3
wy/lY1hUnzpUmC6wzlfrc/UexH9dlGlYZNcbUJOEtSIybSMwPWKakyN6CnW+8EZf
qQ3X02/ECvWZe+URRybT+x1SRRFoHJu9CfVmS1dxPaFSyBe9T0sGVGEgYU/xaO8K
eyKYNtLijCDbIRlvZdGGx70N7ViQcT4F9eLugifrZyUWiAqlhIDYFijkd9quxcMp
ZuJuIP2wr+Y/ugW029yzYOl0gWcRnZ4A4bVj9B4n6n/LxZrG0HEHFj6kWwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFLDpJG2GgUUEnvkO2NPWmMEISzE5MB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvc09ra2JZYUJSUVNlLVE3WTA5YVl3UWhMTVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQCLVV8MAwD
BAItWxQDBAAtWxYDBAAtXOQDBAAtgogDBAAthMEDBADBsNIwDQQCAAIwBwMFASoH
40AwDQYJKoZIhvcNAQELBQADggEBAIRVhcjc4iecqLPf9TdSUBBN2GBlfsplTq1+
CEngpaaiv2G+ebIBiTmjEmG9Q2WPxkL3uDB0+GdCcYZJGp6nBNZSZOq/gDWYaDdQ
aCQZigrTKO2PsWBlLODgz2qYhH3yAaYNdkfNplDUCXeCV7uWE/AQvZiAgACSZuMF
mPLcBPJobBv+RWTQBT/S1I5TWAjcDchFuXy5+wkTeJASCxWXVjf14yf3mil1VDDC
jE12PcUrk5y6JXgzh8ZZtGxt+Xg6WmON6ZVt8zADZzriYJTQCYJr09v3LfY8T/rt
27gxEIKO5yaQ+0MqIMV66s42gZtXa5EJHK/edbAWgvh3rRrtuQ0=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:33 2023 by rpki-client on console-fra.rpki-client.org