Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/053d39-374c-4387-9945-431f75ba8675/1/ACKwBCnMuyG9WQ-6k4hiJVKz_js.roa
File: ACKwBCnMuyG9WQ-6k4hiJVKz_js.roa (raw, json)
Hash identifier: 6oTJHBpXAHR2EkS9+lUQtxRAwo2KCkah/UVOwDT1Gnk=
Subject key identifier: 00:22:B0:04:29:CC:BB:21:BD:59:0F:BA:93:88:62:25:52:B3:FE:3B
Certificate issuer: /CN=dce560f0ec850da8a7c0f8d6f3825102d4de4ace
Certificate serial: 0185729EF6EACEFBF32267B3E68F9EE66DF2
Authority key identifier: DC:E5:60:F0:EC:85:0D:A8:A7:C0:F8:D6:F3:82:51:02:D4:DE:4A:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3OVg8OyFDainwPjW84JRAtTeSs4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/053d39-374c-4387-9945-431f75ba8675/1/ACKwBCnMuyG9WQ-6k4hiJVKz_js.roa
Signing time: Mon 02 Jan 2023 13:14:58 +0000
ROA not before: Mon 02 Jan 2023 13:14:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209853
IP address blocks: 185.149.103.0/24 maxlen: 24
185.149.100.0/24 maxlen: 24
185.149.102.0/24 maxlen: 24
185.149.101.0/24 maxlen: 24
45.151.251.0/24 maxlen: 24
45.151.248.0/24 maxlen: 24
45.151.250.0/24 maxlen: 24
45.151.249.0/24 maxlen: 24
78.142.209.0/24 maxlen: 24
78.142.208.0/24 maxlen: 24
78.142.211.0/24 maxlen: 24
78.142.210.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:f6:ea:ce:fb:f3:22:67:b3:e6:8f:9e:e6:6d:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dce560f0ec850da8a7c0f8d6f3825102d4de4ace
Validity
Not Before: Jan 2 13:14:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0022b00429ccbb21bd590fba9388622552b3fe3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:86:d5:f3:0c:5c:eb:b5:c8:0a:87:40:7e:36:
3a:e6:43:b5:5b:53:33:19:44:b7:b7:02:a5:19:c8:
f4:dd:d4:68:73:23:cf:cb:e2:ff:57:89:ed:31:47:
fc:40:60:78:2d:84:0a:ba:d0:19:24:0f:12:3a:a2:
27:c5:54:1b:d5:46:27:f9:63:36:90:31:d5:70:8f:
b8:a2:54:50:72:19:53:f1:1f:34:de:71:e6:4f:5a:
10:c8:c9:9a:d4:45:b1:04:b9:3a:d2:5b:5a:c7:b6:
cf:fa:9c:45:c8:da:3f:81:8e:b4:04:82:26:b2:f9:
8c:55:c0:e0:fc:d2:82:d7:75:eb:6b:84:ec:e1:26:
3f:e1:d9:f5:e7:ac:a2:82:ed:1c:c3:03:a1:cc:94:
b7:41:39:40:e8:c6:2c:19:f7:0c:24:cc:66:fc:5a:
a5:b3:49:90:f9:77:f4:83:d0:50:25:31:47:ad:81:
4d:40:b7:04:c2:0c:ef:ae:1b:7c:8b:87:c3:44:4b:
3d:68:d4:0e:f3:09:8a:43:e0:16:53:d3:56:2e:5b:
98:3f:1b:eb:d5:3b:25:b1:fe:ad:2b:29:e4:16:5c:
16:95:7b:28:c3:1e:12:c8:f2:d9:ab:02:af:6e:3f:
1b:30:96:13:84:12:4b:ef:14:fd:a9:7e:6e:cf:ab:
f2:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:22:B0:04:29:CC:BB:21:BD:59:0F:BA:93:88:62:25:52:B3:FE:3B
X509v3 Authority Key Identifier:
keyid:DC:E5:60:F0:EC:85:0D:A8:A7:C0:F8:D6:F3:82:51:02:D4:DE:4A:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OVg8OyFDainwPjW84JRAtTeSs4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/053d39-374c-4387-9945-431f75ba8675/1/ACKwBCnMuyG9WQ-6k4hiJVKz_js.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/053d39-374c-4387-9945-431f75ba8675/1/3OVg8OyFDainwPjW84JRAtTeSs4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.248.0/22
78.142.208.0/22
185.149.100.0/22
Signature Algorithm: sha256WithRSAEncryption
51:12:bb:d1:3b:fa:20:90:7f:a2:df:b4:d4:92:8f:aa:06:02:
20:40:39:97:67:95:33:7c:8a:60:52:f5:c0:ad:43:58:2a:02:
a7:7e:89:24:d4:22:f4:64:d0:04:19:e7:7a:00:dc:a7:c3:d1:
bb:8d:94:3f:15:fe:8d:17:88:03:af:81:10:72:41:29:d7:21:
33:a1:f1:42:ca:4d:d6:2a:18:51:ad:36:f0:55:c4:ba:fd:d6:
59:4f:51:54:2a:8e:92:ba:12:0a:78:36:a2:45:1f:be:d5:71:
ac:54:cb:ef:48:78:d7:b9:c5:ca:74:cf:c6:c8:a3:ef:e3:27:
8b:1b:0f:16:0a:84:83:ad:e8:af:c1:3c:f7:80:1b:2c:92:f1:
9d:5c:d4:65:eb:7d:72:2e:eb:b7:8b:31:67:f9:a9:53:7e:b6:
2e:fb:87:6f:af:d3:34:03:e1:bf:a2:99:0f:b3:e3:55:5a:0f:
33:b8:ad:ba:d9:61:0e:de:61:eb:07:51:0c:7f:85:64:bf:21:
64:ae:c5:b6:34:9b:a3:75:0e:e4:75:30:79:08:a1:5c:5f:83:
a6:ba:70:5f:cd:c2:44:7b:64:97:52:6d:32:b4:7d:9f:77:42:
86:3f:9c:5b:5b:77:90:00:12:6a:80:b4:39:d7:2e:0c:fd:14:
2c:66:f3:99
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVynvbqzvvzImez5o+e5m3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZTU2MGYwZWM4NTBkYThhN2MwZjhkNmYzODI1MTAyZDRk
ZTRhY2UwHhcNMjMwMTAyMTMxNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDIyYjAwNDI5Y2NiYjIxYmQ1OTBmYmE5Mzg4NjIyNTUyYjNmZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYbV8wxc67XICodAfjY65kO1W1Mz
GUS3twKlGcj03dRocyPPy+L/V4ntMUf8QGB4LYQKutAZJA8SOqInxVQb1UYn+WM2
kDHVcI+4olRQchlT8R803nHmT1oQyMma1EWxBLk60ltax7bP+pxFyNo/gY60BIIm
svmMVcDg/NKC13Xra4Ts4SY/4dn156yigu0cwwOhzJS3QTlA6MYsGfcMJMxm/Fql
s0mQ+Xf0g9BQJTFHrYFNQLcEwgzvrht8i4fDREs9aNQO8wmKQ+AWU9NWLluYPxvr
1Tslsf6tKynkFlwWlXsowx4SyPLZqwKvbj8bMJYThBJL7xT9qX5uz6vyKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAAisAQpzLshvVkPupOIYiVSs/47MB8GA1UdIwQY
MBaAFNzlYPDshQ2op8D41vOCUQLU3krOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM09WZzhPeUZEYWlud1BqVzg0SlJBdFRlU3M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wNTNkMzktMzc0Yy00Mzg3LTk5NDUt
NDMxZjc1YmE4Njc1LzEvQUNLd0JDbk11eUc5V1EtNms0aGlKVkt6X2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wNTNkMzktMzc0Yy00Mzg3LTk5NDUtNDMxZjc1YmE4Njc1
LzEvM09WZzhPeUZEYWlud1BqVzg0SlJBdFRlU3M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZf4AwQC
To7QAwQCuZVkMA0GCSqGSIb3DQEBCwUAA4IBAQBRErvRO/ogkH+i37TUko+qBgIg
QDmXZ5UzfIpgUvXArUNYKgKnfokk1CL0ZNAEGed6ANynw9G7jZQ/Ff6NF4gDr4EQ
ckEp1yEzofFCyk3WKhhRrTbwVcS6/dZZT1FUKo6SuhIKeDaiRR++1XGsVMvvSHjX
ucXKdM/GyKPv4yeLGw8WCoSDreivwTz3gBsskvGdXNRl631yLuu3izFn+alTfrYu
+4dvr9M0A+G/opkPs+NVWg8zuK262WEO3mHrB1EMf4VkvyFkrsW2NJujdQ7kdTB5
CKFcX4OmunBfzcJEe2SXUm0ytH2fd0KGP5xbW3eQABJqgLQ51y4M/RQsZvOZ
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:28:02 2024 by rpki-client on console-fra.rpki-client.org