Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/XgDiLbhikte1Ux3bnbQqoBS3egg.roa
File: XgDiLbhikte1Ux3bnbQqoBS3egg.roa (raw, json)
Hash identifier: ZPGdAU0sxakJjhO/AQF0QkcD2cxIcif4hqab91u7Hc8=
Subject key identifier: 5E:00:E2:2D:B8:62:92:D7:B5:53:1D:DB:9D:B4:2A:A0:14:B7:7A:08
Certificate issuer: /CN=aa65af697df1f6cdaf4cbbd66de3d43bed869e90
Certificate serial: 01856EF4300065D77C1A731A1A5DDB702D8E
Authority key identifier: AA:65:AF:69:7D:F1:F6:CD:AF:4C:BB:D6:6D:E3:D4:3B:ED:86:9E:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/XgDiLbhikte1Ux3bnbQqoBS3egg.roa
Signing time: Sun 01 Jan 2023 20:09:34 +0000
ROA not before: Sun 01 Jan 2023 20:09:34 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208320
IP address blocks: 45.143.111.0/24 maxlen: 24
45.143.110.0/24 maxlen: 24
45.143.109.0/24 maxlen: 24
45.143.108.0/22 maxlen: 22
45.143.108.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 02 Jan 2024 00:31:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:f4:30:00:65:d7:7c:1a:73:1a:1a:5d:db:70:2d:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa65af697df1f6cdaf4cbbd66de3d43bed869e90
Validity
Not Before: Jan 1 20:09:34 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5e00e22db86292d7b5531ddb9db42aa014b77a08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:5a:26:25:8b:07:ed:a5:09:27:f0:5c:ed:d1:
83:56:11:9c:c9:ae:2e:d3:ee:f6:2d:11:18:58:d4:
6e:a2:1e:65:eb:4c:9e:05:be:ab:4f:30:e2:35:4a:
cd:43:c9:2c:08:94:05:8e:5c:04:60:18:b7:7d:6f:
22:06:e1:a8:72:f3:5a:6f:5c:c7:f8:c6:9c:9b:ef:
b3:c7:1f:6d:b6:f4:54:36:a6:0d:67:be:b6:8e:fd:
ea:06:76:63:fd:d4:67:2b:fa:68:9f:7a:5d:d3:69:
82:01:f7:27:3e:89:4a:81:3e:2d:c2:7b:fb:61:c5:
8b:b9:e0:9d:ae:a3:bc:c5:95:55:82:27:06:cf:d0:
97:7d:8d:78:8d:cf:df:63:18:e4:0c:5c:cf:94:9b:
1b:bd:c4:31:b4:b6:a7:19:97:0a:0d:c8:05:3d:38:
c5:2e:bb:1d:ca:67:68:0c:81:5e:c1:1e:65:50:7f:
91:d8:de:c3:3d:9e:69:7f:36:64:a4:96:c7:b9:f5:
d4:bd:1f:74:cf:b8:d7:23:36:8a:ba:85:16:94:1b:
b0:e0:18:85:25:2b:fe:6d:a1:b9:e8:ff:bd:ec:50:
95:fe:4e:11:86:cf:4e:0a:69:68:a7:f5:28:6c:81:
96:58:71:77:9a:5d:d0:62:43:00:bc:cf:a5:14:8a:
36:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:00:E2:2D:B8:62:92:D7:B5:53:1D:DB:9D:B4:2A:A0:14:B7:7A:08
X509v3 Authority Key Identifier:
keyid:AA:65:AF:69:7D:F1:F6:CD:AF:4C:BB:D6:6D:E3:D4:3B:ED:86:9E:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qmWvaX3x9s2vTLvWbePUO-2GnpA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/XgDiLbhikte1Ux3bnbQqoBS3egg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/04019c-ad17-428d-b3a2-1be13ba8d456/1/qmWvaX3x9s2vTLvWbePUO-2GnpA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.108.0/22
Signature Algorithm: sha256WithRSAEncryption
1d:e1:c3:1e:1a:3a:7c:37:a9:52:f1:2a:c4:09:26:4e:be:a9:
e8:a7:e8:bf:ec:2f:ff:38:d0:af:92:fe:e5:b7:07:7e:ce:e8:
42:cc:ed:16:05:e4:83:3c:fd:17:cd:09:6b:f9:3e:6f:f2:4d:
e3:ac:d2:25:d4:7f:c5:c4:ec:bb:a6:31:5d:4e:5e:1d:9e:78:
b4:79:1c:c4:2a:f4:52:ad:62:32:c7:71:5f:90:29:59:e6:ea:
28:ac:01:1a:52:e9:83:a5:ff:99:db:e4:39:88:06:31:ea:28:
17:75:dd:0b:95:07:f5:a1:3e:4b:a2:59:92:cf:13:0e:cd:b0:
b7:ef:91:ee:4f:d7:e7:25:d6:78:8d:bf:3f:6a:9f:09:18:b6:
25:de:ba:f0:42:35:b1:28:5c:7d:67:6c:b3:ca:53:b8:59:86:
85:b8:81:8e:7a:8e:5a:fa:ba:fd:08:7f:15:c6:32:e5:17:1e:
a5:8f:f0:23:f8:66:d7:d3:49:24:7e:d1:3d:25:34:de:a8:c2:
54:e9:81:69:3d:f5:7c:93:a3:78:3f:f5:5f:16:a0:3b:8a:6f:
31:4b:33:f1:e7:ff:90:7a:1f:fb:27:f5:dd:49:5c:99:a7:77:
88:4d:4a:de:07:ee:94:5c:ac:db:55:0f:75:da:b3:3f:28:83:
c9:14:3f:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVu9DAAZdd8GnMaGl3bcC2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNjVhZjY5N2RmMWY2Y2RhZjRjYmJkNjZkZTNkNDNiZWQ4
NjllOTAwHhcNMjMwMTAxMjAwOTM0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTAwZTIyZGI4NjI5MmQ3YjU1MzFkZGI5ZGI0MmFhMDE0Yjc3YTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1omJYsH7aUJJ/Bc7dGDVhGcya4u
0+72LREYWNRuoh5l60yeBb6rTzDiNUrNQ8ksCJQFjlwEYBi3fW8iBuGocvNab1zH
+Macm++zxx9ttvRUNqYNZ762jv3qBnZj/dRnK/pon3pd02mCAfcnPolKgT4twnv7
YcWLueCdrqO8xZVVgicGz9CXfY14jc/fYxjkDFzPlJsbvcQxtLanGZcKDcgFPTjF
LrsdymdoDIFewR5lUH+R2N7DPZ5pfzZkpJbHufXUvR90z7jXIzaKuoUWlBuw4BiF
JSv+baG56P+97FCV/k4Rhs9OCmlop/UobIGWWHF3ml3QYkMAvM+lFIo2bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4A4i24YpLXtVMd2520KqAUt3oIMB8GA1UdIwQY
MBaAFKplr2l98fbNr0y71m3j1Dvthp6QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW1XdmFYM3g5czJ2VEx2V2JlUFVPLTJHbnBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8wNDAxOWMtYWQxNy00MjhkLWIzYTIt
MWJlMTNiYThkNDU2LzEvWGdEaUxiaGlrdGUxVXgzYm5iUXFvQlMzZWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8wNDAxOWMtYWQxNy00MjhkLWIzYTItMWJlMTNiYThkNDU2
LzEvcW1XdmFYM3g5czJ2VEx2V2JlUFVPLTJHbnBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY9sMA0G
CSqGSIb3DQEBCwUAA4IBAQAd4cMeGjp8N6lS8SrECSZOvqnop+i/7C//ONCvkv7l
twd+zuhCzO0WBeSDPP0XzQlr+T5v8k3jrNIl1H/FxOy7pjFdTl4dnni0eRzEKvRS
rWIyx3FfkClZ5uoorAEaUumDpf+Z2+Q5iAYx6igXdd0LlQf1oT5LolmSzxMOzbC3
75HuT9fnJdZ4jb8/ap8JGLYl3rrwQjWxKFx9Z2yzylO4WYaFuIGOeo5a+rr9CH8V
xjLlFx6lj/Aj+GbX00kkftE9JTTeqMJU6YFpPfV8k6N4P/VfFqA7im8xSzPx5/+Q
eh/7J/XdSVyZp3eITUreB+6UXKzbVQ912rM/KIPJFD9E
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:54 2024 by rpki-client on console-ams.rpki-client.org