Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/b9178b-c7ba-4d4e-af9e-6acd21d4baf8/1/FnqTF1xUmazN9nMCCLL86kQsq-w.roa
File: FnqTF1xUmazN9nMCCLL86kQsq-w.roa (raw, json)
Hash identifier: Ff/qkCj3OYJdSeA6auy9En+hqFBNabxKzNSjsmQkA7c=
Subject key identifier: 16:7A:93:17:5C:54:99:AC:CD:F6:73:02:08:B2:FC:EA:44:2C:AB:EC
Certificate issuer: /CN=e224e450eafed4c259b6dc0a34e306f1ad284bc4
Certificate serial: 01856DA63AC9C51D2782250F046863E24B04
Authority key identifier: E2:24:E4:50:EA:FE:D4:C2:59:B6:DC:0A:34:E3:06:F1:AD:28:4B:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4iTkUOr-1MJZttwKNOMG8a0oS8Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/b9178b-c7ba-4d4e-af9e-6acd21d4baf8/1/FnqTF1xUmazN9nMCCLL86kQsq-w.roa
Signing time: Sun 01 Jan 2023 14:04:48 +0000
ROA not before: Sun 01 Jan 2023 14:04:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 6894
IP address blocks: 95.131.152.0/21 maxlen: 21
195.14.64.0/19 maxlen: 19
195.14.65.0/24 maxlen: 24
2a02:b78::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:a6:3a:c9:c5:1d:27:82:25:0f:04:68:63:e2:4b:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e224e450eafed4c259b6dc0a34e306f1ad284bc4
Validity
Not Before: Jan 1 14:04:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=167a93175c5499accdf6730208b2fcea442cabec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:e5:5c:ed:e1:0a:e9:75:f1:e4:ff:00:1d:e8:
54:de:0e:d8:f5:2a:50:7e:aa:75:09:35:a4:27:40:
c4:0c:ec:f6:7f:ad:3d:64:13:c0:54:9f:e7:d0:29:
48:25:12:b7:fb:bd:72:b0:91:74:16:99:6c:6b:76:
6d:33:22:a4:aa:01:68:b3:5c:8c:0e:11:fa:71:3a:
90:1e:be:fd:ec:5c:bf:b1:77:50:0d:b7:f9:fb:66:
76:ac:51:2c:17:59:0c:ce:07:61:f2:60:82:c4:8c:
e7:18:45:cb:23:33:10:18:03:89:4d:0f:94:6c:41:
ea:f6:67:bb:9b:ad:34:f8:4c:ce:f2:57:1f:27:c5:
0b:42:6e:6e:52:8e:8e:f0:28:91:de:c5:76:3d:c3:
39:2b:29:54:28:1c:09:a5:43:8d:38:17:8b:0a:26:
b4:70:f4:27:f8:75:59:ca:41:f4:62:69:8d:9c:e7:
fa:8d:b3:a1:e6:2f:3e:cd:b9:09:be:f6:84:89:94:
ae:a4:06:73:ea:f7:6a:9b:d5:61:88:72:13:5b:96:
80:46:b1:8b:5d:07:8b:5e:bc:e6:f6:79:3d:c9:9f:
f7:e3:50:8f:aa:dc:db:74:9f:cc:25:03:72:3e:01:
f1:7d:ea:22:2b:da:b4:d1:bb:2d:58:6e:c8:da:40:
8b:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:7A:93:17:5C:54:99:AC:CD:F6:73:02:08:B2:FC:EA:44:2C:AB:EC
X509v3 Authority Key Identifier:
keyid:E2:24:E4:50:EA:FE:D4:C2:59:B6:DC:0A:34:E3:06:F1:AD:28:4B:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4iTkUOr-1MJZttwKNOMG8a0oS8Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b9178b-c7ba-4d4e-af9e-6acd21d4baf8/1/FnqTF1xUmazN9nMCCLL86kQsq-w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/b9178b-c7ba-4d4e-af9e-6acd21d4baf8/1/4iTkUOr-1MJZttwKNOMG8a0oS8Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.152.0/21
195.14.64.0/19
IPv6:
2a02:b78::/32
Signature Algorithm: sha256WithRSAEncryption
40:dd:b9:cb:20:5c:71:ed:89:bb:3c:8f:b5:d3:c3:1d:60:32:
58:a9:d1:45:4c:51:db:a4:be:6e:df:1d:1a:28:87:47:a5:4e:
f9:8b:84:ed:00:09:35:91:0f:cf:d9:3f:9b:ed:c5:94:66:9a:
f3:9e:66:0c:9a:d9:c6:ef:0e:c7:e8:61:cd:0a:69:fa:23:0c:
19:2c:49:d3:29:21:a2:03:dd:26:1f:1f:45:c5:76:13:8b:02:
31:39:80:0f:34:57:69:43:55:77:5c:b1:ed:6b:2a:27:ef:0e:
0a:20:d3:83:0a:08:2e:c9:44:a1:82:a6:21:fe:48:8e:d4:40:
5e:a9:83:dd:68:70:13:d2:ee:d3:ec:5a:12:1d:7e:6c:9c:5b:
4a:b0:ed:fe:a2:9f:f1:03:bf:3f:29:b1:9a:ac:c3:cb:fd:b9:
f5:56:e8:15:22:dd:01:ff:f8:21:c3:ee:3d:c1:12:88:e2:ab:
7d:3b:c3:3a:71:88:da:04:40:08:7a:c9:40:4d:8f:20:c1:ba:
c8:47:71:61:64:53:d3:66:ee:5e:2a:67:46:ac:99:5e:e6:cc:
74:2b:dd:76:d1:6b:f6:40:03:89:16:81:ad:7c:9b:62:95:e7:
c3:7d:83:5f:18:59:e1:c9:fe:f0:b5:e0:3e:3b:67:8f:7e:76:
92:bd:a5:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtpjrJxR0ngiUPBGhj4ksEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMjRlNDUwZWFmZWQ0YzI1OWI2ZGMwYTM0ZTMwNmYxYWQy
ODRiYzQwHhcNMjMwMTAxMTQwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjdhOTMxNzVjNTQ5OWFjY2RmNjczMDIwOGIyZmNlYTQ0MmNhYmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+Vc7eEK6XXx5P8AHehU3g7Y9SpQ
fqp1CTWkJ0DEDOz2f609ZBPAVJ/n0ClIJRK3+71ysJF0Fplsa3ZtMyKkqgFos1yM
DhH6cTqQHr797Fy/sXdQDbf5+2Z2rFEsF1kMzgdh8mCCxIznGEXLIzMQGAOJTQ+U
bEHq9me7m600+EzO8lcfJ8ULQm5uUo6O8CiR3sV2PcM5KylUKBwJpUONOBeLCia0
cPQn+HVZykH0YmmNnOf6jbOh5i8+zbkJvvaEiZSupAZz6vdqm9VhiHITW5aARrGL
XQeLXrzm9nk9yZ/341CPqtzbdJ/MJQNyPgHxfeoiK9q00bstWG7I2kCLIwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBZ6kxdcVJmszfZzAgiy/OpELKvsMB8GA1UdIwQY
MBaAFOIk5FDq/tTCWbbcCjTjBvGtKEvEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGlUa1VPci0xTUpadHR3S05PTUc4YTBvUzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9iOTE3OGItYzdiYS00ZDRlLWFmOWUt
NmFjZDIxZDRiYWY4LzEvRm5xVEYxeFVtYXpOOW5NQ0NMTDg2a1FzcS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9iOTE3OGItYzdiYS00ZDRlLWFmOWUtNmFjZDIxZDRiYWY4
LzEvNGlUa1VPci0xTUpadHR3S05PTUc4YTBvUzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDX4OYAwQF
ww5AMA0EAgACMAcDBQAqAgt4MA0GCSqGSIb3DQEBCwUAA4IBAQBA3bnLIFxx7Ym7
PI+108MdYDJYqdFFTFHbpL5u3x0aKIdHpU75i4TtAAk1kQ/P2T+b7cWUZprznmYM
mtnG7w7H6GHNCmn6IwwZLEnTKSGiA90mHx9FxXYTiwIxOYAPNFdpQ1V3XLHtayon
7w4KINODCgguyUShgqYh/kiO1EBeqYPdaHAT0u7T7FoSHX5snFtKsO3+op/xA78/
KbGarMPL/bn1VugVIt0B//ghw+49wRKI4qt9O8M6cYjaBEAIeslATY8gwbrIR3Fh
ZFPTZu5eKmdGrJle5sx0K9120Wv2QAOJFoGtfJtilefDfYNfGFnhyf7wteA+O2eP
fnaSvaXg
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:22:22 2024 by rpki-client on console-ams.rpki-client.org