Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/NqfrkKaADtii5sD8oM0xzAyPSv0.roa
File: NqfrkKaADtii5sD8oM0xzAyPSv0.roa (raw, json)
Hash identifier: 6RvTxU/Yeh4A6cn6+uTLA9D6E2LKKmIW8nT9JIlRml8=
Subject key identifier: 36:A7:EB:90:A6:80:0E:D8:A2:E6:C0:FC:A0:CD:31:CC:0C:8F:4A:FD
Certificate issuer: /CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Certificate serial: 018C0D7725E77E88528C38A4DD688252B1BD
Authority key identifier: 56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/NqfrkKaADtii5sD8oM0xzAyPSv0.roa
Signing time: Sun 26 Nov 2023 21:09:21 +0000
ROA not before: Sun 26 Nov 2023 21:09:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58208
IP address blocks: 91.216.120.0/24 maxlen: 24
5.42.152.0/22 maxlen: 22
5.42.153.0/24 maxlen: 24
5.42.159.0/24 maxlen: 24
2a01:45c0::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 12:30:44 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:0d:77:25:e7:7e:88:52:8c:38:a4:dd:68:82:52:b1:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=567ac9bf0be91e0a48664ec8b6a6770957a21020
Validity
Not Before: Nov 26 21:09:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=36a7eb90a6800ed8a2e6c0fca0cd31cc0c8f4afd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:5a:a0:1c:2d:0f:68:86:3b:cf:c6:c4:6b:6a:
53:ac:11:e9:87:26:41:a3:e9:ee:cf:bb:ca:34:b5:
6a:ce:0f:6c:d6:c7:eb:68:1c:8b:d1:e5:47:a4:4c:
03:cc:28:cc:ac:01:35:a9:98:11:8f:2b:36:a2:f0:
6a:a4:c8:fe:b8:12:41:cb:db:08:61:9f:f7:19:02:
2e:a4:3d:61:4f:f3:0d:47:ac:2c:0e:70:a7:59:82:
c2:ce:26:f9:22:90:3a:e4:56:a1:94:f4:65:04:98:
f6:34:c6:c4:0c:b6:e8:15:52:22:b8:02:4f:72:cc:
16:bb:bb:bb:78:fc:1a:fd:e0:0d:5c:98:f0:61:fc:
9b:01:8b:44:6f:10:cf:58:be:e5:39:4d:44:2b:94:
04:48:6c:6d:37:e7:b7:8e:17:d8:0f:97:6f:6d:95:
85:fc:a7:99:03:9d:ac:79:c2:b7:20:b4:76:b0:c4:
e8:e3:45:18:e0:ab:4f:c3:96:a6:e4:c9:19:f4:f6:
0e:1c:01:29:cd:25:4a:98:14:5e:b0:79:c0:85:30:
3d:af:a2:54:89:68:dd:72:3c:0b:2b:f6:25:a7:5e:
06:ec:fd:b1:79:14:0d:e5:76:65:cf:9f:c1:7b:e8:
6f:8e:68:35:e8:49:32:99:ee:97:89:87:fa:e0:10:
e9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:A7:EB:90:A6:80:0E:D8:A2:E6:C0:FC:A0:CD:31:CC:0C:8F:4A:FD
X509v3 Authority Key Identifier:
keyid:56:7A:C9:BF:0B:E9:1E:0A:48:66:4E:C8:B6:A6:77:09:57:A2:10:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VnrJvwvpHgpIZk7ItqZ3CVeiECA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/NqfrkKaADtii5sD8oM0xzAyPSv0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c51d08-8575-4bfb-af6e-01889cc03eba/1/VnrJvwvpHgpIZk7ItqZ3CVeiECA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.152.0/22
5.42.159.0/24
91.216.120.0/24
IPv6:
2a01:45c0::/32
Signature Algorithm: sha256WithRSAEncryption
50:37:cd:5d:26:da:c5:6c:c6:a2:a7:02:f7:21:2a:4c:b9:b9:
3e:5d:bf:f8:2d:5a:04:e2:f4:18:7a:70:8d:97:75:c1:4e:9f:
8e:0a:7a:e3:f3:73:a5:ab:d7:c8:70:e1:ee:4f:da:ba:02:74:
5a:41:df:38:27:54:ac:80:b1:58:b0:27:1c:93:79:5d:ef:10:
a5:6f:81:a2:df:98:e8:79:eb:54:a5:0a:b4:d3:f3:ee:7d:82:
fd:83:73:9f:b4:fc:f1:ca:cd:8f:6f:2b:0d:92:f0:86:4a:f5:
c7:90:2d:68:61:f2:73:38:4f:25:e2:2a:bb:9d:3e:2a:5d:a3:
ad:f5:59:74:46:ae:43:c0:f2:a3:4d:18:18:a5:28:df:db:49:
58:30:90:d5:32:6a:66:42:34:ea:00:81:50:2c:12:a9:3f:1a:
89:43:d9:17:ed:48:5a:ad:d0:0a:af:2a:2e:43:16:fa:97:f1:
c4:0d:4b:14:79:7c:5f:a0:97:b9:ae:2b:b7:38:0d:4b:e8:a6:
02:db:39:e9:97:e5:00:ce:74:35:16:cc:6f:e8:58:60:e6:68:
4b:b0:4c:78:3c:03:fd:8f:65:44:d3:9d:e2:a6:88:40:33:74:
ae:1d:d3:dc:89:d8:37:18:d3:0c:11:16:34:35:1c:72:cb:81:
83:12:52:43
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYwNdyXnfohSjDik3WiCUrG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2N2FjOWJmMGJlOTFlMGE0ODY2NGVjOGI2YTY3NzA5NTdh
MjEwMjAwHhcNMjMxMTI2MjEwOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmE3ZWI5MGE2ODAwZWQ4YTJlNmMwZmNhMGNkMzFjYzBjOGY0YWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlqgHC0PaIY7z8bEa2pTrBHphyZB
o+nuz7vKNLVqzg9s1sfraByL0eVHpEwDzCjMrAE1qZgRjys2ovBqpMj+uBJBy9sI
YZ/3GQIupD1hT/MNR6wsDnCnWYLCzib5IpA65FahlPRlBJj2NMbEDLboFVIiuAJP
cswWu7u7ePwa/eANXJjwYfybAYtEbxDPWL7lOU1EK5QESGxtN+e3jhfYD5dvbZWF
/KeZA52secK3ILR2sMTo40UY4KtPw5am5MkZ9PYOHAEpzSVKmBResHnAhTA9r6JU
iWjdcjwLK/Ylp14G7P2xeRQN5XZlz5/Be+hvjmg16Ekyme6XiYf64BDpvwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDan65CmgA7YoubA/KDNMcwMj0r9MB8GA1UdIwQY
MBaAFFZ6yb8L6R4KSGZOyLamdwlXohAgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUt
MDE4ODljYzAzZWJhLzEvTnFmcmtLYUFEdGlpNXNEOG9NMHh6QXlQU3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jNTFkMDgtODU3NS00YmZiLWFmNmUtMDE4ODljYzAzZWJh
LzEvVm5ySnZ3dnBIZ3BJWms3SXRxWjNDVmVpRUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCBSqYAwQA
BSqfAwQAW9h4MA0EAgACMAcDBQAqAUXAMA0GCSqGSIb3DQEBCwUAA4IBAQBQN81d
JtrFbMaipwL3ISpMubk+Xb/4LVoE4vQYenCNl3XBTp+OCnrj83Olq9fIcOHuT9q6
AnRaQd84J1SsgLFYsCcck3ld7xClb4Gi35joeetUpQq00/PufYL9g3OftPzxys2P
bysNkvCGSvXHkC1oYfJzOE8l4iq7nT4qXaOt9Vl0Rq5DwPKjTRgYpSjf20lYMJDV
MmpmQjTqAIFQLBKpPxqJQ9kX7UhardAKryouQxb6l/HEDUsUeXxfoJe5riu3OA1L
6KYC2znpl+UAznQ1Fsxv6Fhg5mhLsEx4PAP9j2VE053ipohAM3SuHdPcidg3GNMM
ERY0NRxyy4GDElJD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:54 2024 by rpki-client on console-fra.rpki-client.org