Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ClGso4mFWw1lanv8Sd-CjiWNw1c.roa
File: ClGso4mFWw1lanv8Sd-CjiWNw1c.roa (raw, json)
Hash identifier: B77nyyCXdoVosc7umsS2dgb08uGAGs2NNmeIbYMxwyw=
Subject key identifier: 0A:51:AC:A3:89:85:5B:0D:65:6A:7B:FC:49:DF:82:8E:25:8D:C3:57
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 018C863E1D01655CBD9EA191AA0544C5C742
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ClGso4mFWw1lanv8Sd-CjiWNw1c.roa
Signing time: Wed 20 Dec 2023 08:01:06 +0000
ROA not before: Wed 20 Dec 2023 08:01:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 89.42.81.0/24 maxlen: 24
89.42.95.0/24 maxlen: 24
89.34.228.0/24 maxlen: 24
93.113.181.0/24 maxlen: 24
89.46.0.0/24 maxlen: 24
89.43.143.0/24 maxlen: 24
89.43.140.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:86:3e:1d:01:65:5c:bd:9e:a1:91:aa:05:44:c5:c7:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Dec 20 08:01:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0a51aca389855b0d656a7bfc49df828e258dc357
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:be:6a:3d:16:df:6b:d3:2c:46:6d:17:84:9d:
98:98:e2:0b:78:bc:47:6f:e7:96:b2:95:3e:c8:1f:
75:34:f2:85:0d:43:cf:00:5c:17:6f:c4:69:8d:85:
3f:a7:74:15:20:34:54:5b:4b:84:7c:6f:51:87:14:
20:65:9b:1a:0a:34:c9:28:1a:a2:e0:39:0b:91:0b:
fa:89:9a:35:be:a1:3a:0b:7d:14:12:c4:2d:bb:0c:
8d:c1:cc:d8:02:1f:76:ae:b4:22:0b:3f:ff:40:b9:
c7:08:d6:48:80:ef:21:49:b1:20:11:b7:d7:1e:e0:
36:92:ae:bc:99:58:0a:61:c9:db:76:92:dd:5d:48:
55:4a:a4:4f:6e:2d:e5:fc:45:3c:80:65:59:ce:93:
89:6b:24:f8:47:a9:f6:08:66:e9:a8:69:98:51:50:
5e:69:7c:78:7a:58:08:49:b9:37:7e:0d:e8:e0:9c:
39:42:1c:f6:c0:57:7b:c3:b2:99:c9:33:5f:cb:39:
f2:0d:e6:df:1a:77:9d:b7:77:6d:f7:22:3a:00:5d:
e4:19:36:c5:40:3b:44:af:70:ed:c4:53:47:2a:8a:
67:25:09:13:eb:35:da:e5:22:df:6f:db:6a:e9:a2:
c3:a6:18:6f:90:9d:ea:26:3e:86:aa:d0:5b:14:d1:
77:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:51:AC:A3:89:85:5B:0D:65:6A:7B:FC:49:DF:82:8E:25:8D:C3:57
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ClGso4mFWw1lanv8Sd-CjiWNw1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.228.0/24
89.42.81.0/24
89.42.95.0/24
89.43.140.0/24
89.43.143.0/24
89.46.0.0/24
93.113.181.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:ec:95:82:3e:32:44:72:11:07:4b:ff:cc:08:fb:17:99:2b:
65:0a:d5:3c:3c:56:10:5c:a8:d5:a1:88:0c:ef:d8:7d:e5:73:
00:c5:8d:d5:6d:64:02:85:18:41:48:47:49:5d:78:e2:1d:84:
e7:9f:af:7e:91:19:0a:a3:d2:fb:f2:19:74:b7:69:b0:b2:9b:
0d:0a:76:37:46:b3:ed:37:30:40:1e:d8:b1:5c:b0:34:4f:35:
c4:a4:ef:47:e6:a4:99:fd:1f:c0:10:3e:aa:f4:3e:85:2f:2a:
d5:7d:99:a7:e9:af:a7:e8:a3:d9:52:89:6f:71:d0:49:9d:34:
17:5d:35:b9:73:dc:a0:22:8c:8d:12:c5:ae:03:fa:22:94:9c:
b7:d7:a8:b0:7f:bd:e0:fc:91:20:3d:5a:bf:b0:a9:7f:61:9f:
7e:21:c3:2d:f2:4e:83:65:19:9e:6f:11:86:94:97:e9:49:ee:
a8:fb:2b:f0:49:c7:f3:03:44:63:55:19:21:a4:7f:ea:80:eb:
26:ad:7f:9b:3d:a6:53:ac:fc:26:b3:78:95:f9:53:42:e3:70:
44:4f:3e:aa:db:fe:24:dc:97:c8:1e:84:85:58:20:f1:bd:49:
94:8a:18:8d:55:23:33:f3:0b:ce:f5:df:84:c2:3b:c2:2e:21:
19:80:90:04
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYyGPh0BZVy9nqGRqgVExcdCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMjIwMDgwMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTUxYWNhMzg5ODU1YjBkNjU2YTdiZmM0OWRmODI4ZTI1OGRjMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjr5qPRbfa9MsRm0XhJ2YmOILeLxH
b+eWspU+yB91NPKFDUPPAFwXb8RpjYU/p3QVIDRUW0uEfG9RhxQgZZsaCjTJKBqi
4DkLkQv6iZo1vqE6C30UEsQtuwyNwczYAh92rrQiCz//QLnHCNZIgO8hSbEgEbfX
HuA2kq68mVgKYcnbdpLdXUhVSqRPbi3l/EU8gGVZzpOJayT4R6n2CGbpqGmYUVBe
aXx4elgISbk3fg3o4Jw5Qhz2wFd7w7KZyTNfyznyDebfGnedt3dt9yI6AF3kGTbF
QDtEr3DtxFNHKopnJQkT6zXa5SLfb9tq6aLDphhvkJ3qJj6GqtBbFNF3DQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFApRrKOJhVsNZWp7/Enfgo4ljcNXMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvQ2xHc280bUZXdzFsYW52OFNkLUNqaVdOdzFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAWSLkAwQA
WSpRAwQAWSpfAwQAWSuMAwQAWSuPAwQAWS4AAwQAXXG1MA0GCSqGSIb3DQEBCwUA
A4IBAQAc7JWCPjJEchEHS//MCPsXmStlCtU8PFYQXKjVoYgM79h95XMAxY3VbWQC
hRhBSEdJXXjiHYTnn69+kRkKo9L78hl0t2mwspsNCnY3RrPtNzBAHtixXLA0TzXE
pO9H5qSZ/R/AED6q9D6FLyrVfZmn6a+n6KPZUolvcdBJnTQXXTW5c9ygIoyNEsWu
A/oilJy316iwf73g/JEgPVq/sKl/YZ9+IcMt8k6DZRmebxGGlJfpSe6o+yvwScfz
A0RjVRkhpH/qgOsmrX+bPaZTrPwms3iV+VNC43BETz6q2/4k3JfIHoSFWCDxvUmU
ihiNVSMz8wvO9d+EwjvCLiEZgJAE
Generated at Thu Dec 28 19:58:30 2023 by rpki-client on console-fra.rpki-client.org