Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/bcea5d-514e-4f52-b49a-90fb57d40ca7/1/avByOHSg1eFs50MgzB5_zjvOII8.roa
File: avByOHSg1eFs50MgzB5_zjvOII8.roa (raw, json)
Hash identifier: S+4DH/qG31QQYzUVo5RAJpA7hi5hu7zss5dmKR3BPCo=
Subject key identifier: 6A:F0:72:38:74:A0:D5:E1:6C:E7:43:20:CC:1E:7F:CE:3B:CE:20:8F
Certificate issuer: /CN=cac9804e227eaac9ac09b0821fc07ee2817777b5
Certificate serial: 01857102DE71540CCB60A81E63B096D03204
Authority key identifier: CA:C9:80:4E:22:7E:AA:C9:AC:09:B0:82:1F:C0:7E:E2:81:77:77:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ysmATiJ-qsmsCbCCH8B-4oF3d7U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/bcea5d-514e-4f52-b49a-90fb57d40ca7/1/avByOHSg1eFs50MgzB5_zjvOII8.roa
Signing time: Mon 02 Jan 2023 05:44:51 +0000
ROA not before: Mon 02 Jan 2023 05:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16509
IP address blocks: 45.91.255.0/24 maxlen: 24
193.57.172.0/24 maxlen: 24
2a11:5ec0::/40 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:02:de:71:54:0c:cb:60:a8:1e:63:b0:96:d0:32:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cac9804e227eaac9ac09b0821fc07ee2817777b5
Validity
Not Before: Jan 2 05:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6af0723874a0d5e16ce74320cc1e7fce3bce208f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f7:68:2e:f3:a8:9e:a0:b6:fa:7f:4f:2d:d5:
ee:6c:44:ee:f9:50:eb:36:0b:56:9e:cd:2d:52:ba:
5d:21:b2:52:e3:36:86:55:46:52:7c:cf:0f:f0:46:
e1:64:04:c2:8a:90:8f:57:15:6c:00:45:3b:41:3d:
6b:3d:35:a0:39:6e:b3:65:18:78:04:e9:c9:d5:73:
d2:8f:a1:58:1a:f9:04:32:96:ec:4d:03:8e:74:ad:
43:74:e5:aa:2a:cf:6b:42:37:4c:33:3b:25:e4:dd:
80:58:94:7c:79:d3:3f:d3:32:19:14:63:ac:5d:28:
16:7b:d0:24:6a:d8:53:52:0b:d9:cb:9e:56:7b:10:
06:ba:1b:74:ca:b3:0e:30:c8:e1:3b:c4:32:ca:23:
ab:63:25:fa:c7:4c:a3:ed:41:d3:37:0a:9a:6c:18:
07:44:2d:5d:bf:cf:c1:72:c2:c0:9a:9d:31:ac:24:
fd:d7:d6:d2:f3:ca:ba:52:f0:79:b5:9a:bb:0b:84:
2d:e0:74:f1:fc:6c:f8:a0:ff:33:6d:af:c0:36:fb:
f4:2d:28:57:40:c5:7e:18:95:b5:f5:21:09:91:b0:
90:78:03:db:21:eb:bc:bb:7f:a1:26:18:71:c9:b9:
c0:fe:43:6a:4c:2f:13:7b:8a:89:d6:6c:10:75:63:
f7:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:F0:72:38:74:A0:D5:E1:6C:E7:43:20:CC:1E:7F:CE:3B:CE:20:8F
X509v3 Authority Key Identifier:
keyid:CA:C9:80:4E:22:7E:AA:C9:AC:09:B0:82:1F:C0:7E:E2:81:77:77:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ysmATiJ-qsmsCbCCH8B-4oF3d7U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/bcea5d-514e-4f52-b49a-90fb57d40ca7/1/avByOHSg1eFs50MgzB5_zjvOII8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/bcea5d-514e-4f52-b49a-90fb57d40ca7/1/ysmATiJ-qsmsCbCCH8B-4oF3d7U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.255.0/24
193.57.172.0/24
IPv6:
2a11:5ec0::/40
Signature Algorithm: sha256WithRSAEncryption
62:de:00:f5:3a:56:6e:0f:1a:85:3e:0c:b9:66:5e:83:68:6e:
f2:98:7f:d4:0b:8e:2c:b4:67:fb:8f:22:4b:f6:73:16:64:34:
fc:57:27:ad:4a:ec:3d:88:3b:42:41:4b:86:52:81:ac:c5:b5:
cc:13:cb:5a:e6:01:2e:ff:35:96:34:c9:f0:49:1d:88:e1:56:
1c:26:62:9e:4f:b2:36:32:d8:e5:28:c8:31:f4:2f:8e:b2:dc:
ed:17:45:a0:1e:d1:b8:a3:73:0b:9f:c0:03:0b:76:ab:bf:5c:
91:a9:49:7c:66:1d:1b:9a:6b:70:1e:c7:a0:c2:d2:a0:da:d2:
58:7a:0e:48:09:17:db:70:18:c0:44:d2:3d:fe:13:9d:6b:36:
78:a0:6f:1d:40:a0:85:a0:c8:7d:14:57:4f:c7:67:15:04:f2:
5f:30:a0:0d:d1:ac:f4:89:b0:d5:c3:77:a8:80:02:99:0b:20:
41:80:5e:55:0c:52:45:8d:af:0f:f9:38:bb:4f:2f:78:7d:bf:
63:8f:7b:7f:f0:f6:87:cc:96:c8:74:d0:95:2e:c7:8d:d1:17:
90:ce:7b:65:a9:a5:cb:bb:a7:9d:8a:95:f2:15:df:ac:28:21:
9e:90:45:1e:37:97:7e:68:bc:dc:91:12:83:06:f8:78:b8:e1:
a2:06:d3:ec
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYVxAt5xVAzLYKgeY7CW0DIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhYzk4MDRlMjI3ZWFhYzlhYzA5YjA4MjFmYzA3ZWUyODE3
Nzc3YjUwHhcNMjMwMTAyMDU0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWYwNzIzODc0YTBkNWUxNmNlNzQzMjBjYzFlN2ZjZTNiY2UyMDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/doLvOonqC2+n9PLdXubETu+VDr
NgtWns0tUrpdIbJS4zaGVUZSfM8P8EbhZATCipCPVxVsAEU7QT1rPTWgOW6zZRh4
BOnJ1XPSj6FYGvkEMpbsTQOOdK1DdOWqKs9rQjdMMzsl5N2AWJR8edM/0zIZFGOs
XSgWe9AkathTUgvZy55WexAGuht0yrMOMMjhO8QyyiOrYyX6x0yj7UHTNwqabBgH
RC1dv8/BcsLAmp0xrCT919bS88q6UvB5tZq7C4Qt4HTx/Gz4oP8zba/ANvv0LShX
QMV+GJW19SEJkbCQeAPbIeu8u3+hJhhxybnA/kNqTC8Te4qJ1mwQdWP39QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFGrwcjh0oNXhbOdDIMwef847ziCPMB8GA1UdIwQY
MBaAFMrJgE4ifqrJrAmwgh/AfuKBd3e1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXNtQVRpSi1xc21zQ2JDQ0g4Qi00b0YzZDdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9iY2VhNWQtNTE0ZS00ZjUyLWI0OWEt
OTBmYjU3ZDQwY2E3LzEvYXZCeU9IU2cxZUZzNTBNZ3pCNV96anZPSUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9iY2VhNWQtNTE0ZS00ZjUyLWI0OWEtOTBmYjU3ZDQwY2E3
LzEveXNtQVRpSi1xc21zQ2JDQ0g4Qi00b0YzZDdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQALVv/AwQA
wTmsMA4EAgACMAgDBgAqEV7AADANBgkqhkiG9w0BAQsFAAOCAQEAYt4A9TpWbg8a
hT4MuWZeg2hu8ph/1AuOLLRn+48iS/ZzFmQ0/FcnrUrsPYg7QkFLhlKBrMW1zBPL
WuYBLv81ljTJ8EkdiOFWHCZink+yNjLY5SjIMfQvjrLc7RdFoB7RuKNzC5/AAwt2
q79ckalJfGYdG5prcB7HoMLSoNrSWHoOSAkX23AYwETSPf4TnWs2eKBvHUCghaDI
fRRXT8dnFQTyXzCgDdGs9Imw1cN3qIACmQsgQYBeVQxSRY2vD/k4u08veH2/Y497
f/D2h8yWyHTQlS7HjdEXkM57Zamly7unnYqV8hXfrCghnpBFHjeXfmi83JESgwb4
eLjhogbT7A==
-----END CERTIFICATE-----
Generated at Mon Jan 1 08:10:10 2024 by rpki-client on console-fra.rpki-client.org