Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/aaae38-1b28-449d-be82-73fd2c035eb5/1/8NG7YLtMHroSweC-u-oJsjgv27U.roa
File: 8NG7YLtMHroSweC-u-oJsjgv27U.roa (raw, json)
Hash identifier: 5nm366GF+oIQ7LHrYgjJh0U1D5HdMy2B5tWlYcEvgZk=
Subject key identifier: F0:D1:BB:60:BB:4C:1E:BA:12:C1:E0:BE:BB:EA:09:B2:38:2F:DB:B5
Certificate issuer: /CN=21bfb9e219e15feda6add29639b8d73f5c2cd802
Certificate serial: 018571F1247CBB10039F24FE17946EC90D6E
Authority key identifier: 21:BF:B9:E2:19:E1:5F:ED:A6:AD:D2:96:39:B8:D7:3F:5C:2C:D8:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ib-54hnhX-2mrdKWObjXP1ws2AI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/aaae38-1b28-449d-be82-73fd2c035eb5/1/8NG7YLtMHroSweC-u-oJsjgv27U.roa
Signing time: Mon 02 Jan 2023 10:05:06 +0000
ROA not before: Mon 02 Jan 2023 10:05:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35378
IP address blocks: 95.171.96.0/19 maxlen: 19
37.123.200.0/21 maxlen: 21
176.241.72.0/21 maxlen: 21
77.91.0.0/18 maxlen: 18
185.14.112.0/22 maxlen: 22
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:f1:24:7c:bb:10:03:9f:24:fe:17:94:6e:c9:0d:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=21bfb9e219e15feda6add29639b8d73f5c2cd802
Validity
Not Before: Jan 2 10:05:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f0d1bb60bb4c1eba12c1e0bebbea09b2382fdbb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:ed:e1:74:48:4a:e2:c8:fd:f9:9e:2e:c1:b6:
4d:d8:c3:36:ca:b2:28:51:67:39:9e:3d:10:fd:c6:
f7:35:b4:a5:3d:13:f4:3b:4c:f6:77:59:3e:38:11:
2d:b3:3d:30:f4:a6:58:22:6d:ff:9a:2b:f5:94:7e:
17:c1:45:00:e5:90:48:b6:e2:6a:4e:c5:ad:14:4c:
a6:f2:b4:0b:83:3e:4a:d8:20:94:6c:06:f2:ce:43:
3b:07:58:d2:d6:c3:aa:d4:15:a1:f5:0b:ae:59:a3:
8f:4a:b8:4c:14:54:57:d4:09:e4:01:bb:ee:c3:bf:
b3:57:21:c9:8b:b9:d2:b7:2a:29:51:c2:ad:34:92:
8d:c4:2b:5b:d9:7c:7f:ce:ca:e1:04:17:d0:6a:ba:
d6:e0:c5:df:c6:ac:f7:b8:26:12:6e:9e:c7:16:33:
09:d7:9a:bf:4b:a0:95:a5:a2:32:c9:ea:c5:6b:92:
85:b6:76:86:99:75:d0:30:f4:50:d1:c8:96:54:ac:
3d:71:d5:df:04:bb:f4:04:f5:09:7e:5b:cd:84:9a:
94:46:8e:93:27:26:06:dd:21:df:b5:3b:f8:58:bd:
e0:c1:e0:13:45:a9:2a:50:64:bf:b8:1a:04:a2:7f:
e6:3f:f2:2c:d0:02:3a:ed:c9:2b:4d:59:99:bb:8d:
04:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:D1:BB:60:BB:4C:1E:BA:12:C1:E0:BE:BB:EA:09:B2:38:2F:DB:B5
X509v3 Authority Key Identifier:
keyid:21:BF:B9:E2:19:E1:5F:ED:A6:AD:D2:96:39:B8:D7:3F:5C:2C:D8:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ib-54hnhX-2mrdKWObjXP1ws2AI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/aaae38-1b28-449d-be82-73fd2c035eb5/1/8NG7YLtMHroSweC-u-oJsjgv27U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/aaae38-1b28-449d-be82-73fd2c035eb5/1/Ib-54hnhX-2mrdKWObjXP1ws2AI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.123.200.0/21
77.91.0.0/18
95.171.96.0/19
176.241.72.0/21
185.14.112.0/22
Signature Algorithm: sha256WithRSAEncryption
72:7f:95:75:00:96:33:af:54:65:fc:c3:04:45:1d:19:99:b3:
1d:3c:2d:83:fa:df:7f:a3:9a:7d:16:2a:43:b4:28:f0:b8:f1:
d4:6e:5b:cf:05:42:30:b7:e3:45:b9:4a:87:a9:70:32:52:a8:
77:12:b1:84:aa:5f:be:9e:b1:d6:f8:53:0c:9d:a2:c3:97:c8:
64:6c:b7:b3:66:bf:90:70:4d:ab:b8:fd:dc:f5:68:86:fb:8b:
1c:60:3b:b0:1c:61:d7:3b:60:0a:31:19:ca:64:51:b0:1d:76:
00:2f:9a:65:cf:d0:90:f9:be:30:e5:d8:c4:5d:e2:45:39:50:
83:08:24:80:a1:13:49:86:18:f4:cd:1f:65:0f:e8:30:38:60:
d8:59:16:98:4b:3f:0f:13:35:06:36:79:f3:ec:ce:eb:3c:c2:
e8:12:d4:2a:49:21:c3:ce:a3:ff:97:ee:4b:d1:b1:62:e7:8b:
0c:72:d4:1b:e5:6a:a7:2f:d5:ca:2d:b2:1e:b6:91:3a:3c:53:
83:55:69:a0:c8:48:9f:4d:3f:4d:ec:1f:96:a4:cd:b7:4c:04:
3b:c6:1d:eb:d0:3b:a9:af:b4:7c:a8:c8:4b:71:a7:06:14:f9:
57:5f:d1:96:43:6d:95:37:7c:9b:b8:e9:fb:63:83:a4:35:ab:
a5:db:fd:bf
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVx8SR8uxADnyT+F5RuyQ1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYmZiOWUyMTllMTVmZWRhNmFkZDI5NjM5YjhkNzNmNWMy
Y2Q4MDIwHhcNMjMwMTAyMTAwNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGQxYmI2MGJiNGMxZWJhMTJjMWUwYmViYmVhMDliMjM4MmZkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO3hdEhK4sj9+Z4uwbZN2MM2yrIo
UWc5nj0Q/cb3NbSlPRP0O0z2d1k+OBEtsz0w9KZYIm3/miv1lH4XwUUA5ZBItuJq
TsWtFEym8rQLgz5K2CCUbAbyzkM7B1jS1sOq1BWh9QuuWaOPSrhMFFRX1AnkAbvu
w7+zVyHJi7nStyopUcKtNJKNxCtb2Xx/zsrhBBfQarrW4MXfxqz3uCYSbp7HFjMJ
15q/S6CVpaIyyerFa5KFtnaGmXXQMPRQ0ciWVKw9cdXfBLv0BPUJflvNhJqURo6T
JyYG3SHftTv4WL3gweATRakqUGS/uBoEon/mP/Is0AI67ckrTVmZu40EWwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPDRu2C7TB66EsHgvrvqCbI4L9u1MB8GA1UdIwQY
MBaAFCG/ueIZ4V/tpq3Sljm41z9cLNgCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWItNTRobmhYLTJtcmRLV09ialhQMXdzMkFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hYWFlMzgtMWIyOC00NDlkLWJlODIt
NzNmZDJjMDM1ZWI1LzEvOE5HN1lMdE1Icm9Td2VDLXUtb0pzamd2MjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hYWFlMzgtMWIyOC00NDlkLWJlODItNzNmZDJjMDM1ZWI1
LzEvSWItNTRobmhYLTJtcmRLV09ialhQMXdzMkFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDJXvIAwQG
TVsAAwQFX6tgAwQDsPFIAwQCuQ5wMA0GCSqGSIb3DQEBCwUAA4IBAQByf5V1AJYz
r1Rl/MMERR0ZmbMdPC2D+t9/o5p9FipDtCjwuPHUblvPBUIwt+NFuUqHqXAyUqh3
ErGEql++nrHW+FMMnaLDl8hkbLezZr+QcE2ruP3c9WiG+4scYDuwHGHXO2AKMRnK
ZFGwHXYAL5plz9CQ+b4w5djEXeJFOVCDCCSAoRNJhhj0zR9lD+gwOGDYWRaYSz8P
EzUGNnnz7M7rPMLoEtQqSSHDzqP/l+5L0bFi54sMctQb5WqnL9XKLbIetpE6PFOD
VWmgyEifTT9N7B+WpM23TAQ7xh3r0Dupr7R8qMhLcacGFPlXX9GWQ22VN3ybuOn7
Y4OkNaul2/2/
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:35:40 2024 by rpki-client on console-ams.rpki-client.org