Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/1qpzQZ6dm0QC32vTX41juv5xsvg.roa
File: 1qpzQZ6dm0QC32vTX41juv5xsvg.roa (raw, json)
Hash identifier: ZxkPc+RbCObt5KytgPM1lgLwmQsC8fvbIVOcP6anF5U=
Subject key identifier: D6:AA:73:41:9E:9D:9B:44:02:DF:6B:D3:5F:8D:63:BA:FE:71:B2:F8
Certificate issuer: /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial: 01856FF965891FB5FDD4A77DE2C7388F2A68
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/1qpzQZ6dm0QC32vTX41juv5xsvg.roa
Signing time: Mon 02 Jan 2023 00:54:53 +0000
ROA not before: Mon 02 Jan 2023 00:54:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31643
IP address blocks: 85.28.0.0/20 maxlen: 20
85.28.0.0/21 maxlen: 21
85.28.8.0/21 maxlen: 21
85.28.16.0/20 maxlen: 20
85.28.16.0/21 maxlen: 21
85.28.24.0/21 maxlen: 21
217.151.16.0/20 maxlen: 20
217.151.16.0/21 maxlen: 21
217.151.24.0/21 maxlen: 21
85.28.32.0/20 maxlen: 20
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f9:65:89:1f:b5:fd:d4:a7:7d:e2:c7:38:8f:2a:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
Validity
Not Before: Jan 2 00:54:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d6aa73419e9d9b4402df6bd35f8d63bafe71b2f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:1e:44:cc:ba:72:68:2e:0e:f1:37:09:7c:7a:
da:92:bf:79:6b:47:5a:0c:a6:a0:91:f0:be:0d:b3:
ed:4e:42:53:80:83:8d:5a:7a:da:d7:78:20:22:0f:
c7:5b:21:b2:33:91:ba:2e:30:4b:ed:7c:f8:82:c6:
4e:1d:23:0d:66:8b:0c:20:68:34:ee:37:39:a0:97:
b6:67:4a:55:ef:1a:66:75:3a:89:ea:44:74:55:18:
e0:9c:61:b7:94:e2:62:6d:2d:6f:cf:68:58:d9:b2:
de:dd:f6:e7:3a:43:94:ce:05:f3:f8:09:64:e1:8b:
c4:72:3d:33:8e:af:1a:f4:f2:b3:d2:e8:f5:97:6e:
1a:56:51:07:d6:bb:08:7f:65:7b:df:39:66:3f:8b:
13:0b:f0:e8:e6:c7:0d:3c:ac:84:48:0e:16:9a:f8:
8a:17:1c:57:2a:f4:13:0e:57:37:4f:64:32:09:bb:
9b:81:98:dc:29:10:98:e9:b0:52:5d:d5:62:ea:45:
64:a5:21:30:54:9e:d1:7a:3f:65:54:fc:68:bb:7e:
f3:4d:a9:65:50:34:59:cc:7a:6b:df:63:83:a2:5e:
53:d7:da:1a:36:a3:5c:7a:7c:2a:65:7b:8a:c5:1e:
4c:53:ad:bd:7c:4c:f8:67:f4:02:0d:5f:c8:40:c7:
d4:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:AA:73:41:9E:9D:9B:44:02:DF:6B:D3:5F:8D:63:BA:FE:71:B2:F8
X509v3 Authority Key Identifier:
keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/1qpzQZ6dm0QC32vTX41juv5xsvg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.28.0.0-85.28.47.255
217.151.16.0/20
Signature Algorithm: sha256WithRSAEncryption
15:b8:82:3f:1c:59:83:f0:f5:0b:e9:88:ef:b8:aa:67:1c:1f:
eb:bd:7a:00:da:6c:53:01:d7:38:68:a2:5c:bd:71:ec:e0:38:
2a:03:7e:e4:b9:a0:3f:a5:f4:9d:af:cf:ef:65:a8:80:e4:aa:
c9:fa:bf:aa:89:f4:c1:03:0e:75:7b:1d:7c:9b:b0:73:11:e0:
38:08:56:b9:71:47:62:2f:4d:8f:4a:6e:68:8e:a7:e3:d4:13:
96:c9:03:61:77:ae:04:f3:8d:87:16:99:21:da:28:27:a1:8b:
ed:4e:1c:e3:d5:80:61:ab:61:3b:cf:3a:a4:b2:bc:be:2a:0e:
50:80:48:08:72:db:bb:08:b1:f7:94:6b:58:48:43:ec:87:6b:
68:a8:d9:ca:ff:35:e0:32:7d:17:97:42:17:78:18:9f:4b:d4:
98:a1:27:61:97:f1:81:16:40:ae:b9:f7:0c:04:01:38:06:79:
fa:e2:69:6e:a9:38:7e:2b:50:4d:c1:b1:ba:c4:e2:2c:e4:cb:
ab:aa:eb:5e:a0:11:92:2c:3f:9b:94:87:27:96:eb:66:15:a1:
1f:65:d3:06:f8:38:d8:e4:d1:66:85:f3:be:bd:96:bb:b8:26:
bd:a8:b8:c9:39:ea:3c:5d:0e:bd:75:a8:5f:91:83:c5:9e:a3:
78:73:47:df
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYVv+WWJH7X91Kd94sc4jypoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjMwMTAyMDA1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmFhNzM0MTllOWQ5YjQ0MDJkZjZiZDM1ZjhkNjNiYWZlNzFiMmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgx5EzLpyaC4O8TcJfHrakr95a0da
DKagkfC+DbPtTkJTgIONWnra13ggIg/HWyGyM5G6LjBL7Xz4gsZOHSMNZosMIGg0
7jc5oJe2Z0pV7xpmdTqJ6kR0VRjgnGG3lOJibS1vz2hY2bLe3fbnOkOUzgXz+Alk
4YvEcj0zjq8a9PKz0uj1l24aVlEH1rsIf2V73zlmP4sTC/Do5scNPKyESA4WmviK
FxxXKvQTDlc3T2QyCbubgZjcKRCY6bBSXdVi6kVkpSEwVJ7Rej9lVPxou37zTall
UDRZzHpr32ODol5T19oaNqNcenwqZXuKxR5MU629fEz4Z/QCDV/IQMfU5QIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFNaqc0GenZtEAt9r01+NY7r+cbL4MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvMXFwelFaNmRtMFFDMzJ2VFg0MWp1djV4c3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwJVHAME
BFUcIAMEBNmXEDANBgkqhkiG9w0BAQsFAAOCAQEAFbiCPxxZg/D1C+mI77iqZxwf
6716ANpsUwHXOGiiXL1x7OA4KgN+5LmgP6X0na/P72WogOSqyfq/qon0wQMOdXsd
fJuwcxHgOAhWuXFHYi9Nj0puaI6n49QTlskDYXeuBPONhxaZIdooJ6GL7U4c49WA
YathO886pLK8vioOUIBICHLbuwix95RrWEhD7IdraKjZyv814DJ9F5dCF3gYn0vU
mKEnYZfxgRZArrn3DAQBOAZ5+uJpbqk4fitQTcGxusTiLOTLq6rrXqARkiw/m5SH
J5brZhWhH2XTBvg42OTRZoXzvr2Wu7gmvai4yTnqPF0OvXWoX5GDxZ6jeHNH3w==
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:23:19 2024 by rpki-client on console-fra.rpki-client.org