Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa
File: FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa (raw, json)
Hash identifier: 4VMW9HuI8tHuC8nGunZ8f5LzG6Tw03HfnyGNLMluLV8=
Subject key identifier: 16:78:09:F2:B1:E3:73:04:F4:A6:76:F2:4B:50:0A:64:EE:33:57:E2
Certificate issuer: /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial: 018712FA4F8E075F3CD32F782336ABCD36A2
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa
Signing time: Fri 24 Mar 2023 09:36:46 +0000
ROA not before: Fri 24 Mar 2023 09:36:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9009
IP address blocks: 85.28.56.0/22 maxlen: 22
85.28.56.0/24 maxlen: 24
85.28.58.0/24 maxlen: 24
109.238.196.0/23 maxlen: 23
109.238.201.0/24 maxlen: 24
109.238.202.0/24 maxlen: 24
109.238.203.0/24 maxlen: 24
109.238.204.0/24 maxlen: 24
109.238.206.0/24 maxlen: 24
109.238.207.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:12:fa:4f:8e:07:5f:3c:d3:2f:78:23:36:ab:cd:36:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
Validity
Not Before: Mar 24 09:36:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=167809f2b1e37304f4a676f24b500a64ee3357e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:48:26:1e:f9:bc:66:0a:3e:54:ac:8b:f7:c3:
5d:53:47:9b:9c:e3:86:65:1e:3a:5d:c8:58:ef:3c:
84:b7:14:59:f3:2c:58:3f:b3:6e:29:d0:c4:fa:19:
d4:e5:aa:55:5f:72:1b:1b:a4:21:4d:15:67:20:8a:
14:da:49:dd:f9:21:24:3a:1c:fd:59:9f:8e:6b:f4:
fa:f3:14:7e:e8:70:26:05:63:73:c1:6b:10:20:98:
19:00:c9:12:45:df:04:84:b0:d4:28:66:50:a5:d4:
42:75:d7:d0:99:c9:10:11:ec:ae:2c:15:3c:4e:d6:
41:5e:fe:b0:7d:42:d4:ea:04:c3:b0:a5:b5:73:92:
74:b3:6b:6d:cd:53:e4:bd:07:96:74:6d:21:12:fd:
7b:8c:2b:d3:ad:07:76:b6:c8:2f:83:fb:20:eb:37:
b4:63:4d:ad:36:4c:8d:ea:e2:52:98:45:4c:22:8a:
2b:91:af:3e:69:a4:8c:ab:7a:89:05:95:d2:24:5d:
5b:1f:ae:d3:02:a2:81:ea:c7:56:3b:20:eb:61:8c:
29:38:43:ed:3e:2f:fc:17:6e:ee:0c:7f:34:80:39:
dd:86:db:30:cd:8f:53:c3:f5:64:94:fe:ff:b5:37:
f5:d7:5e:8b:ce:21:a5:c7:2b:05:66:ca:84:56:04:
55:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:78:09:F2:B1:E3:73:04:F4:A6:76:F2:4B:50:0A:64:EE:33:57:E2
X509v3 Authority Key Identifier:
keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.28.56.0/22
109.238.196.0/23
109.238.201.0-109.238.204.255
109.238.206.0/23
Signature Algorithm: sha256WithRSAEncryption
4b:fe:51:f6:e2:00:53:87:00:63:01:61:b0:53:96:fa:b8:7a:
58:c0:a8:a0:a3:d7:26:70:16:19:84:09:ce:e6:1e:82:89:4f:
cf:e4:5b:fe:ab:92:53:20:c6:f0:05:1a:4f:a2:a1:e6:82:48:
62:98:fe:f9:2e:ac:d8:27:4c:55:63:0d:8d:3d:a0:49:28:b6:
45:6a:3f:e6:b7:1c:ea:80:5b:f3:4d:29:88:d6:e7:73:fe:36:
04:c2:b9:0e:84:d1:db:d7:2f:0f:c7:bf:7d:a8:14:4d:86:19:
6c:84:9f:07:d4:01:c1:b2:d7:aa:4e:3d:a1:49:91:28:9c:35:
90:5d:9f:da:df:ce:78:91:81:88:de:10:61:5f:b1:22:7d:63:
0b:98:28:e2:2f:54:8c:5a:20:3f:ab:0a:ac:f1:37:6b:24:92:
8c:86:85:4e:91:3f:bf:d6:a1:1a:74:48:d6:12:ba:2d:c1:89:
71:09:17:a3:21:fb:bb:3c:7b:a9:76:8b:2f:a9:2c:a8:47:d4:
96:b9:fc:23:3b:c6:1e:58:6f:5e:4b:99:65:5c:c0:a2:33:22:
8b:b8:e3:6f:d9:f5:56:d7:3a:cb:e0:a7:40:71:15:66:18:97:
12:6d:c2:bc:67:57:5a:4f:a5:a5:d7:4d:98:85:c8:d7:ad:c9:
03:26:1a:f7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYcS+k+OB1880y94IzarzTaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjMwMzI0MDkzNjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc4MDlmMmIxZTM3MzA0ZjRhNjc2ZjI0YjUwMGE2NGVlMzM1N2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEgmHvm8Zgo+VKyL98NdU0ebnOOG
ZR46XchY7zyEtxRZ8yxYP7NuKdDE+hnU5apVX3IbG6QhTRVnIIoU2knd+SEkOhz9
WZ+Oa/T68xR+6HAmBWNzwWsQIJgZAMkSRd8EhLDUKGZQpdRCddfQmckQEeyuLBU8
TtZBXv6wfULU6gTDsKW1c5J0s2ttzVPkvQeWdG0hEv17jCvTrQd2tsgvg/sg6ze0
Y02tNkyN6uJSmEVMIoorka8+aaSMq3qJBZXSJF1bH67TAqKB6sdWOyDrYYwpOEPt
Pi/8F27uDH80gDndhtswzY9Tw/VklP7/tTf1116LziGlxysFZsqEVgRVMwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFBZ4CfKx43ME9KZ28ktQCmTuM1fiMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvRm5nSjhySGpjd1QwcG5ieVMxQUtaTzR6Vi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCVRw4AwQB
be7EMAwDBABt7skDBABt7swDBAFt7s4wDQYJKoZIhvcNAQELBQADggEBAEv+Ufbi
AFOHAGMBYbBTlvq4eljAqKCj1yZwFhmECc7mHoKJT8/kW/6rklMgxvAFGk+ioeaC
SGKY/vkurNgnTFVjDY09oEkotkVqP+a3HOqAW/NNKYjW53P+NgTCuQ6E0dvXLw/H
v32oFE2GGWyEnwfUAcGy16pOPaFJkSicNZBdn9rfzniRgYjeEGFfsSJ9YwuYKOIv
VIxaID+rCqzxN2skkoyGhU6RP7/WoRp0SNYSui3BiXEJF6Mh+7s8e6l2iy+pLKhH
1Ja5/CM7xh5Yb15LmWVcwKIzIou442/Z9VbXOsvgp0BxFWYYlxJtwrxnV1pPpaXX
TZiFyNetyQMmGvc=
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:10:31 2024 by rpki-client on console-ams.rpki-client.org