Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/ji5ZZdo5XjG0SjXv-ssQjlyydSA.roa
File: ji5ZZdo5XjG0SjXv-ssQjlyydSA.roa (raw, json)
Hash identifier: 72QIWnOaaJeH7dZjfNzhZsMelTTdMlljpiOuObOgmtQ=
Subject key identifier: 8E:2E:59:65:DA:39:5E:31:B4:4A:35:EF:FA:CB:10:8E:5C:B2:75:20
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018C2CB9C69B1D1C13B737F24E7AC4B1B00F
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/ji5ZZdo5XjG0SjXv-ssQjlyydSA.roa
Signing time: Sat 02 Dec 2023 22:50:21 +0000
ROA not before: Sat 02 Dec 2023 22:50:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 77.223.200.0/23 maxlen: 24
176.222.48.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
95.178.8.0/21 maxlen: 24
116.50.16.0/21 maxlen: 24
121.127.56.0/21 maxlen: 24
66.9.96.0/20 maxlen: 24
93.119.184.0/21 maxlen: 24
198.145.112.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:2c:b9:c6:9b:1d:1c:13:b7:37:f2:4e:7a:c4:b1:b0:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Dec 2 22:50:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8e2e5965da395e31b44a35effacb108e5cb27520
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:1f:e5:98:6f:73:7f:9a:c5:b2:41:db:97:4f:
95:62:02:fc:f8:96:5e:13:4b:06:4e:7a:b4:61:10:
d8:a7:ed:91:19:c4:fa:e2:eb:35:83:4a:02:75:05:
59:1d:de:58:e9:ec:ea:ab:ca:1a:49:a5:88:88:a9:
75:c8:20:68:92:24:98:93:6e:de:d7:06:cb:ce:d6:
ea:38:cf:ea:da:96:ea:71:d8:bf:ae:30:6a:32:b5:
31:1f:63:42:6e:d0:a5:57:29:4e:f9:6b:8b:a8:f5:
de:ce:07:6a:dc:98:c8:09:40:ba:ad:d1:8a:a2:96:
8d:a5:29:34:a6:22:d8:ee:f5:18:f0:51:92:8a:d7:
a4:a4:a2:d0:b7:f4:f7:70:91:9f:7b:e7:27:75:a1:
98:d9:c7:29:57:6c:5d:a7:0e:92:37:fd:b3:7f:c2:
d6:d9:a0:7e:58:eb:fd:01:43:5e:36:94:79:af:d8:
d6:4a:cf:01:ab:a5:eb:59:d4:bc:cd:df:d5:a1:6e:
9d:ce:7a:80:08:bd:2f:cf:2b:c9:c0:0a:63:97:a0:
6c:d7:e0:b3:53:73:31:2a:a2:1c:29:0b:cc:d5:93:
0d:94:11:d6:ed:5f:43:ac:08:f8:02:89:83:c4:5d:
bc:3a:1a:6c:f0:f9:f1:ad:bc:b2:f6:a4:16:89:e2:
a0:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:2E:59:65:DA:39:5E:31:B4:4A:35:EF:FA:CB:10:8E:5C:B2:75:20
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/ji5ZZdo5XjG0SjXv-ssQjlyydSA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
66.9.96.0/20
77.223.200.0/23
79.139.64.0/23
93.119.184.0/21
95.178.8.0/21
116.50.16.0/21
121.127.56.0/21
176.222.48.0/22
198.145.112.0/22
Signature Algorithm: sha256WithRSAEncryption
54:3d:1a:37:b7:d6:1a:ca:2f:2e:45:98:d0:b4:24:dd:01:14:
5d:dc:4a:0e:d1:51:11:c7:09:57:7d:16:33:c5:50:5a:cb:13:
b8:35:6f:55:df:66:ee:a0:04:ae:7b:31:26:df:cc:b3:6f:bb:
29:0c:1a:ee:39:63:27:e7:56:5c:ad:54:34:4d:73:21:14:dd:
00:3c:38:6a:93:f6:ca:cd:43:33:f6:48:b8:f8:d2:60:d9:2d:
62:2c:18:c9:90:80:8d:7c:3f:66:5c:82:42:f0:f6:f3:a4:27:
a9:ba:02:c5:46:69:1d:d8:83:25:9a:fa:b8:f1:4e:97:d8:dd:
23:f9:e4:a0:3d:80:a9:d2:41:56:d0:83:63:22:a8:9b:70:93:
f0:c0:d3:49:10:31:2d:1e:a9:de:9b:06:93:ca:db:d2:06:9a:
c6:69:78:ea:dc:d6:88:d8:91:b7:f6:2f:32:35:7d:bb:71:53:
be:21:87:18:7a:d4:d6:d7:44:9d:4c:20:fc:7f:91:34:05:cc:
19:c9:cd:e2:02:ef:d6:e3:7a:d9:e1:c4:90:14:ca:04:d2:f0:
31:9a:48:f6:c2:94:2f:f5:ca:3d:c0:bf:27:7e:b5:b6:9b:a0:
e4:ac:47:e1:2e:52:78:a1:09:4a:9b:52:41:ab:67:e5:47:06:
9a:aa:18:f9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYwsucabHRwTtzfyTnrEsbAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjMxMjAyMjI1MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTJlNTk2NWRhMzk1ZTMxYjQ0YTM1ZWZmYWNiMTA4ZTVjYjI3NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwx/lmG9zf5rFskHbl0+VYgL8+JZe
E0sGTnq0YRDYp+2RGcT64us1g0oCdQVZHd5Y6ezqq8oaSaWIiKl1yCBokiSYk27e
1wbLztbqOM/q2pbqcdi/rjBqMrUxH2NCbtClVylO+WuLqPXezgdq3JjICUC6rdGK
opaNpSk0piLY7vUY8FGSitekpKLQt/T3cJGfe+cndaGY2ccpV2xdpw6SN/2zf8LW
2aB+WOv9AUNeNpR5r9jWSs8Bq6XrWdS8zd/VoW6dznqACL0vzyvJwApjl6Bs1+Cz
U3MxKqIcKQvM1ZMNlBHW7V9DrAj4AomDxF28Ohps8Pnxrbyy9qQWieKgiwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFI4uWWXaOV4xtEo17/rLEI5csnUgMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvamk1WlpkbzVYakcwU2pYdi1zc1FqbHl5ZFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQEQglgAwQB
Td/IAwQBT4tAAwQDXXe4AwQDX7IIAwQDdDIQAwQDeX84AwQCsN4wAwQCxpFwMA0G
CSqGSIb3DQEBCwUAA4IBAQBUPRo3t9Yayi8uRZjQtCTdARRd3EoO0VERxwlXfRYz
xVBayxO4NW9V32buoASuezEm38yzb7spDBruOWMn51ZcrVQ0TXMhFN0APDhqk/bK
zUMz9ki4+NJg2S1iLBjJkICNfD9mXIJC8PbzpCepugLFRmkd2IMlmvq48U6X2N0j
+eSgPYCp0kFW0INjIqibcJPwwNNJEDEtHqnemwaTytvSBprGaXjq3NaI2JG39i8y
NX27cVO+IYcYetTW10SdTCD8f5E0BcwZyc3iAu/W43rZ4cSQFMoE0vAxmkj2wpQv
9co9wL8nfrW2m6DkrEfhLlJ4oQlKm1JBq2flRwaaqhj5
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:35:42 2024 by rpki-client on console-ams.rpki-client.org