Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2LmWeaNwSB3ojaRhugtDV8BNxbs.roa
File: 2LmWeaNwSB3ojaRhugtDV8BNxbs.roa (raw, json)
Hash identifier: Tj9TlB9y5Opc/4nrXdo2CcbwmarMo1aGqd+iE0/jLRA=
Subject key identifier: D8:B9:96:79:A3:70:48:1D:E8:8D:A4:61:BA:0B:43:57:C0:4D:C5:BB
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018C8D52FA9229B27C6EC4FE446EA781E1B0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2LmWeaNwSB3ojaRhugtDV8BNxbs.roa
Signing time: Thu 21 Dec 2023 17:01:14 +0000
ROA not before: Thu 21 Dec 2023 17:01:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 203.0.9.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
223.27.114.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8d:52:fa:92:29:b2:7c:6e:c4:fe:44:6e:a7:81:e1:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Dec 21 17:01:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8b99679a370481de88da461ba0b4357c04dc5bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:76:37:0f:7d:58:27:5c:a0:9b:92:c9:dd:bd:
53:7f:38:fd:28:e0:3c:b4:45:62:ef:a1:9f:80:1e:
bb:8d:d0:7b:52:60:ba:2f:98:7e:78:9c:46:df:65:
4b:d8:04:54:02:9d:5b:dd:b5:13:2b:37:92:91:d7:
29:b6:88:19:f1:40:ca:db:eb:72:e9:1c:10:ad:7f:
e9:a0:6d:b2:bf:86:98:9d:3b:af:23:95:9b:c5:9b:
ef:ad:21:cf:33:b5:b7:33:20:70:1f:f6:7e:53:94:
21:73:b6:6b:1d:2d:8c:04:0b:fe:d8:b8:7b:c9:2d:
49:4b:77:26:5e:6e:19:14:20:d7:e3:0a:ce:2a:d4:
7d:f0:a9:d5:ca:72:2f:a1:da:ad:16:05:4c:c1:29:
06:f4:19:82:e4:d6:ef:21:b4:e0:eb:af:ef:de:62:
59:22:1e:8c:ef:78:cb:66:8d:5a:ff:e5:d4:54:5b:
69:d9:56:6d:b2:44:d6:37:65:3c:0b:9d:85:8e:cc:
21:85:ae:08:47:3a:7a:5d:72:0a:08:90:1d:c3:ba:
ed:97:10:46:82:45:f3:e2:4c:6c:70:21:16:b4:a6:
66:0e:53:ff:ac:ea:fd:26:76:44:4c:4f:24:9d:10:
5c:b6:5f:5b:57:cd:67:20:18:14:5b:f9:12:5d:4d:
49:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:B9:96:79:A3:70:48:1D:E8:8D:A4:61:BA:0B:43:57:C0:4D:C5:BB
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2LmWeaNwSB3ojaRhugtDV8BNxbs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
203.0.8.0/23
223.27.114.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:df:03:36:ba:9c:db:00:b9:a8:ab:9a:ee:b3:57:d2:c9:e1:
65:97:d6:87:ae:f2:10:c3:89:5e:ab:ac:5a:4a:76:55:61:23:
35:25:aa:3a:ca:0b:8f:f4:13:1f:8f:2b:fa:c9:5b:2e:05:a8:
ca:51:ee:e0:06:5b:68:14:09:82:b1:40:ca:9a:f7:89:40:e8:
93:b2:aa:4a:4d:bf:fd:24:94:89:b6:9d:3d:82:70:fc:ee:d9:
e1:31:34:08:e0:07:06:42:c9:cc:18:1e:7f:89:db:21:d9:c2:
d6:4d:25:aa:1b:52:bd:18:f4:fb:21:ad:64:3b:a9:c2:44:10:
e4:c0:8f:7c:ed:9c:37:83:ea:ad:28:7d:aa:4a:69:d0:4e:4e:
08:08:6b:1a:33:39:67:fc:4a:22:64:4d:4e:a1:25:45:c5:59:
db:61:97:65:30:90:eb:00:d6:9f:25:da:10:1f:0f:b9:bc:33:
59:5d:e2:af:71:8e:40:d9:e1:18:79:0c:e8:84:3e:26:5a:49:
af:f3:86:2f:c7:a3:fc:02:fd:34:0c:43:17:50:bc:d4:aa:6f:
8a:03:a4:59:0e:57:b3:0c:ba:9e:9f:a1:ca:40:c0:42:31:6c:
5e:00:c5:b5:be:14:9c:44:ad:90:4c:6f:2e:b9:0b:6a:df:bc:
68:05:55:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyNUvqSKbJ8bsT+RG6ngeGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMjIxMTcwMTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGI5OTY3OWEzNzA0ODFkZTg4ZGE0NjFiYTBiNDM1N2MwNGRjNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXY3D31YJ1ygm5LJ3b1Tfzj9KOA8
tEVi76GfgB67jdB7UmC6L5h+eJxG32VL2ARUAp1b3bUTKzeSkdcptogZ8UDK2+ty
6RwQrX/poG2yv4aYnTuvI5WbxZvvrSHPM7W3MyBwH/Z+U5Qhc7ZrHS2MBAv+2Lh7
yS1JS3cmXm4ZFCDX4wrOKtR98KnVynIvodqtFgVMwSkG9BmC5NbvIbTg66/v3mJZ
Ih6M73jLZo1a/+XUVFtp2VZtskTWN2U8C52Fjswhha4IRzp6XXIKCJAdw7rtlxBG
gkXz4kxscCEWtKZmDlP/rOr9JnZETE8knRBctl9bV81nIBgUW/kSXU1J/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNi5lnmjcEgd6I2kYboLQ1fATcW7MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMkxtV2VhTndTQjNvamFSaHVndERWOEJOeGJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBywAIAwQA
3xtyMA0GCSqGSIb3DQEBCwUAA4IBAQAc3wM2upzbALmoq5rus1fSyeFll9aHrvIQ
w4leq6xaSnZVYSM1Jao6yguP9BMfjyv6yVsuBajKUe7gBltoFAmCsUDKmveJQOiT
sqpKTb/9JJSJtp09gnD87tnhMTQI4AcGQsnMGB5/idsh2cLWTSWqG1K9GPT7Ia1k
O6nCRBDkwI987Zw3g+qtKH2qSmnQTk4ICGsaMzln/EoiZE1OoSVFxVnbYZdlMJDr
ANafJdoQHw+5vDNZXeKvcY5A2eEYeQzohD4mWkmv84Yvx6P8Av00DEMXULzUqm+K
A6RZDlezDLqen6HKQMBCMWxeAMW1vhScRK2QTG8uuQtq37xoBVWa
-----END CERTIFICATE-----
Generated at Mon Jan 1 15:15:27 2024 by rpki-client on console-fra.rpki-client.org