Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rp-yCVljWivqVPPkSjznnlfsBQY.roa
File: rp-yCVljWivqVPPkSjznnlfsBQY.roa (raw, json)
Hash identifier: rmNQOInmRkaS2i7lrPblFql14DJZhHQvd3rgtNrpFWI=
Subject key identifier: AE:9F:B2:09:59:63:5A:2B:EA:54:F3:E4:4A:3C:E7:9E:57:EC:05:06
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018B141A5B1692E71B1F945D6B342546DD11
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rp-yCVljWivqVPPkSjznnlfsBQY.roa
Signing time: Mon 09 Oct 2023 11:02:33 +0000
ROA not before: Mon 09 Oct 2023 11:02:33 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212477
IP address blocks: 45.123.40.0/24 maxlen: 24
45.123.41.0/24 maxlen: 24
45.123.42.0/23 maxlen: 24
45.141.203.0/24 maxlen: 24
45.141.200.0/23 maxlen: 24
45.141.202.0/24 maxlen: 24
185.35.138.0/24 maxlen: 24
185.35.136.0/23 maxlen: 24
2a0b:64c0::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:14:1a:5b:16:92:e7:1b:1f:94:5d:6b:34:25:46:dd:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Oct 9 11:02:33 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ae9fb20959635a2bea54f3e44a3ce79e57ec0506
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e0:07:49:e3:c0:e6:30:05:46:07:44:d7:9e:
74:18:7a:26:32:8a:42:5a:4d:99:7c:ea:e1:6a:a3:
e5:a1:9d:8d:13:3a:53:d1:eb:bf:aa:80:11:77:d5:
bd:0f:c0:64:c6:3d:69:7a:4f:90:1e:fb:53:51:b3:
9e:9e:f1:4b:37:ec:fd:1c:de:ba:a9:66:e8:a5:fe:
a7:a3:23:da:eb:8c:7e:be:40:ed:21:d0:f7:de:e7:
c4:d1:21:5b:07:a2:dd:cf:4a:fe:db:93:5a:1e:20:
9b:02:cd:a2:33:3b:f1:37:4b:3f:4c:c9:14:d3:3d:
88:3d:5c:e1:b1:f3:b1:e3:30:d8:58:eb:a7:95:90:
b5:49:90:14:cb:a0:8f:09:35:0a:54:fa:6e:2a:56:
49:1b:20:1c:c7:f2:82:44:72:94:5a:48:13:fd:70:
0d:45:d0:74:33:18:be:dc:74:a2:e7:1f:77:2d:03:
c9:94:89:d5:be:55:0c:9a:4c:db:d1:05:17:e2:c8:
97:96:d0:e7:03:d9:d3:35:88:82:53:92:38:71:7a:
10:6a:b8:48:05:7e:b7:ed:e8:0b:09:65:f1:c9:99:
1d:c6:fe:f8:82:f1:98:a9:2c:a4:e0:3e:b3:b2:50:
c1:d2:cb:e2:b4:f3:8c:63:ce:f4:5e:c6:e0:8a:a1:
4e:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:9F:B2:09:59:63:5A:2B:EA:54:F3:E4:4A:3C:E7:9E:57:EC:05:06
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/rp-yCVljWivqVPPkSjznnlfsBQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.123.40.0/22
45.141.200.0/22
185.35.136.0-185.35.138.255
IPv6:
2a0b:64c0::/32
Signature Algorithm: sha256WithRSAEncryption
76:87:22:18:33:d4:dc:d3:d1:13:7f:90:57:1f:ff:08:39:dd:
98:07:7e:81:71:21:bc:17:da:0d:15:c0:24:82:02:1c:3b:32:
49:a7:9a:8a:be:68:e3:82:7f:ea:08:00:78:fa:4f:96:22:af:
92:34:1b:7d:86:4b:7b:c1:35:b4:3a:69:ea:c2:c3:b6:67:e4:
36:53:0d:ea:69:a3:fa:72:a4:9e:bd:14:53:98:97:c6:bb:34:
89:9d:6d:f1:36:54:c2:a3:75:da:5e:04:cc:fa:a6:a3:24:13:
f0:3d:8c:d8:98:b8:c7:23:d0:c2:60:86:1e:1d:e6:49:a8:3d:
e6:4d:99:37:42:aa:d6:fe:74:f4:0d:1a:99:f9:00:85:25:d6:
4a:1e:7d:b0:21:92:e3:97:e6:7d:9f:00:87:36:7f:00:81:3c:
63:bf:2c:76:78:20:7d:04:a3:b0:9c:0c:7f:68:c9:d9:8c:44:
9f:10:50:0d:33:68:be:c8:37:5e:90:5d:26:c8:ef:7a:08:e1:
56:e2:94:58:8c:66:1c:8e:cd:d5:61:34:a4:af:4d:7f:b3:c7:
3c:3e:21:62:92:92:0a:ad:e1:ec:5d:57:b4:d7:85:d5:65:3f:
f9:45:e7:a3:44:c5:a0:ca:1c:60:68:55:3c:7f:20:e9:16:01:
ee:79:80:57
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYsUGlsWkucbH5RdazQlRt0RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMDA5MTEwMjMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTlmYjIwOTU5NjM1YTJiZWE1NGYzZTQ0YTNjZTc5ZTU3ZWMwNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOAHSePA5jAFRgdE1550GHomMopC
Wk2ZfOrhaqPloZ2NEzpT0eu/qoARd9W9D8Bkxj1pek+QHvtTUbOenvFLN+z9HN66
qWbopf6noyPa64x+vkDtIdD33ufE0SFbB6Ldz0r+25NaHiCbAs2iMzvxN0s/TMkU
0z2IPVzhsfOx4zDYWOunlZC1SZAUy6CPCTUKVPpuKlZJGyAcx/KCRHKUWkgT/XAN
RdB0Mxi+3HSi5x93LQPJlInVvlUMmkzb0QUX4siXltDnA9nTNYiCU5I4cXoQarhI
BX637egLCWXxyZkdxv74gvGYqSyk4D6zslDB0svitPOMY870XsbgiqFOXQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFK6fsglZY1or6lTz5Eo8555X7AUGMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcnAteUNWbGpXaXZxVlBQa1Nqem5ubGZzQlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQCLXsoAwQC
LY3IMAwDBAO5I4gDBAC5I4owDQQCAAIwBwMFACoLZMAwDQYJKoZIhvcNAQELBQAD
ggEBAHaHIhgz1NzT0RN/kFcf/wg53ZgHfoFxIbwX2g0VwCSCAhw7Mkmnmoq+aOOC
f+oIAHj6T5Yir5I0G32GS3vBNbQ6aerCw7Zn5DZTDeppo/pypJ69FFOYl8a7NImd
bfE2VMKjddpeBMz6pqMkE/A9jNiYuMcj0MJghh4d5kmoPeZNmTdCqtb+dPQNGpn5
AIUl1koefbAhkuOX5n2fAIc2fwCBPGO/LHZ4IH0Eo7CcDH9oydmMRJ8QUA0zaL7I
N16QXSbI73oI4VbilFiMZhyOzdVhNKSvTX+zxzw+IWKSkgqt4exdV7TXhdVlP/lF
56NExaDKHGBoVTx/IOkWAe55gFc=
-----END CERTIFICATE-----
Generated at Tue Oct 10 10:55:24 2023 by rpki-client on console-ams.rpki-client.org