Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sY1lFB86zIQQuNEWsikRBclNk6M.roa
File: sY1lFB86zIQQuNEWsikRBclNk6M.roa (raw, json)
Hash identifier: MeT97689N+IGdraTZ5RqK941cLqjSSQYbpxE2q322TY=
Subject key identifier: B1:8D:65:14:1F:3A:CC:84:10:B8:D1:16:B2:29:11:05:C9:4D:93:A3
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018B8FE5FC9526B8C3BC2C785896DE69BE33
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sY1lFB86zIQQuNEWsikRBclNk6M.roa
Signing time: Thu 02 Nov 2023 11:58:16 +0000
ROA not before: Thu 02 Nov 2023 11:58:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60064
IP address blocks: 89.40.160.0/24 maxlen: 24
89.33.14.0/24 maxlen: 24
188.214.27.0/24 maxlen: 24
45.129.132.0/24 maxlen: 24
45.129.133.0/24 maxlen: 24
93.114.246.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:8f:e5:fc:95:26:b8:c3:bc:2c:78:58:96:de:69:be:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Nov 2 11:58:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b18d65141f3acc8410b8d116b2291105c94d93a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:44:7a:96:70:d8:b1:b5:78:0e:2e:3c:37:c0:
09:18:0c:28:3f:ec:b7:a2:24:18:87:c0:0c:31:1a:
61:d2:54:a1:ec:1a:87:a9:52:8f:2e:84:d1:75:38:
cb:c7:2f:f6:16:8d:54:7b:72:d2:dc:53:2a:8c:ba:
d8:a9:df:01:fe:6b:81:d7:0e:2a:1f:c9:22:e4:82:
ff:e0:22:bc:84:43:1c:e9:f7:44:28:46:bc:2f:d1:
49:3f:49:d7:76:24:42:6d:37:c9:cf:48:c0:01:04:
f8:51:a1:05:ff:a1:d6:19:c7:a0:4b:78:e6:32:a8:
0b:8b:6f:9e:ad:5c:d9:a8:7c:20:47:fa:67:ca:61:
a4:14:c3:bd:23:fc:0d:44:5e:b0:ce:b3:4a:57:43:
ae:a0:0a:c4:32:ab:9f:fb:90:ea:b1:38:27:be:1f:
96:5d:03:05:7e:7b:c0:d0:26:ac:b8:e5:2b:4b:66:
74:83:61:00:b6:a2:17:51:1b:50:32:ff:26:17:db:
32:f1:91:d7:bf:d9:49:5e:8e:e6:b8:b3:45:b4:da:
af:cd:a5:f4:bc:e3:a0:f3:4a:58:94:81:36:fb:aa:
49:e9:9d:d2:b7:e0:ec:63:bf:47:f7:3a:20:31:2e:
f0:f2:23:da:94:05:4f:d9:13:8f:56:73:57:a1:c5:
36:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:8D:65:14:1F:3A:CC:84:10:B8:D1:16:B2:29:11:05:C9:4D:93:A3
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/sY1lFB86zIQQuNEWsikRBclNk6M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.132.0/23
89.33.14.0/24
89.40.160.0/24
89.46.92.0/24
93.114.246.0/24
188.214.27.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:4e:6a:e8:2f:2f:bb:73:8a:c6:fd:e3:7d:58:53:ad:5b:d6:
cd:59:70:c1:e9:5f:c5:ef:3c:ad:0e:51:3d:2a:36:27:67:49:
9a:f3:ca:83:ca:b1:f9:81:8b:44:02:ac:d1:e3:af:0f:fb:e8:
8c:b7:25:57:6e:db:03:48:86:06:6f:43:cf:39:e7:02:21:51:
3f:59:b5:2a:26:23:fa:1d:0e:64:6c:2b:3f:c5:cd:13:bc:cc:
cd:37:38:5e:a7:b9:71:3c:cf:e6:5c:7c:c9:fb:a8:20:86:5e:
2a:18:f9:a2:ae:5f:09:e8:01:e8:cc:a3:f9:4d:33:56:78:83:
db:36:9e:31:ae:3f:74:b9:73:d6:a2:f4:52:b2:75:94:3d:64:
8b:b0:ce:6e:e6:31:1f:95:f3:e8:07:59:d1:2a:e1:9f:1b:40:
6e:9b:aa:af:30:c7:e9:10:13:29:6c:fe:38:2d:26:11:b5:16:
47:6c:e4:e2:ab:d8:c5:81:28:ee:07:22:03:64:9f:45:88:84:
f8:a0:84:c3:c7:62:3d:2f:e1:db:c0:ae:db:20:4f:75:fc:66:
7e:9a:7a:53:49:a6:be:13:1e:ba:be:6e:68:3c:71:12:98:21:
01:5a:e1:30:28:d2:a1:1e:09:4a:e6:c6:38:f3:70:51:71:45:
d4:c9:1a:a2
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYuP5fyVJrjDvCx4WJbeab4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMTAyMTE1ODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThkNjUxNDFmM2FjYzg0MTBiOGQxMTZiMjI5MTEwNWM5NGQ5M2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukR6lnDYsbV4Di48N8AJGAwoP+y3
oiQYh8AMMRph0lSh7BqHqVKPLoTRdTjLxy/2Fo1Ue3LS3FMqjLrYqd8B/muB1w4q
H8ki5IL/4CK8hEMc6fdEKEa8L9FJP0nXdiRCbTfJz0jAAQT4UaEF/6HWGcegS3jm
MqgLi2+erVzZqHwgR/pnymGkFMO9I/wNRF6wzrNKV0OuoArEMquf+5DqsTgnvh+W
XQMFfnvA0CasuOUrS2Z0g2EAtqIXURtQMv8mF9sy8ZHXv9lJXo7muLNFtNqvzaX0
vOOg80pYlIE2+6pJ6Z3St+DsY79H9zogMS7w8iPalAVP2ROPVnNXocU2CwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLGNZRQfOsyEELjRFrIpEQXJTZOjMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvc1kxbEZCODZ6SVFRdU5FV3Npa1JCY2xOazZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBLYGEAwQA
WSEOAwQAWSigAwQAWS5cAwQAXXL2AwQAvNYbMA0GCSqGSIb3DQEBCwUAA4IBAQBe
TmroLy+7c4rG/eN9WFOtW9bNWXDB6V/F7zytDlE9KjYnZ0ma88qDyrH5gYtEAqzR
468P++iMtyVXbtsDSIYGb0PPOecCIVE/WbUqJiP6HQ5kbCs/xc0TvMzNNzhep7lx
PM/mXHzJ+6gghl4qGPmirl8J6AHozKP5TTNWeIPbNp4xrj90uXPWovRSsnWUPWSL
sM5u5jEflfPoB1nRKuGfG0Bum6qvMMfpEBMpbP44LSYRtRZHbOTiq9jFgSjuByID
ZJ9FiIT4oITDx2I9L+HbwK7bIE91/GZ+mnpTSaa+Ex66vm5oPHESmCEBWuEwKNKh
HglK5sY483BRcUXUyRqi
-----END CERTIFICATE-----
Generated at Mon Jan 1 15:03:18 2024 by rpki-client on console-ams.rpki-client.org