Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/usBokrkGI1DTsiu56f4FFcPUCcs.roa
File: usBokrkGI1DTsiu56f4FFcPUCcs.roa (raw, json)
Hash identifier: 1XCQi2PTDs59iL3Y1GdLxekKNnEwq1QtGgt1F2kF+iA=
Subject key identifier: BA:C0:68:92:B9:06:23:50:D3:B2:2B:B9:E9:FE:05:15:C3:D4:09:CB
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01873BBADF1393C88A9EDCAA3A62582B9B20
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/usBokrkGI1DTsiu56f4FFcPUCcs.roa
Signing time: Sat 01 Apr 2023 07:31:55 +0000
ROA not before: Sat 01 Apr 2023 07:31:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207279
IP address blocks: 185.121.230.0/24 maxlen: 24
185.121.231.0/24 maxlen: 24
185.230.248.0/24 maxlen: 24
185.229.104.0/24 maxlen: 24
194.4.159.0/24 maxlen: 24
45.159.152.0/24 maxlen: 24
89.43.208.0/24 maxlen: 24
203.0.8.0/24 maxlen: 24
213.32.249.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:3b:ba:df:13:93:c8:8a:9e:dc:aa:3a:62:58:2b:9b:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 1 07:31:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bac06892b9062350d3b22bb9e9fe0515c3d409cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:16:9f:21:97:f7:09:e0:f0:f6:6d:e3:06:cf:
b9:fd:2c:93:82:9e:51:f3:b7:0b:45:4e:ee:b3:48:
67:26:72:e4:21:d9:06:41:64:89:94:83:8e:60:e1:
b4:4c:7f:24:a7:05:eb:90:38:c8:ae:c8:5a:bf:f4:
93:a6:03:89:17:f1:9f:fb:86:51:30:09:b3:87:08:
46:76:b1:3e:0a:75:f0:de:81:24:53:2e:5a:dc:b8:
7e:21:77:c6:98:69:08:f0:54:3c:e6:30:0c:bf:5a:
64:11:d5:a7:c9:4e:ce:bd:81:5a:cf:ff:99:1f:18:
81:32:42:fc:4c:85:14:5f:a0:9d:39:f3:44:ab:7c:
47:71:a8:30:38:b0:dd:f9:70:a3:d3:77:3b:c6:89:
bb:99:24:a9:1a:cd:bc:3d:e0:8b:6e:f3:e7:59:1d:
c5:8e:a9:b9:78:21:d1:de:44:3d:6c:25:10:54:45:
b3:79:1c:47:8a:65:76:57:bf:36:4e:fe:f4:3d:6e:
f5:9a:31:9d:56:9d:13:68:0d:d3:62:b4:f9:75:5c:
72:a9:ea:9e:4a:23:b8:87:be:03:cf:45:e5:00:67:
1b:85:20:3e:5c:07:7a:56:83:ce:4f:49:12:3e:51:
fc:5c:68:62:29:19:b9:60:4d:9d:f1:29:70:98:c5:
7e:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:C0:68:92:B9:06:23:50:D3:B2:2B:B9:E9:FE:05:15:C3:D4:09:CB
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/usBokrkGI1DTsiu56f4FFcPUCcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.152.0/24
89.43.208.0/24
185.121.230.0/23
185.229.104.0/24
185.230.248.0/24
194.4.159.0/24
203.0.8.0/24
213.32.249.0/24
Signature Algorithm: sha256WithRSAEncryption
00:21:93:e5:00:6d:31:41:4c:6a:49:8c:26:10:fa:12:c0:da:
ee:53:ee:89:51:0e:4b:13:89:77:2e:8d:4f:a7:5e:c7:1a:c2:
bf:44:48:fb:e2:bd:a5:45:ca:af:41:0a:96:18:2e:b0:49:ea:
72:11:cc:46:12:8d:d9:a1:47:d5:91:73:e2:33:f5:68:b8:df:
26:26:a3:42:d2:c3:56:a9:4b:c2:d9:b2:c7:d9:1b:28:cf:f5:
94:fe:a2:69:46:ac:1f:d0:91:25:38:b4:f6:58:e2:54:08:c0:
9e:fe:e0:1e:f6:51:18:e9:3e:09:b7:1f:e8:a9:b5:3f:00:bf:
8d:ce:0b:6e:d4:12:35:ed:ef:61:9a:22:d1:ca:2b:55:41:92:
43:70:2f:44:99:0d:61:8d:d7:2a:29:51:2e:19:1d:9b:93:fe:
a7:fc:e9:e5:b2:f8:e3:77:0d:35:95:d6:62:cd:93:cc:63:db:
3a:d1:42:da:ba:8d:dd:b7:f5:44:0b:ef:69:15:19:6b:1a:ee:
b0:5c:4d:cc:ee:4c:04:b7:da:b0:47:fe:90:07:41:20:82:c1:
6b:5d:02:60:44:19:34:a3:ad:ac:b0:0c:94:78:60:70:0b:09:
3a:4b:96:6d:21:8b:1e:bd:11:1e:e2:a4:1d:a6:e9:4f:3f:61:
98:dc:e9:3a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYc7ut8Tk8iKntyqOmJYK5sgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDAxMDczMTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWMwNjg5MmI5MDYyMzUwZDNiMjJiYjllOWZlMDUxNWMzZDQwOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixafIZf3CeDw9m3jBs+5/SyTgp5R
87cLRU7us0hnJnLkIdkGQWSJlIOOYOG0TH8kpwXrkDjIrshav/STpgOJF/Gf+4ZR
MAmzhwhGdrE+CnXw3oEkUy5a3Lh+IXfGmGkI8FQ85jAMv1pkEdWnyU7OvYFaz/+Z
HxiBMkL8TIUUX6CdOfNEq3xHcagwOLDd+XCj03c7xom7mSSpGs28PeCLbvPnWR3F
jqm5eCHR3kQ9bCUQVEWzeRxHimV2V782Tv70PW71mjGdVp0TaA3TYrT5dVxyqeqe
SiO4h74Dz0XlAGcbhSA+XAd6VoPOT0kSPlH8XGhiKRm5YE2d8SlwmMV+twIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLrAaJK5BiNQ07Iruen+BRXD1AnLMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdXNCb2tya0dJMURUc2l1NTZmNEZGY1BVQ2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZ+YAwQA
WSvQAwQBuXnmAwQAueVoAwQAueb4AwQAwgSfAwQAywAIAwQA1SD5MA0GCSqGSIb3
DQEBCwUAA4IBAQAAIZPlAG0xQUxqSYwmEPoSwNruU+6JUQ5LE4l3Lo1Pp17HGsK/
REj74r2lRcqvQQqWGC6wSepyEcxGEo3ZoUfVkXPiM/VouN8mJqNC0sNWqUvC2bLH
2Rsoz/WU/qJpRqwf0JElOLT2WOJUCMCe/uAe9lEY6T4Jtx/oqbU/AL+Nzgtu1BI1
7e9hmiLRyitVQZJDcC9EmQ1hjdcqKVEuGR2bk/6n/Onlsvjjdw01ldZizZPMY9s6
0ULauo3dt/VEC+9pFRlrGu6wXE3M7kwEt9qwR/6QB0EggsFrXQJgRBk0o62ssAyU
eGBwCwk6S5ZtIYsevREe4qQdpulPP2GY3Ok6
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:03 2023 by rpki-client on console-fra.rpki-client.org