Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9QL82Jzl1alJg69uhBVGlOQW45Q.roa
File: 9QL82Jzl1alJg69uhBVGlOQW45Q.roa (raw, json)
Hash identifier: x7T0867liDoBRqkwT2WHMt01pk4peKBF6mozwDQ7niw=
Subject key identifier: F5:02:FC:D8:9C:E5:D5:A9:49:83:AF:6E:84:15:46:94:E4:16:E3:94
Certificate issuer: /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial: 0185711550E86C6D98141674025B7103CCD0
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9QL82Jzl1alJg69uhBVGlOQW45Q.roa
Signing time: Mon 02 Jan 2023 06:05:00 +0000
ROA not before: Mon 02 Jan 2023 06:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59958
IP address blocks: 217.153.252.0/22 maxlen: 22
85.219.176.0/20 maxlen: 20
89.174.160.0/23 maxlen: 23
89.174.162.0/24 maxlen: 24
217.153.168.0/23 maxlen: 23
89.174.192.0/20 maxlen: 20
217.153.84.0/26 maxlen: 26
217.153.85.192/26 maxlen: 26
89.174.208.0/22 maxlen: 22
89.174.128.0/19 maxlen: 19
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:15:50:e8:6c:6d:98:14:16:74:02:5b:71:03:cc:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Validity
Not Before: Jan 2 06:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f502fcd89ce5d5a94983af6e84154694e416e394
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:d4:2e:f3:35:d6:de:53:60:88:06:ca:a1:90:
46:b1:e6:15:04:7a:d7:72:fc:8c:c4:fb:9a:49:3a:
fc:3c:16:8c:31:13:60:19:66:e9:a4:dc:8b:f7:86:
e6:2a:e9:0b:a7:b3:12:50:d8:c0:06:ca:30:75:17:
6b:fc:c9:20:25:6c:81:e9:b6:6f:7c:46:c9:cf:6e:
33:92:42:ca:38:41:b0:85:0e:e2:52:f0:b1:19:3d:
b2:68:c6:92:51:ff:a3:b3:39:f5:84:b4:63:12:c2:
e3:a9:86:37:06:4c:de:e7:80:31:af:08:5f:e6:c0:
18:e5:0f:86:08:c7:7d:85:6b:cd:15:f7:4c:a8:19:
20:3a:56:ca:55:d7:b0:fc:4d:f7:91:b4:8d:8d:a4:
9d:61:cd:79:f1:03:66:0f:83:b7:19:75:ea:a4:60:
97:93:db:86:dd:cb:34:dc:6a:4e:5f:4a:0e:b5:59:
72:f1:b0:45:0f:86:1d:33:ab:b5:b4:48:69:1e:b4:
f7:ed:3f:50:18:8d:63:ae:3f:dd:e8:b4:63:2d:a9:
e3:9d:a4:0e:98:55:ba:87:12:0b:95:9d:56:e4:cb:
5c:e7:5a:ca:95:28:a4:f7:68:38:da:c6:30:73:3b:
00:4e:01:ac:3b:f5:05:f6:42:41:76:da:6f:b5:d6:
a5:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:02:FC:D8:9C:E5:D5:A9:49:83:AF:6E:84:15:46:94:E4:16:E3:94
X509v3 Authority Key Identifier:
keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/9QL82Jzl1alJg69uhBVGlOQW45Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.219.176.0/20
89.174.128.0-89.174.162.255
89.174.192.0-89.174.211.255
217.153.84.0/26
217.153.85.192/26
217.153.168.0/23
217.153.252.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:f2:b0:45:f3:be:b6:83:45:d3:14:92:a9:5d:09:5d:17:53:
a8:61:9e:10:09:96:a2:6a:92:f3:59:d5:f0:ad:47:bd:04:a8:
75:6f:e1:88:b9:8e:a4:40:50:1e:cf:e5:cb:96:b4:a6:37:22:
48:82:89:ad:37:59:9b:de:e3:34:c1:90:2d:30:10:4e:bb:c6:
02:74:96:7c:64:bc:5a:7b:6f:c6:3d:4c:e8:1f:3f:ad:1a:42:
d8:7c:d4:b6:ae:c5:5d:82:fd:c3:af:07:15:48:91:5f:b6:a6:
78:7c:cc:b9:b3:72:e5:e1:e3:0b:e4:d6:2c:11:27:ee:e3:b4:
0b:db:10:64:49:84:92:65:bd:e4:3d:85:c2:a7:1a:10:49:a3:
52:ef:73:a2:59:5d:cf:c0:cc:10:17:ac:03:a5:f7:e2:23:d9:
84:d8:b6:52:dd:19:44:55:63:e7:4e:97:05:74:29:9a:a4:a1:
bf:30:6c:cd:9c:cc:09:f0:ce:8c:fd:92:4e:24:8e:ed:3a:62:
66:42:57:92:04:a3:27:56:91:4d:ea:9d:6d:cf:b2:60:dd:d3:
fa:18:52:4a:3a:40:50:47:f1:11:67:ec:55:4f:62:b6:25:43:
ec:99:40:0c:0d:3a:89:52:94:a3:28:13:e1:a5:0a:f3:6e:b2:
b0:1f:26:81
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYVxFVDobG2YFBZ0AltxA8zQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjMwMTAyMDYwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTAyZmNkODljZTVkNWE5NDk4M2FmNmU4NDE1NDY5NGU0MTZlMzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldQu8zXW3lNgiAbKoZBGseYVBHrX
cvyMxPuaSTr8PBaMMRNgGWbppNyL94bmKukLp7MSUNjABsowdRdr/MkgJWyB6bZv
fEbJz24zkkLKOEGwhQ7iUvCxGT2yaMaSUf+jszn1hLRjEsLjqYY3Bkze54Axrwhf
5sAY5Q+GCMd9hWvNFfdMqBkgOlbKVdew/E33kbSNjaSdYc158QNmD4O3GXXqpGCX
k9uG3cs03GpOX0oOtVly8bBFD4YdM6u1tEhpHrT37T9QGI1jrj/d6LRjLanjnaQO
mFW6hxILlZ1W5Mtc51rKlSik92g42sYwczsATgGsO/UF9kJBdtpvtdal7wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFPUC/Nic5dWpSYOvboQVRpTkFuOUMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvOVFMODJKemwxYWxKZzY5dWhCVkdsT1FXNDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQEVduwMAwD
BAdZroADBABZrqIwDAMEBlmuwAMEAlmu0AMFBtmZVAADBQbZmVXAAwQB2ZmoAwQC
2Zn8MA0GCSqGSIb3DQEBCwUAA4IBAQAM8rBF8762g0XTFJKpXQldF1OoYZ4QCZai
apLzWdXwrUe9BKh1b+GIuY6kQFAez+XLlrSmNyJIgomtN1mb3uM0wZAtMBBOu8YC
dJZ8ZLxae2/GPUzoHz+tGkLYfNS2rsVdgv3DrwcVSJFftqZ4fMy5s3Ll4eML5NYs
ESfu47QL2xBkSYSSZb3kPYXCpxoQSaNS73OiWV3PwMwQF6wDpffiI9mE2LZS3RlE
VWPnTpcFdCmapKG/MGzNnMwJ8M6M/ZJOJI7tOmJmQleSBKMnVpFN6p1tz7Jg3dP6
GFJKOkBQR/ERZ+xVT2K2JUPsmUAMDTqJUpSjKBPhpQrzbrKwHyaB
-----END CERTIFICATE-----
Generated at Tue Jan 2 01:41:22 2024 by rpki-client on console-ams.rpki-client.org