Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/N1p2BVFZzdH0QyT5AM720AAePzE.roa
File: N1p2BVFZzdH0QyT5AM720AAePzE.roa (raw, json)
Hash identifier: Magc/2+fCCf9RImKq0ERDULnMbEt0QMaQ+yZLRRJyCQ=
Subject key identifier: 37:5A:76:05:51:59:CD:D1:F4:43:24:F9:00:CE:F6:D0:00:1E:3F:31
Certificate issuer: /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial: 018571154AC958A44B428C812C57F34D6B35
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/N1p2BVFZzdH0QyT5AM720AAePzE.roa
Signing time: Mon 02 Jan 2023 06:04:58 +0000
ROA not before: Mon 02 Jan 2023 06:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12912
IP address blocks: 217.8.160.0/19 maxlen: 19
94.42.0.0/16 maxlen: 16
195.94.192.0/19 maxlen: 19
78.133.128.0/17 maxlen: 17
85.219.128.0/17 maxlen: 17
89.174.0.0/16 maxlen: 16
157.25.0.0/16 maxlen: 16
217.153.0.0/16 maxlen: 16
2001:4190::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:15:4a:c9:58:a4:4b:42:8c:81:2c:57:f3:4d:6b:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Validity
Not Before: Jan 2 06:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=375a76055159cdd1f44324f900cef6d0001e3f31
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:87:25:49:d7:94:a3:2a:c7:79:9c:01:b6:8d:
a8:e8:6e:95:82:62:4f:ee:4a:d9:4a:e3:d1:65:32:
44:4d:f0:c4:9d:dd:bf:ac:93:8a:46:07:d5:a4:a4:
b8:20:cb:78:0e:5a:14:f0:e4:55:26:12:f3:03:45:
7c:f0:82:41:1f:17:b1:28:96:6a:85:fb:f9:08:5d:
f4:a4:d9:32:e5:08:a5:cc:e8:3d:86:ab:af:37:ab:
39:53:1c:22:25:20:a2:70:07:c1:bb:bf:1c:90:b2:
f4:17:63:62:a1:f5:7b:61:b9:e2:5c:dc:8b:cd:79:
ab:94:ad:68:e0:e8:59:68:f8:29:bf:6e:df:a4:8d:
b1:a3:74:15:db:93:48:13:6f:c2:61:07:f2:cd:cc:
f7:df:b5:f4:cb:7a:4c:22:e5:97:42:dd:cb:2d:47:
2b:01:ff:a9:6c:3e:66:92:44:65:41:f0:76:60:cd:
5b:1c:4b:f4:07:b2:71:d2:04:be:8b:77:0c:cb:25:
ff:e3:08:d6:5b:e9:9e:7f:91:4a:4b:f1:0c:ec:25:
95:ae:34:4b:90:d6:6a:9b:31:20:18:13:7c:bf:df:
5a:1d:9b:e2:b5:be:da:6f:6d:c7:02:b5:3a:8b:87:
1e:77:03:8c:ea:16:0a:5f:41:e5:77:4a:bc:d1:c0:
ea:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:5A:76:05:51:59:CD:D1:F4:43:24:F9:00:CE:F6:D0:00:1E:3F:31
X509v3 Authority Key Identifier:
keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/N1p2BVFZzdH0QyT5AM720AAePzE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.133.128.0/17
85.219.128.0/17
89.174.0.0/16
94.42.0.0/16
157.25.0.0/16
195.94.192.0/19
217.8.160.0/19
217.153.0.0/16
IPv6:
2001:4190::/32
Signature Algorithm: sha256WithRSAEncryption
47:4b:6d:66:ea:bb:3a:38:81:12:f7:49:c5:54:e0:f1:01:77:
48:7c:ac:35:cf:c8:93:00:a5:da:4d:74:ec:8a:5f:ef:ef:0c:
a3:1d:97:fa:20:c4:2c:78:f6:5e:d3:d1:e9:78:2f:f1:76:f8:
81:f6:6c:7e:5a:14:06:f0:61:5f:3f:a6:75:e8:5a:eb:b4:b5:
c9:d2:8d:14:39:35:82:92:a5:df:c3:eb:3b:e2:4f:8c:86:45:
7d:66:6a:c7:fe:88:60:b9:58:ef:97:63:48:dd:8f:66:29:44:
9a:3c:3f:a3:dd:23:47:d2:3e:d9:27:75:74:8a:70:48:bd:e2:
f2:86:67:1c:fa:a8:d3:ed:59:f4:b0:18:81:09:46:fe:17:a1:
a3:40:5e:b7:72:f4:5a:c8:9d:64:87:60:38:1b:73:3b:3c:0b:
cb:5a:d3:ee:71:72:c9:ea:91:ec:d2:88:79:ae:83:09:ea:ae:
3e:20:93:d2:d2:06:46:eb:7e:f0:37:84:65:24:db:2c:fb:b1:
57:1f:79:ee:8b:ff:3d:39:ec:38:c6:b4:b3:d3:32:c6:46:41:
f8:bf:7c:35:1a:b4:9c:75:6e:64:7b:09:32:a4:c4:c5:3d:0f:
bf:23:71:6c:1f:19:c1:69:f9:64:4d:8e:2e:69:8e:e0:a1:04:
e2:e7:62:bb
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVxFUrJWKRLQoyBLFfzTWs1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjMwMTAyMDYwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzVhNzYwNTUxNTljZGQxZjQ0MzI0ZjkwMGNlZjZkMDAwMWUzZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYclSdeUoyrHeZwBto2o6G6VgmJP
7krZSuPRZTJETfDEnd2/rJOKRgfVpKS4IMt4DloU8ORVJhLzA0V88IJBHxexKJZq
hfv5CF30pNky5QilzOg9hquvN6s5UxwiJSCicAfBu78ckLL0F2NiofV7YbniXNyL
zXmrlK1o4OhZaPgpv27fpI2xo3QV25NIE2/CYQfyzcz337X0y3pMIuWXQt3LLUcr
Af+pbD5mkkRlQfB2YM1bHEv0B7Jx0gS+i3cMyyX/4wjWW+mef5FKS/EM7CWVrjRL
kNZqmzEgGBN8v99aHZvitb7ab23HArU6i4cedwOM6hYKX0Hld0q80cDqgQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDdadgVRWc3R9EMk+QDO9tAAHj8xMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvTjFwMkJWRlp6ZEgwUXlUNUFNNzIwQUFlUHpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQHToWAAwQH
VduAAwMAWa4DAwBeKgMDAJ0ZAwQFw17AAwQF2QigAwMA2ZkwDQQCAAIwBwMFACAB
QZAwDQYJKoZIhvcNAQELBQADggEBAEdLbWbquzo4gRL3ScVU4PEBd0h8rDXPyJMA
pdpNdOyKX+/vDKMdl/ogxCx49l7T0el4L/F2+IH2bH5aFAbwYV8/pnXoWuu0tcnS
jRQ5NYKSpd/D6zviT4yGRX1masf+iGC5WO+XY0jdj2YpRJo8P6PdI0fSPtkndXSK
cEi94vKGZxz6qNPtWfSwGIEJRv4XoaNAXrdy9FrInWSHYDgbczs8C8ta0+5xcsnq
kezSiHmugwnqrj4gk9LSBkbrfvA3hGUk2yz7sVcfee6L/z057DjGtLPTMsZGQfi/
fDUatJx1bmR7CTKkxMU9D78jcWwfGcFp+WRNji5pjuChBOLnYrs=
-----END CERTIFICATE-----
Generated at Tue Jan 2 01:41:22 2024 by rpki-client on console-ams.rpki-client.org