Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/XOs4otHFQDuZ7WDKi1Ezw1k3FUQ.roa
File: XOs4otHFQDuZ7WDKi1Ezw1k3FUQ.roa (raw, json)
Hash identifier: B1wqBS+W9KXPA5KKIpLBNRYZL0cAonh6dwR8hsDubtM=
Subject key identifier: 5C:EB:38:A2:D1:C5:40:3B:99:ED:60:CA:8B:51:33:C3:59:37:15:44
Certificate issuer: /CN=ca1c7571596e444aa32371cbab724d46d3c3c52c
Certificate serial: 01875C72D527153E887F08CB0A0A4D69EFF0
Authority key identifier: CA:1C:75:71:59:6E:44:4A:A3:23:71:CB:AB:72:4D:46:D3:C3:C5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yhx1cVluREqjI3HLq3JNRtPDxSw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/XOs4otHFQDuZ7WDKi1Ezw1k3FUQ.roa
Signing time: Fri 07 Apr 2023 16:00:42 +0000
ROA not before: Fri 07 Apr 2023 16:00:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210644
IP address blocks: 85.192.56.0/24 maxlen: 24
85.192.63.0/24 maxlen: 24
79.137.248.0/24 maxlen: 24
89.208.103.0/24 maxlen: 24
89.208.104.0/22 maxlen: 22
79.137.194.0/23 maxlen: 23
79.137.196.0/22 maxlen: 22
79.137.204.0/23 maxlen: 23
79.137.206.0/24 maxlen: 24
79.137.202.0/23 maxlen: 23
79.137.207.0/24 maxlen: 24
85.192.40.0/23 maxlen: 23
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:5c:72:d5:27:15:3e:88:7f:08:cb:0a:0a:4d:69:ef:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca1c7571596e444aa32371cbab724d46d3c3c52c
Validity
Not Before: Apr 7 16:00:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5ceb38a2d1c5403b99ed60ca8b5133c359371544
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:97:83:1a:56:b8:cb:b3:21:3b:5f:ca:74:91:
ed:14:90:8b:de:8f:51:5c:74:3f:8c:24:07:bd:7c:
a8:3e:d9:f0:ec:20:94:9c:82:bc:f7:93:da:02:d8:
d7:42:e5:a9:c0:e4:b6:ae:5e:5d:29:79:9d:a1:b8:
69:c8:1d:f4:f7:6f:92:23:a9:47:80:2b:38:15:8e:
54:14:b0:25:87:da:38:a1:df:0c:f3:12:0e:ed:49:
e7:04:8d:c3:64:f4:78:37:1e:b5:73:2b:59:0e:d4:
be:0b:91:af:c1:49:8d:4a:a0:87:ab:d6:c8:3a:b2:
23:c7:da:d6:95:e9:a9:e8:20:70:f3:f6:ea:96:d4:
56:f3:f9:c5:2a:e4:98:ea:a0:67:28:b1:4c:46:be:
60:0c:11:e2:38:e8:2b:42:ec:d6:12:d9:9f:e1:2d:
0f:93:b7:ae:38:17:a4:f1:eb:7c:fd:80:b0:52:38:
ca:b6:d0:f4:c6:9d:16:b8:7c:32:1d:19:d3:5b:28:
06:f4:e3:db:7b:36:a0:b7:b3:ac:6e:dc:b2:69:f2:
7f:ba:2c:fa:52:cb:fc:4c:d6:7b:23:60:8b:ca:93:
7f:12:33:58:df:73:95:8d:25:62:7e:d6:61:b3:d2:
4f:9a:b4:bf:85:85:66:e9:02:7f:80:a5:de:d6:24:
50:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:EB:38:A2:D1:C5:40:3B:99:ED:60:CA:8B:51:33:C3:59:37:15:44
X509v3 Authority Key Identifier:
keyid:CA:1C:75:71:59:6E:44:4A:A3:23:71:CB:AB:72:4D:46:D3:C3:C5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yhx1cVluREqjI3HLq3JNRtPDxSw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/XOs4otHFQDuZ7WDKi1Ezw1k3FUQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3362c6-a03a-4f9f-a091-b762c0175f27/1/yhx1cVluREqjI3HLq3JNRtPDxSw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.137.194.0-79.137.199.255
79.137.202.0-79.137.207.255
79.137.248.0/24
85.192.40.0/23
85.192.56.0/24
85.192.63.0/24
89.208.103.0-89.208.107.255
Signature Algorithm: sha256WithRSAEncryption
20:f3:83:95:c6:07:f1:d3:75:60:59:70:eb:e7:67:0c:05:1b:
6d:71:93:6d:bc:a8:79:f2:15:e8:10:a5:09:cb:ee:e2:78:3f:
ce:17:66:0b:17:78:fa:66:61:2c:71:62:25:f9:f4:e8:3f:56:
c9:c1:72:8c:35:b5:9b:cc:b7:53:d8:d6:9f:a7:b6:ac:36:fa:
1f:cb:21:c4:2a:a8:40:f3:2b:6c:57:e8:01:aa:7a:9e:aa:d7:
2e:2b:b9:dc:df:59:f8:fd:be:eb:a2:73:69:b1:25:91:95:9a:
2f:7b:ac:8d:d8:13:09:af:8c:44:3d:35:0c:f2:a2:34:5f:45:
dc:41:36:de:8a:e5:d6:24:86:1e:46:5a:c4:78:6f:87:29:46:
d5:14:a9:87:4d:6c:10:3e:46:71:17:04:a5:bf:14:37:1f:c2:
0c:bf:e6:9c:d5:4b:ad:b8:37:b5:1e:75:b3:89:8b:ec:25:35:
22:8e:e7:e5:6d:07:2e:8c:2f:3f:57:e0:dd:a4:a9:37:08:12:
97:5a:84:b9:80:a8:ef:10:53:59:35:0c:fa:9d:22:e6:9a:82:
d0:3f:40:10:f9:d0:52:d9:7b:2a:5d:0f:19:47:46:eb:b3:4d:
19:4f:35:09:72:ea:1c:06:d4:10:d6:cb:4a:85:de:35:b8:83:
c5:e3:30:95
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYdcctUnFT6IfwjLCgpNae/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMWM3NTcxNTk2ZTQ0NGFhMzIzNzFjYmFiNzI0ZDQ2ZDNj
M2M1MmMwHhcNMjMwNDA3MTYwMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ViMzhhMmQxYzU0MDNiOTllZDYwY2E4YjUxMzNjMzU5MzcxNTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJeDGla4y7MhO1/KdJHtFJCL3o9R
XHQ/jCQHvXyoPtnw7CCUnIK895PaAtjXQuWpwOS2rl5dKXmdobhpyB3092+SI6lH
gCs4FY5UFLAlh9o4od8M8xIO7UnnBI3DZPR4Nx61cytZDtS+C5GvwUmNSqCHq9bI
OrIjx9rWlemp6CBw8/bqltRW8/nFKuSY6qBnKLFMRr5gDBHiOOgrQuzWEtmf4S0P
k7euOBek8et8/YCwUjjKttD0xp0WuHwyHRnTWygG9OPbezagt7OsbtyyafJ/uiz6
Usv8TNZ7I2CLypN/EjNY33OVjSViftZhs9JPmrS/hYVm6QJ/gKXe1iRQOQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFFzrOKLRxUA7me1gyotRM8NZNxVEMB8GA1UdIwQY
MBaAFMocdXFZbkRKoyNxy6tyTUbTw8UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWh4MWNWbHVSRXFqSTNITHEzSk5SdFBEeFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zMzYyYzYtYTAzYS00ZjlmLWEwOTEt
Yjc2MmMwMTc1ZjI3LzEvWE9zNG90SEZRRHVaN1dES2kxRXp3MWszRlVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zMzYyYzYtYTAzYS00ZjlmLWEwOTEtYjc2MmMwMTc1ZjI3
LzEveWh4MWNWbHVSRXFqSTNITHEzSk5SdFBEeFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCMAwDBAFPicID
BANPicAwDAMEAU+JygMEBE+JwAMEAE+J+AMEAVXAKAMEAFXAOAMEAFXAPzAMAwQA
WdBnAwQCWdBoMA0GCSqGSIb3DQEBCwUAA4IBAQAg84OVxgfx03VgWXDr52cMBRtt
cZNtvKh58hXoEKUJy+7ieD/OF2YLF3j6ZmEscWIl+fToP1bJwXKMNbWbzLdT2Naf
p7asNvofyyHEKqhA8ytsV+gBqnqeqtcuK7nc31n4/b7ronNpsSWRlZove6yN2BMJ
r4xEPTUM8qI0X0XcQTbeiuXWJIYeRlrEeG+HKUbVFKmHTWwQPkZxFwSlvxQ3H8IM
v+ac1UutuDe1HnWziYvsJTUijuflbQcujC8/V+DdpKk3CBKXWoS5gKjvEFNZNQz6
nSLmmoLQP0AQ+dBS2XsqXQ8ZR0brs00ZTzUJcuocBtQQ1stKhd41uIPF4zCV
-----END CERTIFICATE-----
Generated at Mon Jan 1 15:03:19 2024 by rpki-client on console-ams.rpki-client.org