Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Gl9qhzLIoFRr2kfZpKvntKwGNDM.roa
File: Gl9qhzLIoFRr2kfZpKvntKwGNDM.roa (raw, json)
Hash identifier: K9HuVzu6ZlXqCFgVlQJpZeW+APqQAs8phS/8tTDxE4g=
Subject key identifier: 1A:5F:6A:87:32:C8:A0:54:6B:DA:47:D9:A4:AB:E7:B4:AC:06:34:33
Certificate issuer: /CN=0e2d420e661c86571089ff0b51965a86e0d7bc75
Certificate serial: 018570828DD7B666CF0ADC87D04D49CD50F4
Authority key identifier: 0E:2D:42:0E:66:1C:86:57:10:89:FF:0B:51:96:5A:86:E0:D7:BC:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Di1CDmYchlcQif8LUZZahuDXvHU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Gl9qhzLIoFRr2kfZpKvntKwGNDM.roa
Signing time: Mon 02 Jan 2023 03:24:42 +0000
ROA not before: Mon 02 Jan 2023 03:24:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3223
IP address blocks: 37.221.174.0/23 maxlen: 23
37.221.160.0/21 maxlen: 24
37.221.164.0/24 maxlen: 24
37.221.167.0/24 maxlen: 24
37.221.168.0/23 maxlen: 24
37.221.170.0/23 maxlen: 23
37.221.172.0/23 maxlen: 23
195.60.76.0/23 maxlen: 24
185.5.175.0/24 maxlen: 24
185.5.174.0/24 maxlen: 24
185.5.173.0/24 maxlen: 24
109.163.224.0/24 maxlen: 24
109.163.225.0/24 maxlen: 24
109.163.226.0/23 maxlen: 23
109.163.229.0/24 maxlen: 24
109.163.228.0/24 maxlen: 24
109.163.230.0/23 maxlen: 24
109.163.232.0/24 maxlen: 24
109.163.233.0/24 maxlen: 24
109.163.234.0/23 maxlen: 24
109.163.236.0/22 maxlen: 24
109.163.239.0/24 maxlen: 24
185.5.172.0/24 maxlen: 24
2a03:5180:b::/48 maxlen: 64
2a03:5180:6::/48 maxlen: 48
2a03:5180:1::/48 maxlen: 48
2a03:5180:5::/48 maxlen: 48
2a03:5180::/32 maxlen: 48
2a03:5180:8::/48 maxlen: 48
2a03:5180:3::/48 maxlen: 48
2a03:5180:7::/48 maxlen: 48
2a03:5180:2::/48 maxlen: 48
2a03:5180:1:6::/64 maxlen: 64
2a03:5180::/48 maxlen: 48
2a03:5180:11::/48 maxlen: 48
2a03:5180:4::/48 maxlen: 48
2a03:5180:9::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:82:8d:d7:b6:66:cf:0a:dc:87:d0:4d:49:cd:50:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e2d420e661c86571089ff0b51965a86e0d7bc75
Validity
Not Before: Jan 2 03:24:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1a5f6a8732c8a0546bda47d9a4abe7b4ac063433
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:99:4c:ee:89:f2:cf:3e:c1:75:77:8b:49:a7:
b7:86:3c:46:57:c8:e2:ea:37:7e:fe:66:33:e7:4e:
50:88:72:36:2e:07:df:57:dc:aa:fd:ba:4a:ef:f4:
10:2d:0d:2e:42:95:98:0a:e4:6b:54:3b:04:fe:76:
2c:f5:9c:14:2f:05:43:4b:3c:eb:07:15:e8:df:95:
ba:bd:49:cb:1e:b9:c5:53:14:58:43:63:b7:d6:46:
12:72:3b:c0:b8:16:75:97:82:96:0c:61:9e:b5:48:
95:b8:90:17:92:b2:f3:40:96:ea:4c:97:db:68:f8:
bc:59:b5:04:6f:11:0c:4c:1c:f7:4c:c0:6c:bc:3f:
ff:cb:a4:55:25:0d:29:ed:2b:ab:fc:51:7d:81:a4:
0b:ee:f8:55:ec:bf:42:d8:2e:9b:87:67:dd:57:bc:
4c:9b:95:cd:87:ab:b2:a1:b9:24:4b:8c:d6:0b:f8:
88:b9:70:b8:65:0c:93:dd:2b:1e:c3:c0:7e:0f:f8:
d2:6d:8d:fd:5a:93:dd:a0:b5:29:08:03:8f:2b:85:
07:85:f0:0a:fb:fb:54:4d:0b:72:b7:8f:87:5f:14:
9c:17:17:57:84:f7:1b:a6:ab:54:e0:01:f2:4e:75:
1d:1a:52:ec:b1:bf:f3:4f:ec:6e:24:7b:89:ab:eb:
8b:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:5F:6A:87:32:C8:A0:54:6B:DA:47:D9:A4:AB:E7:B4:AC:06:34:33
X509v3 Authority Key Identifier:
keyid:0E:2D:42:0E:66:1C:86:57:10:89:FF:0B:51:96:5A:86:E0:D7:BC:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di1CDmYchlcQif8LUZZahuDXvHU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Gl9qhzLIoFRr2kfZpKvntKwGNDM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/750009-6fa1-4ef1-832a-75188b3c112e/1/Di1CDmYchlcQif8LUZZahuDXvHU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.160.0/20
109.163.224.0/20
185.5.172.0/22
195.60.76.0/23
IPv6:
2a03:5180::/32
Signature Algorithm: sha256WithRSAEncryption
46:85:42:00:8f:70:53:e1:c4:f0:dd:61:57:82:28:00:7c:b1:
67:ef:f1:d0:1d:93:2f:a6:cc:1f:8f:14:59:ca:72:14:a7:b4:
fc:d9:b4:34:f4:d1:2a:c0:da:65:63:3f:e0:06:85:d5:de:19:
c2:1e:ec:cd:89:ec:96:9f:45:ba:3f:b2:79:0b:5a:46:98:cb:
13:6b:28:9a:d9:b8:b1:30:c7:2a:39:af:ed:76:28:1a:1b:60:
48:8e:e5:68:41:c8:35:35:7f:41:ee:9c:57:8a:1d:14:00:d3:
1d:a2:b8:7f:f5:87:e9:87:f1:31:0e:c3:f1:a1:3b:5a:02:0d:
67:42:da:5d:af:f8:b2:26:ec:e9:66:41:02:64:4c:34:86:e4:
0b:45:aa:ac:59:1a:a5:5c:89:e3:a7:c8:54:47:5b:61:dc:de:
e2:2e:9f:6d:7b:3a:6c:e1:5f:c0:85:65:58:3e:9c:d9:d7:39:
34:f6:11:cb:c8:f4:5a:1c:22:1b:51:63:6d:e2:07:6d:2f:59:
b7:d2:2b:38:fc:f8:2f:c7:4c:c3:5f:35:d3:23:1a:e7:8c:ea:
8a:5d:62:3d:15:94:76:4e:47:60:4f:8c:fd:2c:66:44:d8:2d:
7c:f6:b6:b3:57:f4:ca:38:3d:6d:63:3f:b6:42:b9:49:71:7b:
ec:26:f7:34
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVwgo3XtmbPCtyH0E1JzVD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMmQ0MjBlNjYxYzg2NTcxMDg5ZmYwYjUxOTY1YTg2ZTBk
N2JjNzUwHhcNMjMwMTAyMDMyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTVmNmE4NzMyYzhhMDU0NmJkYTQ3ZDlhNGFiZTdiNGFjMDYzNDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5lM7onyzz7BdXeLSae3hjxGV8ji
6jd+/mYz505QiHI2LgffV9yq/bpK7/QQLQ0uQpWYCuRrVDsE/nYs9ZwULwVDSzzr
BxXo35W6vUnLHrnFUxRYQ2O31kYScjvAuBZ1l4KWDGGetUiVuJAXkrLzQJbqTJfb
aPi8WbUEbxEMTBz3TMBsvD//y6RVJQ0p7Sur/FF9gaQL7vhV7L9C2C6bh2fdV7xM
m5XNh6uyobkkS4zWC/iIuXC4ZQyT3Ssew8B+D/jSbY39WpPdoLUpCAOPK4UHhfAK
+/tUTQtyt4+HXxScFxdXhPcbpqtU4AHyTnUdGlLssb/zT+xuJHuJq+uLnwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFBpfaocyyKBUa9pH2aSr57SsBjQzMB8GA1UdIwQY
MBaAFA4tQg5mHIZXEIn/C1GWWobg17x1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGkxQ0RtWWNobGNRaWY4TFVaWmFodURYdkhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NTAwMDktNmZhMS00ZWYxLTgzMmEt
NzUxODhiM2MxMTJlLzEvR2w5cWh6TElvRlJyMmtmWnBLdm50S3dHTkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NTAwMDktNmZhMS00ZWYxLTgzMmEtNzUxODhiM2MxMTJl
LzEvRGkxQ0RtWWNobGNRaWY4TFVaWmFodURYdkhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEJd2gAwQE
baPgAwQCuQWsAwQBwzxMMA0EAgACMAcDBQAqA1GAMA0GCSqGSIb3DQEBCwUAA4IB
AQBGhUIAj3BT4cTw3WFXgigAfLFn7/HQHZMvpswfjxRZynIUp7T82bQ09NEqwNpl
Yz/gBoXV3hnCHuzNieyWn0W6P7J5C1pGmMsTayia2bixMMcqOa/tdigaG2BIjuVo
Qcg1NX9B7pxXih0UANMdorh/9Yfph/ExDsPxoTtaAg1nQtpdr/iyJuzpZkECZEw0
huQLRaqsWRqlXInjp8hUR1th3N7iLp9tezps4V/AhWVYPpzZ1zk09hHLyPRaHCIb
UWNt4gdtL1m30is4/Pgvx0zDXzXTIxrnjOqKXWI9FZR2TkdgT4z9LGZE2C189raz
V/TKOD1tYz+2QrlJcXvsJvc0
-----END CERTIFICATE-----
Generated at Tue Nov 14 14:39:27 2023 by rpki-client on console-fra.rpki-client.org