Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/E8MJBvtCtBJCz33BatZnlHlXRvY.roa
File: E8MJBvtCtBJCz33BatZnlHlXRvY.roa (raw, json)
Hash identifier: AAc1xvISXhov3HggnLHBQoadnW+xNOkhlYfndOyYLsk=
Subject key identifier: 13:C3:09:06:FB:42:B4:12:42:CF:7D:C1:6A:D6:67:94:79:57:46:F6
Certificate issuer: /CN=1e36de27974727aa0046b3e9c8d0624674541255
Certificate serial: 01856DE656794A76288056056BABEB6CD2D0
Authority key identifier: 1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/E8MJBvtCtBJCz33BatZnlHlXRvY.roa
Signing time: Sun 01 Jan 2023 15:14:49 +0000
ROA not before: Sun 01 Jan 2023 15:14:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51032
IP address blocks: 91.202.204.0/22 maxlen: 22
178.216.176.0/21 maxlen: 21
89.23.128.0/19 maxlen: 19
89.23.128.0/21 maxlen: 21
91.123.80.0/20 maxlen: 20
89.23.144.0/20 maxlen: 24
89.23.146.0/24 maxlen: 24
89.23.147.0/24 maxlen: 24
89.23.160.0/19 maxlen: 19
31.128.128.0/19 maxlen: 19
89.23.168.0/21 maxlen: 21
89.23.176.0/21 maxlen: 21
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:e6:56:79:4a:76:28:80:56:05:6b:ab:eb:6c:d2:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e36de27974727aa0046b3e9c8d0624674541255
Validity
Not Before: Jan 1 15:14:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=13c30906fb42b41242cf7dc16ad66794795746f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:4e:b4:c8:61:35:45:60:14:5a:7d:15:27:65:
67:df:9d:1d:33:5e:d7:02:95:3b:e3:61:9b:e5:1e:
e2:bb:ff:0d:65:ab:0e:1c:1f:bd:6f:89:be:be:9c:
32:e7:b4:e9:ce:0d:65:77:3f:66:a4:04:e2:df:3c:
64:82:0a:0e:4d:f6:54:b6:99:23:c9:56:61:c5:a0:
27:67:b4:a1:1c:2f:1f:f3:6f:e3:73:64:29:ae:0f:
eb:77:53:26:0c:a2:48:36:14:39:a6:af:32:b6:13:
6c:76:63:76:7a:b9:2b:d1:86:5c:92:03:9a:52:8a:
c1:3d:af:c0:a7:05:7a:54:88:a0:87:ba:7e:ad:09:
de:4f:3c:9a:40:fd:02:c7:a6:e5:b1:ca:7f:5e:0c:
32:87:86:c7:b1:98:d7:6d:d7:f3:ec:f0:8d:86:5c:
ad:88:e2:19:4b:4e:d9:3a:1c:12:d4:c2:10:a8:c0:
fb:bc:4b:e2:56:39:62:0b:40:a4:5e:56:ee:00:8c:
5d:9b:21:85:93:a8:b8:43:18:a2:8d:7c:82:1e:5f:
4f:3b:64:25:c7:06:4a:d0:9d:06:7a:50:a3:03:cc:
22:ec:84:2d:b0:33:d1:3c:cb:e0:9b:6f:87:45:93:
8d:38:97:ae:ef:09:b3:5c:78:dd:3b:0a:0a:45:40:
e1:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:C3:09:06:FB:42:B4:12:42:CF:7D:C1:6A:D6:67:94:79:57:46:F6
X509v3 Authority Key Identifier:
keyid:1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/E8MJBvtCtBJCz33BatZnlHlXRvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.128.128.0/19
89.23.128.0/18
91.123.80.0/20
91.202.204.0/22
178.216.176.0/21
Signature Algorithm: sha256WithRSAEncryption
3c:a1:75:e6:c3:7c:e2:2e:69:de:58:b2:7e:8f:a5:75:8d:b5:
6f:dc:12:fa:b5:af:aa:ce:55:ff:1f:c1:d0:a9:27:fc:1f:dd:
c3:92:fe:65:5a:ce:4a:16:67:d3:bf:a4:11:45:58:9c:36:7c:
18:f6:24:d8:bb:82:1c:7f:e5:1d:41:dd:0c:97:5f:02:2e:0b:
fb:99:32:25:21:c4:a1:d6:25:df:36:ad:46:aa:cc:85:ba:d9:
9e:2d:4a:a7:a6:97:6d:ec:21:7e:96:05:12:01:42:8e:84:1c:
75:60:18:cc:86:bb:e8:e5:3b:cf:d8:f6:e9:71:42:0f:f0:0a:
83:fc:f8:ab:0f:4b:9d:47:0e:06:f8:24:c0:51:b4:dd:b2:d1:
0d:66:6a:03:48:57:b2:64:b0:14:9f:19:6a:c3:39:6f:10:f1:
9d:f2:0f:b2:5e:d5:51:c0:41:29:02:16:af:80:6b:bd:a8:6b:
06:81:70:a3:09:45:62:be:ce:09:22:fe:b7:cf:de:a9:17:ce:
60:11:2e:93:d4:6c:83:b6:3c:eb:28:43:8f:97:37:18:1a:1d:
5a:45:2f:f9:c9:4f:52:9d:b3:5c:eb:74:e3:af:17:d1:bc:99:
3f:65:37:02:60:16:4d:1f:1a:6c:65:1b:fe:0e:19:22:08:c8:
80:82:d3:3e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVt5lZ5SnYogFYFa6vrbNLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzZkZTI3OTc0NzI3YWEwMDQ2YjNlOWM4ZDA2MjQ2NzQ1
NDEyNTUwHhcNMjMwMTAxMTUxNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2MzMDkwNmZiNDJiNDEyNDJjZjdkYzE2YWQ2Njc5NDc5NTc0NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk60yGE1RWAUWn0VJ2Vn350dM17X
ApU742Gb5R7iu/8NZasOHB+9b4m+vpwy57Tpzg1ldz9mpATi3zxkggoOTfZUtpkj
yVZhxaAnZ7ShHC8f82/jc2Qprg/rd1MmDKJINhQ5pq8ythNsdmN2erkr0YZckgOa
UorBPa/ApwV6VIigh7p+rQneTzyaQP0Cx6blscp/Xgwyh4bHsZjXbdfz7PCNhlyt
iOIZS07ZOhwS1MIQqMD7vEviVjliC0CkXlbuAIxdmyGFk6i4QxiijXyCHl9PO2Ql
xwZK0J0GelCjA8wi7IQtsDPRPMvgm2+HRZONOJeu7wmzXHjdOwoKRUDhRQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBPDCQb7QrQSQs99wWrWZ5R5V0b2MB8GA1UdIwQY
MBaAFB423ieXRyeqAEaz6cjQYkZ0VBJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzkt
ZGY3OTNhOTQwYmFiLzEvRThNSkJ2dEN0QkpDejMzQmF0Wm5sSGxYUnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzktZGY3OTNhOTQwYmFi
LzEvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQFH4CAAwQG
WReAAwQEW3tQAwQCW8rMAwQDstiwMA0GCSqGSIb3DQEBCwUAA4IBAQA8oXXmw3zi
LmneWLJ+j6V1jbVv3BL6ta+qzlX/H8HQqSf8H93Dkv5lWs5KFmfTv6QRRVicNnwY
9iTYu4Icf+UdQd0Ml18CLgv7mTIlIcSh1iXfNq1GqsyFutmeLUqnppdt7CF+lgUS
AUKOhBx1YBjMhrvo5TvP2PbpcUIP8AqD/PirD0udRw4G+CTAUbTdstENZmoDSFey
ZLAUnxlqwzlvEPGd8g+yXtVRwEEpAhavgGu9qGsGgXCjCUVivs4JIv63z96pF85g
ES6T1GyDtjzrKEOPlzcYGh1aRS/5yU9SnbNc63TjrxfRvJk/ZTcCYBZNHxpsZRv+
DhkiCMiAgtM+
-----END CERTIFICATE-----
Generated at Fri Sep 1 10:53:18 2023 by rpki-client on console-ams.rpki-client.org