Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/LFmdalVjER0-xAnkywGeh08pq3w.roa
File: LFmdalVjER0-xAnkywGeh08pq3w.roa (raw, json)
Hash identifier: MwOko/YuoOE+PRtw+eiq3kDYveQruq6mQX3NoxkvpCU=
Subject key identifier: 2C:59:9D:6A:55:63:11:1D:3E:C4:09:E4:CB:01:9E:87:4F:29:AB:7C
Certificate issuer: /CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Certificate serial: 018A02689280011CBCDA88465AD38A481C9E
Authority key identifier: 5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/LFmdalVjER0-xAnkywGeh08pq3w.roa
Signing time: Thu 17 Aug 2023 07:32:02 +0000
ROA not before: Thu 17 Aug 2023 07:32:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1299
IP address blocks: 91.196.240.0/23 maxlen: 24
91.196.240.0/22 maxlen: 24
91.196.242.0/23 maxlen: 24
217.16.192.0/20 maxlen: 24
31.25.64.0/22 maxlen: 24
31.25.64.0/21 maxlen: 24
31.25.68.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:02:68:92:80:01:1c:bc:da:88:46:5a:d3:8a:48:1c:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Validity
Not Before: Aug 17 07:32:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2c599d6a5563111d3ec409e4cb019e874f29ab7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:89:2b:c0:cb:c4:9c:65:d9:56:68:76:ed:93:
18:fd:21:6c:53:97:0c:ae:5c:af:39:16:32:56:8d:
11:57:54:9b:5f:a8:10:06:78:b3:39:b3:82:3e:c1:
41:80:c0:37:c0:2f:34:fa:4b:1b:92:ac:8d:66:ad:
1f:88:b0:52:db:24:c4:cd:b6:7f:af:4d:af:af:8e:
8c:c8:8e:2c:dd:da:ec:53:36:25:64:7a:5e:90:d4:
83:01:c4:ac:ff:fe:6b:6e:80:42:98:f7:ce:57:2f:
de:9c:10:12:ad:3b:3c:a1:73:4d:d2:6e:f3:7d:f3:
f4:8d:0d:42:96:bd:5b:78:e1:a7:c3:c2:b7:2e:a6:
1b:b5:96:71:4f:ad:48:3f:62:3d:6a:28:46:47:f6:
e0:0e:1d:7c:7c:60:a6:7b:0e:0a:fa:aa:31:db:e3:
59:dd:7c:db:05:c8:5b:fd:ca:75:37:96:8d:50:ca:
98:06:54:90:c8:dc:30:dc:7a:38:cb:bb:e3:87:da:
42:e9:ad:6a:e3:ce:e6:60:47:1b:dd:76:26:34:92:
79:a2:e3:9a:37:fd:90:06:be:5a:48:53:4b:9f:e9:
69:83:18:bc:19:be:01:c5:7f:8c:1d:9a:cd:64:1b:
3e:bb:39:8b:76:4c:d6:25:c2:bd:4a:b0:74:76:b5:
3f:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:59:9D:6A:55:63:11:1D:3E:C4:09:E4:CB:01:9E:87:4F:29:AB:7C
X509v3 Authority Key Identifier:
keyid:5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/LFmdalVjER0-xAnkywGeh08pq3w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.25.64.0/21
91.196.240.0/22
217.16.192.0/20
Signature Algorithm: sha256WithRSAEncryption
73:a3:cf:53:5d:64:f4:2d:3e:a6:4a:ed:cf:5a:f5:3b:61:46:
72:11:97:bb:1c:6b:14:eb:83:dd:92:2f:8f:86:1b:16:90:1c:
a8:2e:eb:54:7f:66:83:79:ab:87:e9:38:62:af:d5:11:eb:de:
e6:31:98:19:8f:07:79:1c:c1:33:7a:3d:f3:79:74:cf:c7:0b:
12:5d:44:63:cd:ed:28:7d:9e:1b:37:44:2f:28:cc:c6:1d:db:
b3:72:5d:b4:db:90:fa:62:2c:79:43:86:29:44:b8:0f:45:aa:
41:b7:71:33:64:50:29:cd:01:4d:8b:71:50:92:e0:0d:c3:1e:
11:fc:fe:c1:8d:92:00:b4:0a:c2:db:d9:40:50:25:5e:e2:f1:
35:b1:5a:ca:6e:d8:3e:b9:72:46:49:ad:04:0d:e2:5d:da:3c:
f3:fe:34:69:fc:fb:e1:d2:b7:f0:72:97:b1:90:31:53:69:03:
d2:3c:76:cd:1d:06:bc:da:59:92:8b:26:20:f2:82:a6:e9:15:
2a:ac:ae:0c:b3:d1:61:05:f0:2d:5a:f3:13:b7:fc:4b:98:f4:
b8:2c:83:e5:04:2c:6c:8e:3d:b9:42:92:7b:40:7f:87:19:19:
2f:c6:55:d1:71:c4:7b:24:22:0a:4c:f4:cb:2a:37:e1:78:bf:
47:3e:81:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYoCaJKAARy82ohGWtOKSByeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNzQ2ZTlmMTJjMmMwZTU0NTlmZTRlM2Q0MTNjMWM4OWRl
NmRiMGUwHhcNMjMwODE3MDczMjAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU5OWQ2YTU1NjMxMTFkM2VjNDA5ZTRjYjAxOWU4NzRmMjlhYjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIkrwMvEnGXZVmh27ZMY/SFsU5cM
rlyvORYyVo0RV1SbX6gQBnizObOCPsFBgMA3wC80+ksbkqyNZq0fiLBS2yTEzbZ/
r02vr46MyI4s3drsUzYlZHpekNSDAcSs//5rboBCmPfOVy/enBASrTs8oXNN0m7z
ffP0jQ1Clr1beOGnw8K3LqYbtZZxT61IP2I9aihGR/bgDh18fGCmew4K+qox2+NZ
3XzbBchb/cp1N5aNUMqYBlSQyNww3Ho4y7vjh9pC6a1q487mYEcb3XYmNJJ5ouOa
N/2QBr5aSFNLn+lpgxi8Gb4BxX+MHZrNZBs+uzmLdkzWJcK9SrB0drU/BQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCxZnWpVYxEdPsQJ5MsBnodPKat8MB8GA1UdIwQY
MBaAFFx0bp8SwsDlRZ/k49QTwcid5tsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMt
ZTU5NDc2MTRlZjNmLzEvTEZtZGFsVmpFUjAteEFua3l3R2VoMDhwcTN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMtZTU5NDc2MTRlZjNm
LzEvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDHxlAAwQC
W8TwAwQE2RDAMA0GCSqGSIb3DQEBCwUAA4IBAQBzo89TXWT0LT6mSu3PWvU7YUZy
EZe7HGsU64Pdki+PhhsWkByoLutUf2aDeauH6Thir9UR697mMZgZjwd5HMEzej3z
eXTPxwsSXURjze0ofZ4bN0QvKMzGHduzcl2025D6Yix5Q4YpRLgPRapBt3EzZFAp
zQFNi3FQkuANwx4R/P7BjZIAtArC29lAUCVe4vE1sVrKbtg+uXJGSa0EDeJd2jzz
/jRp/Pvh0rfwcpexkDFTaQPSPHbNHQa82lmSiyYg8oKm6RUqrK4Ms9FhBfAtWvMT
t/xLmPS4LIPlBCxsjj25QpJ7QH+HGRkvxlXRccR7JCIKTPTLKjfheL9HPoEu
-----END CERTIFICATE-----
Generated at Mon Aug 28 08:59:43 2023 by rpki-client on console-fra.rpki-client.org