Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/KhRC2o3i8kFM2VLQzyzq1tmGw0g.roa
File: KhRC2o3i8kFM2VLQzyzq1tmGw0g.roa (raw, json)
Hash identifier: kKHge4rNSsE5q2vFOKghG+v2ZWsw6RW2/FRhTy99qT0=
Subject key identifier: 2A:14:42:DA:8D:E2:F2:41:4C:D9:52:D0:CF:2C:EA:D6:D9:86:C3:48
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 0185A3351A30B742A8443505B69CB079E10C
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/KhRC2o3i8kFM2VLQzyzq1tmGw0g.roa
Signing time: Wed 11 Jan 2023 23:40:44 +0000
ROA not before: Wed 11 Jan 2023 23:40:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 64200
IP address blocks: 31.132.53.0/24 maxlen: 24
31.132.54.0/23 maxlen: 23
5.182.198.0/24 maxlen: 24
5.182.199.0/24 maxlen: 24
5.182.195.0/24 maxlen: 24
5.182.194.0/24 maxlen: 24
5.182.193.0/24 maxlen: 24
79.98.181.0/24 maxlen: 24
78.31.204.0/24 maxlen: 24
92.249.28.0/24 maxlen: 24
185.171.125.0/24 maxlen: 24
185.171.124.0/24 maxlen: 24
94.154.168.0/23 maxlen: 23
94.154.170.0/24 maxlen: 24
185.171.127.0/24 maxlen: 24
94.154.179.0/24 maxlen: 24
94.154.176.0/24 maxlen: 24
45.67.147.0/24 maxlen: 24
185.205.206.0/24 maxlen: 24
45.67.142.0/24 maxlen: 24
45.67.144.0/24 maxlen: 24
45.67.143.0/24 maxlen: 24
63.246.133.0/24 maxlen: 24
63.246.139.0/24 maxlen: 24
63.246.136.0/24 maxlen: 24
63.246.137.0/24 maxlen: 24
63.246.145.0/24 maxlen: 24
63.246.142.0/24 maxlen: 24
63.246.146.0/23 maxlen: 23
63.246.148.0/24 maxlen: 24
63.246.152.0/24 maxlen: 24
63.246.149.0/24 maxlen: 24
63.246.151.0/24 maxlen: 24
63.246.157.0/24 maxlen: 24
63.246.156.0/24 maxlen: 24
63.246.158.0/23 maxlen: 23
185.201.41.0/24 maxlen: 24
185.201.43.0/24 maxlen: 24
5.182.186.0/23 maxlen: 23
192.145.68.0/24 maxlen: 24
63.246.132.0/24 maxlen: 24
63.246.129.0/24 maxlen: 24
63.246.128.0/24 maxlen: 24
63.246.131.0/24 maxlen: 24
63.246.130.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a3:35:1a:30:b7:42:a8:44:35:05:b6:9c:b0:79:e1:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Jan 11 23:40:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a1442da8de2f2414cd952d0cf2cead6d986c348
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:68:5d:1d:37:48:bc:fc:21:9e:2f:77:5c:56:
91:e8:e9:c9:c5:c0:a6:ae:4c:15:5c:a3:fc:fe:41:
d9:5a:21:eb:f2:2b:26:23:22:18:79:9f:c4:59:0f:
47:d5:34:37:26:62:80:17:7b:63:d4:d9:90:fd:be:
ab:24:52:2a:50:1c:93:47:4e:52:18:2f:b6:69:45:
3f:ff:68:13:2d:a7:d9:c2:f7:82:07:01:34:2d:c1:
50:5f:df:7a:2d:83:79:c6:87:b5:2c:5c:b3:26:3f:
53:56:2c:e9:4f:36:cd:b9:69:99:14:4b:eb:15:38:
8f:68:f2:a4:4f:15:1d:0d:d1:27:bc:6b:de:fe:20:
5f:c0:d0:38:34:ee:9d:f0:67:98:e3:a4:db:f4:29:
d2:6b:69:8d:9a:94:e1:4d:9d:c1:c1:1e:c1:b7:16:
ba:ea:ad:27:0f:1b:20:bf:f3:1e:00:84:be:b4:a6:
4e:29:c8:3d:a9:45:1a:6e:a1:4f:d2:3a:c2:ac:d2:
c6:8b:99:5d:c8:68:2a:6b:fc:d8:db:f9:4f:e1:59:
e1:0b:c8:f3:fe:35:f3:d4:ef:88:a6:8a:58:83:70:
e9:58:e8:5e:d5:81:a4:e3:07:cf:69:83:59:54:94:
02:b1:d2:5a:fd:a7:bb:dc:7c:07:48:de:68:c9:5a:
e6:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:14:42:DA:8D:E2:F2:41:4C:D9:52:D0:CF:2C:EA:D6:D9:86:C3:48
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/KhRC2o3i8kFM2VLQzyzq1tmGw0g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.186.0/23
5.182.193.0-5.182.195.255
5.182.198.0/23
31.132.53.0-31.132.55.255
45.67.142.0-45.67.144.255
45.67.147.0/24
63.246.128.0-63.246.133.255
63.246.136.0/23
63.246.139.0/24
63.246.142.0/24
63.246.145.0-63.246.149.255
63.246.151.0-63.246.152.255
63.246.156.0/22
78.31.204.0/24
79.98.181.0/24
92.249.28.0/24
94.154.168.0-94.154.170.255
94.154.176.0/24
94.154.179.0/24
185.171.124.0/23
185.171.127.0/24
185.201.41.0/24
185.201.43.0/24
185.205.206.0/24
192.145.68.0/24
Signature Algorithm: sha256WithRSAEncryption
06:d5:93:06:c0:b9:88:dd:fb:d8:10:19:e4:c3:cf:ee:c4:ce:
d5:d9:de:b4:ff:90:ad:6b:3b:7a:21:a8:19:07:d2:f6:dd:21:
67:d0:d5:0c:3c:9a:2c:94:4c:f9:c9:a4:be:2a:86:32:b2:95:
bd:fc:89:b1:e5:c8:5f:08:82:54:8d:10:80:14:ea:c3:fb:49:
66:ff:83:61:41:dd:3a:d5:c4:7b:d2:39:df:fb:79:e2:64:19:
f3:46:9b:0b:41:95:31:11:4b:cc:35:a6:37:87:1a:21:20:06:
2a:46:8a:55:3b:7a:af:67:1e:ed:5e:6c:1a:b9:ef:5b:8f:21:
37:68:73:d8:f3:12:fc:40:7e:cb:b8:44:dd:bc:13:d6:15:ed:
f9:b3:6a:de:aa:ea:22:55:77:89:14:59:10:70:a3:23:08:23:
58:9a:ec:00:13:cb:d4:a2:0e:67:15:16:7c:e9:36:a0:87:54:
11:5c:a2:b3:c1:24:51:e9:9f:cf:24:15:9b:c7:88:b1:28:e9:
ed:07:4b:f9:cb:0a:68:77:32:b6:59:10:f2:0e:c0:5e:0a:f4:
89:29:4c:e0:09:24:7e:5c:6f:91:bd:c4:d6:12:4f:a9:be:c2:
e4:6c:73:9c:81:41:00:ac:d0:b0:e8:06:6f:fe:26:c9:74:13:
ab:60:49:8f
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAYWjNRowt0KoRDUFtpyweeEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjMwMTExMjM0MDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTE0NDJkYThkZTJmMjQxNGNkOTUyZDBjZjJjZWFkNmQ5ODZjMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WhdHTdIvPwhni93XFaR6OnJxcCm
rkwVXKP8/kHZWiHr8ismIyIYeZ/EWQ9H1TQ3JmKAF3tj1NmQ/b6rJFIqUByTR05S
GC+2aUU//2gTLafZwveCBwE0LcFQX996LYN5xoe1LFyzJj9TVizpTzbNuWmZFEvr
FTiPaPKkTxUdDdEnvGve/iBfwNA4NO6d8GeY46Tb9CnSa2mNmpThTZ3BwR7Btxa6
6q0nDxsgv/MeAIS+tKZOKcg9qUUabqFP0jrCrNLGi5ldyGgqa/zY2/lP4VnhC8jz
/jXz1O+IpopYg3DpWOhe1YGk4wfPaYNZVJQCsdJa/ae73HwHSN5oyVrm7QIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFCoUQtqN4vJBTNlS0M8s6tbZhsNIMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvS2hSQzJvM2k4a0ZNMlZMUXp5enExdG1HdzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4DBAEF
trowDAMEAAW2wQMEAgW2wAMEAQW2xjAMAwQAH4Q1AwQDH4QwMAwDBAEtQ44DBAAt
Q5ADBAAtQ5MwDAMEBz/2gAMEAT/2hAMEAT/2iAMEAD/2iwMEAD/2jjAMAwQAP/aR
AwQBP/aUMAwDBAA/9pcDBAA/9pgDBAI/9pwDBABOH8wDBABPYrUDBABc+RwwDAME
A16aqAMEAF6aqgMEAF6asAMEAF6aswMEAbmrfAMEALmrfwMEALnJKQMEALnJKwME
ALnNzgMEAMCRRDANBgkqhkiG9w0BAQsFAAOCAQEABtWTBsC5iN372BAZ5MPP7sTO
1dnetP+QrWs7eiGoGQfS9t0hZ9DVDDyaLJRM+cmkviqGMrKVvfyJseXIXwiCVI0Q
gBTqw/tJZv+DYUHdOtXEe9I53/t54mQZ80abC0GVMRFLzDWmN4caISAGKkaKVTt6
r2ce7V5sGrnvW48hN2hz2PMS/EB+y7hE3bwT1hXt+bNq3qrqIlV3iRRZEHCjIwgj
WJrsABPL1KIOZxUWfOk2oIdUEVyis8EkUemfzyQVm8eIsSjp7QdL+csKaHcytlkQ
8g7AXgr0iSlM4Akkflxvkb3E1hJPqb7C5GxznIFBAKzQsOgGb/4myXQTq2BJjw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:49 2023 by rpki-client on console-ams.rpki-client.org