Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/gs-5UyE2Fu3lNFR-_Izaqm6vRzo.roa
File: gs-5UyE2Fu3lNFR-_Izaqm6vRzo.roa (raw, json)
Hash identifier: /+BShd6BwDFnzUayYONzCGVTi5zSqp1CE3jrvciVzi8=
Subject key identifier: 82:CF:B9:53:21:36:16:ED:E5:34:54:7E:FC:8C:DA:AA:6E:AF:47:3A
Certificate issuer: /CN=f543ea52871489d86aa9ca5ca0c297c88ab82ab6
Certificate serial: 018570429A166C295DB1B9C445DD1E9AC4C1
Authority key identifier: F5:43:EA:52:87:14:89:D8:6A:A9:CA:5C:A0:C2:97:C8:8A:B8:2A:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/gs-5UyE2Fu3lNFR-_Izaqm6vRzo.roa
Signing time: Mon 02 Jan 2023 02:14:51 +0000
ROA not before: Mon 02 Jan 2023 02:14:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31724
IP address blocks: 92.246.152.0/22 maxlen: 22
176.221.0.0/21 maxlen: 21
185.8.200.0/22 maxlen: 22
185.64.208.0/22 maxlen: 22
178.22.192.0/21 maxlen: 21
89.207.64.0/21 maxlen: 21
31.170.168.0/21 maxlen: 21
94.198.232.0/21 maxlen: 21
Validation: Failed, certificate revoked on Mon 01 Jan 2024 20:29:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:42:9a:16:6c:29:5d:b1:b9:c4:45:dd:1e:9a:c4:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f543ea52871489d86aa9ca5ca0c297c88ab82ab6
Validity
Not Before: Jan 2 02:14:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=82cfb953213616ede534547efc8cdaaa6eaf473a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:48:e9:12:f0:18:75:08:ac:a9:55:b1:f8:4c:
83:5c:d1:d3:ba:3a:b4:bd:ff:b9:c1:49:11:3f:a3:
23:69:5d:df:64:04:d1:22:81:3e:c4:16:6b:f7:5a:
b1:9c:5c:35:b0:63:4c:bd:39:63:e9:b1:63:9b:c7:
35:08:47:55:df:f5:75:8b:98:60:cf:07:dc:29:a8:
b1:b5:79:d5:df:0e:08:8b:ae:ba:a7:ba:f2:17:32:
84:f5:b9:5a:a2:65:ef:15:96:e9:e8:2b:ff:7d:47:
dc:89:bf:6e:66:36:23:6f:bc:a7:a1:da:4c:1a:06:
60:99:7f:59:34:88:18:e8:67:5f:52:4c:94:80:5d:
7c:3f:67:ee:2b:ed:99:27:73:ff:2b:10:fa:06:98:
9e:28:ca:b7:5f:0e:ed:80:a5:f8:4d:06:69:42:1f:
ca:82:4c:c8:13:a5:06:ef:b5:57:3a:02:80:92:e4:
04:08:11:c5:5f:3a:b9:42:a6:be:02:57:fa:ec:d2:
08:54:b9:e0:c8:d1:e0:2d:fa:57:0e:29:75:9d:87:
42:b3:0d:a5:78:ac:6d:bd:b4:b2:86:47:93:01:bd:
d2:50:ea:d4:5f:ab:d8:89:74:d5:84:5d:86:cd:3c:
7f:fb:72:cc:4c:87:06:54:ba:d1:94:f6:ff:c9:4a:
bf:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:CF:B9:53:21:36:16:ED:E5:34:54:7E:FC:8C:DA:AA:6E:AF:47:3A
X509v3 Authority Key Identifier:
keyid:F5:43:EA:52:87:14:89:D8:6A:A9:CA:5C:A0:C2:97:C8:8A:B8:2A:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9UPqUocUidhqqcpcoMKXyIq4KrY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/gs-5UyE2Fu3lNFR-_Izaqm6vRzo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/16c4b5-6dda-4a38-848f-dfbbeda21594/1/9UPqUocUidhqqcpcoMKXyIq4KrY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.168.0/21
89.207.64.0/21
92.246.152.0/22
94.198.232.0/21
176.221.0.0/21
178.22.192.0/21
185.8.200.0/22
185.64.208.0/22
Signature Algorithm: sha256WithRSAEncryption
3f:56:40:11:cf:7e:65:cd:bf:d3:91:2a:79:be:f3:a6:1a:17:
53:ea:4c:8a:b0:66:4b:ff:d9:33:f6:b8:60:b1:81:23:49:35:
99:7d:9c:55:3d:bf:51:cd:34:2f:06:13:86:ee:95:5a:e9:c1:
bb:98:59:a0:8e:86:80:ef:6c:c6:c8:9e:d9:87:06:90:be:2f:
22:79:2f:5e:d4:4d:c4:49:bb:a7:1f:db:c0:51:0a:99:9c:a9:
79:7e:6c:dc:90:64:ef:67:92:21:cb:e7:04:72:72:c8:04:38:
ad:5c:ab:4a:0a:aa:57:8a:82:c1:28:69:b6:b6:21:8c:40:69:
9a:1b:8d:1a:30:08:e2:47:3f:de:c2:75:fc:7d:7a:52:bf:84:
37:c3:9a:f3:73:fe:f0:ba:de:92:96:c0:fa:65:7c:6c:e9:b8:
e7:ca:a9:3e:f9:b6:4a:63:9b:12:5b:9b:4b:86:24:88:2d:7e:
12:48:09:9f:10:20:47:8e:8d:04:9c:8a:d2:3d:5a:e9:2d:ea:
a5:eb:70:79:ab:b2:17:b7:cd:e5:16:b9:28:a5:b4:0a:52:e0:
87:14:3d:de:8d:23:35:42:0a:e9:13:08:e7:a4:72:d9:db:27:
fc:3f:ae:bb:0c:7a:99:c3:c5:cc:b8:b9:79:2a:88:74:a8:04:
fe:15:e3:f6
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVwQpoWbCldsbnERd0emsTBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NDNlYTUyODcxNDg5ZDg2YWE5Y2E1Y2EwYzI5N2M4OGFi
ODJhYjYwHhcNMjMwMTAyMDIxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmNmYjk1MzIxMzYxNmVkZTUzNDU0N2VmYzhjZGFhYTZlYWY0NzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEjpEvAYdQisqVWx+EyDXNHTujq0
vf+5wUkRP6MjaV3fZATRIoE+xBZr91qxnFw1sGNMvTlj6bFjm8c1CEdV3/V1i5hg
zwfcKaixtXnV3w4Ii666p7ryFzKE9blaomXvFZbp6Cv/fUfcib9uZjYjb7ynodpM
GgZgmX9ZNIgY6GdfUkyUgF18P2fuK+2ZJ3P/KxD6BpieKMq3Xw7tgKX4TQZpQh/K
gkzIE6UG77VXOgKAkuQECBHFXzq5Qqa+Alf67NIIVLngyNHgLfpXDil1nYdCsw2l
eKxtvbSyhkeTAb3SUOrUX6vYiXTVhF2GzTx/+3LMTIcGVLrRlPb/yUq/LQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFILPuVMhNhbt5TRUfvyM2qpur0c6MB8GA1UdIwQY
MBaAFPVD6lKHFInYaqnKXKDCl8iKuCq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVVQcVVvY1VpZGhxcWNwY29NS1h5SXE0S3JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8xNmM0YjUtNmRkYS00YTM4LTg0OGYt
ZGZiYmVkYTIxNTk0LzEvZ3MtNVV5RTJGdTNsTkZSLV9JemFxbTZ2UnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8xNmM0YjUtNmRkYS00YTM4LTg0OGYtZGZiYmVkYTIxNTk0
LzEvOVVQcVVvY1VpZGhxcWNwY29NS1h5SXE0S3JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDH6qoAwQD
Wc9AAwQCXPaYAwQDXsboAwQDsN0AAwQDshbAAwQCuQjIAwQCuUDQMA0GCSqGSIb3
DQEBCwUAA4IBAQA/VkARz35lzb/TkSp5vvOmGhdT6kyKsGZL/9kz9rhgsYEjSTWZ
fZxVPb9RzTQvBhOG7pVa6cG7mFmgjoaA72zGyJ7ZhwaQvi8ieS9e1E3ESbunH9vA
UQqZnKl5fmzckGTvZ5Ihy+cEcnLIBDitXKtKCqpXioLBKGm2tiGMQGmaG40aMAji
Rz/ewnX8fXpSv4Q3w5rzc/7wut6SlsD6ZXxs6bjnyqk++bZKY5sSW5tLhiSILX4S
SAmfECBHjo0EnIrSPVrpLeql63B5q7IXt83lFrkopbQKUuCHFD3ejSM1QgrpEwjn
pHLZ2yf8P667DHqZw8XMuLl5Koh0qAT+FeP2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:33 2024 by rpki-client on console-ams.rpki-client.org