Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/J2PXnAX5OzgIFJiTfYfNcS4yBig.roa
File: J2PXnAX5OzgIFJiTfYfNcS4yBig.roa (raw, json)
Hash identifier: cepzgoG6rgAQw8/jmOR2az5+fxw0JH0S+UG1jNjYRsk=
Subject key identifier: 27:63:D7:9C:05:F9:3B:38:08:14:98:93:7D:87:CD:71:2E:32:06:28
Certificate issuer: /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial: 01857070850578751EAD7D94B13F0DCFFDC2
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/J2PXnAX5OzgIFJiTfYfNcS4yBig.roa
Signing time: Mon 02 Jan 2023 03:05:00 +0000
ROA not before: Mon 02 Jan 2023 03:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15542
IP address blocks: 217.102.240.0/20 maxlen: 24
213.34.224.0/19 maxlen: 24
212.115.192.0/19 maxlen: 24
185.200.96.0/22 maxlen: 24
82.176.0.0/16 maxlen: 24
212.92.64.0/19 maxlen: 24
217.63.64.0/19 maxlen: 24
62.238.0.0/16 maxlen: 24
2a02:f68::/29 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:70:85:05:78:75:1e:ad:7d:94:b1:3f:0d:cf:fd:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Validity
Not Before: Jan 2 03:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2763d79c05f93b38081498937d87cd712e320628
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:11:01:13:e5:02:84:a8:26:ae:41:90:cb:d5:
dc:5a:28:24:45:7e:0f:52:ac:99:d1:21:1a:6e:d3:
e9:12:b9:66:06:47:1b:e3:90:34:f8:8f:b0:8b:a2:
58:88:4a:db:0c:a6:5b:19:d6:04:89:16:28:44:47:
d5:5a:54:3c:8f:0a:6a:12:9d:e1:21:49:29:8b:22:
96:ce:13:90:54:88:5a:08:f1:c2:c9:6c:2d:f7:b8:
5c:20:b2:03:57:4c:c8:27:88:6c:18:c7:07:62:9f:
e6:69:87:cc:e8:2d:ce:da:1e:8b:d2:e1:e4:1e:41:
6b:2d:66:2b:e8:b5:42:e1:56:a3:bd:e2:26:d0:28:
21:2f:ff:f3:6a:5f:d7:78:3a:65:85:cb:aa:05:06:
eb:81:de:c0:c0:3a:9a:00:66:aa:52:cb:d4:34:46:
2c:72:a7:f3:ec:1b:f0:c9:dc:3b:d0:c7:b4:75:b9:
fb:91:10:5a:4c:6a:47:0e:6b:ac:84:8d:37:32:1f:
c3:ef:44:54:9b:a4:90:d7:47:e9:76:83:0f:e8:55:
f1:6e:f7:09:00:03:39:bf:a5:29:d3:e3:88:e5:c1:
66:97:36:7c:4b:5f:33:f8:66:fc:1a:21:6a:35:c3:
72:8a:cd:26:65:b5:d8:e6:8b:1d:6d:05:2d:ae:0e:
7a:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:63:D7:9C:05:F9:3B:38:08:14:98:93:7D:87:CD:71:2E:32:06:28
X509v3 Authority Key Identifier:
keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/J2PXnAX5OzgIFJiTfYfNcS4yBig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.238.0.0/16
82.176.0.0/16
185.200.96.0/22
212.92.64.0/19
212.115.192.0/19
213.34.224.0/19
217.63.64.0/19
217.102.240.0/20
IPv6:
2a02:f68::/29
Signature Algorithm: sha256WithRSAEncryption
06:6c:02:30:e0:fa:db:a6:ff:82:49:f9:1b:9b:fd:f5:81:0b:
1b:db:71:fb:5f:71:12:1b:0c:38:a8:76:e0:c1:62:e5:7d:d4:
68:50:34:e5:98:0a:78:ad:41:8b:9e:26:97:d0:5d:ea:22:3e:
0f:ce:0d:e2:32:40:0c:68:75:67:6f:c7:de:2a:01:9b:73:72:
0e:69:35:ec:10:e4:ae:56:11:85:92:14:62:2a:72:83:df:c8:
9a:65:0d:cd:4a:b4:8e:57:51:ce:bb:7a:97:f6:ed:1a:f3:d7:
f7:ce:3a:a9:2f:9a:85:d9:a0:f3:a6:92:d4:29:1c:76:22:68:
b2:ec:c6:b4:ba:bd:d2:59:7d:44:01:a4:c5:49:8f:ee:27:66:
ca:4e:e2:90:d8:55:37:fa:af:5f:da:f9:42:c2:6d:55:bc:56:
9d:24:71:44:f9:30:f6:58:5c:d6:da:9b:7c:8a:ca:ae:25:e4:
14:c8:ed:45:f5:9e:2a:e7:63:50:29:ad:f3:eb:86:8a:c8:4a:
a5:6c:8d:65:a4:94:fb:f1:9e:8d:f4:2e:c4:5f:85:03:d9:10:
de:1b:32:63:d3:91:d4:3a:89:db:27:c5:28:b3:bc:fc:06:af:
fa:69:0f:f8:4a:1a:7a:b5:47:6a:9f:10:28:e5:c3:97:5a:56:
f3:12:96:a0
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYVwcIUFeHUerX2UsT8Nz/3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjMwMTAyMDMwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzYzZDc5YzA1ZjkzYjM4MDgxNDk4OTM3ZDg3Y2Q3MTJlMzIwNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhEBE+UChKgmrkGQy9XcWigkRX4P
UqyZ0SEabtPpErlmBkcb45A0+I+wi6JYiErbDKZbGdYEiRYoREfVWlQ8jwpqEp3h
IUkpiyKWzhOQVIhaCPHCyWwt97hcILIDV0zIJ4hsGMcHYp/maYfM6C3O2h6L0uHk
HkFrLWYr6LVC4VajveIm0CghL//zal/XeDplhcuqBQbrgd7AwDqaAGaqUsvUNEYs
cqfz7Bvwydw70Me0dbn7kRBaTGpHDmushI03Mh/D70RUm6SQ10fpdoMP6FXxbvcJ
AAM5v6Up0+OI5cFmlzZ8S18z+Gb8GiFqNcNyis0mZbXY5osdbQUtrg56mwIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFCdj15wF+Ts4CBSYk32HzXEuMgYoMB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvSjJQWG5BWDVPemdJRkppVGZZZk5jUzR5QmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTA0BAIAATAuAwMAPu4DAwBS
sAMEArnIYAMEBdRcQAMEBdRzwAMEBdUi4AMEBdk/QAMEBNlm8DANBAIAAjAHAwUD
KgIPaDANBgkqhkiG9w0BAQsFAAOCAQEABmwCMOD626b/gkn5G5v99YELG9tx+19x
EhsMOKh24MFi5X3UaFA05ZgKeK1Bi54ml9Bd6iI+D84N4jJADGh1Z2/H3ioBm3Ny
Dmk17BDkrlYRhZIUYipyg9/ImmUNzUq0jldRzrt6l/btGvPX9846qS+ahdmg86aS
1CkcdiJosuzGtLq90ll9RAGkxUmP7idmyk7ikNhVN/qvX9r5QsJtVbxWnSRxRPkw
9lhc1tqbfIrKriXkFMjtRfWeKudjUCmt8+uGishKpWyNZaSU+/GejfQuxF+FA9kQ
3hsyY9OR1DqJ2yfFKLO8/Aav+mkP+EoaerVHap8QKOXDl1pW8xKWoA==
-----END CERTIFICATE-----
Generated at Tue Jan 2 01:41:29 2024 by rpki-client on console-ams.rpki-client.org