Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/X1Xvwq8J7AiXJ-ectK3ugH5w4ho.roa
File: X1Xvwq8J7AiXJ-ectK3ugH5w4ho.roa (raw, json)
Hash identifier: Ql5Kg/5oJRvVwmTQMCt6Pxe6WVMM2FHhD4EAIurso4A=
Subject key identifier: 5F:55:EF:C2:AF:09:EC:08:97:27:E7:9C:B4:AD:EE:80:7E:70:E2:1A
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 018570FBC9D6160B98CE07419440D38AF30A
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/X1Xvwq8J7AiXJ-ectK3ugH5w4ho.roa
Signing time: Mon 02 Jan 2023 05:37:07 +0000
ROA not before: Mon 02 Jan 2023 05:37:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205948
IP address blocks: 5.1.77.0/24 maxlen: 32
5.1.78.0/24 maxlen: 32
5.1.73.0/24 maxlen: 32
5.1.82.0/24 maxlen: 24
5.1.80.0/24 maxlen: 24
5.1.86.0/24 maxlen: 24
5.1.89.0/24 maxlen: 24
2a07:6fc0:452::/48 maxlen: 48
2a07:6fc0::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:fb:c9:d6:16:0b:98:ce:07:41:94:40:d3:8a:f3:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Jan 2 05:37:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f55efc2af09ec089727e79cb4adee807e70e21a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:40:00:60:09:6d:0d:ec:70:87:40:80:b9:c9:
5b:8a:cc:97:f1:6a:af:c2:c6:83:5a:a8:e9:51:25:
9f:21:dc:8e:9c:ee:43:9e:72:c1:34:ae:64:ec:cd:
3a:f6:14:9c:f1:4f:b1:7f:cf:b7:c6:55:e6:c6:cc:
6b:ac:f2:82:38:2b:69:57:bc:6a:71:b3:a7:0b:9a:
1d:aa:df:b0:0b:5b:2f:be:d3:b9:76:ce:d4:c8:47:
59:eb:9c:ac:b4:aa:da:72:e9:44:ac:60:2b:90:4d:
58:15:c5:f1:33:94:4f:e3:b4:34:03:5a:05:b1:dd:
68:fc:40:99:be:1c:c1:98:11:ca:2d:5c:19:cc:1f:
da:69:0b:0d:18:50:5a:7d:bf:2b:c0:94:ea:fb:c8:
11:8f:6c:d5:5b:c3:f0:65:fc:ce:bd:b1:65:f8:73:
7c:2d:59:ce:9a:7b:a2:ec:e1:19:56:07:69:97:cb:
14:44:91:cf:7a:b3:5b:b5:01:4f:ca:a9:c2:31:bd:
b1:c3:38:ec:38:2b:02:83:62:0c:25:44:1a:f8:6b:
5f:85:64:2a:d8:7e:f1:2e:af:80:ed:e7:e7:72:f0:
be:4c:7f:f4:05:d1:fe:da:84:1d:7b:1f:3a:57:0f:
45:c7:2b:2b:81:ce:0f:6c:24:05:ff:7e:6e:a3:96:
59:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:55:EF:C2:AF:09:EC:08:97:27:E7:9C:B4:AD:EE:80:7E:70:E2:1A
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/X1Xvwq8J7AiXJ-ectK3ugH5w4ho.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.1.73.0/24
5.1.77.0-5.1.78.255
5.1.80.0/24
5.1.82.0/24
5.1.86.0/24
5.1.89.0/24
IPv6:
2a07:6fc0::/48
2a07:6fc0:452::/48
Signature Algorithm: sha256WithRSAEncryption
0a:11:c0:11:45:e4:d4:34:ac:bf:b1:62:ac:0b:08:86:f5:be:
63:d4:20:85:58:fe:d3:d7:d7:f6:0a:f7:cf:e9:61:f0:18:c2:
f3:f2:cf:8e:1d:da:71:1f:71:9e:2e:87:4e:f2:38:05:d4:7e:
f0:22:77:95:c5:a6:ae:fa:f1:aa:7f:52:3b:a7:4f:18:bc:84:
26:b5:ec:05:83:a6:1b:78:84:cc:9d:96:80:f2:bc:ff:48:a8:
91:91:a5:25:10:52:4b:f6:7a:ff:e8:f9:c3:70:c3:34:65:3e:
30:63:f1:67:67:ea:75:7a:10:c1:ee:ff:d8:91:bb:7d:ed:4a:
31:05:9a:dd:59:e5:f3:44:46:76:9f:e3:b1:93:9b:b3:d7:fe:
cb:5c:e9:1d:7a:4f:66:e7:e1:e0:ab:90:d2:cd:75:0d:25:2c:
6e:f5:3d:38:e2:85:ff:bb:8f:8f:c0:5a:91:3f:b2:7e:99:fc:
23:a9:25:2f:64:09:bc:5b:4d:0a:a8:58:9e:f5:48:8c:09:b0:
10:96:38:1f:70:1f:2e:dd:ff:e9:28:c0:70:94:87:76:e4:f5:
9c:df:d1:65:61:4d:b7:67:cd:df:55:ea:0f:e0:ef:d2:70:11:
dc:52:71:6f:88:6c:74:0d:06:9a:ac:eb:1e:0b:e0:92:71:27:
67:c5:b9:25
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVw+8nWFguYzgdBlEDTivMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjMwMTAyMDUzNzA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjU1ZWZjMmFmMDllYzA4OTcyN2U3OWNiNGFkZWU4MDdlNzBlMjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEAAYAltDexwh0CAuclbisyX8Wqv
wsaDWqjpUSWfIdyOnO5DnnLBNK5k7M069hSc8U+xf8+3xlXmxsxrrPKCOCtpV7xq
cbOnC5odqt+wC1svvtO5ds7UyEdZ65ystKraculErGArkE1YFcXxM5RP47Q0A1oF
sd1o/ECZvhzBmBHKLVwZzB/aaQsNGFBafb8rwJTq+8gRj2zVW8PwZfzOvbFl+HN8
LVnOmnui7OEZVgdpl8sURJHPerNbtQFPyqnCMb2xwzjsOCsCg2IMJUQa+GtfhWQq
2H7xLq+A7efncvC+TH/0BdH+2oQdex86Vw9Fxysrgc4PbCQF/35uo5ZZvwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFF9V78KvCewIlyfnnLSt7oB+cOIaMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvWDFYdndxOEo3QWlYSi1lY3RLM3VnSDV3NGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAyBAIAATAsAwQABQFJMAwD
BAAFAU0DBAAFAU4DBAAFAVADBAAFAVIDBAAFAVYDBAAFAVkwGAQCAAIwEgMHACoH
b8AAAAMHACoHb8AEUjANBgkqhkiG9w0BAQsFAAOCAQEAChHAEUXk1DSsv7FirAsI
hvW+Y9QghVj+09fX9gr3z+lh8BjC8/LPjh3acR9xni6HTvI4BdR+8CJ3lcWmrvrx
qn9SO6dPGLyEJrXsBYOmG3iEzJ2WgPK8/0iokZGlJRBSS/Z6/+j5w3DDNGU+MGPx
Z2fqdXoQwe7/2JG7fe1KMQWa3Vnl80RGdp/jsZObs9f+y1zpHXpPZufh4KuQ0s11
DSUsbvU9OOKF/7uPj8BakT+yfpn8I6klL2QJvFtNCqhYnvVIjAmwEJY4H3AfLt3/
6SjAcJSHduT1nN/RZWFNt2fN31XqD+Dv0nAR3FJxb4hsdA0GmqzrHgvgknEnZ8W5
JQ==
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:19:57 2024 by rpki-client on console-ams.rpki-client.org