Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/rhn4fQdlF-zMUaycz3MRTVP2UcM.roa
File: rhn4fQdlF-zMUaycz3MRTVP2UcM.roa (raw, json)
Hash identifier: 4k8DH9E7h6Ksomorp0oflLmLSOiihEhPWv6kaRAaDgk=
Subject key identifier: AE:19:F8:7D:07:65:17:EC:CC:51:AC:9C:CF:73:11:4D:53:F6:51:C3
Certificate issuer: /CN=d9e1019bbe11b55114874c961716eb238a11cd4e
Certificate serial: 01856E0AE0BE76198E5176B99B5A4E5D9064
Authority key identifier: D9:E1:01:9B:BE:11:B5:51:14:87:4C:96:17:16:EB:23:8A:11:CD:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2eEBm74RtVEUh0yWFxbrI4oRzU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/rhn4fQdlF-zMUaycz3MRTVP2UcM.roa
Signing time: Sun 01 Jan 2023 15:54:44 +0000
ROA not before: Sun 01 Jan 2023 15:54:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44901
IP address blocks: 94.156.128.0/24 maxlen: 24
185.148.145.0/24 maxlen: 24
185.148.144.0/24 maxlen: 24
185.205.208.0/24 maxlen: 24
185.205.211.0/24 maxlen: 24
185.148.146.0/24 maxlen: 24
185.148.147.0/24 maxlen: 24
109.94.110.0/24 maxlen: 24
2a07:5740::/32 maxlen: 32
2a07:5741::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:0a:e0:be:76:19:8e:51:76:b9:9b:5a:4e:5d:90:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9e1019bbe11b55114874c961716eb238a11cd4e
Validity
Not Before: Jan 1 15:54:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ae19f87d076517eccc51ac9ccf73114d53f651c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:2c:03:8e:c0:ed:83:9b:67:c8:58:b6:1e:2f:
16:e5:dd:20:58:68:a9:13:11:e8:b4:c9:54:a9:ce:
c1:cf:30:1d:ed:e1:63:95:ca:0d:a9:3b:0d:ca:3f:
d8:aa:7d:48:91:67:a7:eb:90:94:01:49:e7:11:bc:
0d:71:1f:5a:c0:27:5a:2f:8a:22:10:38:fe:8c:d3:
09:98:58:33:35:0a:74:7b:4f:22:05:b1:d8:6e:a1:
30:9f:91:76:b0:6b:9b:c2:d9:0c:20:58:e0:81:21:
82:11:8f:9f:31:52:4e:0b:b0:96:fd:29:e0:c2:1f:
bb:98:e3:0a:9f:ab:61:60:60:a4:35:bf:d7:96:44:
d2:02:a6:c4:3f:6f:db:3a:a3:37:5f:46:37:02:1f:
27:7d:2c:52:b1:34:91:bf:ba:1a:72:99:a9:52:fa:
ed:b9:86:93:49:23:15:b5:fe:82:81:48:9c:18:9c:
a6:ce:2a:2e:3c:23:b4:6e:2f:2d:fe:8b:78:c7:79:
fe:c7:59:d1:31:db:36:b1:bf:4f:14:c4:9c:93:f8:
2a:4b:47:d4:e4:98:1f:bf:46:f5:90:e5:73:df:4d:
37:25:90:e2:39:e2:cf:ac:37:5b:a6:10:13:ea:b2:
8f:ac:4e:17:69:8d:8c:d9:35:bf:0f:d9:c7:cc:0d:
da:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:19:F8:7D:07:65:17:EC:CC:51:AC:9C:CF:73:11:4D:53:F6:51:C3
X509v3 Authority Key Identifier:
keyid:D9:E1:01:9B:BE:11:B5:51:14:87:4C:96:17:16:EB:23:8A:11:CD:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2eEBm74RtVEUh0yWFxbrI4oRzU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/rhn4fQdlF-zMUaycz3MRTVP2UcM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/0e19fe-0ad9-48e0-9b7b-452561935031/1/2eEBm74RtVEUh0yWFxbrI4oRzU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.128.0/24
109.94.110.0/24
185.148.144.0/22
185.205.208.0/24
185.205.211.0/24
IPv6:
2a07:5740::/31
Signature Algorithm: sha256WithRSAEncryption
37:a9:88:5d:9e:df:2c:98:bf:bf:7d:39:d6:d9:43:9c:90:b3:
62:7b:d6:5a:23:af:68:b7:0e:1e:a5:43:8a:d0:71:bf:a3:c1:
e1:0b:68:d3:b1:b7:59:4b:d3:28:e5:c5:73:d0:92:03:57:61:
64:86:80:22:af:1b:f7:e0:5b:41:60:58:0a:fd:d3:96:54:41:
8a:7a:50:e8:e7:8e:14:c2:16:d5:86:16:9a:16:f1:56:f0:83:
25:f5:1c:d8:e5:78:59:eb:2b:62:8e:a1:3e:b5:1d:44:78:52:
d4:28:06:00:87:67:43:33:16:46:df:cd:b1:21:62:73:19:e0:
cb:35:4a:8d:75:33:50:47:c0:31:af:b9:94:da:ac:65:a5:59:
cc:e1:7b:7f:a5:52:63:b2:8a:8b:8e:27:f0:eb:67:73:9f:94:
c8:a4:a5:3d:ed:ca:1b:b3:b6:45:98:0b:44:65:3b:45:44:c4:
03:eb:e4:e1:13:0e:58:67:74:b4:94:db:5a:87:08:09:52:07:
ac:37:de:76:c4:b6:79:b4:f4:66:14:21:d1:8c:7c:d0:ca:72:
7a:aa:83:69:56:1a:e7:33:e4:7f:0d:d3:f0:cc:49:9f:54:d8:
6f:33:c4:a0:50:7c:49:ff:f7:41:fd:df:97:6b:7b:7e:ef:e6:
fd:98:fc:42
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVuCuC+dhmOUXa5m1pOXZBkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZTEwMTliYmUxMWI1NTExNDg3NGM5NjE3MTZlYjIzOGEx
MWNkNGUwHhcNMjMwMTAxMTU1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE5Zjg3ZDA3NjUxN2VjY2M1MWFjOWNjZjczMTE0ZDUzZjY1MWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriwDjsDtg5tnyFi2Hi8W5d0gWGip
ExHotMlUqc7BzzAd7eFjlcoNqTsNyj/Yqn1IkWen65CUAUnnEbwNcR9awCdaL4oi
EDj+jNMJmFgzNQp0e08iBbHYbqEwn5F2sGubwtkMIFjggSGCEY+fMVJOC7CW/Sng
wh+7mOMKn6thYGCkNb/XlkTSAqbEP2/bOqM3X0Y3Ah8nfSxSsTSRv7oacpmpUvrt
uYaTSSMVtf6CgUicGJymziouPCO0bi8t/ot4x3n+x1nRMds2sb9PFMSck/gqS0fU
5Jgfv0b1kOVz3003JZDiOeLPrDdbphAT6rKPrE4XaY2M2TW/D9nHzA3afQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFK4Z+H0HZRfszFGsnM9zEU1T9lHDMB8GA1UdIwQY
MBaAFNnhAZu+EbVRFIdMlhcW6yOKEc1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVFQm03NFJ0VkVVaDB5V0Z4YnJJNG9SelU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8wZTE5ZmUtMGFkOS00OGUwLTliN2It
NDUyNTYxOTM1MDMxLzEvcmhuNGZRZGxGLXpNVWF5Y3ozTVJUVlAyVWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8wZTE5ZmUtMGFkOS00OGUwLTliN2ItNDUyNTYxOTM1MDMx
LzEvMmVFQm03NFJ0VkVVaDB5V0Z4YnJJNG9SelU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAXpyAAwQA
bV5uAwQCuZSQAwQAuc3QAwQAuc3TMA0EAgACMAcDBQEqB1dAMA0GCSqGSIb3DQEB
CwUAA4IBAQA3qYhdnt8smL+/fTnW2UOckLNie9ZaI69otw4epUOK0HG/o8HhC2jT
sbdZS9Mo5cVz0JIDV2FkhoAirxv34FtBYFgK/dOWVEGKelDo544UwhbVhhaaFvFW
8IMl9RzY5XhZ6ytijqE+tR1EeFLUKAYAh2dDMxZG382xIWJzGeDLNUqNdTNQR8Ax
r7mU2qxlpVnM4Xt/pVJjsoqLjifw62dzn5TIpKU97cobs7ZFmAtEZTtFRMQD6+Th
Ew5YZ3S0lNtahwgJUgesN952xLZ5tPRmFCHRjHzQynJ6qoNpVhrnM+R/DdPwzEmf
VNhvM8SgUHxJ//dB/d+Xa3t+7+b9mPxC
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:20 2023 by rpki-client on console-ams.rpki-client.org