Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Umj5fxBJGQ3zQh_gSgMM63nBteA.roa
File: Umj5fxBJGQ3zQh_gSgMM63nBteA.roa (raw, json)
Hash identifier: UwnhPUeNex0NXMG1UEVQgrtkiMrV8E/VzlIo02EnfDE=
Subject key identifier: 52:68:F9:7F:10:49:19:0D:F3:42:1F:E0:4A:03:0C:EB:79:C1:B5:E0
Certificate issuer: /CN=26bddae04dbcb1f82f55b078307ba4b084b994bb
Certificate serial: 0185718C1F423ADFA9F0F37F0A276BC93A7E
Authority key identifier: 26:BD:DA:E0:4D:BC:B1:F8:2F:55:B0:78:30:7B:A4:B0:84:B9:94:BB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Jr3a4E28sfgvVbB4MHuksIS5lLs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Umj5fxBJGQ3zQh_gSgMM63nBteA.roa
Signing time: Mon 02 Jan 2023 08:14:46 +0000
ROA not before: Mon 02 Jan 2023 08:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49596
IP address blocks: 103.231.136.0/24 maxlen: 24
103.231.137.0/24 maxlen: 24
103.231.139.0/24 maxlen: 24
103.231.138.0/24 maxlen: 24
185.137.111.0/24 maxlen: 24
185.137.109.0/24 maxlen: 24
185.137.110.0/24 maxlen: 24
185.137.108.0/24 maxlen: 24
185.137.108.0/22 maxlen: 22
2a0a:40c0::/29 maxlen: 29
2a07:387::/32 maxlen: 32
2a07:380::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:8c:1f:42:3a:df:a9:f0:f3:7f:0a:27:6b:c9:3a:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=26bddae04dbcb1f82f55b078307ba4b084b994bb
Validity
Not Before: Jan 2 08:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5268f97f1049190df3421fe04a030ceb79c1b5e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:44:ab:bf:f4:89:9f:41:7c:41:7c:31:3b:f4:
0c:18:a6:1f:53:82:8e:85:02:3f:29:d8:8d:fd:4d:
cb:b0:ec:ac:bb:57:60:7c:fe:c3:ba:3d:57:c0:42:
cd:d1:53:cd:e6:f6:f9:fb:8f:03:95:4a:0f:c7:db:
6e:03:d9:66:06:b7:8f:a3:d2:0f:d9:9d:ff:16:a1:
b1:46:23:b5:d4:74:d9:97:e5:ea:c3:8d:68:11:b0:
8c:a1:58:6d:4e:f9:26:f0:34:04:ea:1d:e8:03:ae:
e7:02:fd:a7:06:61:88:70:25:a8:ac:3f:98:31:21:
65:6e:a6:20:37:74:0b:b7:df:29:86:3c:eb:9c:ff:
82:d3:1c:8e:06:47:ec:65:60:e2:29:d7:5f:15:87:
8a:c4:ad:6a:98:69:79:75:33:b7:21:f6:d8:67:f6:
0c:ef:ee:62:d6:63:40:d8:ab:ff:c5:78:30:83:00:
de:15:c3:a9:1a:67:4e:6c:22:91:52:72:57:31:62:
77:7c:5e:e7:c7:c2:29:8f:ce:74:c1:45:75:46:5a:
66:de:ab:a2:18:95:97:23:ea:5b:c4:5d:ac:8d:f1:
8f:63:25:ed:ee:6f:e2:d1:ed:86:87:b5:f8:c6:00:
83:5b:17:a0:d3:a3:36:16:f3:5b:cb:f5:18:ab:7d:
87:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:68:F9:7F:10:49:19:0D:F3:42:1F:E0:4A:03:0C:EB:79:C1:B5:E0
X509v3 Authority Key Identifier:
keyid:26:BD:DA:E0:4D:BC:B1:F8:2F:55:B0:78:30:7B:A4:B0:84:B9:94:BB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jr3a4E28sfgvVbB4MHuksIS5lLs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Umj5fxBJGQ3zQh_gSgMM63nBteA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/feb3ba-ee90-4f03-9e00-f6179a910b15/1/Jr3a4E28sfgvVbB4MHuksIS5lLs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.231.136.0/22
185.137.108.0/22
IPv6:
2a07:380::/29
2a0a:40c0::/29
Signature Algorithm: sha256WithRSAEncryption
61:41:2a:4f:1b:48:91:fb:80:47:eb:e2:e1:cf:3b:f2:b6:6f:
d8:86:3a:55:d1:64:c3:23:52:7e:91:d5:9c:d2:05:e2:fb:5a:
71:7e:69:bf:e4:99:00:2b:48:ff:39:f2:64:6a:e4:6b:6c:20:
ba:45:b9:1a:94:02:a5:07:e6:9a:b8:c0:e2:8e:ca:c6:6a:28:
84:e6:21:53:9e:80:fd:88:94:ae:0d:e0:49:73:bc:28:5f:5e:
a3:e0:68:cd:45:bb:cd:06:be:59:81:5c:d4:c0:f4:41:41:1d:
52:77:d4:1b:a3:9e:75:51:27:44:29:e5:a2:88:77:8c:d1:fc:
37:c6:d7:a2:88:f8:9c:5c:64:eb:d5:f3:82:07:d6:56:ea:ca:
9f:92:51:d3:51:8a:41:82:d0:06:94:8f:e9:1d:ba:8b:54:16:
4a:4f:b4:28:3c:ba:27:22:1b:1d:a6:54:33:50:eb:0d:1c:a2:
54:e6:3a:f7:13:8a:e8:71:b9:1f:3c:31:96:2d:f1:b6:69:8a:
03:35:c7:5b:52:13:9c:e0:e1:06:04:4c:a9:a0:4e:cb:56:9d:
4e:cb:42:12:bb:68:e3:d5:e1:3c:48:77:75:61:4a:81:3b:9f:
bb:8f:5a:07:ca:2f:c3:86:d7:0a:b6:32:b9:2c:e8:fa:2c:30:
0a:d8:40:ec
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVxjB9COt+p8PN/CidryTp+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YmRkYWUwNGRiY2IxZjgyZjU1YjA3ODMwN2JhNGIwODRi
OTk0YmIwHhcNMjMwMTAyMDgxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY4Zjk3ZjEwNDkxOTBkZjM0MjFmZTA0YTAzMGNlYjc5YzFiNWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlESrv/SJn0F8QXwxO/QMGKYfU4KO
hQI/KdiN/U3LsOysu1dgfP7Duj1XwELN0VPN5vb5+48DlUoPx9tuA9lmBrePo9IP
2Z3/FqGxRiO11HTZl+Xqw41oEbCMoVhtTvkm8DQE6h3oA67nAv2nBmGIcCWorD+Y
MSFlbqYgN3QLt98phjzrnP+C0xyOBkfsZWDiKddfFYeKxK1qmGl5dTO3IfbYZ/YM
7+5i1mNA2Kv/xXgwgwDeFcOpGmdObCKRUnJXMWJ3fF7nx8Ipj850wUV1Rlpm3qui
GJWXI+pbxF2sjfGPYyXt7m/i0e2Gh7X4xgCDWxeg06M2FvNby/UYq32HoQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFFJo+X8QSRkN80If4EoDDOt5wbXgMB8GA1UdIwQY
MBaAFCa92uBNvLH4L1WweDB7pLCEuZS7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnIzYTRFMjhzZmd2VmJCNE1IdWtzSVM1bExzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9mZWIzYmEtZWU5MC00ZjAzLTllMDAt
ZjYxNzlhOTEwYjE1LzEvVW1qNWZ4QkpHUTN6UWhfZ1NnTU02M25CdGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9mZWIzYmEtZWU5MC00ZjAzLTllMDAtZjYxNzlhOTEwYjE1
LzEvSnIzYTRFMjhzZmd2VmJCNE1IdWtzSVM1bExzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCZ+eIAwQC
uYlsMBQEAgACMA4DBQMqBwOAAwUDKgpAwDANBgkqhkiG9w0BAQsFAAOCAQEAYUEq
TxtIkfuAR+vi4c878rZv2IY6VdFkwyNSfpHVnNIF4vtacX5pv+SZACtI/znyZGrk
a2wgukW5GpQCpQfmmrjA4o7KxmoohOYhU56A/YiUrg3gSXO8KF9eo+BozUW7zQa+
WYFc1MD0QUEdUnfUG6OedVEnRCnlooh3jNH8N8bXooj4nFxk69XzggfWVurKn5JR
01GKQYLQBpSP6R26i1QWSk+0KDy6JyIbHaZUM1DrDRyiVOY69xOK6HG5Hzwxli3x
tmmKAzXHW1ITnODhBgRMqaBOy1adTstCErto49XhPEh3dWFKgTufu49aB8ovw4bX
CrYyuSzo+iwwCthA7A==
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:20:00 2024 by rpki-client on console-ams.rpki-client.org