Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/9YMIeAmzcN6iogPSkNlXzgpHlGw.roa
File: 9YMIeAmzcN6iogPSkNlXzgpHlGw.roa (raw, json)
Hash identifier: pUo8Ppj03lwWwA7ILRN/AkkgrlHkuy7aI+F49BA5L9w=
Subject key identifier: F5:83:08:78:09:B3:70:DE:A2:A2:03:D2:90:D9:57:CE:0A:47:94:6C
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 01856CCAEE1200A44C373214514A78066C60
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/9YMIeAmzcN6iogPSkNlXzgpHlGw.roa
Signing time: Sun 01 Jan 2023 10:05:16 +0000
ROA not before: Sun 01 Jan 2023 10:05:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48803
IP address blocks: 194.68.117.0/24 maxlen: 24
194.132.224.0/22 maxlen: 22
193.183.212.0/22 maxlen: 22
194.132.228.0/22 maxlen: 22
193.234.108.0/22 maxlen: 22
193.183.250.0/23 maxlen: 23
193.183.148.0/22 maxlen: 22
193.183.192.0/22 maxlen: 22
193.234.72.0/22 maxlen: 22
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ca:ee:12:00:a4:4c:37:32:14:51:4a:78:06:6c:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Jan 1 10:05:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f583087809b370dea2a203d290d957ce0a47946c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:b3:63:4f:94:81:ab:2f:4c:b0:b5:5b:9b:37:
44:81:2a:20:b7:13:72:d0:29:f5:10:33:dc:f3:a5:
3e:f3:79:95:dc:d5:95:df:56:91:32:f5:45:56:2c:
c5:53:26:2d:a4:d0:05:de:e9:24:26:51:e8:e1:e4:
bd:9d:ce:c7:2e:3e:c2:97:b9:1e:5e:9c:0c:b3:6b:
81:46:39:c0:f0:88:6e:c7:56:06:2b:6a:5c:93:28:
63:c2:95:7b:c1:bc:8a:c1:cd:20:de:2c:c1:7a:f9:
e1:f7:71:cb:92:ea:15:17:40:4b:43:76:2f:f9:30:
cc:0a:f6:e4:25:05:ba:ec:a1:c6:27:7a:2b:5b:c2:
3d:27:25:ca:89:48:d8:62:0e:95:c8:1d:6b:8a:8c:
a2:d3:3c:e3:4d:a3:62:39:d0:74:3e:85:49:81:7e:
69:b8:0a:e6:44:35:91:c2:b9:c8:30:a5:9c:3f:f6:
11:41:48:eb:82:70:68:ae:6b:ba:48:1f:36:ca:43:
ec:76:84:06:52:16:3b:70:64:a5:7f:05:e0:bb:ff:
62:ef:17:c2:94:6f:bf:9f:c1:0a:1c:03:2a:1a:ac:
81:d7:65:3a:39:7a:cb:14:ba:eb:b3:4a:c2:4a:3c:
aa:04:64:ae:01:ab:c4:6d:0b:72:3b:4c:b2:05:a2:
f7:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:83:08:78:09:B3:70:DE:A2:A2:03:D2:90:D9:57:CE:0A:47:94:6C
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/9YMIeAmzcN6iogPSkNlXzgpHlGw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.183.148.0/22
193.183.192.0/22
193.183.212.0/22
193.183.250.0/23
193.234.72.0/22
193.234.108.0/22
194.68.117.0/24
194.132.224.0/21
Signature Algorithm: sha256WithRSAEncryption
ab:4b:cb:38:62:85:58:ad:18:16:18:1e:56:60:50:01:02:72:
0b:b7:8a:c1:63:26:af:b5:9c:6d:24:8a:0c:8d:b6:b4:d8:8a:
66:06:1d:d3:56:43:73:a9:51:06:08:f9:8f:5c:95:14:07:4a:
f0:50:fd:56:f4:93:4e:a9:c3:90:3a:ef:fd:46:0b:b2:2f:64:
1b:c8:76:e8:ed:1b:07:83:9a:b0:7c:36:88:f5:96:4f:eb:95:
ac:fc:6d:cb:a5:f2:77:00:26:93:3d:95:6e:03:a7:30:2e:e9:
7e:f2:36:45:c2:ed:26:05:53:6f:a6:92:4b:83:d4:98:7f:41:
04:ac:cf:63:f8:89:46:ac:83:24:bb:e9:ba:44:6c:44:c4:2e:
c6:7c:c6:fb:e9:9f:05:2c:83:b9:20:d9:65:3a:ca:c8:47:f6:
4f:3e:a4:7a:c7:72:5f:b5:6d:02:26:5b:80:61:bc:75:93:67:
0e:35:ab:e8:36:83:d7:e7:25:20:50:99:24:de:02:dd:65:98:
68:da:3a:26:0b:cc:c2:0d:6f:2a:a1:d6:ed:d9:63:fa:c7:32:
10:93:ea:98:cb:66:29:c1:c6:ec:79:0f:98:68:d8:37:07:d4:
5e:1d:ca:f2:d4:a5:98:55:df:42:ee:ff:ff:91:20:ab:5c:55:
0f:f8:1e:4d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVsyu4SAKRMNzIUUUp4BmxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjMwMTAxMTAwNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTgzMDg3ODA5YjM3MGRlYTJhMjAzZDI5MGQ5NTdjZTBhNDc5NDZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7NjT5SBqy9MsLVbmzdEgSogtxNy
0Cn1EDPc86U+83mV3NWV31aRMvVFVizFUyYtpNAF3ukkJlHo4eS9nc7HLj7Cl7ke
XpwMs2uBRjnA8Ihux1YGK2pckyhjwpV7wbyKwc0g3izBevnh93HLkuoVF0BLQ3Yv
+TDMCvbkJQW67KHGJ3orW8I9JyXKiUjYYg6VyB1rioyi0zzjTaNiOdB0PoVJgX5p
uArmRDWRwrnIMKWcP/YRQUjrgnBormu6SB82ykPsdoQGUhY7cGSlfwXgu/9i7xfC
lG+/n8EKHAMqGqyB12U6OXrLFLrrs0rCSjyqBGSuAavEbQtyO0yyBaL3IwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPWDCHgJs3DeoqID0pDZV84KR5RsMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvOVlNSWVBbXpjTjZpb2dQU2tObFh6Z3BIbEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCwbeUAwQC
wbfAAwQCwbfUAwQBwbf6AwQCwepIAwQCwepsAwQAwkR1AwQDwoTgMA0GCSqGSIb3
DQEBCwUAA4IBAQCrS8s4YoVYrRgWGB5WYFABAnILt4rBYyavtZxtJIoMjba02Ipm
Bh3TVkNzqVEGCPmPXJUUB0rwUP1W9JNOqcOQOu/9RguyL2QbyHbo7RsHg5qwfDaI
9ZZP65Ws/G3LpfJ3ACaTPZVuA6cwLul+8jZFwu0mBVNvppJLg9SYf0EErM9j+IlG
rIMku+m6RGxExC7GfMb76Z8FLIO5INllOsrIR/ZPPqR6x3JftW0CJluAYbx1k2cO
NavoNoPX5yUgUJkk3gLdZZho2jomC8zCDW8qodbt2WP6xzIQk+qYy2YpwcbseQ+Y
aNg3B9ReHcry1KWYVd9C7v//kSCrXFUP+B5N
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:33:20 2024 by rpki-client on console-ams.rpki-client.org