Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/kLhsXUtZTT_5CnfwMFSkyThN-9k.roa
File: kLhsXUtZTT_5CnfwMFSkyThN-9k.roa (raw, json)
Hash identifier: 9aZ5f4VoQxzIvVPxG2fTzbtc1iTdjl7qM5IBNNy5clw=
Subject key identifier: 90:B8:6C:5D:4B:59:4D:3F:F9:0A:77:F0:30:54:A4:C9:38:4D:FB:D9
Certificate issuer: /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial: 0189BC44478FCC70FD37C7B4F9DA55C275E9
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/kLhsXUtZTT_5CnfwMFSkyThN-9k.roa
Signing time: Thu 03 Aug 2023 16:38:58 +0000
ROA not before: Thu 03 Aug 2023 16:38:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208485
IP address blocks: 94.26.90.0/24 maxlen: 24
78.159.131.0/24 maxlen: 24
91.92.33.0/24 maxlen: 24
93.152.206.0/24 maxlen: 24
93.152.205.0/24 maxlen: 24
91.92.49.0/24 maxlen: 24
93.152.209.0/24 maxlen: 24
93.152.217.0/24 maxlen: 24
93.152.225.0/24 maxlen: 24
93.152.221.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:bc:44:47:8f:cc:70:fd:37:c7:b4:f9:da:55:c2:75:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Validity
Not Before: Aug 3 16:38:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90b86c5d4b594d3ff90a77f03054a4c9384dfbd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:39:d7:a2:58:3b:08:ef:0d:6c:53:4f:3a:7c:
65:b1:0f:5c:8d:8e:02:f3:50:a3:3f:cd:29:e8:98:
41:7e:f4:bd:ea:ad:df:72:6d:5c:83:6b:24:00:38:
2f:1c:fc:a0:d0:ea:b8:a1:e9:d9:2b:3b:b2:1c:8a:
e0:fd:10:5c:28:55:f2:11:62:19:81:be:29:1c:f9:
3a:2c:8c:a3:bb:25:32:19:3c:fd:b5:05:ec:7b:97:
21:80:18:25:27:ce:38:c4:e9:86:14:2c:de:fa:74:
5c:d0:a6:ce:b5:25:69:e3:c8:d6:fb:fc:7e:ba:d4:
0a:74:c8:ac:c9:5b:6b:73:e7:8f:e8:a3:f8:45:2b:
b0:ac:45:f6:e1:c4:66:41:08:fc:ed:fc:b7:81:18:
0d:c6:a4:2e:e2:45:a8:21:a7:56:4e:02:a7:f8:31:
34:63:58:51:79:13:b5:f8:92:c1:25:c7:49:19:34:
6f:11:f0:f4:3a:16:63:25:8d:74:69:19:1c:76:02:
ac:ce:6b:b7:fa:d1:25:c7:f5:de:cd:32:35:a4:19:
96:8b:5c:e6:72:be:eb:dd:0c:7d:5c:6c:41:c5:2d:
96:fb:e5:a9:7a:4e:1d:15:6e:fd:75:3c:ce:32:6f:
67:52:13:78:84:30:d7:d6:8d:14:76:9d:bd:95:2d:
52:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:B8:6C:5D:4B:59:4D:3F:F9:0A:77:F0:30:54:A4:C9:38:4D:FB:D9
X509v3 Authority Key Identifier:
keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/kLhsXUtZTT_5CnfwMFSkyThN-9k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.159.131.0/24
91.92.33.0/24
91.92.49.0/24
93.152.205.0-93.152.206.255
93.152.209.0/24
93.152.217.0/24
93.152.221.0/24
93.152.225.0/24
94.26.90.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:8d:dd:9d:c8:5d:e5:c5:63:e6:e3:15:3f:f3:13:d6:85:43:
10:09:0c:52:d9:a9:f8:d7:b2:ee:58:54:14:68:c2:2a:0e:df:
69:1c:2f:a3:3a:b4:ba:7c:24:35:91:f2:de:10:61:f7:39:2a:
a8:be:e0:eb:8f:03:95:a8:b1:25:3b:c5:f2:27:b5:c5:2c:81:
36:48:b1:5d:1a:ce:67:c7:fc:05:e9:b1:13:be:97:76:df:23:
7f:9b:2c:22:19:b3:42:39:a9:8f:c4:a7:e8:61:e2:79:49:ba:
02:58:5b:5e:96:b0:a0:3d:e3:6c:e4:b8:74:b8:79:2b:0c:d2:
88:d9:33:69:6c:fa:8f:aa:f1:8e:73:0f:c7:3d:03:40:19:6e:
68:31:d9:b8:85:80:69:44:41:50:a1:98:00:2b:ff:ad:1c:bc:
de:5a:8b:22:a7:a3:bc:4b:c4:95:94:45:95:e8:59:8b:4a:b8:
5c:0c:c9:00:c7:df:3d:dc:84:ba:56:9a:41:af:ff:0b:f0:be:
16:3a:81:26:16:bd:06:e1:ba:80:73:7c:01:c3:c3:5f:9c:c8:
93:f6:e3:e8:18:22:16:09:86:bd:a5:f6:79:70:73:37:da:d5:
1f:51:a6:56:58:16:64:7d:6e:e1:d1:c2:09:21:ba:d0:d7:47:
fb:69:7e:80
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYm8REePzHD9N8e0+dpVwnXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjMwODAzMTYzODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4NmM1ZDRiNTk0ZDNmZjkwYTc3ZjAzMDU0YTRjOTM4NGRmYmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDnXolg7CO8NbFNPOnxlsQ9cjY4C
81CjP80p6JhBfvS96q3fcm1cg2skADgvHPyg0Oq4oenZKzuyHIrg/RBcKFXyEWIZ
gb4pHPk6LIyjuyUyGTz9tQXse5chgBglJ844xOmGFCze+nRc0KbOtSVp48jW+/x+
utQKdMisyVtrc+eP6KP4RSuwrEX24cRmQQj87fy3gRgNxqQu4kWoIadWTgKn+DE0
Y1hReRO1+JLBJcdJGTRvEfD0OhZjJY10aRkcdgKszmu3+tElx/XezTI1pBmWi1zm
cr7r3Qx9XGxBxS2W++Wpek4dFW79dTzOMm9nUhN4hDDX1o0Udp29lS1SwQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJC4bF1LWU0/+Qp38DBUpMk4TfvZMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEva0xoc1hVdFpUVF81Q25md01GU2t5VGhOLTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQATp+DAwQA
W1whAwQAW1wxMAwDBABdmM0DBABdmM4DBABdmNEDBABdmNkDBABdmN0DBABdmOED
BABeGlowDQYJKoZIhvcNAQELBQADggEBAAyN3Z3IXeXFY+bjFT/zE9aFQxAJDFLZ
qfjXsu5YVBRowioO32kcL6M6tLp8JDWR8t4QYfc5Kqi+4OuPA5WosSU7xfIntcUs
gTZIsV0azmfH/AXpsRO+l3bfI3+bLCIZs0I5qY/Ep+hh4nlJugJYW16WsKA942zk
uHS4eSsM0ojZM2ls+o+q8Y5zD8c9A0AZbmgx2biFgGlEQVChmAAr/60cvN5aiyKn
o7xLxJWURZXoWYtKuFwMyQDH3z3chLpWmkGv/wvwvhY6gSYWvQbhuoBzfAHDw1+c
yJP24+gYIhYJhr2l9nlwczfa1R9RplZYFmR9buHRwgkhutDXR/tpfoA=
-----END CERTIFICATE-----
Generated at Fri Sep 1 09:52:49 2023 by rpki-client on console-ams.rpki-client.org