Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/YXbVhC9YSVuYPYe9YMt3DAb7y-s.roa
File: YXbVhC9YSVuYPYe9YMt3DAb7y-s.roa (raw, json)
Hash identifier: 3Won1PnmFK4cWI5rA0r7Xifg9qJ8xUW4sGZ5zIDAbTk=
Subject key identifier: 61:76:D5:84:2F:58:49:5B:98:3D:87:BD:60:CB:77:0C:06:FB:CB:EB
Certificate issuer: /CN=540b63d19d86ea345c9b5f169300c3a29d4c31c4
Certificate serial: 0185729EBF2F2142CAA35D1FE401E07CB4D3
Authority key identifier: 54:0B:63:D1:9D:86:EA:34:5C:9B:5F:16:93:00:C3:A2:9D:4C:31:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VAtj0Z2G6jRcm18WkwDDop1MMcQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/YXbVhC9YSVuYPYe9YMt3DAb7y-s.roa
Signing time: Mon 02 Jan 2023 13:14:44 +0000
ROA not before: Mon 02 Jan 2023 13:14:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8680
IP address blocks: 185.48.78.0/24 maxlen: 24
185.48.76.0/22 maxlen: 24
37.18.136.0/21 maxlen: 24
37.18.136.0/23 maxlen: 23
37.18.138.0/23 maxlen: 23
37.18.138.0/24 maxlen: 24
37.18.140.0/23 maxlen: 23
46.31.202.0/23 maxlen: 23
46.31.204.0/23 maxlen: 23
46.31.206.0/24 maxlen: 24
46.31.200.0/21 maxlen: 24
46.31.207.0/24 maxlen: 24
2a04:b240::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:bf:2f:21:42:ca:a3:5d:1f:e4:01:e0:7c:b4:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=540b63d19d86ea345c9b5f169300c3a29d4c31c4
Validity
Not Before: Jan 2 13:14:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6176d5842f58495b983d87bd60cb770c06fbcbeb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:f3:c1:14:3c:fc:04:13:e4:6f:aa:19:78:5b:
0e:f1:81:c7:41:23:7a:56:aa:7d:86:e7:0c:42:87:
ab:5f:d7:94:58:f0:7c:30:62:6c:83:07:13:a1:c5:
28:22:1f:21:72:84:dc:8a:33:02:81:06:2c:4b:5f:
46:e2:f5:24:a5:50:04:0a:30:63:1e:4e:c1:3f:fb:
c1:48:56:5f:b4:57:0a:d1:99:16:cb:d9:93:84:19:
cf:17:8a:41:4a:d3:53:97:65:f8:89:0d:18:db:df:
2b:f8:c1:e4:bf:7d:84:c2:22:e1:cc:ff:50:d7:29:
e3:c4:9d:34:66:69:98:1c:6b:20:76:2b:68:92:f1:
36:93:35:ef:27:52:f8:c2:95:ad:33:81:36:97:77:
e7:8a:56:00:13:01:9e:51:1a:96:0c:10:fd:5a:78:
d6:ff:90:b5:44:de:9c:45:b9:0a:91:e5:68:f0:65:
38:89:06:c5:e1:c5:ab:1a:25:1a:ce:32:87:4a:fe:
1b:3d:23:0e:74:3b:a1:3a:ee:de:e8:31:4d:fe:e2:
bc:b3:e1:6b:4e:d2:78:59:d5:d3:ad:8c:fc:90:dc:
04:c2:c7:7b:fe:d8:a5:38:d8:9b:2a:24:54:a1:32:
df:65:eb:18:49:b2:16:b8:79:2c:cf:23:39:51:5e:
f5:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:76:D5:84:2F:58:49:5B:98:3D:87:BD:60:CB:77:0C:06:FB:CB:EB
X509v3 Authority Key Identifier:
keyid:54:0B:63:D1:9D:86:EA:34:5C:9B:5F:16:93:00:C3:A2:9D:4C:31:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VAtj0Z2G6jRcm18WkwDDop1MMcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/YXbVhC9YSVuYPYe9YMt3DAb7y-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/d98472-f0b7-4df3-925b-0004b274630b/1/VAtj0Z2G6jRcm18WkwDDop1MMcQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.18.136.0/21
46.31.200.0/21
185.48.76.0/22
IPv6:
2a04:b240::/29
Signature Algorithm: sha256WithRSAEncryption
2a:39:9c:e6:45:eb:64:03:e4:ec:a8:77:21:53:e7:a6:70:e1:
aa:d5:0d:ae:4d:8d:08:49:96:c5:51:02:3d:50:b5:10:00:9e:
2c:a9:90:b5:4e:a4:15:ad:f8:2c:25:ad:98:af:a1:78:0a:91:
05:a1:45:13:8a:b4:5c:a9:07:79:67:6c:3b:57:13:ae:f7:7f:
e5:71:b7:ad:68:77:79:74:aa:bf:72:43:ed:e7:c5:01:06:4c:
f0:20:2f:4c:a0:55:51:fd:bb:75:fb:7b:2a:9a:d6:28:a8:10:
5d:03:97:73:93:23:c2:07:8e:5f:97:f7:35:7c:2e:f2:b0:40:
98:c7:8b:31:5e:ff:82:13:7f:27:d8:dc:6f:64:70:f4:95:5d:
24:68:08:ad:15:cf:9f:69:87:60:60:e4:77:02:23:a7:62:8f:
75:9c:6e:bc:34:78:e5:f8:30:6b:4f:05:db:2c:fc:6b:ee:1d:
e5:8d:92:d7:85:3f:ed:ba:e5:47:43:97:ad:e4:23:5f:11:27:
91:38:b3:a4:99:5f:7e:27:6f:34:57:75:d8:8d:ce:77:15:2a:
c2:35:fd:73:fe:8a:a1:94:59:7e:f4:68:49:94:6e:38:b9:f2:
08:ec:3e:6a:0c:94:78:e0:ba:9c:0a:f8:a4:f5:bd:d7:a4:81:
01:09:30:68
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVynr8vIULKo10f5AHgfLTTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MGI2M2QxOWQ4NmVhMzQ1YzliNWYxNjkzMDBjM2EyOWQ0
YzMxYzQwHhcNMjMwMTAyMTMxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTc2ZDU4NDJmNTg0OTViOTgzZDg3YmQ2MGNiNzcwYzA2ZmJjYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/PBFDz8BBPkb6oZeFsO8YHHQSN6
Vqp9hucMQoerX9eUWPB8MGJsgwcTocUoIh8hcoTcijMCgQYsS19G4vUkpVAECjBj
Hk7BP/vBSFZftFcK0ZkWy9mThBnPF4pBStNTl2X4iQ0Y298r+MHkv32EwiLhzP9Q
1ynjxJ00ZmmYHGsgditokvE2kzXvJ1L4wpWtM4E2l3fnilYAEwGeURqWDBD9WnjW
/5C1RN6cRbkKkeVo8GU4iQbF4cWrGiUazjKHSv4bPSMOdDuhOu7e6DFN/uK8s+Fr
TtJ4WdXTrYz8kNwEwsd7/tilONibKiRUoTLfZesYSbIWuHkszyM5UV71awIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGF21YQvWElbmD2HvWDLdwwG+8vrMB8GA1UdIwQY
MBaAFFQLY9Gdhuo0XJtfFpMAw6KdTDHEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkF0ajBaMkc2alJjbTE4V2t3RERvcDFNTWNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kOTg0NzItZjBiNy00ZGYzLTkyNWIt
MDAwNGIyNzQ2MzBiLzEvWVhiVmhDOVlTVnVZUFllOVlNdDNEQWI3eS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kOTg0NzItZjBiNy00ZGYzLTkyNWItMDAwNGIyNzQ2MzBi
LzEvVkF0ajBaMkc2alJjbTE4V2t3RERvcDFNTWNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJRKIAwQD
Lh/IAwQCuTBMMA0EAgACMAcDBQMqBLJAMA0GCSqGSIb3DQEBCwUAA4IBAQAqOZzm
RetkA+TsqHchU+emcOGq1Q2uTY0ISZbFUQI9ULUQAJ4sqZC1TqQVrfgsJa2Yr6F4
CpEFoUUTirRcqQd5Z2w7VxOu93/lcbetaHd5dKq/ckPt58UBBkzwIC9MoFVR/bt1
+3sqmtYoqBBdA5dzkyPCB45fl/c1fC7ysECYx4sxXv+CE38n2NxvZHD0lV0kaAit
Fc+faYdgYOR3AiOnYo91nG68NHjl+DBrTwXbLPxr7h3ljZLXhT/tuuVHQ5et5CNf
ESeROLOkmV9+J280V3XYjc53FSrCNf1z/oqhlFl+9GhJlG44ufII7D5qDJR44Lqc
Cvik9b3XpIEBCTBo
-----END CERTIFICATE-----
Generated at Mon Jan 1 19:27:51 2024 by rpki-client on console-fra.rpki-client.org