Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/RB9AKaNngnOGGZqTCDNxxTzvn-U.roa
File: RB9AKaNngnOGGZqTCDNxxTzvn-U.roa (raw, json)
Hash identifier: pY1W9el+o96vqJRlRD5dz2vLccCo2VOmkGYoFLrPwgU=
Subject key identifier: 44:1F:40:29:A3:67:82:73:86:19:9A:93:08:33:71:C5:3C:EF:9F:E5
Certificate issuer: /CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Certificate serial: 018B087EB6373E06CDF3D13D47659AD21B96
Authority key identifier: 81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/RB9AKaNngnOGGZqTCDNxxTzvn-U.roa
Signing time: Sat 07 Oct 2023 04:56:43 +0000
ROA not before: Sat 07 Oct 2023 04:56:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 83.147.40.0/22 maxlen: 24
83.147.61.0/24 maxlen: 24
83.147.4.0/22 maxlen: 24
83.147.0.0/22 maxlen: 24
83.147.13.0/24 maxlen: 24
83.147.14.0/24 maxlen: 24
83.147.20.0/23 maxlen: 24
83.147.23.0/24 maxlen: 24
83.147.28.0/22 maxlen: 24
Validation: Failed, certificate revoked on Tue 10 Oct 2023 04:32:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:08:7e:b6:37:3e:06:cd:f3:d1:3d:47:65:9a:d2:1b:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8193ffe9db37626b13f85d7cc457aad5c1f30c9f
Validity
Not Before: Oct 7 04:56:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=441f4029a367827386199a93083371c53cef9fe5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:85:2b:f0:6a:93:e1:26:fa:b7:e9:de:8e:23:
d7:33:43:54:3d:52:63:1f:9b:6e:51:39:6d:73:94:
fd:ea:ee:f6:1d:84:6f:af:10:ea:7d:7f:d0:79:b9:
5b:fe:96:db:ad:73:49:ff:a9:67:07:98:cd:2d:09:
b9:30:60:68:e6:7d:57:67:85:25:12:8f:c9:be:9e:
9d:16:a4:fb:aa:53:ff:38:76:12:e6:c9:a1:49:61:
b3:06:48:7a:5a:6c:3c:92:31:02:93:91:2a:ec:65:
1c:66:9b:fc:ed:2d:ad:01:89:55:66:03:a0:4b:fb:
b4:66:b5:d1:e8:b7:1f:3a:2d:26:c6:13:2d:cd:d0:
21:a7:ee:2e:39:1c:b6:39:12:bd:f8:bc:39:84:e9:
1b:84:be:cd:e3:39:7f:74:57:bc:5b:38:65:a9:94:
1e:c8:29:c0:5f:53:be:25:1d:5e:ed:e0:ee:c4:0f:
a8:e5:68:95:7e:5a:2a:82:30:9b:56:8f:5f:1b:3b:
62:f0:a4:96:3e:24:37:ff:e2:f5:68:99:6c:9d:20:
1a:36:05:01:2c:07:af:99:a9:ff:26:43:42:68:61:
93:43:05:00:ea:22:35:27:ab:10:b1:76:71:58:f3:
58:51:24:d7:d3:05:0b:21:44:8d:70:7a:7a:6e:c4:
4e:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:1F:40:29:A3:67:82:73:86:19:9A:93:08:33:71:C5:3C:EF:9F:E5
X509v3 Authority Key Identifier:
keyid:81:93:FF:E9:DB:37:62:6B:13:F8:5D:7C:C4:57:AA:D5:C1:F3:0C:9F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gZP_6ds3YmsT-F18xFeq1cHzDJ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/RB9AKaNngnOGGZqTCDNxxTzvn-U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/76bc1e-b6f4-408a-bb89-08d1270c2e71/1/gZP_6ds3YmsT-F18xFeq1cHzDJ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.147.0.0/21
83.147.13.0-83.147.14.255
83.147.20.0/23
83.147.23.0/24
83.147.28.0/22
83.147.40.0/22
83.147.61.0/24
Signature Algorithm: sha256WithRSAEncryption
bb:43:a1:c7:fb:6a:df:0a:6e:0d:b3:e1:2f:c8:53:e9:c6:a9:
5a:c9:a7:4d:0b:89:d0:ad:77:37:0a:7d:61:28:d0:76:c7:98:
fe:5f:f2:7b:77:ac:02:79:16:62:6e:d8:03:46:99:ee:df:5e:
ee:b5:08:3b:cf:ef:71:e5:8b:12:5d:48:71:d7:fa:16:85:17:
e8:5c:10:b2:b0:95:94:4e:41:9b:e7:e9:1a:f6:54:6f:10:83:
52:a8:12:a1:a5:13:66:7e:2f:b4:db:f2:48:b6:ab:37:f7:81:
0a:5b:e8:e6:c9:e3:75:e9:0d:88:ab:4d:73:79:7c:ba:55:0a:
40:f9:00:61:da:e8:43:01:7c:90:2a:b2:cc:e8:7a:56:9a:4f:
33:bb:92:b0:68:25:48:2e:54:9f:64:11:f3:38:73:78:dd:d9:
3b:5b:50:37:a2:3d:dc:de:57:35:d3:7c:ff:3c:ba:bb:73:2a:
c7:3a:28:1d:4e:4a:9b:62:c8:3e:11:46:11:a8:d6:ce:22:c8:
81:6b:e3:c9:78:28:41:f7:f8:04:25:6c:57:0e:25:36:a6:c9:
6f:31:4d:e9:e1:44:8b:22:99:93:37:09:7b:e1:49:1b:cf:96:
b4:17:85:b9:b2:f9:b1:13:33:d0:13:5d:77:da:8a:eb:81:3f:
44:18:02:f5
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYsIfrY3PgbN89E9R2Wa0huWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxOTNmZmU5ZGIzNzYyNmIxM2Y4NWQ3Y2M0NTdhYWQ1YzFm
MzBjOWYwHhcNMjMxMDA3MDQ1NjQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDFmNDAyOWEzNjc4MjczODYxOTlhOTMwODMzNzFjNTNjZWY5ZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmoUr8GqT4Sb6t+nejiPXM0NUPVJj
H5tuUTltc5T96u72HYRvrxDqfX/Qeblb/pbbrXNJ/6lnB5jNLQm5MGBo5n1XZ4Ul
Eo/Jvp6dFqT7qlP/OHYS5smhSWGzBkh6Wmw8kjECk5Eq7GUcZpv87S2tAYlVZgOg
S/u0ZrXR6LcfOi0mxhMtzdAhp+4uORy2ORK9+Lw5hOkbhL7N4zl/dFe8WzhlqZQe
yCnAX1O+JR1e7eDuxA+o5WiVfloqgjCbVo9fGzti8KSWPiQ3/+L1aJlsnSAaNgUB
LAevman/JkNCaGGTQwUA6iI1J6sQsXZxWPNYUSTX0wULIUSNcHp6bsROgwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFEQfQCmjZ4JzhhmakwgzccU875/lMB8GA1UdIwQY
MBaAFIGT/+nbN2JrE/hdfMRXqtXB8wyfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODkt
MDhkMTI3MGMyZTcxLzEvUkI5QUthTm5nbk9HR1pxVENETnh4VHp2bi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy83NmJjMWUtYjZmNC00MDhhLWJiODktMDhkMTI3MGMyZTcx
LzEvZ1pQXzZkczNZbXNULUYxOHhGZXExY0h6REo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQDU5MAMAwD
BABTkw0DBABTkw4DBAFTkxQDBABTkxcDBAJTkxwDBAJTkygDBABTkz0wDQYJKoZI
hvcNAQELBQADggEBALtDocf7at8Kbg2z4S/IU+nGqVrJp00LidCtdzcKfWEo0HbH
mP5f8nt3rAJ5FmJu2ANGme7fXu61CDvP73HlixJdSHHX+haFF+hcELKwlZROQZvn
6Rr2VG8Qg1KoEqGlE2Z+L7Tb8ki2qzf3gQpb6ObJ43XpDYirTXN5fLpVCkD5AGHa
6EMBfJAqsszoelaaTzO7krBoJUguVJ9kEfM4c3jd2TtbUDeiPdzeVzXTfP88urtz
Ksc6KB1OSptiyD4RRhGo1s4iyIFr48l4KEH3+AQlbFcOJTamyW8xTenhRIsimZM3
CXvhSRvPlrQXhbmy+bETM9ATXXfaiuuBP0QYAvU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:01 2024 by rpki-client on console-ams.rpki-client.org