Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/oJb87oIXbF4wk_plyOuYgIHbUq0.roa
File: oJb87oIXbF4wk_plyOuYgIHbUq0.roa (raw, json)
Hash identifier: gcsrOdlJbr4meNh9+hheaHstJ7UJQHKxFYb+YcGHj7g=
Subject key identifier: A0:96:FC:EE:82:17:6C:5E:30:93:FA:65:C8:EB:98:80:81:DB:52:AD
Certificate issuer: /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial: 018BF25C5E53BF1D1D0CBDE3D1CFAF751E4D
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/oJb87oIXbF4wk_plyOuYgIHbUq0.roa
Signing time: Tue 21 Nov 2023 14:50:21 +0000
ROA not before: Tue 21 Nov 2023 14:50:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25091
IP address blocks: 46.20.240.0/20 maxlen: 24
185.60.52.0/22 maxlen: 24
85.8.128.0/24 maxlen: 24
5.144.32.0/21 maxlen: 24
2a02:2528::/29 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f2:5c:5e:53:bf:1d:1d:0c:bd:e3:d1:cf:af:75:1e:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Validity
Not Before: Nov 21 14:50:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a096fcee82176c5e3093fa65c8eb988081db52ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:19:2c:99:91:6f:6a:fb:c1:d0:49:8a:45:d8:
9f:64:2b:18:24:89:9a:75:15:4f:5a:9b:74:3c:80:
7b:29:74:e6:14:0b:eb:b2:c3:da:59:67:3e:70:cd:
6d:c0:3e:00:6e:b1:79:eb:f6:d9:98:e9:35:7b:0d:
ca:aa:e9:6f:22:e7:cd:e7:7d:95:bb:77:19:fe:ab:
3f:f2:56:74:0a:5d:a9:d4:3c:6d:bd:72:38:48:ca:
85:6a:ed:2b:09:d6:8c:56:2c:51:d4:f4:fa:21:37:
8e:ab:8c:e3:f7:70:3d:d6:d6:eb:ee:70:5b:f0:34:
d6:be:06:89:08:1f:57:62:c0:7b:65:5d:d0:92:e1:
10:1e:64:3d:09:d2:5f:93:b1:0a:75:85:a1:95:05:
bc:30:3b:79:b8:ce:a9:89:01:a3:7b:af:12:06:d3:
92:a6:ff:ea:aa:c7:0c:db:94:05:63:97:e2:c7:6e:
0c:0a:18:52:f1:70:e0:35:34:f3:51:b1:26:a9:d0:
a2:67:45:be:ca:e5:b1:ba:cb:81:64:b0:75:28:d2:
f8:0e:bf:ca:25:96:fd:3f:ac:e7:94:e2:40:f2:1d:
8b:4e:db:ea:06:bd:82:15:15:ab:36:d9:81:f8:e7:
e0:b2:6e:b3:06:9c:1a:9d:1a:06:66:36:49:73:ca:
ec:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:96:FC:EE:82:17:6C:5E:30:93:FA:65:C8:EB:98:80:81:DB:52:AD
X509v3 Authority Key Identifier:
keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/oJb87oIXbF4wk_plyOuYgIHbUq0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.144.32.0/21
46.20.240.0/20
85.8.128.0/24
185.60.52.0/22
IPv6:
2a02:2528::/29
Signature Algorithm: sha256WithRSAEncryption
2a:6a:74:67:54:4e:6c:61:e1:7f:ef:75:44:fb:fb:a4:7b:9b:
e2:e8:5c:89:6b:fe:f0:cd:b6:35:15:49:8b:33:d2:85:43:19:
a9:9e:b2:43:01:9a:f4:94:54:16:70:45:1e:cc:e3:4e:d3:98:
ff:15:5f:34:83:43:bc:f8:e1:fd:de:a8:ed:cb:97:68:8f:38:
4e:f3:5e:a3:60:71:4d:c0:2d:ca:3c:a5:86:b8:76:41:8f:36:
c5:0d:c4:bc:ef:48:1d:dc:69:2e:cd:44:06:99:41:f1:e7:a4:
32:6f:58:57:04:14:db:87:a8:07:f4:5c:3a:ab:0b:96:0f:64:
e2:cf:37:5f:f1:15:7b:9f:68:7b:5a:a0:67:ef:69:bd:d9:c9:
0e:17:ce:42:2e:aa:5a:4a:84:bb:61:e3:64:9a:cb:75:dd:29:
08:7c:bc:50:d6:ea:2f:64:85:d4:27:da:2b:09:85:0c:17:b9:
33:9f:1d:73:9f:ad:fd:b0:20:86:fc:af:3e:aa:28:96:82:e2:
2b:6a:a9:65:d4:f9:ee:21:65:a7:e9:2b:bb:bd:94:10:b4:c4:
23:ea:fb:47:b9:33:11:d7:30:27:a3:5f:77:c2:9c:eb:e7:ca:
be:83:4d:68:4c:6e:81:a1:a6:5a:aa:14:dd:5c:b0:4a:76:1f:
34:f2:ff:0c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYvyXF5Tvx0dDL3j0c+vdR5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjMxMTIxMTQ1MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk2ZmNlZTgyMTc2YzVlMzA5M2ZhNjVjOGViOTg4MDgxZGI1MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBksmZFvavvB0EmKRdifZCsYJIma
dRVPWpt0PIB7KXTmFAvrssPaWWc+cM1twD4AbrF56/bZmOk1ew3KqulvIufN532V
u3cZ/qs/8lZ0Cl2p1DxtvXI4SMqFau0rCdaMVixR1PT6ITeOq4zj93A91tbr7nBb
8DTWvgaJCB9XYsB7ZV3QkuEQHmQ9CdJfk7EKdYWhlQW8MDt5uM6piQGje68SBtOS
pv/qqscM25QFY5fix24MChhS8XDgNTTzUbEmqdCiZ0W+yuWxusuBZLB1KNL4Dr/K
JZb9P6znlOJA8h2LTtvqBr2CFRWrNtmB+Ofgsm6zBpwanRoGZjZJc8rspQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKCW/O6CF2xeMJP6ZcjrmICB21KtMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvb0piODdvSVhiRjR3a19wbHlPdVlnSUhiVXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDBZAgAwQE
LhTwAwQAVQiAAwQCuTw0MA0EAgACMAcDBQMqAiUoMA0GCSqGSIb3DQEBCwUAA4IB
AQAqanRnVE5sYeF/73VE+/uke5vi6FyJa/7wzbY1FUmLM9KFQxmpnrJDAZr0lFQW
cEUezONO05j/FV80g0O8+OH93qjty5dojzhO816jYHFNwC3KPKWGuHZBjzbFDcS8
70gd3GkuzUQGmUHx56Qyb1hXBBTbh6gH9Fw6qwuWD2Tizzdf8RV7n2h7WqBn72m9
2ckOF85CLqpaSoS7YeNkmst13SkIfLxQ1uovZIXUJ9orCYUMF7kznx1zn639sCCG
/K8+qiiWguIraqll1PnuIWWn6Su7vZQQtMQj6vtHuTMR1zAno193wpzr58q+g01o
TG6BoaZaqhTdXLBKdh808v8M
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:23:27 2024 by rpki-client on console-ams.rpki-client.org