Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/lVQh6tfSOAbd-jC3gasBjxzVGUA.roa
File: lVQh6tfSOAbd-jC3gasBjxzVGUA.roa (raw, json)
Hash identifier: zPRRMuVM+8pKZvM29wOcpmFgahQNQse+21oPI4NNe7g=
Subject key identifier: 95:54:21:EA:D7:D2:38:06:DD:FA:30:B7:81:AB:01:8F:1C:D5:19:40
Certificate issuer: /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial: 018572D5BB3EAD51EFA508D7B75E06DF889B
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/lVQh6tfSOAbd-jC3gasBjxzVGUA.roa
Signing time: Mon 02 Jan 2023 14:14:47 +0000
ROA not before: Mon 02 Jan 2023 14:14:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3257
IP address blocks: 185.85.76.0/22 maxlen: 22
91.190.168.0/21 maxlen: 21
5.63.24.0/21 maxlen: 21
2a02:798::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:d5:bb:3e:ad:51:ef:a5:08:d7:b7:5e:06:df:88:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
Validity
Not Before: Jan 2 14:14:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=955421ead7d23806ddfa30b781ab018f1cd51940
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:fd:b0:19:d7:4f:60:ee:ca:8e:63:b4:af:37:
a9:3c:0b:01:30:8b:f3:3b:5b:c0:e4:e0:9c:6e:3a:
05:1a:c1:c0:32:27:95:0c:10:5b:04:d8:85:36:1a:
bd:e6:15:d4:4a:7d:c8:a5:28:44:24:7b:ee:5a:26:
97:80:93:44:3b:5f:d2:a9:19:05:36:18:7f:81:45:
67:03:fe:93:d6:ba:04:f5:ab:dd:15:8a:a7:13:6c:
ec:e0:90:d3:02:80:0f:f0:09:9e:5a:09:ca:fb:34:
d5:8b:98:35:ea:3b:fb:34:03:c7:3d:28:61:16:ca:
16:21:fb:b0:7f:3b:9d:cc:95:0f:47:a3:1e:8b:81:
94:72:44:11:29:f1:20:05:ff:93:d7:83:89:6a:f3:
6b:e6:a9:8f:e2:ad:93:d7:79:11:17:e0:3f:5f:57:
70:5a:c6:b9:56:51:28:fc:89:f9:a9:b1:85:36:60:
2d:ae:59:c6:cd:56:4d:49:2f:f1:4f:fc:9c:f7:2c:
29:01:c2:5d:0b:3a:7c:55:0b:27:ac:52:89:f7:63:
a5:ed:ec:58:2f:ea:3a:dc:62:49:4f:13:3f:b9:45:
31:63:a8:b4:87:9e:03:07:14:aa:22:b4:28:1f:7a:
39:5c:f9:0f:33:2a:7f:11:2b:c6:a0:a5:46:09:20:
52:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:54:21:EA:D7:D2:38:06:DD:FA:30:B7:81:AB:01:8F:1C:D5:19:40
X509v3 Authority Key Identifier:
keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/lVQh6tfSOAbd-jC3gasBjxzVGUA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.24.0/21
91.190.168.0/21
185.85.76.0/22
IPv6:
2a02:798::/32
Signature Algorithm: sha256WithRSAEncryption
25:a3:a3:f9:19:67:c1:21:35:a7:d0:c7:5a:a5:41:91:4d:b4:
c3:52:ce:07:c5:9b:69:6b:10:76:1a:b3:bb:e4:1e:20:46:7b:
d4:0a:1c:7c:ac:cb:b4:63:62:47:80:4e:13:29:67:37:53:ae:
c0:74:13:d7:97:54:33:8f:a8:04:95:9a:79:fe:95:e6:56:7d:
48:d3:d3:10:74:80:5f:c2:f8:64:cb:52:c2:e8:ef:51:a2:ac:
40:ee:62:cf:70:58:60:dd:08:ae:9b:f3:e0:1c:ab:25:dc:29:
b9:8c:6c:d0:a6:76:8a:e5:0f:a9:96:6d:a5:0c:09:ff:ce:9c:
8d:11:09:38:22:32:ce:e3:b1:29:18:5a:dd:4e:c1:46:d9:1f:
dc:85:66:51:f0:8a:d2:f4:20:af:37:75:73:9f:55:7b:0e:26:
7e:fc:ca:1f:98:ba:ac:17:21:0b:78:7e:24:2a:bb:a9:68:d4:
b8:61:96:c3:b1:ef:b2:42:e9:c5:0e:d1:7a:5e:87:92:37:99:
a8:cb:50:bc:f1:37:e3:6a:79:95:b3:10:1d:00:5a:45:e7:d4:
47:34:07:6a:ca:9a:1d:1e:ec:54:a6:fc:36:47:88:fd:88:04:
b9:0c:6d:88:77:a6:b1:b6:17:90:fb:de:d5:69:d7:90:27:03:
8a:5a:d3:e8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVy1bs+rVHvpQjXt14G34ibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjMwMTAyMTQxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTU0MjFlYWQ3ZDIzODA2ZGRmYTMwYjc4MWFiMDE4ZjFjZDUxOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjf2wGddPYO7KjmO0rzepPAsBMIvz
O1vA5OCcbjoFGsHAMieVDBBbBNiFNhq95hXUSn3IpShEJHvuWiaXgJNEO1/SqRkF
Nhh/gUVnA/6T1roE9avdFYqnE2zs4JDTAoAP8AmeWgnK+zTVi5g16jv7NAPHPShh
FsoWIfuwfzudzJUPR6Mei4GUckQRKfEgBf+T14OJavNr5qmP4q2T13kRF+A/X1dw
Wsa5VlEo/In5qbGFNmAtrlnGzVZNSS/xT/yc9ywpAcJdCzp8VQsnrFKJ92Ol7exY
L+o63GJJTxM/uUUxY6i0h54DBxSqIrQoH3o5XPkPMyp/ESvGoKVGCSBS+wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJVUIerX0jgG3fowt4GrAY8c1RlAMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvbFZRaDZ0ZlNPQWJkLWpDM2dhc0JqeHpWR1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQAlo6P5
GWfBITWn0MdapUGRTbTDUs4HxZtpaxB2GrO75B4gRnvUChx8rMu0Y2JHgE4TKWc3
U67AdBPXl1Qzj6gElZp5/pXmVn1I09MQdIBfwvhky1LC6O9RoqxA7mLPcFhg3Qiu
m/PgHKsl3Cm5jGzQpnaK5Q+plm2lDAn/zpyNEQk4IjLO47EpGFrdTsFG2R/chWZR
8IrS9CCvN3Vzn1V7DiZ+/MofmLqsFyELeH4kKrupaNS4YZbDse+yQunFDtF6XoeS
N5moy1C88TfjanmVsxAdAFpF59RHNAdqypodHuxUpvw2R4j9iAS5DG2Id6axtheQ
+97VadeQJwOKWtPo
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:57:11 2024 by rpki-client on console-fra.rpki-client.org