Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/h5sYZmG_46Mkp9qPtp3yANvjZA8.roa
File: h5sYZmG_46Mkp9qPtp3yANvjZA8.roa (raw, json)
Hash identifier: H4fAdH0T5u6PLvg4Cx7RNe6MlhLGSrBJ+cP9pIJ2enk=
Subject key identifier: 87:9B:18:66:61:BF:E3:A3:24:A7:DA:8F:B6:9D:F2:00:DB:E3:64:0F
Certificate issuer: /CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
Certificate serial: 01856E2FBAF88B1D265E528EA8D5F4F47C71
Authority key identifier: CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/h5sYZmG_46Mkp9qPtp3yANvjZA8.roa
Signing time: Sun 01 Jan 2023 16:34:59 +0000
ROA not before: Sun 01 Jan 2023 16:34:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31655
IP address blocks: 88.215.0.0/18 maxlen: 29
89.213.16.0/20 maxlen: 24
89.213.32.0/21 maxlen: 24
213.218.192.0/20 maxlen: 24
5.2.96.0/19 maxlen: 24
195.162.96.0/19 maxlen: 24
185.21.208.0/22 maxlen: 24
89.213.8.0/21 maxlen: 24
80.252.64.0/20 maxlen: 24
185.4.196.0/22 maxlen: 24
188.66.64.0/18 maxlen: 24
5.144.156.0/22 maxlen: 24
2a02:c1c0::/29 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:ba:f8:8b:1d:26:5e:52:8e:a8:d5:f4:f4:7c:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cbdfce3a5355f861fdc48c32012c78c9daf9a5a4
Validity
Not Before: Jan 1 16:34:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=879b186661bfe3a324a7da8fb69df200dbe3640f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:5f:b6:bf:ea:29:cd:12:d5:1d:31:51:16:80:
a1:36:62:fb:dd:a3:11:31:55:b3:7f:61:da:3a:42:
de:d3:7c:13:2f:c7:f4:a4:6c:32:ad:f2:bb:36:4e:
2d:da:8c:9f:2a:38:df:ac:78:50:57:56:32:75:3b:
60:ac:c0:39:aa:9d:b8:c6:03:e0:3a:48:e8:bc:11:
46:58:4c:64:90:19:37:40:67:b9:42:e6:63:e8:be:
85:61:06:fe:f3:37:ee:1d:2d:c9:34:38:5e:91:96:
f6:1c:77:2b:65:a5:38:44:7e:c4:88:5c:89:41:41:
a0:74:47:1c:4e:75:77:85:b0:cc:b6:c4:93:3c:6a:
8f:78:48:b9:c8:0e:99:46:88:b3:26:b9:b4:21:ed:
f5:ac:a9:71:d7:bb:ab:66:4a:80:91:ce:10:82:6e:
7a:78:52:00:01:8e:30:ac:f0:65:fe:dc:6d:2c:ab:
f5:f4:7e:fd:c6:a4:fa:25:54:7d:88:6e:30:ee:e3:
65:58:23:7e:cc:d6:a4:6f:3d:a9:0d:c3:97:18:b0:
3e:4a:7b:dd:74:c4:dc:ec:32:4d:35:49:32:d5:51:
dd:fe:27:80:5b:d7:f9:9b:6d:36:2a:c6:ba:7d:5f:
08:2b:76:dc:c8:5d:10:96:28:d6:c3:b7:36:6e:b0:
0f:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:9B:18:66:61:BF:E3:A3:24:A7:DA:8F:B6:9D:F2:00:DB:E3:64:0F
X509v3 Authority Key Identifier:
keyid:CB:DF:CE:3A:53:55:F8:61:FD:C4:8C:32:01:2C:78:C9:DA:F9:A5:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9_OOlNV-GH9xIwyASx4ydr5paQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/h5sYZmG_46Mkp9qPtp3yANvjZA8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/74a1b5-3c2e-48e2-90fd-b49d89e30ddd/1/y9_OOlNV-GH9xIwyASx4ydr5paQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.2.96.0/19
5.144.156.0/22
80.252.64.0/20
88.215.0.0/18
89.213.8.0-89.213.39.255
185.4.196.0/22
185.21.208.0/22
188.66.64.0/18
195.162.96.0/19
213.218.192.0/20
IPv6:
2a02:c1c0::/29
Signature Algorithm: sha256WithRSAEncryption
44:da:f5:15:2e:0b:55:61:18:e8:39:a9:c4:a3:66:f7:96:ad:
5f:4a:08:a9:dd:8b:41:58:23:51:c0:ad:56:8d:94:bd:21:cf:
21:60:88:f1:99:9f:e7:ce:b9:26:5d:1b:ae:fe:3e:7f:cb:eb:
23:71:f2:04:e9:a7:29:02:5c:e0:22:1a:5b:eb:75:78:d7:16:
16:57:e0:9f:d3:66:5f:69:4a:d1:c0:ff:7a:13:8d:1c:38:d3:
ab:d3:33:7e:cb:e2:03:a2:3a:a6:ba:89:39:22:32:78:ff:f8:
0d:3e:78:22:34:1c:d5:43:13:ab:c2:cc:4b:26:e2:92:13:e4:
d3:9a:cb:dd:fb:5a:aa:49:95:da:69:c3:e1:5d:e8:a9:38:c4:
8b:16:8b:f2:d9:ad:be:dc:d8:79:7c:41:71:0f:3a:18:10:e9:
3b:fc:a8:81:4d:3b:f8:11:e3:96:b3:cc:60:96:51:27:e8:34:
34:ac:4c:f4:bf:da:9f:52:75:a0:4f:22:af:c0:29:59:cb:0e:
e8:29:6e:f2:d0:53:d5:ca:77:ed:02:59:03:3b:98:c8:ec:0a:
a9:34:21:47:a8:10:a0:3f:dd:4b:2e:78:61:9d:ba:10:aa:0b:
ed:f4:a4:8b:9a:32:34:13:2a:fb:af:78:30:b4:75:ea:34:5f:
68:0a:e4:4b
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgISAYVuL7r4ix0mXlKOqNX09HxxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZGZjZTNhNTM1NWY4NjFmZGM0OGMzMjAxMmM3OGM5ZGFm
OWE1YTQwHhcNMjMwMTAxMTYzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzliMTg2NjYxYmZlM2EzMjRhN2RhOGZiNjlkZjIwMGRiZTM2NDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl+2v+opzRLVHTFRFoChNmL73aMR
MVWzf2HaOkLe03wTL8f0pGwyrfK7Nk4t2oyfKjjfrHhQV1YydTtgrMA5qp24xgPg
OkjovBFGWExkkBk3QGe5QuZj6L6FYQb+8zfuHS3JNDhekZb2HHcrZaU4RH7EiFyJ
QUGgdEccTnV3hbDMtsSTPGqPeEi5yA6ZRoizJrm0Ie31rKlx17urZkqAkc4Qgm56
eFIAAY4wrPBl/txtLKv19H79xqT6JVR9iG4w7uNlWCN+zNakbz2pDcOXGLA+Snvd
dMTc7DJNNUky1VHd/ieAW9f5m202Ksa6fV8IK3bcyF0QlijWw7c2brAPdQIDAQAB
o4ICVjCCAlIwHQYDVR0OBBYEFIebGGZhv+OjJKfaj7ad8gDb42QPMB8GA1UdIwQY
MBaAFMvfzjpTVfhh/cSMMgEseMna+aWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQt
YjQ5ZDg5ZTMwZGRkLzEvaDVzWVptR180Nk1rcDlxUHRwM3lBTnZqWkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi83NGExYjUtM2MyZS00OGUyLTkwZmQtYjQ5ZDg5ZTMwZGRk
LzEveTlfT09sTlYtR0g5eEl3eUFTeDR5ZHI1cGFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGwGCCsGAQUFBwEHAQH/BF0wWzBKBAIAATBEAwQFBQJgAwQC
BZCcAwQEUPxAAwQGWNcAMAwDBANZ1QgDBANZ1SADBAK5BMQDBAK5FdADBAa8QkAD
BAXDomADBATV2sAwDQQCAAIwBwMFAyoCwcAwDQYJKoZIhvcNAQELBQADggEBAETa
9RUuC1VhGOg5qcSjZveWrV9KCKndi0FYI1HArVaNlL0hzyFgiPGZn+fOuSZdG67+
Pn/L6yNx8gTppykCXOAiGlvrdXjXFhZX4J/TZl9pStHA/3oTjRw406vTM37L4gOi
Oqa6iTkiMnj/+A0+eCI0HNVDE6vCzEsm4pIT5NOay937WqpJldppw+Fd6Kk4xIsW
i/LZrb7c2Hl8QXEPOhgQ6Tv8qIFNO/gR45azzGCWUSfoNDSsTPS/2p9SdaBPIq/A
KVnLDugpbvLQU9XKd+0CWQM7mMjsCqk0IUeoEKA/3UsueGGduhCqC+30pIuaMjQT
KvuveDC0deo0X2gK5Es=
-----END CERTIFICATE-----
Generated at Mon Jan 1 06:31:53 2024 by rpki-client on console-fra.rpki-client.org