Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/f0Q1ZDqB9GCF6vxWWuYePvvVveo.roa
File: f0Q1ZDqB9GCF6vxWWuYePvvVveo.roa (raw, json)
Hash identifier: mC2vsWLDOteRHu/W8G6e78jqlbaB9MfrSnsGa3/b7j0=
Subject key identifier: 7F:44:35:64:3A:81:F4:60:85:EA:FC:56:5A:E6:1E:3E:FB:D5:BD:EA
Certificate issuer: /CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Certificate serial: 01856E38B587DEEEDCDC75E46B009E2E77A0
Authority key identifier: DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/f0Q1ZDqB9GCF6vxWWuYePvvVveo.roa
Signing time: Sun 01 Jan 2023 16:44:48 +0000
ROA not before: Sun 01 Jan 2023 16:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39138
IP address blocks: 31.172.0.0/18 maxlen: 24
185.148.248.0/22 maxlen: 24
83.243.0.0/21 maxlen: 24
195.182.2.0/24 maxlen: 24
31.172.96.0/21 maxlen: 24
2001:67c:194::/48 maxlen: 48
2a01:a700::/29 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:38:b5:87:de:ee:dc:dc:75:e4:6b:00:9e:2e:77:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Validity
Not Before: Jan 1 16:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7f4435643a81f46085eafc565ae61e3efbd5bdea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:26:c1:31:e0:c5:04:0d:11:d6:90:ab:f9:f5:
20:c8:9f:9d:da:ba:0b:26:58:53:3e:76:f5:af:7a:
06:3d:10:29:97:ec:51:b0:e8:eb:f7:f3:46:2d:3b:
c3:fe:da:22:c4:bb:1d:72:32:71:4b:78:00:a2:51:
75:21:d1:2b:35:ba:41:f6:a6:38:45:9a:8e:a7:8b:
38:01:aa:37:b9:a6:6b:26:1f:05:49:d6:f1:04:d7:
5c:08:8c:15:38:df:09:c2:63:43:cd:05:50:fe:94:
d7:f3:3d:c5:9a:26:55:cd:5d:c2:96:c3:63:5f:81:
90:83:c3:09:94:71:ff:05:12:19:e4:b3:ae:21:ea:
47:97:48:97:03:f5:2a:70:31:5c:1d:2b:b1:80:8f:
d1:09:8f:ec:9c:2c:ee:7e:9a:4a:ce:b8:6a:bd:e2:
ce:49:af:6a:0b:0d:46:2b:43:2d:12:7c:69:40:8c:
79:81:5a:92:19:6d:0a:52:51:23:77:7f:5e:a5:0d:
82:01:70:96:3d:0b:df:df:8d:2d:1d:b6:86:9c:b5:
d2:48:7f:6d:8e:fc:28:96:50:86:9c:1b:49:8d:64:
fe:8d:36:9e:91:ef:dd:73:54:20:1b:2b:bc:bb:92:
c2:4a:a9:60:0e:5e:d1:69:c7:0a:28:1b:b6:ab:c6:
2b:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:44:35:64:3A:81:F4:60:85:EA:FC:56:5A:E6:1E:3E:FB:D5:BD:EA
X509v3 Authority Key Identifier:
keyid:DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/f0Q1ZDqB9GCF6vxWWuYePvvVveo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.0.0/18
31.172.96.0/21
83.243.0.0/21
185.148.248.0/22
195.182.2.0/24
IPv6:
2001:67c:194::/48
2a01:a700::/29
Signature Algorithm: sha256WithRSAEncryption
b3:be:f9:a7:92:d9:89:17:79:9f:f0:58:5c:2c:26:db:92:47:
14:bd:26:ff:3b:39:c9:5a:26:90:af:ae:bf:61:4c:d3:b3:af:
05:a6:8d:05:d6:61:1c:42:26:94:47:0c:ee:03:3c:d8:82:bc:
f0:00:50:96:8d:9a:65:a6:78:4b:54:16:95:6a:de:49:ea:9a:
2d:11:09:37:90:4b:c7:3c:66:fa:c1:6a:51:b2:f3:9d:4f:b1:
e1:24:62:a6:da:7b:ac:1b:56:54:07:ab:95:61:16:06:11:da:
35:81:a1:65:e5:ee:f2:4a:3b:e6:4a:2a:8e:b8:f0:a0:7e:9e:
85:4d:11:02:fe:35:48:4c:12:18:4b:a9:ff:d2:96:9c:64:63:
a3:44:be:93:57:fe:ed:ba:c0:3c:30:c3:0a:d2:d5:ce:d7:fd:
6d:cb:33:f9:3d:2b:7b:72:a7:73:f7:2e:6a:25:1a:3f:7c:c6:
0f:cc:7c:5a:1c:66:1e:58:7e:32:78:99:4c:c5:94:2d:c7:93:
2e:0d:7d:06:e5:8b:87:8e:5e:a9:e7:2c:9d:25:d1:62:ee:f3:
28:23:1f:ff:0b:4e:3e:46:73:86:91:ad:35:60:16:31:aa:75:
3e:01:9c:d2:7b:24:fb:a2:7f:5c:a2:73:c9:e4:3e:06:ad:ab:
b4:e9:1e:9f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVuOLWH3u7c3HXkawCeLnegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMGJhNGY1NmU2ZjAzNzcyNTI4NjAzN2FmYzNjMTRjMjkz
YjliODIwHhcNMjMwMTAxMTY0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQ0MzU2NDNhODFmNDYwODVlYWZjNTY1YWU2MWUzZWZiZDViZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyybBMeDFBA0R1pCr+fUgyJ+d2roL
JlhTPnb1r3oGPRApl+xRsOjr9/NGLTvD/toixLsdcjJxS3gAolF1IdErNbpB9qY4
RZqOp4s4Aao3uaZrJh8FSdbxBNdcCIwVON8JwmNDzQVQ/pTX8z3FmiZVzV3ClsNj
X4GQg8MJlHH/BRIZ5LOuIepHl0iXA/UqcDFcHSuxgI/RCY/snCzufppKzrhqveLO
Sa9qCw1GK0MtEnxpQIx5gVqSGW0KUlEjd39epQ2CAXCWPQvf340tHbaGnLXSSH9t
jvwollCGnBtJjWT+jTaeke/dc1QgGyu8u5LCSqlgDl7RaccKKBu2q8YroQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFH9ENWQ6gfRgher8VlrmHj771b3qMB8GA1UdIwQY
MBaAFN8LpPVubwN3JShgN6/DwUwpO5uCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTIt
MzZjNjc4OTAwZjc5LzEvZjBRMVpEcUI5R0NGNnZ4V1d1WWVQdnZWdmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTItMzZjNjc4OTAwZjc5
LzEvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQGH6wAAwQD
H6xgAwQDU/MAAwQCuZT4AwQAw7YCMBYEAgACMBADBwAgAQZ8AZQDBQMqAacAMA0G
CSqGSIb3DQEBCwUAA4IBAQCzvvmnktmJF3mf8FhcLCbbkkcUvSb/OznJWiaQr66/
YUzTs68Fpo0F1mEcQiaURwzuAzzYgrzwAFCWjZplpnhLVBaVat5J6potEQk3kEvH
PGb6wWpRsvOdT7HhJGKm2nusG1ZUB6uVYRYGEdo1gaFl5e7ySjvmSiqOuPCgfp6F
TREC/jVITBIYS6n/0pacZGOjRL6TV/7tusA8MMMK0tXO1/1tyzP5PSt7cqdz9y5q
JRo/fMYPzHxaHGYeWH4yeJlMxZQtx5MuDX0G5YuHjl6p5yydJdFi7vMoIx//C04+
RnOGka01YBYxqnU+AZzSeyT7on9conPJ5D4Grau06R6f
-----END CERTIFICATE-----
Generated at Tue Jan 2 17:36:21 2024 by rpki-client on console-fra.rpki-client.org