Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/wh1647lfobGSCVMjGbRy_PKzYNQ.roa
File: wh1647lfobGSCVMjGbRy_PKzYNQ.roa (raw, json)
Hash identifier: DtKyGZKpeW4gKylZHki9F2Sw9Eo9iuxz4WKwWAL5Nqk=
Subject key identifier: C2:1D:7A:E3:B9:5F:A1:B1:92:09:53:23:19:B4:72:FC:F2:B3:60:D4
Certificate issuer: /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial: 018ADB526ED2D647C450F61D51FF38D3192C
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/wh1647lfobGSCVMjGbRy_PKzYNQ.roa
Signing time: Thu 28 Sep 2023 10:25:27 +0000
ROA not before: Thu 28 Sep 2023 10:25:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49040
IP address blocks: 109.160.56.0/24 maxlen: 24
109.160.59.0/24 maxlen: 24
78.108.246.0/24 maxlen: 24
78.108.245.0/24 maxlen: 24
78.108.244.0/24 maxlen: 24
83.222.160.0/24 maxlen: 24
83.222.172.0/24 maxlen: 24
83.222.170.0/24 maxlen: 24
83.222.167.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:db:52:6e:d2:d6:47:c4:50:f6:1d:51:ff:38:d3:19:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
Validity
Not Before: Sep 28 10:25:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c21d7ae3b95fa1b19209532319b472fcf2b360d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:f3:9e:69:1f:30:30:90:47:cc:0f:fe:0b:d6:
e7:98:7a:37:a0:db:a1:6b:a0:fa:6c:95:fc:85:94:
09:d7:e7:63:56:08:bb:c3:3c:50:bd:0d:0d:28:ff:
42:6e:a3:e1:9f:98:11:dc:f9:d8:d4:57:cd:3a:9d:
4f:0a:84:86:8a:6f:ff:8c:9a:dd:43:12:4f:49:98:
33:1c:01:69:2f:55:dd:cc:1d:47:37:09:0d:45:b1:
71:8c:d6:69:25:20:2a:49:f0:4f:9a:a7:32:9a:d4:
3c:3b:42:49:54:d8:a1:02:22:ed:c5:b3:04:6b:b9:
10:63:4d:0d:91:a1:04:2a:eb:ec:7d:e9:e2:e7:52:
ae:74:6e:bc:40:7f:dc:ed:54:89:90:db:2e:e1:4d:
4f:ac:ed:87:80:89:21:52:df:23:88:d2:93:76:c4:
78:55:1d:88:de:2a:79:16:54:91:29:8b:84:8b:6d:
c7:f5:ff:f4:78:90:04:35:83:62:d1:05:83:29:44:
92:be:79:32:4e:c6:1a:7b:98:7a:51:cc:5c:9c:23:
04:8f:ba:71:f5:70:d8:b8:1f:f2:bb:22:04:a5:4f:
1a:70:7a:95:2b:b2:6f:92:85:a9:cf:e9:87:d6:4d:
d6:26:73:10:41:e2:fa:31:84:45:9b:5c:11:98:8c:
70:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:1D:7A:E3:B9:5F:A1:B1:92:09:53:23:19:B4:72:FC:F2:B3:60:D4
X509v3 Authority Key Identifier:
keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/wh1647lfobGSCVMjGbRy_PKzYNQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.108.244.0-78.108.246.255
83.222.160.0/24
83.222.167.0/24
83.222.170.0/24
83.222.172.0/24
109.160.56.0/24
109.160.59.0/24
Signature Algorithm: sha256WithRSAEncryption
02:16:6a:a8:bc:9c:bd:9f:88:0f:1c:cb:7c:81:c0:cd:98:87:
3b:43:7e:78:51:a1:dd:69:bd:d3:1c:2f:b0:0d:4c:33:e6:d2:
c3:75:ad:af:c3:40:c1:8e:04:54:d9:1f:97:81:5e:9d:21:8d:
20:d0:67:7a:ce:12:d4:0f:71:92:90:d7:ac:2e:62:eb:b4:5e:
6d:59:bb:ec:7e:4c:9f:fe:6b:fe:c0:28:56:3d:7f:b5:61:42:
7a:a5:fd:8c:80:94:be:a1:23:04:57:06:df:2f:3c:66:6a:56:
f1:e6:86:6a:8c:b1:b2:04:30:f1:b0:d2:84:0a:2c:17:3f:1b:
69:23:eb:0a:87:2d:d8:4d:6d:31:8f:d6:e5:3a:d3:d6:a5:de:
65:0d:fd:85:bc:25:29:f1:10:d5:d6:c1:e2:27:66:d3:41:15:
4c:df:f9:1e:02:70:6a:41:4d:0e:cb:96:30:21:24:a7:e8:f1:
27:8b:83:0f:24:97:00:33:21:89:84:32:54:68:68:95:59:bf:
45:2d:2c:e6:14:4c:fe:22:96:b1:a0:96:22:22:a8:25:c7:67:
5e:b5:e6:f2:f7:19:fe:58:6f:af:13:66:1c:98:6a:13:cc:d4:
52:1a:ab:57:4d:18:62:61:08:c8:cc:8a:bf:68:d9:04:f6:8c:
3b:4b:83:81
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYrbUm7S1kfEUPYdUf840xksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjMwOTI4MTAyNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFkN2FlM2I5NWZhMWIxOTIwOTUzMjMxOWI0NzJmY2YyYjM2MGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvOeaR8wMJBHzA/+C9bnmHo3oNuh
a6D6bJX8hZQJ1+djVgi7wzxQvQ0NKP9CbqPhn5gR3PnY1FfNOp1PCoSGim//jJrd
QxJPSZgzHAFpL1XdzB1HNwkNRbFxjNZpJSAqSfBPmqcymtQ8O0JJVNihAiLtxbME
a7kQY00NkaEEKuvsfeni51KudG68QH/c7VSJkNsu4U1PrO2HgIkhUt8jiNKTdsR4
VR2I3ip5FlSRKYuEi23H9f/0eJAENYNi0QWDKUSSvnkyTsYae5h6UcxcnCMEj7px
9XDYuB/yuyIEpU8acHqVK7JvkoWpz+mH1k3WJnMQQeL6MYRFm1wRmIxwZwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFMIdeuO5X6GxkglTIxm0cvzys2DUMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvd2gxNjQ3bGZvYkdTQ1ZNakdiUnlfUEt6WU5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAJObPQD
BABObPYDBABT3qADBABT3qcDBABT3qoDBABT3qwDBABtoDgDBABtoDswDQYJKoZI
hvcNAQELBQADggEBAAIWaqi8nL2fiA8cy3yBwM2YhztDfnhRod1pvdMcL7ANTDPm
0sN1ra/DQMGOBFTZH5eBXp0hjSDQZ3rOEtQPcZKQ16wuYuu0Xm1Zu+x+TJ/+a/7A
KFY9f7VhQnql/YyAlL6hIwRXBt8vPGZqVvHmhmqMsbIEMPGw0oQKLBc/G2kj6wqH
LdhNbTGP1uU609al3mUN/YW8JSnxENXWweInZtNBFUzf+R4CcGpBTQ7LljAhJKfo
8SeLgw8klwAzIYmEMlRoaJVZv0UtLOYUTP4ilrGgliIiqCXHZ1615vL3Gf5Yb68T
ZhyYahPM1FIaq1dNGGJhCMjMir9o2QT2jDtLg4E=
-----END CERTIFICATE-----
Generated at Mon Jan 1 17:15:02 2024 by rpki-client on console-ams.rpki-client.org