Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/XJaPjlERlxVmn-JVgYYIgODfFck.roa
File: XJaPjlERlxVmn-JVgYYIgODfFck.roa (raw, json)
Hash identifier: lpcgW1VFWB/UL79NcZ0vL/aM6TXbyNnkCEP1x2k9U0s=
Subject key identifier: 5C:96:8F:8E:51:11:97:15:66:9F:E2:55:81:86:08:80:E0:DF:15:C9
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018898600FAEB26F3ED132E01ED19C5FF35B
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/XJaPjlERlxVmn-JVgYYIgODfFck.roa
Signing time: Thu 08 Jun 2023 00:20:12 +0000
ROA not before: Thu 08 Jun 2023 00:20:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 85.204.148.0/22 maxlen: 22
5.35.192.0/21 maxlen: 24
84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
62.112.0.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
91.232.136.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:98:60:0f:ae:b2:6f:3e:d1:32:e0:1e:d1:9c:5f:f3:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jun 8 00:20:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5c968f8e51119715669fe25581860880e0df15c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:75:60:50:fb:46:80:08:3d:37:f4:d9:73:99:
ed:46:51:9d:3b:b8:db:0c:78:96:98:5b:2f:4b:01:
74:f3:4b:6f:dc:25:be:81:69:82:16:95:20:e4:be:
b3:2c:ef:ad:10:80:e2:13:ea:a1:04:02:59:29:48:
cc:f3:d2:a8:78:d6:d3:ed:cf:d6:d0:c3:75:30:e9:
fc:8d:88:1e:c4:26:08:12:30:f4:f7:6a:a5:e4:5e:
68:fe:6e:6f:fa:e4:98:0b:e8:f0:2f:49:56:d9:81:
6b:2e:4c:41:40:9a:ea:8e:cb:19:14:d5:58:7d:df:
8c:79:00:f3:83:19:c4:03:1b:80:eb:06:7d:ef:c7:
18:bf:56:c7:4d:f8:b9:5b:94:20:34:e6:c2:d3:28:
22:89:b8:14:a5:ce:4b:2b:e8:42:56:07:9f:4e:68:
5f:4b:c8:5f:3a:10:84:60:56:26:e3:b7:74:f5:92:
24:31:8e:6f:f8:b3:a0:5c:0b:e9:9f:d7:e0:9e:13:
c2:50:0d:ce:36:86:08:9e:38:c8:59:d8:8c:fc:72:
de:54:6f:1d:c1:37:7c:e6:9b:d1:17:11:a3:e5:ff:
2c:5c:c0:91:44:7e:e5:ad:dc:a4:72:7e:ec:40:39:
51:e2:1a:ea:a8:a8:b2:4b:ee:8d:e8:5d:59:bd:99:
e8:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:96:8F:8E:51:11:97:15:66:9F:E2:55:81:86:08:80:E0:DF:15:C9
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/XJaPjlERlxVmn-JVgYYIgODfFck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.148.0/22
85.204.160.0/22
91.232.136.0/22
93.113.184.0/21
194.88.96.0/21
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
2d:b4:f7:01:5b:c5:eb:54:96:b9:41:f1:06:6f:62:ad:a3:f1:
41:c8:59:78:6a:41:3e:f8:93:bf:35:c4:02:ff:cf:5d:a3:f7:
6a:0a:87:44:ed:b5:4d:64:5c:10:d1:02:07:b2:2f:48:22:d5:
51:6f:5a:4b:ae:71:bd:a4:3d:b6:02:3f:49:45:35:6c:25:8b:
42:ed:e6:ae:64:d0:d2:2a:88:a1:45:0e:5a:5b:d0:07:b7:f5:
82:17:ab:25:d9:dc:6c:0e:e1:26:7e:de:fb:47:ca:1d:b4:6e:
b9:3c:bd:ac:d5:44:13:de:71:68:7c:2b:43:cf:2d:7c:97:31:
0f:a2:9c:a9:31:34:90:60:95:8d:ac:cb:7b:80:73:dc:eb:c1:
16:33:25:23:db:bb:ca:e2:1c:d4:3f:26:0c:4e:7c:11:97:34:
97:de:9c:06:a2:a2:4d:4c:88:a8:82:d3:58:31:6e:28:46:51:
c0:c1:24:e7:7e:0f:77:c4:87:19:c2:6a:e8:7c:9a:22:a1:31:
ef:18:4f:b8:55:ba:7f:ef:02:ea:bf:c7:5d:d5:20:3e:d1:a5:
1c:b9:ae:5b:a5:73:41:27:de:96:fa:53:ff:00:f6:ae:75:95:
a9:1c:c3:1d:49:c9:f2:72:8e:70:ee:4d:56:cc:90:12:01:ac:
3c:4e:8b:79
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYiYYA+usm8+0TLgHtGcX/NbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNjA4MDAyMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzk2OGY4ZTUxMTE5NzE1NjY5ZmUyNTU4MTg2MDg4MGUwZGYxNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3VgUPtGgAg9N/TZc5ntRlGdO7jb
DHiWmFsvSwF080tv3CW+gWmCFpUg5L6zLO+tEIDiE+qhBAJZKUjM89KoeNbT7c/W
0MN1MOn8jYgexCYIEjD092ql5F5o/m5v+uSYC+jwL0lW2YFrLkxBQJrqjssZFNVY
fd+MeQDzgxnEAxuA6wZ978cYv1bHTfi5W5QgNObC0ygiibgUpc5LK+hCVgefTmhf
S8hfOhCEYFYm47d09ZIkMY5v+LOgXAvpn9fgnhPCUA3ONoYInjjIWdiM/HLeVG8d
wTd85pvRFxGj5f8sXMCRRH7lrdykcn7sQDlR4hrqqKiyS+6N6F1ZvZno/wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFyWj45REZcVZp/iVYGGCIDg3xXJMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvWEphUGpsRVJseFZtbi1KVmdZWUlnT0RmRmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcyUAwQCVcygAwQCW+iIAwQDXXG4AwQDwlhgAwQEwlhwMA0G
CSqGSIb3DQEBCwUAA4IBAQAttPcBW8XrVJa5QfEGb2Kto/FByFl4akE++JO/NcQC
/89do/dqCodE7bVNZFwQ0QIHsi9IItVRb1pLrnG9pD22Aj9JRTVsJYtC7eauZNDS
KoihRQ5aW9AHt/WCF6sl2dxsDuEmft77R8odtG65PL2s1UQT3nFofCtDzy18lzEP
opypMTSQYJWNrMt7gHPc68EWMyUj27vK4hzUPyYMTnwRlzSX3pwGoqJNTIiogtNY
MW4oRlHAwSTnfg93xIcZwmrofJoioTHvGE+4Vbp/7wLqv8dd1SA+0aUcua5bpXNB
J96W+lP/APaudZWpHMMdScnyco5w7k1WzJASAaw8Tot5
-----END CERTIFICATE-----
Generated at Fri Sep 1 07:54:36 2023 by rpki-client on console-ams.rpki-client.org