Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/fSLdRG58HLEbltLoOtEWU_e6GOA.roa
File: fSLdRG58HLEbltLoOtEWU_e6GOA.roa (raw, json)
Hash identifier: blabEQRVj4ULqwsHObQbnizGppH0ofw3ES6ijCBh9vI=
Subject key identifier: 7D:22:DD:44:6E:7C:1C:B1:1B:96:D2:E8:3A:D1:16:53:F7:BA:18:E0
Certificate issuer: /CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Certificate serial: 018572FA5FD90FEBE197E16E66C5FC1BCCD5
Authority key identifier: 5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/fSLdRG58HLEbltLoOtEWU_e6GOA.roa
Signing time: Mon 02 Jan 2023 14:54:49 +0000
ROA not before: Mon 02 Jan 2023 14:54:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 4455
IP address blocks: 31.217.128.0/19 maxlen: 24
31.217.128.0/24 maxlen: 24
31.217.130.0/24 maxlen: 24
31.217.129.0/24 maxlen: 24
185.55.16.0/22 maxlen: 24
46.18.168.0/21 maxlen: 24
89.30.68.0/22 maxlen: 24
91.196.184.0/22 maxlen: 24
194.126.217.0/24 maxlen: 24
89.30.0.0/17 maxlen: 24
83.243.16.0/21 maxlen: 24
2a01:8200::/32 maxlen: 64
2a02:27f0::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:fa:5f:d9:0f:eb:e1:97:e1:6e:66:c5:fc:1b:cc:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e400ac2396ae228d2b2e56f4b06739969379e44
Validity
Not Before: Jan 2 14:54:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7d22dd446e7c1cb11b96d2e83ad11653f7ba18e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:a3:c5:87:61:6a:ca:ba:b5:33:3b:bd:dc:2b:
48:8d:06:d2:7c:ac:67:46:09:bf:cc:80:ea:bc:d2:
c4:35:2f:4e:59:94:dc:fb:61:b9:39:a2:1f:9d:a6:
00:c8:a7:2c:d1:b1:69:d8:b5:6d:1a:0d:05:84:2e:
f8:39:01:88:43:f3:d5:66:42:25:07:70:a9:06:26:
af:12:38:f5:16:e1:75:29:fe:82:87:f0:98:3f:9e:
44:e2:12:c9:1b:e7:94:70:94:8e:1b:54:d1:0a:0c:
83:33:ff:51:b0:e5:50:46:cf:03:17:0c:dd:8d:2e:
e7:cf:8a:b3:f2:da:fc:0e:0d:09:25:8c:4d:f7:ed:
ea:17:04:e4:f7:13:be:b1:64:9b:09:87:8b:4e:b0:
e9:ae:ba:9f:4c:35:a8:0f:84:9a:62:82:c4:38:b1:
d8:85:e5:c8:6c:8e:d9:27:73:35:eb:56:50:8d:8d:
8b:3c:d6:38:25:cf:17:6d:32:bb:94:17:dd:c0:a4:
e1:55:65:77:b9:5b:3b:a4:ca:48:36:30:7c:ce:79:
f2:8b:67:ff:6b:79:0e:ed:2d:28:2a:34:d8:b9:9a:
76:0d:56:ed:04:68:41:17:72:92:7f:41:59:aa:8c:
a9:b2:e9:39:16:5f:89:06:4e:67:9a:99:0a:f1:31:
3d:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:22:DD:44:6E:7C:1C:B1:1B:96:D2:E8:3A:D1:16:53:F7:BA:18:E0
X509v3 Authority Key Identifier:
keyid:5E:40:0A:C2:39:6A:E2:28:D2:B2:E5:6F:4B:06:73:99:69:37:9E:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/fSLdRG58HLEbltLoOtEWU_e6GOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/d67a95-cb36-4937-9226-dfed12f1a01e/1/XkAKwjlq4ijSsuVvSwZzmWk3nkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.128.0/19
46.18.168.0/21
83.243.16.0/21
89.30.0.0/17
91.196.184.0/22
185.55.16.0/22
194.126.217.0/24
IPv6:
2a01:8200::/32
2a02:27f0::/32
Signature Algorithm: sha256WithRSAEncryption
24:ac:0d:87:9f:91:70:b6:57:90:30:fb:97:2d:51:1f:5f:f9:
bb:61:a1:3e:50:f0:ae:68:e2:b9:9a:ca:18:51:50:76:b9:dc:
b1:1a:9e:f4:51:a4:d4:c1:20:29:09:19:5a:88:ac:84:91:86:
c7:de:1a:1b:4d:63:e6:7a:a5:fa:d2:62:b3:16:ad:e8:96:cb:
d8:8e:cd:36:5e:f4:3a:ab:14:35:50:f3:3f:b8:22:59:f1:18:
9f:1b:b8:ff:12:d8:a5:c6:f2:5d:9d:67:ab:56:1c:12:95:ae:
be:9a:b9:44:bb:12:19:32:86:48:40:ad:bd:8f:69:48:e4:0d:
48:7e:e6:51:6e:5f:4a:db:ec:99:74:f9:62:44:55:38:2e:48:
60:f3:a6:d4:fd:af:f9:5f:2e:6e:53:f7:a3:7f:36:3a:9c:3e:
b2:29:f3:32:88:16:42:d5:26:a4:30:15:14:01:60:da:01:e4:
b8:cc:16:4b:bd:97:b4:aa:7a:8f:ac:ae:cc:09:3e:46:bd:56:
e4:c5:51:d4:c0:3f:9a:ea:8a:48:0e:0b:e4:a1:fc:68:43:03:
0a:15:fe:e9:67:eb:3b:0a:00:2f:d5:5c:bd:0e:9a:c2:a7:dc:
a3:ed:da:84:65:a5:e6:29:95:22:f0:44:08:90:a1:86:be:2f:
54:4d:44:36
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYVy+l/ZD+vhl+FuZsX8G8zVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNDAwYWMyMzk2YWUyMjhkMmIyZTU2ZjRiMDY3Mzk5Njkz
NzllNDQwHhcNMjMwMTAyMTQ1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDIyZGQ0NDZlN2MxY2IxMWI5NmQyZTgzYWQxMTY1M2Y3YmExOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKPFh2Fqyrq1Mzu93CtIjQbSfKxn
Rgm/zIDqvNLENS9OWZTc+2G5OaIfnaYAyKcs0bFp2LVtGg0FhC74OQGIQ/PVZkIl
B3CpBiavEjj1FuF1Kf6Ch/CYP55E4hLJG+eUcJSOG1TRCgyDM/9RsOVQRs8DFwzd
jS7nz4qz8tr8Dg0JJYxN9+3qFwTk9xO+sWSbCYeLTrDprrqfTDWoD4SaYoLEOLHY
heXIbI7ZJ3M161ZQjY2LPNY4Jc8XbTK7lBfdwKThVWV3uVs7pMpINjB8znnyi2f/
a3kO7S0oKjTYuZp2DVbtBGhBF3KSf0FZqoypsuk5Fl+JBk5nmpkK8TE9pQIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFH0i3URufByxG5bS6DrRFlP3uhjgMB8GA1UdIwQY
MBaAFF5ACsI5auIo0rLlb0sGc5lpN55EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYt
ZGZlZDEyZjFhMDFlLzEvZlNMZFJHNThITEVibHRMb090RVdVX2U2R09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kNjdhOTUtY2IzNi00OTM3LTkyMjYtZGZlZDEyZjFhMDFl
LzEvWGtBS3dqbHE0aWpTc3VWdlN3WnptV2szbmtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQFH9mAAwQD
LhKoAwQDU/MQAwQHWR4AAwQCW8S4AwQCuTcQAwQAwn7ZMBQEAgACMA4DBQAqAYIA
AwUAKgIn8DANBgkqhkiG9w0BAQsFAAOCAQEAJKwNh5+RcLZXkDD7ly1RH1/5u2Gh
PlDwrmjiuZrKGFFQdrncsRqe9FGk1MEgKQkZWoishJGGx94aG01j5nql+tJisxat
6JbL2I7NNl70OqsUNVDzP7giWfEYnxu4/xLYpcbyXZ1nq1YcEpWuvpq5RLsSGTKG
SECtvY9pSOQNSH7mUW5fStvsmXT5YkRVOC5IYPOm1P2v+V8ublP3o382Opw+sinz
MogWQtUmpDAVFAFg2gHkuMwWS72XtKp6j6yuzAk+Rr1W5MVR1MA/muqKSA4L5KH8
aEMDChX+6WfrOwoAL9VcvQ6awqfco+3ahGWl5imVIvBECJChhr4vVE1ENg==
-----END CERTIFICATE-----
Generated at Mon Jan 1 02:13:27 2024 by rpki-client on console.sobornost.net