Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3d7b8a-e074-4f16-a629-2128d840c429/1/ktASkHzGpjvoDC7RKe7LSFl64xk.roa
File: ktASkHzGpjvoDC7RKe7LSFl64xk.roa (raw, json)
Hash identifier: N0/X+GfI5yTprPfV6+2dArqYY2w/fNReWDPlho7jPk8=
Subject key identifier: 92:D0:12:90:7C:C6:A6:3B:E8:0C:2E:D1:29:EE:CB:48:59:7A:E3:19
Certificate issuer: /CN=a600fc96404289ac58b61047ddf862187f5ab27e
Certificate serial: 01856C01233A2FA82E8CFC664EBCD55D4E0F
Authority key identifier: A6:00:FC:96:40:42:89:AC:58:B6:10:47:DD:F8:62:18:7F:5A:B2:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pgD8lkBCiaxYthBH3fhiGH9asn4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3d7b8a-e074-4f16-a629-2128d840c429/1/ktASkHzGpjvoDC7RKe7LSFl64xk.roa
Signing time: Sun 01 Jan 2023 06:24:51 +0000
ROA not before: Sun 01 Jan 2023 06:24:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198024
IP address blocks: 185.227.44.0/22 maxlen: 22
31.172.152.0/21 maxlen: 21
37.44.48.0/21 maxlen: 21
185.59.116.0/22 maxlen: 22
185.127.60.0/22 maxlen: 22
185.127.84.0/22 maxlen: 22
2a06:c780::/29 maxlen: 29
2a06:c840::/29 maxlen: 29
2a03:7b80::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:01:23:3a:2f:a8:2e:8c:fc:66:4e:bc:d5:5d:4e:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a600fc96404289ac58b61047ddf862187f5ab27e
Validity
Not Before: Jan 1 06:24:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=92d012907cc6a63be80c2ed129eecb48597ae319
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:f6:a7:ca:2b:e0:a3:d6:ac:d7:cf:2a:0d:c8:
d9:53:df:d6:83:7f:62:d6:aa:98:66:7b:04:3f:48:
35:34:12:8f:1c:e2:8b:22:0e:bc:b9:56:1b:c7:4a:
4a:0a:6d:ea:9d:72:14:0c:7e:77:aa:63:cc:0e:7b:
e8:0f:65:97:26:ab:b2:aa:4e:c7:a7:cc:9f:cb:c4:
e1:19:8b:37:3f:b5:35:02:2e:37:1d:ad:26:3d:2c:
bf:c4:88:4e:c1:bb:f7:df:23:bd:0a:c9:f8:e0:6b:
80:4e:07:9f:77:7e:fd:19:88:5f:63:f6:ee:cd:33:
25:97:27:c4:92:c2:c9:42:68:46:02:75:2e:4c:72:
7c:25:7a:56:ed:eb:bc:d2:52:00:34:54:8b:dc:f1:
91:a3:45:16:c6:0f:43:ad:dc:02:1d:a6:72:2c:68:
cb:5d:b1:72:66:60:b1:8d:e0:eb:45:bc:5d:eb:26:
88:6a:9e:46:59:c3:ce:aa:ac:f9:c1:73:d4:55:f9:
a3:14:09:5b:39:6c:85:c3:e4:30:af:26:1b:59:2b:
30:d5:41:91:34:7b:e7:0c:30:c2:c3:32:5e:29:e0:
e6:ad:e3:93:0a:f7:05:09:83:da:70:c8:82:49:df:
aa:27:38:e1:84:c0:e3:69:0f:85:c9:1d:11:89:e0:
33:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:D0:12:90:7C:C6:A6:3B:E8:0C:2E:D1:29:EE:CB:48:59:7A:E3:19
X509v3 Authority Key Identifier:
keyid:A6:00:FC:96:40:42:89:AC:58:B6:10:47:DD:F8:62:18:7F:5A:B2:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pgD8lkBCiaxYthBH3fhiGH9asn4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3d7b8a-e074-4f16-a629-2128d840c429/1/ktASkHzGpjvoDC7RKe7LSFl64xk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3d7b8a-e074-4f16-a629-2128d840c429/1/pgD8lkBCiaxYthBH3fhiGH9asn4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.152.0/21
37.44.48.0/21
185.59.116.0/22
185.127.60.0/22
185.127.84.0/22
185.227.44.0/22
IPv6:
2a03:7b80::/32
2a06:c780::/29
2a06:c840::/29
Signature Algorithm: sha256WithRSAEncryption
0b:b3:cf:cb:a7:3a:f7:3f:93:15:14:c0:e0:73:89:05:ca:5b:
df:1d:65:76:d7:04:53:90:1c:da:12:5e:21:3e:69:10:3a:97:
75:9c:ba:90:80:e0:12:f6:5b:1f:cf:7b:6b:a5:c4:14:c6:3e:
da:04:7c:3a:72:30:e8:0e:3c:b4:cb:d6:b6:2e:24:0f:8e:ba:
82:90:5c:93:c2:9d:0c:11:63:d1:df:de:67:a0:8c:66:49:b8:
dd:b3:fa:6b:53:39:dd:5a:9c:cf:d3:51:fd:0d:95:52:b4:2e:
b2:ca:78:34:bc:52:e6:51:5e:77:6b:46:83:1e:46:94:d8:32:
0b:4b:00:53:01:e7:ea:c0:76:1d:25:2a:18:d5:32:be:7c:24:
0c:fe:92:10:48:ff:2b:39:3a:b1:5f:b4:89:cc:64:43:25:9c:
5c:cd:09:8b:9b:44:24:e8:f3:75:15:9e:63:44:8d:86:48:57:
97:0d:c5:cf:c7:a5:4a:f7:04:22:91:4f:6b:76:0c:78:d0:6e:
99:e3:7e:1e:a8:86:e9:11:73:13:08:9a:9d:43:35:2f:ad:93:
e5:18:e0:32:5d:5a:be:d6:0b:e8:61:a7:c6:a2:96:c7:e7:14:
6c:4d:c6:87:2c:18:a0:48:1e:99:b7:c2:e8:06:a4:66:8a:b7:
4d:cb:a8:d7
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYVsASM6L6gujPxmTrzVXU4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MDBmYzk2NDA0Mjg5YWM1OGI2MTA0N2RkZjg2MjE4N2Y1
YWIyN2UwHhcNMjMwMTAxMDYyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQwMTI5MDdjYzZhNjNiZTgwYzJlZDEyOWVlY2I0ODU5N2FlMzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPanyivgo9as188qDcjZU9/Wg39i
1qqYZnsEP0g1NBKPHOKLIg68uVYbx0pKCm3qnXIUDH53qmPMDnvoD2WXJquyqk7H
p8yfy8ThGYs3P7U1Ai43Ha0mPSy/xIhOwbv33yO9Csn44GuATgefd379GYhfY/bu
zTMllyfEksLJQmhGAnUuTHJ8JXpW7eu80lIANFSL3PGRo0UWxg9DrdwCHaZyLGjL
XbFyZmCxjeDrRbxd6yaIap5GWcPOqqz5wXPUVfmjFAlbOWyFw+QwryYbWSsw1UGR
NHvnDDDCwzJeKeDmreOTCvcFCYPacMiCSd+qJzjhhMDjaQ+FyR0RieAz1wIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFJLQEpB8xqY76Awu0Snuy0hZeuMZMB8GA1UdIwQY
MBaAFKYA/JZAQomsWLYQR934Yhh/WrJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGdEOGxrQkNpYXhZdGhCSDNmaGlHSDlhc240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zZDdiOGEtZTA3NC00ZjE2LWE2Mjkt
MjEyOGQ4NDBjNDI5LzEva3RBU2tIekdwanZvREM3UktlN0xTRmw2NHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zZDdiOGEtZTA3NC00ZjE2LWE2MjktMjEyOGQ4NDBjNDI5
LzEvcGdEOGxrQkNpYXhZdGhCSDNmaGlHSDlhc240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTAqBAIAATAkAwQDH6yYAwQD
JSwwAwQCuTt0AwQCuX88AwQCuX9UAwQCueMsMBsEAgACMBUDBQAqA3uAAwUDKgbH
gAMFAyoGyEAwDQYJKoZIhvcNAQELBQADggEBAAuzz8unOvc/kxUUwOBziQXKW98d
ZXbXBFOQHNoSXiE+aRA6l3WcupCA4BL2Wx/Pe2ulxBTGPtoEfDpyMOgOPLTL1rYu
JA+OuoKQXJPCnQwRY9Hf3megjGZJuN2z+mtTOd1anM/TUf0NlVK0LrLKeDS8UuZR
XndrRoMeRpTYMgtLAFMB5+rAdh0lKhjVMr58JAz+khBI/ys5OrFftInMZEMlnFzN
CYubRCTo83UVnmNEjYZIV5cNxc/HpUr3BCKRT2t2DHjQbpnjfh6ohukRcxMImp1D
NS+tk+UY4DJdWr7WC+hhp8ailsfnFGxNxocsGKBIHpm3wugGpGaKt03LqNc=
-----END CERTIFICATE-----
Generated at Mon Jan 1 14:09:47 2024 by rpki-client on console.sobornost.net