Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KS2UcNDfu7rIfA5Im9z3fp-zQZI.roa
File: KS2UcNDfu7rIfA5Im9z3fp-zQZI.roa (raw, json)
Hash identifier: 0xlu+U0YBZ2hG8u/oWFr802xjzj9cC9rwqEirdQu5zQ=
Subject key identifier: 29:2D:94:70:D0:DF:BB:BA:C8:7C:0E:48:9B:DC:F7:7E:9F:B3:41:92
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 018B04D9CB972D4CC2CB9AF39141AD403A79
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KS2UcNDfu7rIfA5Im9z3fp-zQZI.roa
Signing time: Fri 06 Oct 2023 11:57:44 +0000
ROA not before: Fri 06 Oct 2023 11:57:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 77.83.39.0/24 maxlen: 24
85.209.120.0/23 maxlen: 24
193.57.41.0/24 maxlen: 24
45.94.171.0/24 maxlen: 24
45.144.213.0/24 maxlen: 24
2.56.109.0/24 maxlen: 24
2.56.110.0/24 maxlen: 24
195.177.95.0/24 maxlen: 24
45.138.183.0/24 maxlen: 24
195.62.24.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:04:d9:cb:97:2d:4c:c2:cb:9a:f3:91:41:ad:40:3a:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Oct 6 11:57:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=292d9470d0dfbbbac87c0e489bdcf77e9fb34192
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:88:16:0d:32:40:bd:ed:1d:f5:90:e3:10:15:
35:99:38:f4:72:4f:c0:f1:68:6b:0c:1c:4c:fe:93:
bf:04:cb:72:c0:d5:5b:5e:61:a8:07:49:10:5c:0d:
c5:b0:2d:2c:6a:27:d5:83:5c:95:a0:c1:b7:4d:0d:
fd:e3:67:b3:4d:58:86:99:65:d0:7c:37:dc:c2:58:
a5:fe:a3:20:5c:ed:32:78:a9:7b:04:19:14:87:fe:
e5:da:4d:07:57:50:59:ad:7f:c5:c1:05:32:db:30:
a3:05:a3:2f:eb:9f:36:62:b3:94:7e:2f:9a:3d:d9:
74:31:15:d3:0b:71:d3:1a:c5:3a:97:9f:69:bb:84:
65:5b:08:f4:19:ae:52:2f:50:79:6d:0a:7e:ec:60:
ef:e4:84:fd:9a:a5:82:c7:cc:9c:a7:92:8a:55:6f:
23:fd:f7:2c:8e:7d:b3:91:06:a4:f5:c2:f2:c2:97:
8d:91:70:76:6d:88:41:c8:09:86:ac:f6:7f:95:2d:
e9:55:e8:45:2c:ac:17:f2:c8:07:14:96:e7:5b:d9:
c6:d5:f4:6f:6c:ac:39:7f:15:9b:6b:d3:ee:54:25:
b9:9b:38:36:67:4c:00:fa:ba:0a:4d:fa:f9:dd:ea:
85:5c:12:f9:6a:9e:c1:4e:62:de:5b:d8:80:64:13:
0d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:2D:94:70:D0:DF:BB:BA:C8:7C:0E:48:9B:DC:F7:7E:9F:B3:41:92
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/KS2UcNDfu7rIfA5Im9z3fp-zQZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.109.0-2.56.110.255
45.94.171.0/24
45.138.183.0/24
45.144.213.0/24
77.83.39.0/24
85.209.120.0/23
193.57.41.0/24
195.62.24.0/24
195.177.95.0/24
Signature Algorithm: sha256WithRSAEncryption
85:4f:6d:ae:ad:29:9c:75:bc:20:a5:40:a4:b1:21:de:05:fa:
2b:46:97:90:27:20:72:a0:49:1a:51:00:f6:66:71:8f:15:5d:
50:49:fa:ba:1e:4f:5d:19:b0:f8:97:41:68:56:ec:e6:66:0d:
7b:20:34:df:b8:a6:f1:26:b7:e7:5f:74:e7:00:a1:06:04:eb:
cb:8f:2f:ce:94:f8:66:75:50:95:9c:d3:fc:e5:c6:54:78:6c:
ef:14:a3:c1:2e:81:a5:3c:87:62:e0:8d:46:58:b3:e8:c7:13:
41:d4:51:af:80:78:71:a4:93:5a:eb:80:6e:fe:71:ea:34:11:
3f:07:7e:58:57:1d:93:af:e2:e9:4c:6c:b2:38:23:0f:6b:f2:
ab:6f:e0:75:76:0d:61:4b:24:6f:a2:26:25:ec:60:52:00:86:
37:7c:15:06:1f:f5:09:6c:cc:62:2a:a6:5e:18:d6:73:20:0d:
04:39:7c:28:9d:87:32:5c:fa:17:8b:1e:52:98:94:78:bb:7c:
8a:5f:83:1c:8b:3f:4a:ae:c0:71:bd:98:0d:5b:d1:11:d2:52:
88:ea:a7:cf:f0:e9:3b:7a:af:07:99:64:0b:06:a9:e9:64:90:
76:52:81:39:c3:af:78:35:71:e0:33:95:8a:7b:9d:a2:a5:f9:
f5:a0:39:29
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYsE2cuXLUzCy5rzkUGtQDp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMDA2MTE1NzQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTJkOTQ3MGQwZGZiYmJhYzg3YzBlNDg5YmRjZjc3ZTlmYjM0MTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoogWDTJAve0d9ZDjEBU1mTj0ck/A
8WhrDBxM/pO/BMtywNVbXmGoB0kQXA3FsC0saifVg1yVoMG3TQ3942ezTViGmWXQ
fDfcwlil/qMgXO0yeKl7BBkUh/7l2k0HV1BZrX/FwQUy2zCjBaMv6582YrOUfi+a
Pdl0MRXTC3HTGsU6l59pu4RlWwj0Ga5SL1B5bQp+7GDv5IT9mqWCx8ycp5KKVW8j
/fcsjn2zkQak9cLywpeNkXB2bYhByAmGrPZ/lS3pVehFLKwX8sgHFJbnW9nG1fRv
bKw5fxWba9PuVCW5mzg2Z0wA+roKTfr53eqFXBL5ap7BTmLeW9iAZBMNPQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCktlHDQ37u6yHwOSJvc936fs0GSMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvS1MyVWNORGZ1N3JJZkE1SW05ejNmcC16UVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+MAwDBAACOG0D
BAACOG4DBAAtXqsDBAAtircDBAAtkNUDBABNUycDBAFV0XgDBADBOSkDBADDPhgD
BADDsV8wDQYJKoZIhvcNAQELBQADggEBAIVPba6tKZx1vCClQKSxId4F+itGl5An
IHKgSRpRAPZmcY8VXVBJ+roeT10ZsPiXQWhW7OZmDXsgNN+4pvEmt+dfdOcAoQYE
68uPL86U+GZ1UJWc0/zlxlR4bO8Uo8EugaU8h2LgjUZYs+jHE0HUUa+AeHGkk1rr
gG7+ceo0ET8HflhXHZOv4ulMbLI4Iw9r8qtv4HV2DWFLJG+iJiXsYFIAhjd8FQYf
9QlszGIqpl4Y1nMgDQQ5fCidhzJc+heLHlKYlHi7fIpfgxyLP0quwHG9mA1b0RHS
Uojqp8/w6Tt6rweZZAsGqelkkHZSgTnDr3g1ceAzlYp7naKl+fWgOSk=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:32 2023 by rpki-client on console.sobornost.net