Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/NN3hWfysK34lyEW2mb8NPLeDJD0.roa
File: NN3hWfysK34lyEW2mb8NPLeDJD0.roa (raw, json)
Hash identifier: G91BdvUxb4IZObovpoloZaYY8gIjS7ds9M1gyIbN+XE=
Subject key identifier: 34:DD:E1:59:FC:AC:2B:7E:25:C8:45:B6:99:BF:0D:3C:B7:83:24:3D
Certificate issuer: /CN=90d426209bd8c405cbefee5741b1a52548012bab
Certificate serial: 0185728372BA4E85CC76F46615A82EF2A3F3
Authority key identifier: 90:D4:26:20:9B:D8:C4:05:CB:EF:EE:57:41:B1:A5:25:48:01:2B:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kNQmIJvYxAXL7-5XQbGlJUgBK6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/NN3hWfysK34lyEW2mb8NPLeDJD0.roa
Signing time: Mon 02 Jan 2023 12:44:55 +0000
ROA not before: Mon 02 Jan 2023 12:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60388
IP address blocks: 185.31.108.0/22 maxlen: 32
212.73.96.0/19 maxlen: 32
2a01:70c0::/32 maxlen: 128
2a00:b4a0::/32 maxlen: 128
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:83:72:ba:4e:85:cc:76:f4:66:15:a8:2e:f2:a3:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90d426209bd8c405cbefee5741b1a52548012bab
Validity
Not Before: Jan 2 12:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34dde159fcac2b7e25c845b699bf0d3cb783243d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:f6:a5:37:8f:b2:53:11:43:d0:58:84:ef:57:
3d:bf:7a:34:c1:ad:23:5d:cc:07:ed:fe:f6:37:c0:
86:a6:d7:b5:b3:a9:13:db:9a:3c:32:df:30:b9:ab:
8a:df:d4:02:a5:d3:b0:49:bb:27:10:e9:34:64:93:
60:34:15:24:e9:df:6a:2a:90:7b:6b:74:dd:37:bb:
d5:29:e3:dd:14:a8:99:86:b6:8d:c0:5b:12:70:94:
13:71:ab:00:d2:d7:dd:8b:aa:85:a9:fd:19:bc:82:
34:bc:4c:cd:c1:70:79:df:b7:0b:43:2c:95:93:47:
c8:ed:fa:18:dc:0b:59:b8:db:f0:37:86:b9:0d:b0:
9c:84:51:31:ee:62:6f:b2:e8:03:61:df:d5:bb:14:
42:60:b2:91:cf:9d:9f:06:f1:92:dd:d9:ae:3d:47:
e5:2d:3e:f5:57:9c:e5:b8:34:86:fc:a9:a3:52:5d:
a9:ae:2c:62:e6:20:e9:3f:72:85:d2:bb:ed:80:81:
3c:ca:8b:db:47:ac:e2:65:f0:6a:4e:c2:49:04:4f:
b1:2c:24:74:21:68:c9:b0:0e:a2:62:10:77:52:88:
25:20:1e:6a:56:82:89:39:9b:10:84:24:a3:91:0c:
49:b5:1d:c8:37:e6:9e:be:8d:4b:cb:0d:06:4a:f9:
28:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:DD:E1:59:FC:AC:2B:7E:25:C8:45:B6:99:BF:0D:3C:B7:83:24:3D
X509v3 Authority Key Identifier:
keyid:90:D4:26:20:9B:D8:C4:05:CB:EF:EE:57:41:B1:A5:25:48:01:2B:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kNQmIJvYxAXL7-5XQbGlJUgBK6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/NN3hWfysK34lyEW2mb8NPLeDJD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ec9616-79ad-4a36-aba4-84bd67ed0eef/1/kNQmIJvYxAXL7-5XQbGlJUgBK6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.31.108.0/22
212.73.96.0/19
IPv6:
2a00:b4a0::/32
2a01:70c0::/32
Signature Algorithm: sha256WithRSAEncryption
bf:9d:d3:b4:96:a6:4b:0a:23:0c:19:bf:df:a1:b0:05:38:d9:
4f:b0:dd:6b:95:bb:f7:8b:c3:32:79:98:c2:19:1e:14:9b:bd:
9a:e1:62:a8:31:f2:a4:0a:05:2b:3a:df:71:0d:d1:b0:07:d4:
30:f9:80:1f:d1:0e:ae:18:b3:e6:87:0f:25:be:ca:b4:f8:11:
e6:f5:21:e5:fb:15:b7:dd:79:9e:59:92:73:9f:9c:76:37:ea:
38:27:d9:fc:f6:c6:5a:b2:1a:3a:5c:5e:8c:a8:b7:b4:dd:f0:
9f:e9:82:99:ec:ab:e2:be:7c:d2:b4:8c:8b:98:ec:c2:c4:2c:
d7:60:5d:d5:74:e4:f8:c3:e3:0f:7d:94:96:10:c8:42:b2:86:
fe:cb:bd:1f:5f:f8:6f:49:63:e4:95:e7:be:82:6e:2b:4c:b9:
31:74:b2:7b:e4:b3:7c:c9:db:1c:30:73:bb:a2:43:e0:53:02:
82:40:1a:86:c3:45:15:c3:4a:05:d3:dd:ca:d4:18:57:87:c3:
42:17:0e:3e:4d:4b:b7:fe:dc:ed:b4:34:a8:cd:3e:5c:64:07:
19:df:68:a9:df:6e:a7:d1:96:01:6e:97:90:e3:51:a3:ad:2c:
bd:ad:67:8b:5c:ea:34:e7:3d:66:8b:8b:6a:40:c0:17:65:69:
0e:fe:73:f0
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVyg3K6ToXMdvRmFagu8qPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZDQyNjIwOWJkOGM0MDVjYmVmZWU1NzQxYjFhNTI1NDgw
MTJiYWIwHhcNMjMwMTAyMTI0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRkZTE1OWZjYWMyYjdlMjVjODQ1YjY5OWJmMGQzY2I3ODMyNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/alN4+yUxFD0FiE71c9v3o0wa0j
XcwH7f72N8CGpte1s6kT25o8Mt8wuauK39QCpdOwSbsnEOk0ZJNgNBUk6d9qKpB7
a3TdN7vVKePdFKiZhraNwFsScJQTcasA0tfdi6qFqf0ZvII0vEzNwXB537cLQyyV
k0fI7foY3AtZuNvwN4a5DbCchFEx7mJvsugDYd/VuxRCYLKRz52fBvGS3dmuPUfl
LT71V5zluDSG/KmjUl2prixi5iDpP3KF0rvtgIE8yovbR6ziZfBqTsJJBE+xLCR0
IWjJsA6iYhB3UoglIB5qVoKJOZsQhCSjkQxJtR3IN+aevo1Lyw0GSvkoxQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFDTd4Vn8rCt+JchFtpm/DTy3gyQ9MB8GA1UdIwQY
MBaAFJDUJiCb2MQFy+/uV0GxpSVIASurMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva05RbUlKdll4QVhMNy01WFFiR2xKVWdCSzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lYzk2MTYtNzlhZC00YTM2LWFiYTQt
ODRiZDY3ZWQwZWVmLzEvTk4zaFdmeXNLMzRseUVXMm1iOE5QTGVESkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lYzk2MTYtNzlhZC00YTM2LWFiYTQtODRiZDY3ZWQwZWVm
LzEva05RbUlKdll4QVhMNy01WFFiR2xKVWdCSzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuR9sAwQF
1ElgMBQEAgACMA4DBQAqALSgAwUAKgFwwDANBgkqhkiG9w0BAQsFAAOCAQEAv53T
tJamSwojDBm/36GwBTjZT7Dda5W794vDMnmYwhkeFJu9muFiqDHypAoFKzrfcQ3R
sAfUMPmAH9EOrhiz5ocPJb7KtPgR5vUh5fsVt915nlmSc5+cdjfqOCfZ/PbGWrIa
OlxejKi3tN3wn+mCmeyr4r580rSMi5jswsQs12Bd1XTk+MPjD32UlhDIQrKG/su9
H1/4b0lj5JXnvoJuK0y5MXSye+SzfMnbHDBzu6JD4FMCgkAahsNFFcNKBdPdytQY
V4fDQhcOPk1Lt/7c7bQ0qM0+XGQHGd9oqd9up9GWAW6XkONRo60sva1ni1zqNOc9
ZouLakDAF2VpDv5z8A==
-----END CERTIFICATE-----
Generated at Mon Jan 1 18:01:22 2024 by rpki-client on console.sobornost.net