Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/aae9db-e0c9-478e-bb58-24da551c68ab/1/NxbgTNA6SrijHZuXA7bkMlmwdZs.roa
File: NxbgTNA6SrijHZuXA7bkMlmwdZs.roa (raw, json)
Hash identifier: QIuDsO9U7evjvB3TRG7PNoxnhW8bXcWsZKVos5GBxTQ=
Subject key identifier: 37:16:E0:4C:D0:3A:4A:B8:A3:1D:9B:97:03:B6:E4:32:59:B0:75:9B
Certificate issuer: /CN=58bdb1bd75727519e400bfe88a75123d6184de14
Certificate serial: 0185734CBFC4DC8CA8A6DD7F70E74F19CC55
Authority key identifier: 58:BD:B1:BD:75:72:75:19:E4:00:BF:E8:8A:75:12:3D:61:84:DE:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WL2xvXVydRnkAL_oinUSPWGE3hQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/aae9db-e0c9-478e-bb58-24da551c68ab/1/NxbgTNA6SrijHZuXA7bkMlmwdZs.roa
Signing time: Mon 02 Jan 2023 16:24:47 +0000
ROA not before: Mon 02 Jan 2023 16:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209137
IP address blocks: 185.170.137.0/24 maxlen: 24
185.170.136.0/22 maxlen: 22
185.170.136.0/23 maxlen: 23
185.170.138.0/24 maxlen: 24
185.170.139.0/24 maxlen: 24
185.170.138.0/23 maxlen: 23
185.170.136.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:4c:bf:c4:dc:8c:a8:a6:dd:7f:70:e7:4f:19:cc:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58bdb1bd75727519e400bfe88a75123d6184de14
Validity
Not Before: Jan 2 16:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3716e04cd03a4ab8a31d9b9703b6e43259b0759b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:6e:01:ac:17:e5:e1:9e:75:52:27:9a:5a:36:
88:91:c6:f3:97:c2:32:e6:9c:04:be:65:cf:fa:dc:
41:6a:b2:e5:89:dd:ee:20:ac:8c:b1:10:ff:b1:19:
d0:78:3c:51:a4:cd:e4:f9:17:e0:b2:2e:26:67:25:
8a:5b:d7:6d:50:55:50:49:1a:1d:41:ce:bf:6a:d3:
67:d4:61:96:4d:a1:79:aa:c9:c6:a2:eb:62:d4:7a:
98:c0:16:c3:3b:0e:cf:03:a7:24:22:95:30:5d:dd:
b6:97:5e:b4:3e:f3:b1:04:89:a6:6f:5f:80:eb:bd:
a2:7d:29:ce:fe:93:bf:e0:7f:1a:1d:ee:a1:b0:04:
b4:f1:43:76:a6:90:c4:6a:cf:e6:7e:81:58:6f:83:
ce:27:e7:6a:47:aa:0a:62:fc:ea:4b:fe:2b:53:16:
5a:73:52:a2:2a:a6:24:03:c4:13:fb:a9:2e:0e:4b:
6d:a6:4b:b8:a7:8a:1d:50:63:13:02:8c:67:05:50:
83:d5:df:a1:ef:24:d9:30:96:47:87:b2:36:76:61:
d5:0a:51:10:18:c5:25:3b:33:fd:ae:36:4a:19:b2:
60:b5:46:84:ab:f6:3e:c2:07:c7:52:7c:56:ff:2e:
0a:81:8f:1d:b7:d7:3a:89:f8:28:99:13:6d:ee:88:
c0:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:16:E0:4C:D0:3A:4A:B8:A3:1D:9B:97:03:B6:E4:32:59:B0:75:9B
X509v3 Authority Key Identifier:
keyid:58:BD:B1:BD:75:72:75:19:E4:00:BF:E8:8A:75:12:3D:61:84:DE:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WL2xvXVydRnkAL_oinUSPWGE3hQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/aae9db-e0c9-478e-bb58-24da551c68ab/1/NxbgTNA6SrijHZuXA7bkMlmwdZs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/aae9db-e0c9-478e-bb58-24da551c68ab/1/WL2xvXVydRnkAL_oinUSPWGE3hQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.170.136.0/22
Signature Algorithm: sha256WithRSAEncryption
16:d9:7a:ba:37:a4:df:c9:bf:05:bd:ca:4a:46:3b:66:37:9a:
97:1c:8e:e5:c9:5d:0b:60:84:79:4a:28:73:ea:c4:fb:0c:73:
9a:19:95:e1:51:bf:1e:71:da:69:79:33:09:a3:c4:4f:e3:13:
31:6b:86:6d:3e:be:30:c3:fb:5d:ec:3b:b1:87:97:bd:ef:16:
2b:ca:58:b0:1e:12:02:60:3b:80:01:a4:64:9b:8a:10:46:f9:
99:b5:e6:19:cb:e5:09:a0:5d:0f:36:9e:69:a6:b5:2c:4c:3a:
79:2e:62:22:1c:10:31:9f:f3:46:90:88:e6:3f:90:e8:90:54:
21:89:af:59:cc:c9:28:7a:79:d0:ed:42:1c:e6:ed:8a:4e:18:
d2:a3:ec:2a:e7:e1:39:ba:21:5e:eb:7d:d7:d3:c1:ab:e5:37:
ef:bd:34:78:20:2e:5f:7e:55:9a:ee:2d:37:8d:93:4e:ac:bf:
b7:62:73:ce:fd:f0:3f:3d:62:f1:45:61:39:12:94:bc:83:71:
7d:17:4b:e6:19:aa:03:fc:2b:d7:1c:90:3e:63:f7:46:70:52:
62:89:db:bb:4c:1a:dd:01:5c:dd:e5:e1:2f:b2:cb:78:b0:a2:
29:af:89:a7:30:79:70:9c:04:a9:2f:e5:42:dc:ef:13:43:86:
6e:8a:ae:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVzTL/E3Iyopt1/cOdPGcxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YmRiMWJkNzU3Mjc1MTllNDAwYmZlODhhNzUxMjNkNjE4
NGRlMTQwHhcNMjMwMTAyMTYyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE2ZTA0Y2QwM2E0YWI4YTMxZDliOTcwM2I2ZTQzMjU5YjA3NTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAum4BrBfl4Z51UieaWjaIkcbzl8Iy
5pwEvmXP+txBarLlid3uIKyMsRD/sRnQeDxRpM3k+Rfgsi4mZyWKW9dtUFVQSRod
Qc6/atNn1GGWTaF5qsnGouti1HqYwBbDOw7PA6ckIpUwXd22l160PvOxBImmb1+A
672ifSnO/pO/4H8aHe6hsAS08UN2ppDEas/mfoFYb4POJ+dqR6oKYvzqS/4rUxZa
c1KiKqYkA8QT+6kuDkttpku4p4odUGMTAoxnBVCD1d+h7yTZMJZHh7I2dmHVClEQ
GMUlOzP9rjZKGbJgtUaEq/Y+wgfHUnxW/y4KgY8dt9c6ifgomRNt7ojAIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcW4EzQOkq4ox2blwO25DJZsHWbMB8GA1UdIwQY
MBaAFFi9sb11cnUZ5AC/6Ip1Ej1hhN4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0wyeHZYVnlkUm5rQUxfb2luVVNQV0dFM2hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9hYWU5ZGItZTBjOS00NzhlLWJiNTgt
MjRkYTU1MWM2OGFiLzEvTnhiZ1ROQTZTcmlqSFp1WEE3YmtNbG13ZFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9hYWU5ZGItZTBjOS00NzhlLWJiNTgtMjRkYTU1MWM2OGFi
LzEvV0wyeHZYVnlkUm5rQUxfb2luVVNQV0dFM2hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaqIMA0G
CSqGSIb3DQEBCwUAA4IBAQAW2Xq6N6Tfyb8FvcpKRjtmN5qXHI7lyV0LYIR5Sihz
6sT7DHOaGZXhUb8ecdppeTMJo8RP4xMxa4ZtPr4ww/td7Duxh5e97xYryliwHhIC
YDuAAaRkm4oQRvmZteYZy+UJoF0PNp5pprUsTDp5LmIiHBAxn/NGkIjmP5DokFQh
ia9ZzMkoennQ7UIc5u2KThjSo+wq5+E5uiFe633X08Gr5TfvvTR4IC5fflWa7i03
jZNOrL+3YnPO/fA/PWLxRWE5EpS8g3F9F0vmGaoD/CvXHJA+Y/dGcFJiidu7TBrd
AVzd5eEvsst4sKIpr4mnMHlwnASpL+VC3O8TQ4Zuiq4r
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:55:38 2024 by rpki-client on console.sobornost.net