Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/KO3GJ-XjYsilYoJLmw-VkAky7RI.roa
File: KO3GJ-XjYsilYoJLmw-VkAky7RI.roa (raw, json)
Hash identifier: DuoE1cvYAbHNqcfwupx9xqZwiRtnRIZi5j90VLR9h90=
Subject key identifier: 28:ED:C6:27:E5:E3:62:C8:A5:62:82:4B:9B:0F:95:90:09:32:ED:12
Certificate issuer: /CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Certificate serial: 01856C65E342A74B3CC9629E434AA8F43BCB
Authority key identifier: D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/KO3GJ-XjYsilYoJLmw-VkAky7RI.roa
Signing time: Sun 01 Jan 2023 08:14:54 +0000
ROA not before: Sun 01 Jan 2023 08:14:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197889
IP address blocks: 77.221.34.0/23 maxlen: 23
77.221.32.0/20 maxlen: 20
77.221.35.0/24 maxlen: 24
77.221.32.0/22 maxlen: 22
77.221.32.0/23 maxlen: 23
77.221.32.0/24 maxlen: 24
77.221.33.0/24 maxlen: 24
77.221.34.0/24 maxlen: 24
77.221.43.0/24 maxlen: 24
77.221.44.0/23 maxlen: 23
77.221.49.0/24 maxlen: 24
77.221.46.0/23 maxlen: 23
77.221.52.0/23 maxlen: 23
77.221.56.0/23 maxlen: 23
77.221.54.0/23 maxlen: 24
77.221.62.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:65:e3:42:a7:4b:3c:c9:62:9e:43:4a:a8:f4:3b:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d703642076d27e252fa90bf1a4296f8bcd9d0cf1
Validity
Not Before: Jan 1 08:14:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28edc627e5e362c8a562824b9b0f95900932ed12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:3f:d0:8b:1f:08:5b:42:3f:15:9b:16:ca:1c:
f7:d1:3d:6c:93:4a:0d:1d:b9:a5:c9:9e:8d:05:10:
2b:78:e2:38:de:e7:95:eb:71:f2:77:d4:64:48:b1:
a7:8f:20:36:2e:59:e9:02:b6:40:d9:53:6f:0e:36:
40:f0:78:38:c5:7c:c8:53:66:c0:de:80:bb:25:88:
78:48:7b:3f:67:e3:b8:82:17:c3:64:7a:a6:1c:06:
49:d9:df:11:0d:a8:12:b0:2d:1d:f1:a3:a9:61:42:
28:93:67:3e:98:86:c4:d0:6c:f5:98:72:58:63:cd:
1f:63:e9:1a:a5:fc:9e:55:d8:c1:42:db:a5:6e:ec:
2e:fd:a3:7d:e1:9e:48:bf:ef:e4:b4:37:c9:56:d2:
f9:e8:22:f8:da:dc:6b:82:64:a2:ff:af:29:a7:bf:
f7:8a:e9:4d:f1:4f:3d:45:dc:64:c1:e4:9c:a0:49:
8a:49:40:ca:a1:25:14:22:47:45:e2:a2:bc:0d:5d:
4e:c4:b9:c3:11:07:0d:b9:b6:09:47:a7:45:03:4d:
0a:91:94:9d:63:f2:b3:74:86:48:48:a3:a2:a9:50:
07:5f:ed:b1:bc:0d:86:29:64:c8:3d:a3:02:f1:91:
34:0d:9d:c1:d5:4e:12:b8:c5:c1:41:71:03:a6:06:
f3:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:ED:C6:27:E5:E3:62:C8:A5:62:82:4B:9B:0F:95:90:09:32:ED:12
X509v3 Authority Key Identifier:
keyid:D7:03:64:20:76:D2:7E:25:2F:A9:0B:F1:A4:29:6F:8B:CD:9D:0C:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1wNkIHbSfiUvqQvxpClvi82dDPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/KO3GJ-XjYsilYoJLmw-VkAky7RI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/38136c-db51-4f70-ad8b-654505a2d045/1/1wNkIHbSfiUvqQvxpClvi82dDPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.221.32.0/20
77.221.49.0/24
77.221.52.0-77.221.57.255
77.221.62.0/24
Signature Algorithm: sha256WithRSAEncryption
ae:3d:5d:c2:98:72:7a:b6:d3:0c:d1:e6:67:f6:ff:28:e3:2e:
7e:64:7f:b9:05:34:70:85:f8:1b:10:e5:68:37:22:92:2f:22:
a7:4d:7d:c5:8d:d6:2a:70:ac:5b:6b:bc:9c:1f:4e:b3:05:eb:
1e:da:9d:4c:bf:aa:f2:6d:91:3a:e6:0d:d9:27:70:b3:62:8e:
3a:2c:40:26:d0:c0:09:8b:51:07:c4:09:f2:55:20:87:a7:89:
03:15:03:4c:a7:63:a3:08:92:08:93:11:90:8f:19:a5:e0:cf:
51:de:bc:a5:69:b5:93:47:ba:a3:32:b7:57:a4:dd:12:c2:a6:
d6:81:8e:d6:75:7d:70:35:f4:51:b6:f8:75:10:64:58:38:f9:
a2:7e:a2:65:b1:2d:88:92:b2:7a:c2:14:d4:77:56:84:c9:14:
92:63:e7:11:9e:9f:81:31:b3:11:6d:83:48:b9:6c:47:82:1f:
7f:e8:05:bb:15:d7:b6:fd:17:0b:7c:19:b1:04:1a:ec:b2:18:
2a:8e:8a:98:11:36:9f:63:9e:ab:ad:55:9b:f5:c3:8a:41:49:
d0:c7:30:7f:df:81:60:d4:dd:27:a5:ed:77:7e:16:34:fb:de:
c3:33:bd:6c:6f:4f:91:bb:36:55:24:fd:a8:8c:4c:3d:4f:79:
20:e4:ea:c7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVsZeNCp0s8yWKeQ0qo9DvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MDM2NDIwNzZkMjdlMjUyZmE5MGJmMWE0Mjk2ZjhiY2Q5
ZDBjZjEwHhcNMjMwMTAxMDgxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGVkYzYyN2U1ZTM2MmM4YTU2MjgyNGI5YjBmOTU5MDA5MzJlZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz/Qix8IW0I/FZsWyhz30T1sk0oN
HbmlyZ6NBRAreOI43ueV63Hyd9RkSLGnjyA2LlnpArZA2VNvDjZA8Hg4xXzIU2bA
3oC7JYh4SHs/Z+O4ghfDZHqmHAZJ2d8RDagSsC0d8aOpYUIok2c+mIbE0Gz1mHJY
Y80fY+kapfyeVdjBQtulbuwu/aN94Z5Iv+/ktDfJVtL56CL42txrgmSi/68pp7/3
iulN8U89RdxkweScoEmKSUDKoSUUIkdF4qK8DV1OxLnDEQcNubYJR6dFA00KkZSd
Y/KzdIZISKOiqVAHX+2xvA2GKWTIPaMC8ZE0DZ3B1U4SuMXBQXEDpgbzkwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCjtxifl42LIpWKCS5sPlZAJMu0SMB8GA1UdIwQY
MBaAFNcDZCB20n4lL6kL8aQpb4vNnQzxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGIt
NjU0NTA1YTJkMDQ1LzEvS08zR0otWGpZc2lsWW9KTG13LVZrQWt5N1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8zODEzNmMtZGI1MS00ZjcwLWFkOGItNjU0NTA1YTJkMDQ1
LzEvMXdOa0lIYlNmaVV2cVF2eHBDbHZpODJkRFBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQETd0gAwQA
Td0xMAwDBAJN3TQDBAFN3TgDBABN3T4wDQYJKoZIhvcNAQELBQADggEBAK49XcKY
cnq20wzR5mf2/yjjLn5kf7kFNHCF+BsQ5Wg3IpIvIqdNfcWN1ipwrFtrvJwfTrMF
6x7anUy/qvJtkTrmDdkncLNijjosQCbQwAmLUQfECfJVIIeniQMVA0ynY6MIkgiT
EZCPGaXgz1HevKVptZNHuqMyt1ek3RLCptaBjtZ1fXA19FG2+HUQZFg4+aJ+omWx
LYiSsnrCFNR3VoTJFJJj5xGen4ExsxFtg0i5bEeCH3/oBbsV17b9Fwt8GbEEGuyy
GCqOipgRNp9jnqutVZv1w4pBSdDHMH/fgWDU3Sel7Xd+FjT73sMzvWxvT5G7NlUk
/aiMTD1PeSDk6sc=
-----END CERTIFICATE-----
Generated at Tue Jan 2 14:16:31 2024 by rpki-client on console.sobornost.net