Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/9fXY42I20iOEfuRE5sW0Cbaqdig.roa
File: 9fXY42I20iOEfuRE5sW0Cbaqdig.roa (raw, json)
Hash identifier: ov4ZLu+RZJbwtdvP7zHfFuUV2/TXUH7XxKKyeXLAtBo=
Subject key identifier: F5:F5:D8:E3:62:36:D2:23:84:7E:E4:44:E6:C5:B4:09:B6:AA:76:28
Certificate issuer: /CN=528d5814c7156420dec3a3f7e526ef0f8333eef6
Certificate serial: 018572D5DC5669DB930556293B0762E87EFD
Authority key identifier: 52:8D:58:14:C7:15:64:20:DE:C3:A3:F7:E5:26:EF:0F:83:33:EE:F6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Uo1YFMcVZCDew6P35SbvD4Mz7vY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/9fXY42I20iOEfuRE5sW0Cbaqdig.roa
Signing time: Mon 02 Jan 2023 14:14:56 +0000
ROA not before: Mon 02 Jan 2023 14:14:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39602
IP address blocks: 195.210.38.0/24 maxlen: 24
195.210.39.0/24 maxlen: 24
109.71.76.0/24 maxlen: 24
2a0c:3340:1::/48 maxlen: 48
2001:678:900::/48 maxlen: 48
2a0c:3340::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:d5:dc:56:69:db:93:05:56:29:3b:07:62:e8:7e:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=528d5814c7156420dec3a3f7e526ef0f8333eef6
Validity
Not Before: Jan 2 14:14:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f5f5d8e36236d223847ee444e6c5b409b6aa7628
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:18:31:0b:92:4c:ff:16:d5:c8:5b:bb:69:ec:
01:5a:fa:c6:ee:a0:20:ec:9d:de:bf:cf:cc:61:76:
6f:fb:70:dc:34:1c:76:96:bb:42:31:96:bf:92:93:
4c:e4:15:10:67:5e:2c:99:e2:1f:96:61:c4:b5:98:
f4:ef:28:73:54:8e:9b:51:cd:a3:30:03:a4:fd:56:
b4:6b:63:d8:27:c5:34:d0:59:19:3d:3b:e6:e8:7b:
56:90:5c:93:ff:c0:b1:6b:57:b7:93:8d:29:64:ec:
14:ef:5d:15:ee:5d:dd:a1:6d:48:f4:37:59:b6:dc:
94:e9:50:21:0e:cf:a2:67:f1:e1:6d:02:00:0c:3f:
ef:68:e8:37:3a:d9:5d:80:7c:b3:9f:5a:dc:9a:88:
75:9f:9f:35:ff:2e:2b:34:bd:56:45:9c:7f:51:9f:
84:25:ba:61:c0:b8:82:be:81:1a:98:3e:5e:91:0d:
c2:a4:96:68:c4:66:da:70:79:14:95:60:18:0b:09:
27:4c:d9:97:3d:31:67:cd:a1:b5:ea:f0:7b:91:4b:
97:64:ab:30:9c:bc:d7:71:a6:73:58:55:04:a7:48:
59:8f:6a:07:48:cb:44:b4:7a:37:ce:9a:cd:8e:b4:
0a:d8:6b:83:1d:db:04:a9:96:32:a7:bb:d6:c2:91:
ce:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:F5:D8:E3:62:36:D2:23:84:7E:E4:44:E6:C5:B4:09:B6:AA:76:28
X509v3 Authority Key Identifier:
keyid:52:8D:58:14:C7:15:64:20:DE:C3:A3:F7:E5:26:EF:0F:83:33:EE:F6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Uo1YFMcVZCDew6P35SbvD4Mz7vY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/9fXY42I20iOEfuRE5sW0Cbaqdig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/beac09-c49f-4c70-9818-431c39bb7b38/1/Uo1YFMcVZCDew6P35SbvD4Mz7vY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.71.76.0/24
195.210.38.0/23
IPv6:
2001:678:900::/48
2a0c:3340::/29
Signature Algorithm: sha256WithRSAEncryption
8d:47:da:ba:a0:85:58:13:f7:4b:5e:dd:58:f2:39:e1:dc:8e:
c9:d3:37:90:f0:60:cf:a3:55:2b:ce:42:38:90:1d:b8:6b:6f:
ad:e3:c7:ea:32:20:d9:50:80:6a:eb:04:e4:4f:de:96:6d:9d:
3f:72:dd:72:2a:dd:83:a1:fc:d4:c2:fe:c9:10:3e:60:87:87:
39:53:e7:14:6a:2d:da:1b:52:c3:1b:a3:f2:ed:ec:33:70:1f:
d6:b4:f2:2b:a1:f3:09:45:da:ba:25:e6:12:3c:37:fc:a5:a7:
40:db:4e:2f:8d:24:5b:96:88:60:b8:4c:73:96:9f:de:4d:c4:
68:53:3f:ff:50:2c:f3:cb:14:41:0c:67:52:11:1e:c4:f4:96:
80:f4:96:48:28:84:fd:7a:33:23:df:b1:c3:c6:51:42:32:02:
c1:b7:a4:65:80:a1:89:08:d2:dc:d8:15:df:87:40:27:38:81:
66:32:fc:dc:42:9d:f5:ff:96:75:8f:20:89:b4:ca:72:6a:29:
3e:41:81:36:7a:dd:94:c1:55:5e:f3:2d:1f:4c:31:a6:76:c1:
71:26:32:0d:38:9a:52:ba:28:66:49:e1:cb:15:fe:eb:a9:7b:
5b:62:41:b8:0d:71:12:e4:92:53:c4:43:b1:c3:41:08:07:d1:
23:a3:74:09
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVy1dxWaduTBVYpOwdi6H79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOGQ1ODE0YzcxNTY0MjBkZWMzYTNmN2U1MjZlZjBmODMz
M2VlZjYwHhcNMjMwMTAyMTQxNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWY1ZDhlMzYyMzZkMjIzODQ3ZWU0NDRlNmM1YjQwOWI2YWE3NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBgxC5JM/xbVyFu7aewBWvrG7qAg
7J3ev8/MYXZv+3DcNBx2lrtCMZa/kpNM5BUQZ14smeIflmHEtZj07yhzVI6bUc2j
MAOk/Va0a2PYJ8U00FkZPTvm6HtWkFyT/8Cxa1e3k40pZOwU710V7l3doW1I9DdZ
ttyU6VAhDs+iZ/HhbQIADD/vaOg3OtldgHyzn1rcmoh1n581/y4rNL1WRZx/UZ+E
JbphwLiCvoEamD5ekQ3CpJZoxGbacHkUlWAYCwknTNmXPTFnzaG16vB7kUuXZKsw
nLzXcaZzWFUEp0hZj2oHSMtEtHo3zprNjrQK2GuDHdsEqZYyp7vWwpHOswIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPX12ONiNtIjhH7kRObFtAm2qnYoMB8GA1UdIwQY
MBaAFFKNWBTHFWQg3sOj9+Um7w+DM+72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW8xWUZNY1ZaQ0RldzZQMzVTYnZENE16N3ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9iZWFjMDktYzQ5Zi00YzcwLTk4MTgt
NDMxYzM5YmI3YjM4LzEvOWZYWTQySTIwaU9FZnVSRTVzVzBDYmFxZGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9iZWFjMDktYzQ5Zi00YzcwLTk4MTgtNDMxYzM5YmI3YjM4
LzEvVW8xWUZNY1ZaQ0RldzZQMzVTYnZENE16N3ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQAbUdMAwQB
w9ImMBYEAgACMBADBwAgAQZ4CQADBQMqDDNAMA0GCSqGSIb3DQEBCwUAA4IBAQCN
R9q6oIVYE/dLXt1Y8jnh3I7J0zeQ8GDPo1UrzkI4kB24a2+t48fqMiDZUIBq6wTk
T96WbZ0/ct1yKt2DofzUwv7JED5gh4c5U+cUai3aG1LDG6Py7ewzcB/WtPIrofMJ
Rdq6JeYSPDf8padA204vjSRblohguExzlp/eTcRoUz//UCzzyxRBDGdSER7E9JaA
9JZIKIT9ejMj37HDxlFCMgLBt6RlgKGJCNLc2BXfh0AnOIFmMvzcQp31/5Z1jyCJ
tMpyaik+QYE2et2UwVVe8y0fTDGmdsFxJjINOJpSuihmSeHLFf7rqXtbYkG4DXES
5JJTxEOxw0EIB9Ejo3QJ
-----END CERTIFICATE-----
Generated at Mon Jan 1 09:18:20 2024 by rpki-client on console.sobornost.net