Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fc2044-61cf-44ba-abae-c2b0df7f43bd/1/2M7meO8xTWLkmk19cZL3Ya1J4BI.roa
File: 2M7meO8xTWLkmk19cZL3Ya1J4BI.roa (raw, json)
Hash identifier: KltHNsPK7k3pH0dVc6wIHr9lrPL7nHLQ3mkjsB7k1i0=
Subject key identifier: D8:CE:E6:78:EF:31:4D:62:E4:9A:4D:7D:71:92:F7:61:AD:49:E0:12
Certificate issuer: /CN=c82c8001a17642b69562c63ac58920da360f154f
Certificate serial: 0185718329B2C9E0364A172D5521A01568F5
Authority key identifier: C8:2C:80:01:A1:76:42:B6:95:62:C6:3A:C5:89:20:DA:36:0F:15:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yCyAAaF2QraVYsY6xYkg2jYPFU8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/72/fc2044-61cf-44ba-abae-c2b0df7f43bd/1/2M7meO8xTWLkmk19cZL3Ya1J4BI.roa
Signing time: Mon 02 Jan 2023 08:04:59 +0000
ROA not before: Mon 02 Jan 2023 08:04:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49941
IP address blocks: 193.104.52.0/24 maxlen: 24
185.98.249.0/24 maxlen: 24
185.98.248.0/24 maxlen: 24
185.98.251.0/24 maxlen: 24
185.98.250.0/24 maxlen: 24
194.107.127.0/24 maxlen: 24
2a06:cdc0:2006::/48 maxlen: 48
2a06:cdc0:2009::/48 maxlen: 48
2a06:cdc0:2007::/48 maxlen: 48
2a06:cdc0:2008::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:83:29:b2:c9:e0:36:4a:17:2d:55:21:a0:15:68:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c82c8001a17642b69562c63ac58920da360f154f
Validity
Not Before: Jan 2 08:04:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d8cee678ef314d62e49a4d7d7192f761ad49e012
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:49:5a:b1:31:6f:33:bd:b0:fa:a6:e9:42:fd:
72:1d:2e:6e:bb:00:67:66:fb:72:fd:2d:e5:e9:13:
84:39:4e:97:8f:06:2d:5e:fd:df:90:af:4f:c7:bc:
3a:de:d4:01:42:22:9f:ce:ec:e6:d2:ff:88:82:4a:
25:48:86:6a:46:5a:50:1e:c5:6f:08:7d:95:82:83:
1f:5f:7b:57:15:3a:e4:f5:ee:74:a6:d7:25:e8:ca:
04:09:43:f9:f2:11:35:94:0c:c4:4f:e6:c7:01:9a:
ba:ee:17:fa:d5:0b:c8:1b:2b:cb:b7:bf:7c:43:9b:
c7:8a:9c:a6:de:0a:3b:8f:f1:ca:75:1e:27:e5:b4:
eb:25:39:fd:94:90:6c:37:47:88:42:8b:e2:99:57:
1a:77:68:70:f0:4e:3f:f3:47:00:d1:2f:7f:fa:8c:
1b:88:71:01:19:16:0b:0d:65:8f:89:ce:04:c2:1f:
02:1c:ec:88:b9:ce:f1:7d:81:48:0f:fb:a2:d0:ac:
fd:8a:02:f7:6d:b8:1a:dc:dd:c9:52:bd:2e:df:72:
e3:7d:2b:a9:c9:09:d9:a6:2e:07:42:fb:5f:c0:97:
c0:6f:30:53:9b:c5:45:d7:95:5b:8d:42:ab:2f:21:
66:50:e2:bd:d1:9c:7c:88:6e:57:9f:c1:4e:e5:dd:
41:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:CE:E6:78:EF:31:4D:62:E4:9A:4D:7D:71:92:F7:61:AD:49:E0:12
X509v3 Authority Key Identifier:
keyid:C8:2C:80:01:A1:76:42:B6:95:62:C6:3A:C5:89:20:DA:36:0F:15:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yCyAAaF2QraVYsY6xYkg2jYPFU8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fc2044-61cf-44ba-abae-c2b0df7f43bd/1/2M7meO8xTWLkmk19cZL3Ya1J4BI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fc2044-61cf-44ba-abae-c2b0df7f43bd/1/yCyAAaF2QraVYsY6xYkg2jYPFU8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.98.248.0/22
193.104.52.0/24
194.107.127.0/24
IPv6:
2a06:cdc0:2006::-2a06:cdc0:2009:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
36:d6:3c:b9:32:c6:bb:13:b9:61:a9:a4:96:99:7b:7b:76:ee:
81:e1:7e:e7:be:f7:3e:65:4f:46:98:48:59:2f:77:68:ba:a3:
d1:ad:c0:14:4d:2f:69:0a:66:41:e8:be:7f:7c:fe:9f:38:b1:
22:a4:e9:e3:bc:d9:94:c7:14:0e:8a:ce:55:7f:e9:ec:e6:e3:
27:70:b2:f5:3d:ef:cd:9c:53:e9:5e:48:07:af:ad:f5:1c:db:
51:22:e2:ad:9f:93:47:6e:75:c1:a1:59:dd:5d:6b:e8:c5:3b:
29:7f:81:47:df:06:99:cd:cf:e3:9c:ac:8d:09:c0:30:92:70:
32:56:2f:a7:7d:a1:ec:0a:59:dd:51:82:7d:99:d7:85:ea:2d:
6e:d8:84:f0:39:89:49:b2:13:be:34:b8:5b:5c:db:78:e5:73:
52:b7:d4:99:37:3b:ab:19:5b:22:c2:66:56:6a:75:b0:c8:ea:
c1:d8:11:49:e1:67:c6:c7:89:5d:2f:22:21:38:c0:20:2c:5b:
b7:79:9b:e9:44:d0:79:92:1a:b4:c2:06:c0:71:c3:6c:cd:ee:
88:a7:48:78:b9:e2:4a:8f:46:cc:11:7c:fc:75:6c:5d:a0:4b:
fe:ae:7f:0a:00:21:07:85:2b:22:e3:c0:42:21:93:2b:c3:0a:
9f:dd:ae:24
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVxgymyyeA2ShctVSGgFWj1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MmM4MDAxYTE3NjQyYjY5NTYyYzYzYWM1ODkyMGRhMzYw
ZjE1NGYwHhcNMjMwMTAyMDgwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGNlZTY3OGVmMzE0ZDYyZTQ5YTRkN2Q3MTkyZjc2MWFkNDllMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlUlasTFvM72w+qbpQv1yHS5uuwBn
Zvty/S3l6ROEOU6XjwYtXv3fkK9Px7w63tQBQiKfzuzm0v+IgkolSIZqRlpQHsVv
CH2VgoMfX3tXFTrk9e50ptcl6MoECUP58hE1lAzET+bHAZq67hf61QvIGyvLt798
Q5vHipym3go7j/HKdR4n5bTrJTn9lJBsN0eIQovimVcad2hw8E4/80cA0S9/+owb
iHEBGRYLDWWPic4Ewh8CHOyIuc7xfYFID/ui0Kz9igL3bbga3N3JUr0u33LjfSup
yQnZpi4HQvtfwJfAbzBTm8VF15VbjUKrLyFmUOK90Zx8iG5Xn8FO5d1B9wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFNjO5njvMU1i5JpNfXGS92GtSeASMB8GA1UdIwQY
MBaAFMgsgAGhdkK2lWLGOsWJINo2DxVPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUN5QUFhRjJRcmFWWXNZNnhZa2cyallQRlU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mYzIwNDQtNjFjZi00NGJhLWFiYWUt
YzJiMGRmN2Y0M2JkLzEvMk03bWVPOHhUV0xrbWsxOWNaTDNZYTFKNEJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mYzIwNDQtNjFjZi00NGJhLWFiYWUtYzJiMGRmN2Y0M2Jk
LzEveUN5QUFhRjJRcmFWWXNZNnhZa2cyallQRlU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAYBAIAATASAwQCuWL4AwQA
wWg0AwQAwmt/MBoEAgACMBQwEgMHASoGzcAgBgMHASoGzcAgCDANBgkqhkiG9w0B
AQsFAAOCAQEANtY8uTLGuxO5Yamklpl7e3bugeF+5773PmVPRphIWS93aLqj0a3A
FE0vaQpmQei+f3z+nzixIqTp47zZlMcUDorOVX/p7ObjJ3Cy9T3vzZxT6V5IB6+t
9RzbUSLirZ+TR251waFZ3V1r6MU7KX+BR98Gmc3P45ysjQnAMJJwMlYvp32h7ApZ
3VGCfZnXheotbtiE8DmJSbITvjS4W1zbeOVzUrfUmTc7qxlbIsJmVmp1sMjqwdgR
SeFnxseJXS8iITjAICxbt3mb6UTQeZIatMIGwHHDbM3uiKdIeLniSo9GzBF8/HVs
XaBL/q5/CgAhB4UrIuPAQiGTK8MKn92uJA==
-----END CERTIFICATE-----
Generated at Tue Jan 2 16:36:18 2024 by rpki-client on console.sobornost.net