Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/EMSrMzk17OqgD0OdbcPSiCgepMo.roa
File: EMSrMzk17OqgD0OdbcPSiCgepMo.roa (raw, json)
Hash identifier: 2yhzdAD9Y7Ir2nm/YwDuw4xNOM9aIBrMx1AHTkkd1Ws=
Subject key identifier: 10:C4:AB:33:39:35:EC:EA:A0:0F:43:9D:6D:C3:D2:88:28:1E:A4:CA
Certificate issuer: /CN=07c40d70160f308642129a1b72ae5ae52db883c4
Certificate serial: 018C1A52788C83A315D61DD55F787770AEEA
Authority key identifier: 07:C4:0D:70:16:0F:30:86:42:12:9A:1B:72:AE:5A:E5:2D:B8:83:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B8QNcBYPMIZCEpobcq5a5S24g8Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/EMSrMzk17OqgD0OdbcPSiCgepMo.roa
Signing time: Wed 29 Nov 2023 09:04:21 +0000
ROA not before: Wed 29 Nov 2023 09:04:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48166
IP address blocks: 91.210.84.0/22 maxlen: 22
178.213.192.0/21 maxlen: 21
185.61.94.0/23 maxlen: 23
185.61.92.0/23 maxlen: 23
185.61.92.0/22 maxlen: 22
91.133.0.0/19 maxlen: 19
5.250.232.0/21 maxlen: 21
89.22.16.0/20 maxlen: 20
194.9.224.0/20 maxlen: 20
2a02:7760::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1a:52:78:8c:83:a3:15:d6:1d:d5:5f:78:77:70:ae:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07c40d70160f308642129a1b72ae5ae52db883c4
Validity
Not Before: Nov 29 09:04:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=10c4ab333935eceaa00f439d6dc3d288281ea4ca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:81:21:3a:c8:8f:5a:40:9b:fe:b6:dc:01:4c:
12:3f:6e:f0:b0:39:61:22:ac:33:4e:ba:a9:76:56:
ec:2d:e2:09:cb:27:c0:28:0e:50:91:61:75:42:09:
a4:72:37:ad:6a:7b:fc:b4:8e:c6:6e:a4:5f:d0:0f:
6e:ab:98:29:e2:e7:e1:e0:49:8f:2e:99:4c:95:7f:
b9:7d:4a:0c:8a:0b:54:47:6c:94:c6:e1:ad:75:73:
bd:9e:21:95:50:05:86:13:31:00:6e:a4:b2:75:72:
e6:0e:85:e7:1e:61:4c:fa:e1:15:71:18:3b:b9:3b:
08:64:c1:5c:cf:09:91:95:ac:22:2d:a3:88:d5:a0:
d3:50:f6:e5:22:59:d0:47:9b:d5:d6:f4:b0:54:44:
f7:c8:7b:ab:5c:5a:a0:7a:83:1a:53:e0:f7:f0:cf:
42:88:c0:4c:8b:98:63:12:5d:82:9d:7c:03:59:a3:
d3:47:9e:53:29:0d:ae:47:e2:6d:88:e1:22:55:d2:
00:0d:f9:82:8b:bb:b4:a1:cd:b5:f1:29:82:8a:34:
fd:3b:fc:54:e9:2a:35:46:72:15:ef:d8:bc:74:9e:
0b:b2:75:b6:e6:ae:da:89:3c:d2:dd:f4:33:56:13:
96:60:45:20:c5:fa:5b:dc:7e:85:29:3d:fb:ef:f2:
48:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:C4:AB:33:39:35:EC:EA:A0:0F:43:9D:6D:C3:D2:88:28:1E:A4:CA
X509v3 Authority Key Identifier:
keyid:07:C4:0D:70:16:0F:30:86:42:12:9A:1B:72:AE:5A:E5:2D:B8:83:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B8QNcBYPMIZCEpobcq5a5S24g8Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/EMSrMzk17OqgD0OdbcPSiCgepMo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/e116c2-8f82-4cba-b5ae-97dcbb0086e3/1/B8QNcBYPMIZCEpobcq5a5S24g8Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.250.232.0/21
89.22.16.0/20
91.133.0.0/19
91.210.84.0/22
178.213.192.0/21
185.61.92.0/22
194.9.224.0/20
IPv6:
2a02:7760::/32
Signature Algorithm: sha256WithRSAEncryption
13:c4:fa:a5:41:42:19:8f:af:be:d3:14:58:b0:c8:87:1b:8b:
8f:4d:a4:dd:b8:48:13:a8:1e:33:d6:a0:f2:94:8b:1d:41:f8:
8f:99:a6:d9:60:f6:3f:61:4a:4e:2e:60:08:05:15:52:06:f2:
e2:0a:7f:5a:12:14:e9:c7:89:53:98:e6:5f:08:97:ea:0a:8a:
e7:2e:25:11:db:c4:65:05:28:64:b2:69:f4:3c:ac:2a:25:84:
20:ee:86:0e:0a:59:2d:c2:bd:6b:37:26:1d:a9:65:2f:0d:66:
e8:f4:eb:58:ad:b7:b5:36:af:b5:28:bd:f3:88:c1:7c:ce:57:
c5:1d:60:2d:fc:51:a3:80:88:a1:33:ec:3a:a0:0f:84:c7:8f:
06:a7:01:2e:01:6e:9c:2b:58:9f:6b:a9:32:b4:77:8b:9b:ba:
9b:10:f6:2d:91:90:8c:f1:be:c7:1c:85:ac:c5:8b:df:90:53:
0a:62:78:df:0c:98:7a:be:e4:34:86:25:05:16:ba:0e:c6:ca:
26:7b:d0:6d:91:78:8b:ab:57:7b:33:cb:ee:c6:4d:df:17:d6:
70:99:28:42:09:62:04:e0:7e:cf:e4:86:f3:b8:d5:57:b5:81:
f0:b6:bb:3f:4a:ba:dc:3c:6e:9d:af:8a:a8:ad:59:b3:af:c1:
f6:71:b9:46
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYwaUniMg6MV1h3VX3h3cK7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YzQwZDcwMTYwZjMwODY0MjEyOWExYjcyYWU1YWU1MmRi
ODgzYzQwHhcNMjMxMTI5MDkwNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGM0YWIzMzM5MzVlY2VhYTAwZjQzOWQ2ZGMzZDI4ODI4MWVhNGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4EhOsiPWkCb/rbcAUwSP27wsDlh
IqwzTrqpdlbsLeIJyyfAKA5QkWF1Qgmkcjetanv8tI7GbqRf0A9uq5gp4ufh4EmP
LplMlX+5fUoMigtUR2yUxuGtdXO9niGVUAWGEzEAbqSydXLmDoXnHmFM+uEVcRg7
uTsIZMFczwmRlawiLaOI1aDTUPblIlnQR5vV1vSwVET3yHurXFqgeoMaU+D38M9C
iMBMi5hjEl2CnXwDWaPTR55TKQ2uR+JtiOEiVdIADfmCi7u0oc218SmCijT9O/xU
6So1RnIV79i8dJ4LsnW25q7aiTzS3fQzVhOWYEUgxfpb3H6FKT377/JIkwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBDEqzM5NezqoA9DnW3D0ogoHqTKMB8GA1UdIwQY
MBaAFAfEDXAWDzCGQhKaG3KuWuUtuIPEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjhRTmNCWVBNSVpDRXBvYmNxNWE1UzI0ZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9lMTE2YzItOGY4Mi00Y2JhLWI1YWUt
OTdkY2JiMDA4NmUzLzEvRU1Tck16azE3T3FnRDBPZGJjUFNpQ2dlcE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9lMTE2YzItOGY4Mi00Y2JhLWI1YWUtOTdkY2JiMDA4NmUz
LzEvQjhRTmNCWVBNSVpDRXBvYmNxNWE1UzI0ZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDBfroAwQE
WRYQAwQFW4UAAwQCW9JUAwQDstXAAwQCuT1cAwQEwgngMA0EAgACMAcDBQAqAndg
MA0GCSqGSIb3DQEBCwUAA4IBAQATxPqlQUIZj6++0xRYsMiHG4uPTaTduEgTqB4z
1qDylIsdQfiPmabZYPY/YUpOLmAIBRVSBvLiCn9aEhTpx4lTmOZfCJfqCornLiUR
28RlBShksmn0PKwqJYQg7oYOClktwr1rNyYdqWUvDWbo9OtYrbe1Nq+1KL3ziMF8
zlfFHWAt/FGjgIihM+w6oA+Ex48GpwEuAW6cK1ifa6kytHeLm7qbEPYtkZCM8b7H
HIWsxYvfkFMKYnjfDJh6vuQ0hiUFFroOxsome9BtkXiLq1d7M8vuxk3fF9ZwmShC
CWIE4H7P5IbzuNVXtYHwtrs/SrrcPG6dr4qorVmzr8H2cblG
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:30:54 2024 by rpki-client on console.sobornost.net