Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/Rb8mimnmWHYyHrYL3s8_XbsB4KY.roa
File: Rb8mimnmWHYyHrYL3s8_XbsB4KY.roa (raw, json)
Hash identifier: CxBdL53Ws1kEfs3ViuvkQn84BEDU7oqAsyAdZRelJWI=
Subject key identifier: 45:BF:26:8A:69:E6:58:76:32:1E:B6:0B:DE:CF:3F:5D:BB:01:E0:A6
Certificate issuer: /CN=84b87af5334c5c45141b6675a9ed46e57b7976ac
Certificate serial: 01856EEFD7F1D4D8733EB3E48E783E329D99
Authority key identifier: 84:B8:7A:F5:33:4C:5C:45:14:1B:66:75:A9:ED:46:E5:7B:79:76:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLh69TNMXEUUG2Z1qe1G5Xt5dqw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/Rb8mimnmWHYyHrYL3s8_XbsB4KY.roa
Signing time: Sun 01 Jan 2023 20:04:50 +0000
ROA not before: Sun 01 Jan 2023 20:04:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197696
IP address blocks: 185.236.224.0/22 maxlen: 22
185.236.224.0/24 maxlen: 24
185.236.226.0/23 maxlen: 23
31.170.8.0/21 maxlen: 21
31.170.8.0/22 maxlen: 22
31.170.13.0/24 maxlen: 24
185.236.224.1/32 maxlen: 32
185.236.224.2/32 maxlen: 32
2a01:9500:80::/48 maxlen: 48
2a01:9500::/42 maxlen: 42
2a01:9500::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:ef:d7:f1:d4:d8:73:3e:b3:e4:8e:78:3e:32:9d:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b87af5334c5c45141b6675a9ed46e57b7976ac
Validity
Not Before: Jan 1 20:04:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=45bf268a69e65876321eb60bdecf3f5dbb01e0a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:13:ab:8a:6c:db:1e:3a:54:0a:ae:c2:ba:00:
58:d9:1b:b1:d0:7a:8b:c0:e5:07:4d:5e:1f:61:1e:
5e:2b:f5:15:9f:f3:1a:ec:17:34:88:b6:4f:3c:47:
4f:a1:ab:22:6f:1f:f1:0c:a2:47:60:55:17:d9:ed:
f4:26:dd:83:f6:94:b3:e0:2a:46:75:8b:56:04:f5:
5a:d5:e1:c2:b8:49:4c:01:75:9f:8d:d5:d6:93:85:
c5:f6:d4:83:14:07:23:e1:fb:67:69:76:34:b2:c0:
a9:9c:5a:9a:23:b5:1b:3e:05:82:f5:2e:54:83:9e:
cd:e0:df:03:7c:d3:86:b0:67:6b:ed:94:18:0c:2c:
2d:03:a9:7d:df:f4:2b:d3:75:04:02:13:22:fc:b6:
38:5a:95:94:f5:f0:d0:c6:0b:f7:e0:e7:c2:87:a7:
16:ab:0b:0d:46:a0:03:fd:04:4c:e6:fa:05:e0:4e:
c2:ce:db:50:7d:55:ae:03:68:e5:3a:f3:38:14:c7:
60:08:c3:c0:36:25:55:5b:b5:7a:3a:cd:4e:4c:9d:
4b:94:48:a2:59:1d:c4:a9:9f:dd:e8:16:64:67:3a:
01:40:98:23:24:13:24:b3:93:05:9d:53:18:47:c3:
f1:ed:35:8b:75:d1:1a:96:41:17:03:6b:e2:0e:0a:
3e:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:BF:26:8A:69:E6:58:76:32:1E:B6:0B:DE:CF:3F:5D:BB:01:E0:A6
X509v3 Authority Key Identifier:
keyid:84:B8:7A:F5:33:4C:5C:45:14:1B:66:75:A9:ED:46:E5:7B:79:76:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLh69TNMXEUUG2Z1qe1G5Xt5dqw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/Rb8mimnmWHYyHrYL3s8_XbsB4KY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/hLh69TNMXEUUG2Z1qe1G5Xt5dqw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.8.0/21
185.236.224.0/22
IPv6:
2a01:9500::/32
Signature Algorithm: sha256WithRSAEncryption
ac:72:ea:18:74:4f:71:9e:ff:b4:bf:4d:7a:6d:42:48:bc:aa:
90:95:45:d9:e5:0d:8f:aa:66:54:f3:8c:af:c7:d3:2d:cb:59:
0e:85:12:34:c7:84:0e:80:01:22:af:32:85:b8:44:b9:cd:e2:
db:c8:cd:9c:ba:68:d7:58:8b:60:56:95:63:15:bb:c6:e0:fd:
1a:e0:23:a3:66:35:5b:35:98:f6:e0:96:22:31:06:8b:40:9e:
ad:67:39:2a:42:3b:a5:95:34:f6:5d:e7:99:13:b9:4c:43:61:
4e:71:6a:16:94:a7:a5:dc:0d:d1:f9:b6:00:d8:17:34:f5:6a:
8f:02:2c:38:7b:49:a1:00:18:58:fa:dc:63:c8:c4:a5:cc:65:
15:52:02:d4:d7:ce:af:45:9f:62:41:6f:c8:4f:28:62:5e:35:
02:85:a5:ec:95:2b:1b:df:63:6b:78:3f:0d:8f:40:f1:9e:87:
c2:d6:ad:2b:e1:cd:36:1d:a1:5b:07:f2:29:27:ee:7f:0a:85:
5d:56:3e:3b:d0:0f:f6:5a:29:d2:43:82:bc:3e:88:3e:31:85:
69:e1:db:b2:d8:d2:67:64:69:4e:45:80:ec:6b:94:75:31:70:
a3:fc:16:9c:47:47:da:90:3c:bc:7a:e3:ca:53:26:36:31:52:
63:be:d4:de
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVu79fx1NhzPrPkjng+Mp2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0Yjg3YWY1MzM0YzVjNDUxNDFiNjY3NWE5ZWQ0NmU1N2I3
OTc2YWMwHhcNMjMwMTAxMjAwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWJmMjY4YTY5ZTY1ODc2MzIxZWI2MGJkZWNmM2Y1ZGJiMDFlMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBOrimzbHjpUCq7CugBY2Rux0HqL
wOUHTV4fYR5eK/UVn/Ma7Bc0iLZPPEdPoasibx/xDKJHYFUX2e30Jt2D9pSz4CpG
dYtWBPVa1eHCuElMAXWfjdXWk4XF9tSDFAcj4ftnaXY0ssCpnFqaI7UbPgWC9S5U
g57N4N8DfNOGsGdr7ZQYDCwtA6l93/Qr03UEAhMi/LY4WpWU9fDQxgv34OfCh6cW
qwsNRqAD/QRM5voF4E7CzttQfVWuA2jlOvM4FMdgCMPANiVVW7V6Os1OTJ1LlEii
WR3EqZ/d6BZkZzoBQJgjJBMks5MFnVMYR8Px7TWLddEalkEXA2viDgo+qwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEW/Jopp5lh2Mh62C97PP127AeCmMB8GA1UdIwQY
MBaAFIS4evUzTFxFFBtmdantRuV7eXasMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExoNjlUTk1YRVVVRzJaMXFlMUc1WHQ1ZHF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9iN2JhYzMtZjYyZC00MTQyLWFmM2Mt
MmU5ODRmYmZmOGIxLzEvUmI4bWltbm1XSFl5SHJZTDNzOF9YYnNCNEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9iN2JhYzMtZjYyZC00MTQyLWFmM2MtMmU5ODRmYmZmOGIx
LzEvaExoNjlUTk1YRVVVRzJaMXFlMUc1WHQ1ZHF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDH6oIAwQC
uezgMA0EAgACMAcDBQAqAZUAMA0GCSqGSIb3DQEBCwUAA4IBAQCscuoYdE9xnv+0
v016bUJIvKqQlUXZ5Q2PqmZU84yvx9Mty1kOhRI0x4QOgAEirzKFuES5zeLbyM2c
umjXWItgVpVjFbvG4P0a4COjZjVbNZj24JYiMQaLQJ6tZzkqQjullTT2XeeZE7lM
Q2FOcWoWlKel3A3R+bYA2Bc09WqPAiw4e0mhABhY+txjyMSlzGUVUgLU186vRZ9i
QW/ITyhiXjUChaXslSsb32NreD8Nj0DxnofC1q0r4c02HaFbB/IpJ+5/CoVdVj47
0A/2WinSQ4K8Pog+MYVp4duy2NJnZGlORYDsa5R1MXCj/BacR0fakDy8euPKUyY2
MVJjvtTe
-----END CERTIFICATE-----
Generated at Mon Jan 1 07:05:05 2024 by rpki-client on console.sobornost.net