Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/ntLdWcWubbsoILA8cQqwBa2UsTc.roa
File: ntLdWcWubbsoILA8cQqwBa2UsTc.roa (raw, json)
Hash identifier: jsL2ecMMn+CfWEsJbFRyDegRqxgJ6umiapfc8/rmhBM=
Subject key identifier: 9E:D2:DD:59:C5:AE:6D:BB:28:20:B0:3C:71:0A:B0:05:AD:94:B1:37
Certificate issuer: /CN=35b03ec85d08607a6b1ddf1fe79dc651ccfe3f37
Certificate serial: 0185701EF0B8E032C12E5AE0DC9646D919A9
Authority key identifier: 35:B0:3E:C8:5D:08:60:7A:6B:1D:DF:1F:E7:9D:C6:51:CC:FE:3F:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NbA-yF0IYHprHd8f553GUcz-Pzc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/ntLdWcWubbsoILA8cQqwBa2UsTc.roa
Signing time: Mon 02 Jan 2023 01:35:53 +0000
ROA not before: Mon 02 Jan 2023 01:35:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44134
IP address blocks: 217.71.0.0/20 maxlen: 20
79.142.224.0/20 maxlen: 20
2a02:2190::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:1e:f0:b8:e0:32:c1:2e:5a:e0:dc:96:46:d9:19:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35b03ec85d08607a6b1ddf1fe79dc651ccfe3f37
Validity
Not Before: Jan 2 01:35:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ed2dd59c5ae6dbb2820b03c710ab005ad94b137
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:cd:fc:90:e5:b4:6f:1f:5d:0c:57:bb:74:ff:
65:58:ab:be:70:96:57:f0:68:32:9e:95:e7:da:bf:
b7:7c:c4:d8:41:36:9a:88:0d:3a:90:12:87:01:73:
bd:da:59:9c:70:c6:64:11:d5:e6:36:c9:76:fb:2c:
fb:b9:88:34:04:81:02:7e:08:e4:6c:87:62:9d:65:
44:f2:09:51:55:64:ed:80:ad:3e:36:c0:40:4f:b0:
b9:82:50:70:55:08:6a:fa:4b:7d:b9:db:40:3f:83:
f4:c9:94:23:be:16:1b:f0:39:39:0e:1c:6e:a6:e4:
8e:e0:91:02:b7:a2:bc:bb:56:8a:3e:23:fe:7c:1b:
6b:99:94:1d:34:17:48:9d:1c:b4:49:61:c6:07:28:
2b:4a:c5:a6:fe:7a:bf:71:bd:12:3d:11:03:30:a2:
89:29:11:dc:96:d5:42:99:5d:c8:f7:17:f3:6e:ce:
ec:37:28:c5:a6:be:8f:c7:7e:3c:3b:ff:13:97:4d:
c3:7a:4b:28:bb:fa:57:d2:1e:41:88:e8:6b:02:aa:
b9:e6:b4:06:48:28:1f:66:6d:40:fc:c9:99:81:bd:
79:b8:86:03:6e:ec:7f:36:79:2c:97:7d:54:d1:cf:
2e:6c:a7:ed:82:93:9a:17:01:1e:50:2e:dd:54:70:
ee:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:D2:DD:59:C5:AE:6D:BB:28:20:B0:3C:71:0A:B0:05:AD:94:B1:37
X509v3 Authority Key Identifier:
keyid:35:B0:3E:C8:5D:08:60:7A:6B:1D:DF:1F:E7:9D:C6:51:CC:FE:3F:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NbA-yF0IYHprHd8f553GUcz-Pzc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/ntLdWcWubbsoILA8cQqwBa2UsTc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/NbA-yF0IYHprHd8f553GUcz-Pzc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.142.224.0/20
217.71.0.0/20
IPv6:
2a02:2190::/29
Signature Algorithm: sha256WithRSAEncryption
06:38:10:6d:60:a8:1b:2c:8f:3d:26:82:ce:1e:f5:ef:b8:66:
c5:b9:01:e9:ab:6d:f1:c5:33:b3:43:90:0e:b6:76:1c:d3:21:
2d:3b:4b:e8:44:1e:52:17:89:6e:04:bf:ca:0a:34:c2:a5:dc:
6b:21:42:db:7d:ec:7a:83:8a:9c:fb:e2:97:a3:bb:47:b8:0d:
50:ea:cc:76:06:07:c6:3f:f1:95:76:b1:6d:5d:a9:bd:7f:d7:
12:4a:df:44:ed:2e:80:02:b3:7d:91:a5:7e:b5:b4:f8:1a:06:
79:49:7c:be:19:f5:4d:25:70:8a:d2:68:d7:b8:d6:f6:45:df:
b1:96:63:d3:f7:19:fe:5f:65:5e:59:ad:ab:11:4e:af:05:0c:
b0:d5:78:bd:44:82:60:94:3a:f0:68:0b:53:7c:d1:2b:6c:b6:
3f:e4:6a:e9:2e:b1:cc:2b:df:6e:75:f6:c8:99:ee:61:72:d1:
0c:5a:68:9b:22:d6:0d:9c:be:c7:27:11:41:72:a9:09:bc:df:
ec:20:bd:f2:dc:77:8c:e4:5e:3b:dd:1f:d0:79:11:ef:d9:3f:
98:2c:01:b4:b5:de:77:5a:17:0e:24:db:1b:59:98:f8:62:a8:
e8:f8:1f:8c:b5:58:28:44:c2:51:fa:ae:d7:fa:ab:42:0e:d5:
d4:96:0e:e6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVwHvC44DLBLlrg3JZG2RmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1YjAzZWM4NWQwODYwN2E2YjFkZGYxZmU3OWRjNjUxY2Nm
ZTNmMzcwHhcNMjMwMTAyMDEzNTUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQyZGQ1OWM1YWU2ZGJiMjgyMGIwM2M3MTBhYjAwNWFkOTRiMTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc38kOW0bx9dDFe7dP9lWKu+cJZX
8GgynpXn2r+3fMTYQTaaiA06kBKHAXO92lmccMZkEdXmNsl2+yz7uYg0BIECfgjk
bIdinWVE8glRVWTtgK0+NsBAT7C5glBwVQhq+kt9udtAP4P0yZQjvhYb8Dk5Dhxu
puSO4JECt6K8u1aKPiP+fBtrmZQdNBdInRy0SWHGBygrSsWm/nq/cb0SPREDMKKJ
KRHcltVCmV3I9xfzbs7sNyjFpr6Px348O/8Tl03Deksou/pX0h5BiOhrAqq55rQG
SCgfZm1A/MmZgb15uIYDbux/Nnksl31U0c8ubKftgpOaFwEeUC7dVHDu7QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ7S3VnFrm27KCCwPHEKsAWtlLE3MB8GA1UdIwQY
MBaAFDWwPshdCGB6ax3fH+edxlHM/j83MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmJBLXlGMElZSHBySGQ4ZjU1M0dVY3otUHpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9jYzRmZTktZTQ4Yy00MmRhLTk3ZWEt
YWI1N2NhYmMxOGY3LzEvbnRMZFdjV3ViYnNvSUxBOGNRcXdCYTJVc1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9jYzRmZTktZTQ4Yy00MmRhLTk3ZWEtYWI1N2NhYmMxOGY3
LzEvTmJBLXlGMElZSHBySGQ4ZjU1M0dVY3otUHpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQET47gAwQE
2UcAMA0EAgACMAcDBQMqAiGQMA0GCSqGSIb3DQEBCwUAA4IBAQAGOBBtYKgbLI89
JoLOHvXvuGbFuQHpq23xxTOzQ5AOtnYc0yEtO0voRB5SF4luBL/KCjTCpdxrIULb
fex6g4qc++KXo7tHuA1Q6sx2BgfGP/GVdrFtXam9f9cSSt9E7S6AArN9kaV+tbT4
GgZ5SXy+GfVNJXCK0mjXuNb2Rd+xlmPT9xn+X2VeWa2rEU6vBQyw1Xi9RIJglDrw
aAtTfNErbLY/5GrpLrHMK99udfbIme5hctEMWmibItYNnL7HJxFBcqkJvN/sIL3y
3HeM5F473R/QeRHv2T+YLAG0td53WhcOJNsbWZj4Yqjo+B+MtVgoRMJR+q7X+qtC
DtXUlg7m
-----END CERTIFICATE-----
Generated at Mon Jan 1 18:02:41 2024 by rpki-client on console.sobornost.net