Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/7dKbaLVdjcjvpyP5a604Pdlz7MY.roa
File: 7dKbaLVdjcjvpyP5a604Pdlz7MY.roa (raw, json)
Hash identifier: GGNIjfsKdoAFCkQshUKmWsCDIKDbDrRfFcFB67BWkWQ=
Subject key identifier: ED:D2:9B:68:B5:5D:8D:C8:EF:A7:23:F9:6B:AD:38:3D:D9:73:EC:C6
Certificate issuer: /CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Certificate serial: 01857315CB6D38E35CB1D02E5C329EFE7EFA
Authority key identifier: 77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/7dKbaLVdjcjvpyP5a604Pdlz7MY.roa
Signing time: Mon 02 Jan 2023 15:24:46 +0000
ROA not before: Mon 02 Jan 2023 15:24:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60530
IP address blocks: 185.30.44.0/22 maxlen: 24
5.152.128.0/22 maxlen: 24
5.152.144.0/22 maxlen: 24
109.107.138.0/24 maxlen: 24
5.152.148.0/23 maxlen: 24
5.152.156.0/22 maxlen: 24
5.152.154.0/23 maxlen: 24
2a00:ab20::/29 maxlen: 32
2a11:cf40::/29 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:15:cb:6d:38:e3:5c:b1:d0:2e:5c:32:9e:fe:7e:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=77f8e7fbd4ab69507fb1fe3579af343a56639086
Validity
Not Before: Jan 2 15:24:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=edd29b68b55d8dc8efa723f96bad383dd973ecc6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:98:0f:db:bf:cc:5b:06:d1:0c:73:73:16:4d:
6e:16:5e:e9:2f:4a:1f:4d:22:1c:39:bb:bd:1f:a2:
55:a0:fb:f4:13:41:09:2b:d8:f3:13:b4:77:3c:ca:
00:c1:23:29:f0:37:8b:f5:39:b6:59:99:63:7e:8a:
f9:bc:29:97:bc:42:65:46:0a:39:ea:81:57:3b:e8:
33:4c:7c:94:82:b0:13:a3:e9:83:fd:36:74:e6:dc:
39:86:98:14:a0:17:5a:e0:36:a8:25:7b:3b:67:1f:
07:35:44:54:b7:fe:32:c5:74:24:af:fb:e2:5d:e4:
dc:93:87:cd:49:e5:5c:43:23:83:b9:55:c8:fd:47:
16:6c:22:ef:79:cf:e7:f2:8d:bb:be:98:90:fc:e7:
c5:b1:4a:e7:75:b2:82:16:21:4b:e8:c6:1c:d5:70:
51:4a:3c:04:df:67:89:1c:8a:58:e4:4a:d1:2a:8d:
ff:35:fa:b0:0d:ac:3f:e6:68:51:93:43:e9:6b:99:
2b:6d:6a:2f:0c:b3:bd:e4:b3:da:67:51:0e:27:a0:
34:0a:c2:48:d0:e7:d7:42:27:f6:14:d4:b1:db:fa:
b1:44:b9:0c:ec:29:31:6d:01:3a:3a:1b:64:cd:92:
34:ea:2d:18:f8:11:3e:9c:85:2e:cc:d2:5a:46:ab:
0b:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:D2:9B:68:B5:5D:8D:C8:EF:A7:23:F9:6B:AD:38:3D:D9:73:EC:C6
X509v3 Authority Key Identifier:
keyid:77:F8:E7:FB:D4:AB:69:50:7F:B1:FE:35:79:AF:34:3A:56:63:90:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_jn-9SraVB_sf41ea80OlZjkIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/7dKbaLVdjcjvpyP5a604Pdlz7MY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/6c2736-ab02-4897-9568-77f6e94e3dcc/1/d_jn-9SraVB_sf41ea80OlZjkIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
5.152.144.0-5.152.149.255
5.152.154.0-5.152.159.255
109.107.138.0/24
185.30.44.0/22
IPv6:
2a00:ab20::/29
2a11:cf40::/29
Signature Algorithm: sha256WithRSAEncryption
07:e8:6f:6e:d0:ab:49:11:e0:ec:e0:46:bc:80:4b:68:0e:a9:
b8:af:de:34:c6:4a:e4:e7:74:0b:2f:c2:ef:5a:37:4b:f3:4b:
88:3b:74:ef:6f:7e:af:4d:7d:69:41:2a:82:46:7b:ac:f6:67:
66:fc:2f:31:ae:05:65:2b:90:53:d1:b2:97:a3:2d:e2:fe:e1:
9a:fc:e4:45:d2:cf:71:27:a5:8d:54:b3:98:60:82:6e:2b:32:
3f:a6:dd:eb:d7:e6:16:de:a3:61:ba:19:ef:82:54:13:3b:9b:
58:2f:d0:62:0d:6d:e8:74:c3:25:99:7b:fc:71:62:1d:34:4d:
9d:c6:cb:d9:b6:18:0b:93:96:1b:4c:cb:44:24:1d:a6:11:70:
26:51:fe:2a:be:79:19:f8:83:bb:cb:79:2e:0c:43:db:97:fd:
1c:44:89:45:96:83:58:3a:61:25:33:1a:d8:e2:2c:67:37:2c:
fb:0d:4a:06:b2:79:50:40:34:0d:c5:fd:62:0b:ea:47:83:ef:
c5:30:6d:72:65:7b:26:57:23:5b:a6:4b:e2:cc:50:f4:c7:5c:
f6:be:46:0f:13:c8:3f:de:e5:64:64:53:63:12:13:75:f3:42:
f1:94:5e:ee:28:92:1e:e3:57:c2:b4:37:53:cb:b2:f6:fa:76:
ee:a1:a4:cd
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYVzFcttOONcsdAuXDKe/n76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjhlN2ZiZDRhYjY5NTA3ZmIxZmUzNTc5YWYzNDNhNTY2
MzkwODYwHhcNMjMwMTAyMTUyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQyOWI2OGI1NWQ4ZGM4ZWZhNzIzZjk2YmFkMzgzZGQ5NzNlY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZgP27/MWwbRDHNzFk1uFl7pL0of
TSIcObu9H6JVoPv0E0EJK9jzE7R3PMoAwSMp8DeL9Tm2WZljfor5vCmXvEJlRgo5
6oFXO+gzTHyUgrATo+mD/TZ05tw5hpgUoBda4DaoJXs7Zx8HNURUt/4yxXQkr/vi
XeTck4fNSeVcQyODuVXI/UcWbCLvec/n8o27vpiQ/OfFsUrndbKCFiFL6MYc1XBR
SjwE32eJHIpY5ErRKo3/NfqwDaw/5mhRk0Ppa5krbWovDLO95LPaZ1EOJ6A0CsJI
0OfXQif2FNSx2/qxRLkM7CkxbQE6OhtkzZI06i0Y+BE+nIUuzNJaRqsL3wIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFO3Sm2i1XY3I76cj+WutOD3Zc+zGMB8GA1UdIwQY
MBaAFHf45/vUq2lQf7H+NXmvNDpWY5CGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1Njgt
NzdmNmU5NGUzZGNjLzEvN2RLYmFMVmRqY2p2cHlQNWE2MDRQZGx6N01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC82YzI3MzYtYWIwMi00ODk3LTk1NjgtNzdmNmU5NGUzZGNj
LzEvZF9qbi05U3JhVkJfc2Y0MWVhODBPbFpqa0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA0BAIAATAuAwQCBZiAMAwD
BAQFmJADBAEFmJQwDAMEAQWYmgMEBQWYgAMEAG1rigMEArkeLDAUBAIAAjAOAwUD
KgCrIAMFAyoRz0AwDQYJKoZIhvcNAQELBQADggEBAAfob27Qq0kR4OzgRryAS2gO
qbiv3jTGSuTndAsvwu9aN0vzS4g7dO9vfq9NfWlBKoJGe6z2Z2b8LzGuBWUrkFPR
spejLeL+4Zr85EXSz3EnpY1Us5hggm4rMj+m3evX5hbeo2G6Ge+CVBM7m1gv0GIN
beh0wyWZe/xxYh00TZ3Gy9m2GAuTlhtMy0QkHaYRcCZR/iq+eRn4g7vLeS4MQ9uX
/RxEiUWWg1g6YSUzGtjiLGc3LPsNSgayeVBANA3F/WIL6keD78UwbXJleyZXI1um
S+LMUPTHXPa+Rg8TyD/e5WRkU2MSE3XzQvGUXu4okh7jV8K0N1PLsvb6du6hpM0=
-----END CERTIFICATE-----
Generated at Mon Jan 1 18:02:49 2024 by rpki-client on console.sobornost.net