Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa
File: 9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa (raw, json)
Hash identifier: VxjzqRATwRndx+vW8zCa5DfmRWpGatBv7+yxP6Miz/4=
Subject key identifier: F4:8E:89:26:3E:BE:7D:21:97:95:70:71:E4:AF:C2:8D:F0:AC:17:A9
Certificate issuer: /CN=f258b3a9741b431d7becd64286b9e6bce0e975da
Certificate serial: 01856BF7D7BE73F4FB13CCB76BCB88F9D649
Authority key identifier: F2:58:B3:A9:74:1B:43:1D:7B:EC:D6:42:86:B9:E6:BC:E0:E9:75:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8lizqXQbQx177NZChrnmvODpddo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa
Signing time: Sun 01 Jan 2023 06:14:42 +0000
ROA not before: Sun 01 Jan 2023 06:14:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205823
IP address blocks: 193.32.105.0/24 maxlen: 24
193.32.104.0/23 maxlen: 23
193.32.104.0/24 maxlen: 24
193.32.116.0/24 maxlen: 24
193.32.116.0/23 maxlen: 23
193.32.117.0/24 maxlen: 24
185.205.57.0/24 maxlen: 24
185.205.56.0/22 maxlen: 22
185.205.56.0/24 maxlen: 24
185.205.58.0/24 maxlen: 24
185.205.59.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:f7:d7:be:73:f4:fb:13:cc:b7:6b:cb:88:f9:d6:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f258b3a9741b431d7becd64286b9e6bce0e975da
Validity
Not Before: Jan 1 06:14:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f48e89263ebe7d2197957071e4afc28df0ac17a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:f4:44:19:bb:ca:cb:63:15:70:e5:e9:c2:51:
e5:36:36:2b:61:79:8c:68:30:59:b0:0a:f3:09:71:
d3:2b:fc:08:c9:b3:67:9e:63:32:31:8c:5e:f4:eb:
af:c3:14:e7:80:06:5a:2e:f9:11:a3:7a:95:4f:f1:
ed:6b:39:3e:9b:22:29:e2:44:08:78:09:17:a9:91:
82:e7:0b:ac:be:fe:e8:be:e0:0a:34:c9:2d:b8:d3:
46:c9:cc:74:c9:e7:72:31:52:e6:7f:dd:55:92:4e:
90:0b:a9:21:49:d7:91:ee:69:80:7b:dc:47:d2:24:
10:f0:d2:fe:4c:64:4e:a0:23:32:18:49:e0:68:8b:
88:77:c3:09:39:7b:15:fc:8b:92:b2:1e:99:f6:8a:
a7:21:cc:e4:b9:45:a5:6a:0a:34:a6:e0:7b:e3:54:
2e:42:2a:1c:5d:d3:a1:4c:35:b2:09:02:02:35:8f:
48:05:2f:13:8d:08:6a:18:97:73:ff:9b:fb:0a:cc:
1b:43:53:20:41:fc:61:b5:0e:e6:35:22:29:6a:8d:
a8:fe:c1:cd:33:0a:2e:c9:91:9e:3e:3d:17:6d:25:
fc:8b:fd:f5:5f:7f:7b:56:c6:2a:17:ef:28:d5:d2:
48:eb:2d:6d:db:fd:2a:14:8d:60:2a:19:5e:98:ea:
42:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:8E:89:26:3E:BE:7D:21:97:95:70:71:E4:AF:C2:8D:F0:AC:17:A9
X509v3 Authority Key Identifier:
keyid:F2:58:B3:A9:74:1B:43:1D:7B:EC:D6:42:86:B9:E6:BC:E0:E9:75:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8lizqXQbQx177NZChrnmvODpddo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/8lizqXQbQx177NZChrnmvODpddo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.205.56.0/22
193.32.104.0/23
193.32.116.0/23
Signature Algorithm: sha256WithRSAEncryption
53:75:cb:b7:63:5f:4e:d6:f1:6b:22:af:50:20:38:f9:f5:39:
84:ac:10:90:ea:44:21:5c:ad:73:3a:b0:01:86:5b:50:ee:6a:
17:20:4a:99:82:f3:9c:fe:fd:1b:a9:22:c9:ed:1f:3c:6e:0d:
5e:bc:51:4d:f1:01:9e:fc:ef:73:d3:75:8a:fe:bd:07:cc:d1:
67:a9:90:e6:30:91:2e:38:9a:45:aa:b1:ef:73:26:cf:1a:bc:
1f:4d:f2:c6:1d:0b:69:bd:3a:e5:f0:1d:1f:39:b1:8b:5c:c8:
0b:0a:b7:c5:21:a2:ce:7e:aa:14:25:ea:ab:7c:5c:80:56:d3:
6d:22:35:8f:16:c1:7d:48:1b:2c:63:15:e3:82:cf:29:e4:61:
eb:57:da:69:dc:ea:75:46:22:41:ab:eb:f6:28:28:58:a2:c2:
91:61:ff:17:19:06:29:fd:13:5c:91:1d:ec:92:39:89:de:9c:
06:d5:35:33:36:70:60:8f:bc:bb:28:10:22:6f:24:68:cf:bb:
f3:9e:91:d7:4a:21:80:44:c0:02:a4:1c:ee:6d:0b:8e:44:b2:
c6:ad:89:24:ea:5c:c0:d3:ad:56:c6:c8:5d:c9:9a:7b:60:21:
ad:4e:36:99:69:60:0f:1e:b1:e6:5b:da:3c:df:cf:67:a7:3a:
6c:7c:33:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVr99e+c/T7E8y3a8uI+dZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNThiM2E5NzQxYjQzMWQ3YmVjZDY0Mjg2YjllNmJjZTBl
OTc1ZGEwHhcNMjMwMTAxMDYxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhlODkyNjNlYmU3ZDIxOTc5NTcwNzFlNGFmYzI4ZGYwYWMxN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfREGbvKy2MVcOXpwlHlNjYrYXmM
aDBZsArzCXHTK/wIybNnnmMyMYxe9OuvwxTngAZaLvkRo3qVT/Htazk+myIp4kQI
eAkXqZGC5wusvv7ovuAKNMktuNNGycx0yedyMVLmf91Vkk6QC6khSdeR7mmAe9xH
0iQQ8NL+TGROoCMyGEngaIuId8MJOXsV/IuSsh6Z9oqnIczkuUWlago0puB741Qu
QiocXdOhTDWyCQICNY9IBS8TjQhqGJdz/5v7CswbQ1MgQfxhtQ7mNSIpao2o/sHN
MwouyZGePj0XbSX8i/31X397VsYqF+8o1dJI6y1t2/0qFI1gKhlemOpCxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPSOiSY+vn0hl5VwceSvwo3wrBepMB8GA1UdIwQY
MBaAFPJYs6l0G0Mde+zWQoa55rzg6XXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGxpenFYUWJReDE3N05aQ2hybm12T0RwZGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wOTVkNWYtMjY5My00MTgyLTkzOTct
Y2RhOTRmYjc5NmQxLzEvOUk2SkpqNi1mU0dYbFhCeDVLX0NqZkNzRjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wOTVkNWYtMjY5My00MTgyLTkzOTctY2RhOTRmYjc5NmQx
LzEvOGxpenFYUWJReDE3N05aQ2hybm12T0RwZGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuc04AwQB
wSBoAwQBwSB0MA0GCSqGSIb3DQEBCwUAA4IBAQBTdcu3Y19O1vFrIq9QIDj59TmE
rBCQ6kQhXK1zOrABhltQ7moXIEqZgvOc/v0bqSLJ7R88bg1evFFN8QGe/O9z03WK
/r0HzNFnqZDmMJEuOJpFqrHvcybPGrwfTfLGHQtpvTrl8B0fObGLXMgLCrfFIaLO
fqoUJeqrfFyAVtNtIjWPFsF9SBssYxXjgs8p5GHrV9pp3Op1RiJBq+v2KChYosKR
Yf8XGQYp/RNckR3skjmJ3pwG1TUzNnBgj7y7KBAibyRoz7vznpHXSiGARMACpBzu
bQuORLLGrYkk6lzA061WxshdyZp7YCGtTjaZaWAPHrHmW9o8389npzpsfDPe
-----END CERTIFICATE-----
Generated at Mon Jan 1 09:18:20 2024 by rpki-client on console.sobornost.net