Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/1-0q-hwtuD5DGuRmuQUcf5a_99wc.roa
File: 1-0q-hwtuD5DGuRmuQUcf5a_99wc.roa (raw, json)
Hash identifier: k9nVUD9uQLWPsr4NJiX/tVMGL81b9G1IkXhqB5O8Q2M=
Subject key identifier: FB:4A:BE:87:0B:6E:0F:90:C6:B9:19:AE:41:47:1F:E5:AF:FD:F7:07
Certificate issuer: /CN=4b2b6d2a5d4130560f617963d9fbc93442dc1ccd
Certificate serial: 01856F9DBC54D7B3AD42C8CD53529AC94D12
Authority key identifier: 4B:2B:6D:2A:5D:41:30:56:0F:61:79:63:D9:FB:C9:34:42:DC:1C:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/1-0q-hwtuD5DGuRmuQUcf5a_99wc.roa
Signing time: Sun 01 Jan 2023 23:14:46 +0000
ROA not before: Sun 01 Jan 2023 23:14:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 559
IP address blocks: 192.101.176.0/24 maxlen: 24
130.92.0.0/16 maxlen: 16
192.41.152.0/21 maxlen: 21
192.41.149.0/24 maxlen: 24
192.41.150.0/23 maxlen: 23
193.247.240.0/22 maxlen: 22
192.41.160.0/24 maxlen: 24
193.135.168.0/22 maxlen: 22
194.153.96.0/24 maxlen: 24
193.5.168.0/22 maxlen: 22
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:9d:bc:54:d7:b3:ad:42:c8:cd:53:52:9a:c9:4d:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b2b6d2a5d4130560f617963d9fbc93442dc1ccd
Validity
Not Before: Jan 1 23:14:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fb4abe870b6e0f90c6b919ae41471fe5affdf707
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:e4:46:38:cf:28:a9:d5:12:0c:92:68:57:e0:
93:68:bb:0e:2d:7c:ec:c2:53:6e:ac:58:b0:76:bf:
60:f8:25:4f:6f:ee:0c:39:26:3d:52:3f:2e:11:13:
36:90:36:56:06:7d:71:64:41:d4:0a:52:5b:d8:b7:
f0:ec:bd:af:bd:b4:4b:3a:09:38:bd:31:f2:9c:7a:
34:39:1f:d6:cf:ec:9e:a8:ab:83:8c:ad:ad:dc:20:
1a:85:9c:d2:6d:0c:e1:83:49:46:6f:af:a1:3c:c2:
fa:41:1f:58:d8:5b:d1:33:83:5a:14:66:b7:88:70:
f3:31:a9:49:b8:b9:87:58:3f:fd:40:27:ea:f1:08:
2a:92:64:ab:ab:79:a1:d0:d6:48:80:a5:5b:1c:4e:
55:92:04:57:3d:0f:2b:a8:99:f2:90:8e:5a:6d:5c:
52:13:aa:bf:71:aa:40:42:2d:56:30:09:92:74:88:
80:bd:86:0a:dc:2b:02:b1:a5:f4:fe:15:ca:f9:bd:
01:72:70:aa:22:21:ee:30:93:24:f2:ab:e9:2c:f6:
70:83:b9:db:45:48:d4:cd:c1:b5:0f:0e:a0:05:60:
c1:4b:04:62:f5:6a:8f:8d:54:e2:a9:bb:ab:f5:d5:
9f:22:f7:d8:97:f6:ed:f7:0a:19:9b:14:20:ab:18:
38:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:4A:BE:87:0B:6E:0F:90:C6:B9:19:AE:41:47:1F:E5:AF:FD:F7:07
X509v3 Authority Key Identifier:
keyid:4B:2B:6D:2A:5D:41:30:56:0F:61:79:63:D9:FB:C9:34:42:DC:1C:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SyttKl1BMFYPYXlj2fvJNELcHM0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/1-0q-hwtuD5DGuRmuQUcf5a_99wc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/40ef41-31f4-420d-badc-c574158502c8/1/SyttKl1BMFYPYXlj2fvJNELcHM0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.92.0.0/16
192.41.149.0-192.41.160.255
192.101.176.0/24
193.5.168.0/22
193.135.168.0/22
193.247.240.0/22
194.153.96.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:ea:e0:e3:30:9c:fa:7c:0e:b4:31:43:ef:65:7e:29:f9:f9:
3d:ed:34:cb:cc:a2:ad:cd:13:ee:72:80:ed:ff:57:0e:2d:af:
7d:65:5e:4b:cb:57:2b:9c:e9:d3:ed:12:60:bd:66:30:4b:52:
91:01:57:80:91:a3:05:8e:8d:8f:b3:de:63:c2:18:eb:f3:63:
c4:41:fb:f4:cb:ff:df:e1:f7:d2:b6:e1:ab:ed:39:13:c2:8b:
d0:c3:1e:c5:62:12:a3:3f:1a:ab:d7:5c:5f:ad:33:8d:d2:d7:
30:55:57:ee:47:51:bf:b9:99:d6:d0:af:28:3f:69:77:79:1d:
ca:4d:f6:e7:21:50:ff:22:19:1c:d0:f0:4a:23:eb:47:a3:88:
f7:28:da:ea:22:27:67:3b:0d:78:d1:06:61:d4:d1:35:81:d7:
09:2e:2c:f5:2f:7e:2d:0a:e9:e5:eb:62:83:b0:ff:f3:54:e6:
4f:92:25:da:62:e8:fc:aa:fc:ba:1b:a2:8c:74:0b:d3:42:9d:
6e:59:c5:33:93:b2:7b:05:55:31:53:0c:bf:e5:fc:91:53:da:
ab:0f:ab:21:a4:3d:4b:bc:0e:4a:a9:e4:41:26:1c:fd:25:e8:
39:e0:0b:75:80:a1:41:79:83:91:80:11:1f:9a:de:c7:dd:37:
31:42:3d:12
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYVvnbxU17OtQsjNU1KayU0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMmI2ZDJhNWQ0MTMwNTYwZjYxNzk2M2Q5ZmJjOTM0NDJk
YzFjY2QwHhcNMjMwMTAxMjMxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjRhYmU4NzBiNmUwZjkwYzZiOTE5YWU0MTQ3MWZlNWFmZmRmNzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhuRGOM8oqdUSDJJoV+CTaLsOLXzs
wlNurFiwdr9g+CVPb+4MOSY9Uj8uERM2kDZWBn1xZEHUClJb2Lfw7L2vvbRLOgk4
vTHynHo0OR/Wz+yeqKuDjK2t3CAahZzSbQzhg0lGb6+hPML6QR9Y2FvRM4NaFGa3
iHDzMalJuLmHWD/9QCfq8QgqkmSrq3mh0NZIgKVbHE5VkgRXPQ8rqJnykI5abVxS
E6q/capAQi1WMAmSdIiAvYYK3CsCsaX0/hXK+b0BcnCqIiHuMJMk8qvpLPZwg7nb
RUjUzcG1Dw6gBWDBSwRi9WqPjVTiqbur9dWfIvfYl/bt9woZmxQgqxg4oQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFPtKvocLbg+QxrkZrkFHH+Wv/fcHMB8GA1UdIwQY
MBaAFEsrbSpdQTBWD2F5Y9n7yTRC3BzNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3l0dEtsMUJNRllQWVhsajJmdkpORUxjSE0wLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS80MGVmNDEtMzFmNC00MjBkLWJhZGMt
YzU3NDE1ODUwMmM4LzEvMS0wcS1od3R1RDVER3VSbXVRVWNmNWFfOTl3Yy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzkvNDBlZjQxLTMxZjQtNDIwZC1iYWRjLWM1NzQxNTg1MDJj
OC8xL1N5dHRLbDFCTUZZUFlYbGoyZnZKTkVMY0hNMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBKBggrBgEFBQcBBwEB/wQ7MDkwNwQCAAEwMQMDAIJcMAwD
BADAKZUDBADAKaADBADAZbADBALBBagDBALBh6gDBALB9/ADBADCmWAwDQYJKoZI
hvcNAQELBQADggEBAJrq4OMwnPp8DrQxQ+9lfin5+T3tNMvMoq3NE+5ygO3/Vw4t
r31lXkvLVyuc6dPtEmC9ZjBLUpEBV4CRowWOjY+z3mPCGOvzY8RB+/TL/9/h99K2
4avtORPCi9DDHsViEqM/GqvXXF+tM43S1zBVV+5HUb+5mdbQryg/aXd5HcpN9uch
UP8iGRzQ8Eoj60ejiPco2uoiJ2c7DXjRBmHU0TWB1wkuLPUvfi0K6eXrYoOw//NU
5k+SJdpi6Pyq/Loboox0C9NCnW5ZxTOTsnsFVTFTDL/l/JFT2qsPqyGkPUu8Dkqp
5EEmHP0l6DngC3WAoUF5g5GAER+a3sfdNzFCPRI=
-----END CERTIFICATE-----
Generated at Mon Jan 1 14:10:53 2024 by rpki-client on console.sobornost.net