Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/aal8uARSU6YdTK2cEs7H1KmXEdk.roa
File: aal8uARSU6YdTK2cEs7H1KmXEdk.roa (raw, json)
Hash identifier: jzWBqwNNq+Ud517zH4M8y4rFqIUMMgZp2oZxY5B/fPI=
Subject key identifier: 69:A9:7C:B8:04:52:53:A6:1D:4C:AD:9C:12:CE:C7:D4:A9:97:11:D9
Certificate issuer: /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial: 01856CE62CF5AF73C042C355EFE08D33A76F
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/aal8uARSU6YdTK2cEs7H1KmXEdk.roa
Signing time: Sun 01 Jan 2023 10:35:02 +0000
ROA not before: Sun 01 Jan 2023 10:35:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39494
IP address blocks: 89.104.64.0/19 maxlen: 19
89.104.76.0/24 maxlen: 24
89.111.128.0/18 maxlen: 18
79.174.72.0/22 maxlen: 22
89.111.144.0/20 maxlen: 20
89.111.160.0/20 maxlen: 24
31.177.86.0/23 maxlen: 24
89.111.176.0/20 maxlen: 20
89.111.177.0/24 maxlen: 24
89.111.176.0/22 maxlen: 22
2a01:d8::/32 maxlen: 48
2a02:2090::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:e6:2c:f5:af:73:c0:42:c3:55:ef:e0:8d:33:a7:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Validity
Not Before: Jan 1 10:35:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=69a97cb8045253a61d4cad9c12cec7d4a99711d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:3c:06:8c:66:25:3c:b1:a2:6e:f8:0b:d5:77:
46:4f:12:f3:af:61:21:f8:6b:73:11:1d:65:e3:e4:
61:fc:6b:0f:8d:d7:5f:f4:07:6c:4b:46:6b:69:b7:
1e:4e:35:09:95:2a:47:77:6c:78:61:1c:a1:b9:c1:
0e:5c:f9:30:57:db:16:4c:5c:68:76:8e:42:27:a9:
f7:60:89:0e:47:7b:b6:db:d1:26:f7:0b:91:eb:03:
46:ac:62:dc:c1:39:9f:a6:17:30:ea:b1:66:53:80:
8e:d8:28:35:3a:ec:c1:e7:f8:a9:48:67:18:9a:27:
1b:ec:81:8f:bf:f1:e3:da:ad:a8:4c:b1:7e:b3:19:
df:c2:8a:3f:76:1d:47:d8:f6:36:26:58:62:46:6b:
e4:b0:c7:f7:b1:14:69:70:7a:50:d9:18:d8:7b:a0:
dd:c7:5e:00:82:20:77:2e:f6:f6:63:d8:d9:09:a4:
59:49:d1:6b:de:a0:05:9c:99:c7:9f:a6:12:a2:cd:
7a:96:b5:5e:f1:36:82:f8:a9:c2:33:b6:34:79:47:
86:c2:b3:b6:a4:1f:8a:e8:14:9d:72:f5:c7:bf:26:
f7:ce:c2:d9:28:52:a0:fd:21:fa:a7:c9:c9:6f:56:
a3:ea:ff:21:ac:5e:e3:2f:a2:be:3f:bf:fb:e3:8c:
4d:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:A9:7C:B8:04:52:53:A6:1D:4C:AD:9C:12:CE:C7:D4:A9:97:11:D9
X509v3 Authority Key Identifier:
keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/aal8uARSU6YdTK2cEs7H1KmXEdk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.86.0/23
79.174.72.0/22
89.104.64.0/19
89.111.128.0/18
IPv6:
2a01:d8::/32
2a02:2090::/32
Signature Algorithm: sha256WithRSAEncryption
00:eb:49:9e:28:58:0c:16:ee:43:01:91:75:c2:4c:b9:54:12:
1f:a2:8f:fa:62:3a:38:86:95:ed:af:18:c2:b2:8f:26:e5:95:
33:ef:3b:0f:32:71:f3:39:5a:fd:de:34:ce:e5:bc:23:79:12:
15:80:40:71:9c:24:11:3f:26:33:06:69:98:02:91:83:91:71:
65:c5:30:94:0f:a8:ea:64:42:12:11:07:7d:54:a7:56:b7:0c:
f0:c2:bf:87:3d:91:34:02:9a:0f:58:95:c6:c4:08:e4:15:2b:
64:b7:95:33:40:03:2d:0b:5f:46:3a:3a:4e:40:f4:81:e0:0b:
c4:1b:65:87:fe:9c:37:10:f1:c5:03:76:e4:a2:14:15:fe:47:
ee:63:f8:36:3b:b2:db:0b:62:99:13:77:71:6c:98:30:0b:ac:
cf:d5:39:40:1a:50:4e:f7:eb:d7:d2:60:e2:42:2e:31:9d:04:
ee:bf:ba:0e:6c:23:eb:7d:ca:e6:9c:b0:46:85:1f:37:97:5e:
9e:fc:16:6e:50:f1:25:7f:d0:9d:f5:8d:13:ae:b2:25:cf:c8:
21:59:a5:81:0a:a3:00:28:83:7c:1c:d5:59:57:47:7e:61:17:
f7:11:87:9d:b9:c4:c0:92:bf:8a:06:e7:4f:cb:be:c8:83:29:
00:5f:fd:c3
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVs5iz1r3PAQsNV7+CNM6dvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjMwMTAxMTAzNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWE5N2NiODA0NTI1M2E2MWQ0Y2FkOWMxMmNlYzdkNGE5OTcxMWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzwGjGYlPLGibvgL1XdGTxLzr2Eh
+GtzER1l4+Rh/GsPjddf9AdsS0ZrabceTjUJlSpHd2x4YRyhucEOXPkwV9sWTFxo
do5CJ6n3YIkOR3u229Em9wuR6wNGrGLcwTmfphcw6rFmU4CO2Cg1OuzB5/ipSGcY
micb7IGPv/Hj2q2oTLF+sxnfwoo/dh1H2PY2JlhiRmvksMf3sRRpcHpQ2RjYe6Dd
x14AgiB3Lvb2Y9jZCaRZSdFr3qAFnJnHn6YSos16lrVe8TaC+KnCM7Y0eUeGwrO2
pB+K6BSdcvXHvyb3zsLZKFKg/SH6p8nJb1aj6v8hrF7jL6K+P7/744xNQwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFGmpfLgEUlOmHUytnBLOx9SplxHZMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvYWFsOHVBUlNVNllkVEsyY0VzN0gxS21YRWRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQBH7FWAwQC
T65IAwQFWWhAAwQGWW+AMBQEAgACMA4DBQAqAQDYAwUAKgIgkDANBgkqhkiG9w0B
AQsFAAOCAQEAAOtJnihYDBbuQwGRdcJMuVQSH6KP+mI6OIaV7a8YwrKPJuWVM+87
DzJx8zla/d40zuW8I3kSFYBAcZwkET8mMwZpmAKRg5FxZcUwlA+o6mRCEhEHfVSn
VrcM8MK/hz2RNAKaD1iVxsQI5BUrZLeVM0ADLQtfRjo6TkD0geALxBtlh/6cNxDx
xQN25KIUFf5H7mP4Njuy2wtimRN3cWyYMAusz9U5QBpQTvfr19Jg4kIuMZ0E7r+6
Dmwj633K5pywRoUfN5denvwWblDxJX/QnfWNE66yJc/IIVmlgQqjACiDfBzVWVdH
fmEX9xGHnbnEwJK/igbnT8u+yIMpAF/9ww==
-----END CERTIFICATE-----
Generated at Tue Jan 2 14:15:01 2024 by rpki-client on console.sobornost.net