Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f78937-aed3-4b6f-aa2d-c832ed7d5fec/1/XTXHK8D55dfCxhzv9EEPDrKrR8A.roa
File: XTXHK8D55dfCxhzv9EEPDrKrR8A.roa (raw, json)
Hash identifier: SX1OzHIlDOYCtsIE7WXkCP5E5KnnD6/vvmBbv3BhUFI=
Subject key identifier: 5D:35:C7:2B:C0:F9:E5:D7:C2:C6:1C:EF:F4:41:0F:0E:B2:AB:47:C0
Certificate issuer: /CN=e98e202381c1c88d82f3b70f3be068a1aa372b9d
Certificate serial: 0186B60D75DC3C8648D5B06C1E50AB0D0484
Authority key identifier: E9:8E:20:23:81:C1:C8:8D:82:F3:B7:0F:3B:E0:68:A1:AA:37:2B:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6Y4gI4HByI2C87cPO-Booao3K50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/f78937-aed3-4b6f-aa2d-c832ed7d5fec/1/XTXHK8D55dfCxhzv9EEPDrKrR8A.roa
Signing time: Mon 06 Mar 2023 08:33:00 +0000
ROA not before: Mon 06 Mar 2023 08:33:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201076
IP address blocks: 188.64.209.0/24 maxlen: 24
188.64.210.0/24 maxlen: 24
188.64.211.0/24 maxlen: 24
188.64.208.0/24 maxlen: 24
141.226.248.0/24 maxlen: 24
2a07:e7c0:2::/48 maxlen: 48
2a07:e7c0::/48 maxlen: 48
2a07:e7c0:1000::/48 maxlen: 48
2a07:e7c0:3::/48 maxlen: 48
2a07:e7c0:1::/48 maxlen: 48
2a07:e7c0:147::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b6:0d:75:dc:3c:86:48:d5:b0:6c:1e:50:ab:0d:04:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e98e202381c1c88d82f3b70f3be068a1aa372b9d
Validity
Not Before: Mar 6 08:33:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d35c72bc0f9e5d7c2c61ceff4410f0eb2ab47c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:5b:40:59:b7:8e:0a:6f:50:ad:18:b6:07:06:
6d:0e:43:93:df:59:a5:81:22:d4:b0:37:ec:5d:e2:
d3:b5:a5:80:99:fb:57:97:e4:de:af:62:ef:75:dc:
f7:d3:04:b6:6c:b9:08:40:1d:24:71:94:fe:94:a0:
b5:77:88:67:8f:58:75:c2:ac:9d:10:2d:52:0e:8e:
7a:a4:20:4c:84:6a:a7:76:77:fe:79:7f:de:f1:ff:
00:84:5a:ef:cf:66:97:fa:a1:3c:28:96:be:af:c4:
1a:98:ea:5a:a0:9b:fb:fe:88:65:34:55:ec:81:98:
fd:1f:58:40:28:be:6f:4a:08:b7:62:fb:eb:4f:07:
4a:1a:df:34:b9:24:f5:e4:5b:04:30:25:d4:2b:f6:
6b:a9:b2:b0:5b:34:86:f6:f9:e9:30:87:36:ee:00:
84:b6:5f:ab:33:57:9a:37:d5:fc:a6:d0:92:85:5d:
8a:7d:c9:c3:73:cc:5b:df:26:51:0e:06:c5:61:69:
cd:b5:5e:4c:69:04:56:fd:70:df:92:f5:63:09:e7:
ba:d5:d4:32:5a:78:04:12:02:c3:d5:7c:b8:1a:a6:
3c:4f:b8:77:75:88:fb:0e:9a:79:e6:a4:f2:05:e1:
7a:54:44:0b:8f:60:48:fe:cc:a6:c7:e8:bf:56:c2:
94:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:35:C7:2B:C0:F9:E5:D7:C2:C6:1C:EF:F4:41:0F:0E:B2:AB:47:C0
X509v3 Authority Key Identifier:
keyid:E9:8E:20:23:81:C1:C8:8D:82:F3:B7:0F:3B:E0:68:A1:AA:37:2B:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Y4gI4HByI2C87cPO-Booao3K50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f78937-aed3-4b6f-aa2d-c832ed7d5fec/1/XTXHK8D55dfCxhzv9EEPDrKrR8A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f78937-aed3-4b6f-aa2d-c832ed7d5fec/1/6Y4gI4HByI2C87cPO-Booao3K50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.226.248.0/24
188.64.208.0/22
IPv6:
2a07:e7c0::/46
2a07:e7c0:147::/48
2a07:e7c0:1000::/48
Signature Algorithm: sha256WithRSAEncryption
7a:37:9c:e6:9a:8c:c8:1e:2a:fa:ed:53:9f:8f:b1:97:d8:03:
85:df:fa:0f:96:28:56:e1:5d:8f:7b:3b:43:e5:2a:c0:b9:1f:
69:e1:02:49:5e:d5:80:ae:f9:07:e8:d4:b2:6e:9e:bf:31:19:
d9:e2:45:ab:03:a7:93:e6:f9:82:f7:07:1f:20:50:76:5f:41:
6a:c8:84:70:92:c1:31:68:29:c0:67:57:48:85:44:6d:31:47:
b9:21:1f:f5:b4:46:a4:5e:2d:90:21:ca:27:d2:f2:5a:84:ee:
d3:4e:90:26:ff:dc:b8:ba:a2:fe:ea:c3:f7:2f:e0:06:33:06:
fb:d7:43:38:b5:64:52:e3:4b:69:84:32:af:4e:74:9e:51:b8:
a2:15:57:c5:5e:91:f4:f8:26:31:62:b9:0a:5e:ef:29:46:ad:
64:56:3a:f6:dc:0f:e2:98:40:54:7b:1a:3d:d6:7f:e3:59:2a:
53:51:81:fb:17:b6:19:f4:06:5d:aa:c5:3e:92:e2:b6:d4:2c:
83:5c:a3:e7:32:fc:d0:42:ea:df:c2:89:3c:7b:d5:2a:dd:b2:
bb:eb:5b:35:15:70:66:7c:8f:21:cc:eb:9b:f6:06:22:60:21:
44:eb:f5:a1:55:a0:86:26:03:3d:79:7b:9e:f2:44:70:2f:d0:
a2:be:b6:a9
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYa2DXXcPIZI1bBsHlCrDQSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5OGUyMDIzODFjMWM4OGQ4MmYzYjcwZjNiZTA2OGExYWEz
NzJiOWQwHhcNMjMwMzA2MDgzMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM1YzcyYmMwZjllNWQ3YzJjNjFjZWZmNDQxMGYwZWIyYWI0N2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1tAWbeOCm9QrRi2BwZtDkOT31ml
gSLUsDfsXeLTtaWAmftXl+Ter2Lvddz30wS2bLkIQB0kcZT+lKC1d4hnj1h1wqyd
EC1SDo56pCBMhGqndnf+eX/e8f8AhFrvz2aX+qE8KJa+r8QamOpaoJv7/ohlNFXs
gZj9H1hAKL5vSgi3YvvrTwdKGt80uST15FsEMCXUK/ZrqbKwWzSG9vnpMIc27gCE
tl+rM1eaN9X8ptCShV2KfcnDc8xb3yZRDgbFYWnNtV5MaQRW/XDfkvVjCee61dQy
WngEEgLD1Xy4GqY8T7h3dYj7Dpp55qTyBeF6VEQLj2BI/symx+i/VsKUfQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFF01xyvA+eXXwsYc7/RBDw6yq0fAMB8GA1UdIwQY
MBaAFOmOICOBwciNgvO3DzvgaKGqNyudMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlk0Z0k0SEJ5STJDODdjUE8tQm9vYW8zSzUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mNzg5MzctYWVkMy00YjZmLWFhMmQt
YzgzMmVkN2Q1ZmVjLzEvWFRYSEs4RDU1ZGZDeGh6djlFRVBEcktyUjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mNzg5MzctYWVkMy00YjZmLWFhMmQtYzgzMmVkN2Q1ZmVj
LzEvNlk0Z0k0SEJ5STJDODdjUE8tQm9vYW8zSzUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQAjeL4AwQC
vEDQMCEEAgACMBsDBwIqB+fAAAADBwAqB+fAAUcDBwAqB+fAEAAwDQYJKoZIhvcN
AQELBQADggEBAHo3nOaajMgeKvrtU5+PsZfYA4Xf+g+WKFbhXY97O0PlKsC5H2nh
Akle1YCu+Qfo1LJunr8xGdniRasDp5Pm+YL3Bx8gUHZfQWrIhHCSwTFoKcBnV0iF
RG0xR7khH/W0RqReLZAhyifS8lqE7tNOkCb/3Li6ov7qw/cv4AYzBvvXQzi1ZFLj
S2mEMq9OdJ5RuKIVV8VekfT4JjFiuQpe7ylGrWRWOvbcD+KYQFR7Gj3Wf+NZKlNR
gfsXthn0Bl2qxT6S4rbULINco+cy/NBC6t/CiTx71SrdsrvrWzUVcGZ8jyHM65v2
BiJgIUTr9aFVoIYmAz15e57yRHAv0KK+tqk=
-----END CERTIFICATE-----
Generated at Tue Jan 2 16:34:53 2024 by rpki-client on console.sobornost.net