Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/ynBDQ40Fk5I_75uJPEmAlHSRmTQ.roa
File: ynBDQ40Fk5I_75uJPEmAlHSRmTQ.roa (raw, json)
Hash identifier: uNrGscEdty+kDJcojEEazM/bWX6lz37LL425/kikde8=
Subject key identifier: CA:70:43:43:8D:05:93:92:3F:EF:9B:89:3C:49:80:94:74:91:99:34
Certificate issuer: /CN=68ddbef7f1cdd8ad127160f20ea0a3f6b73fa4a2
Certificate serial: 01881FE6A63DDC75D0A42123E5D15BF340C4
Authority key identifier: 68:DD:BE:F7:F1:CD:D8:AD:12:71:60:F2:0E:A0:A3:F6:B7:3F:A4:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/ynBDQ40Fk5I_75uJPEmAlHSRmTQ.roa
Signing time: Mon 15 May 2023 14:53:09 +0000
ROA not before: Mon 15 May 2023 14:53:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200555
IP address blocks: 2.58.188.0/22 maxlen: 24
185.58.208.0/22 maxlen: 24
194.146.99.0/24 maxlen: 24
31.14.60.0/22 maxlen: 24
194.146.55.0/24 maxlen: 24
194.146.63.0/24 maxlen: 24
194.146.70.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 14 Jun 2023 10:17:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1f:e6:a6:3d:dc:75:d0:a4:21:23:e5:d1:5b:f3:40:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68ddbef7f1cdd8ad127160f20ea0a3f6b73fa4a2
Validity
Not Before: May 15 14:53:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca7043438d0593923fef9b893c49809474919934
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:f8:17:cb:23:58:3f:79:f4:0a:fd:2f:c1:3b:
01:a6:52:f4:ac:ff:26:8c:c0:63:7b:09:af:fa:4e:
a2:10:21:fe:8d:91:7c:15:e7:75:20:6b:0a:ba:a8:
d1:5c:f9:1e:d5:4b:9f:a4:08:fd:e3:9d:d8:cf:73:
4f:38:82:71:fc:81:2a:6e:89:87:29:0e:ab:3d:2c:
29:0c:65:9f:14:36:01:e3:87:60:49:55:19:cc:97:
7e:54:3f:c2:fd:25:08:06:14:8d:0f:a7:41:98:b9:
cf:ed:b6:c5:a4:ca:3a:62:ba:60:f7:20:98:3f:bc:
b3:17:3c:0a:74:97:85:13:c6:3c:35:0d:e3:94:9f:
e6:45:26:f4:1c:43:a5:60:f6:1f:47:23:1b:bd:92:
84:a2:e8:71:c7:8f:e7:26:df:c9:24:23:1f:51:b2:
02:2b:3e:5c:63:4a:55:a5:da:24:29:95:b4:b6:1c:
8a:19:cb:44:4d:80:a7:75:cd:2e:57:1f:8c:64:b1:
ce:a0:00:cd:c8:cd:e3:f4:65:13:1a:3f:12:ad:b2:
5e:e7:b1:c0:d1:08:37:f2:7e:3e:2f:f4:02:5e:68:
c1:c7:cf:2d:7b:d3:44:4c:2f:d1:61:77:dd:cd:4c:
67:1f:63:56:c5:2e:61:8a:dc:5f:df:f3:f3:19:46:
c4:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:70:43:43:8D:05:93:92:3F:EF:9B:89:3C:49:80:94:74:91:99:34
X509v3 Authority Key Identifier:
keyid:68:DD:BE:F7:F1:CD:D8:AD:12:71:60:F2:0E:A0:A3:F6:B7:3F:A4:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/ynBDQ40Fk5I_75uJPEmAlHSRmTQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/aN2-9_HN2K0ScWDyDqCj9rc_pKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.188.0/22
31.14.60.0/22
185.58.208.0/22
194.146.55.0/24
194.146.63.0/24
194.146.70.0/24
194.146.99.0/24
Signature Algorithm: sha256WithRSAEncryption
27:3c:d1:b6:01:0f:59:ba:54:af:9a:43:64:4d:81:c9:fd:3b:
fa:6c:bc:1b:b0:6c:69:f4:72:d9:80:01:68:39:74:20:77:13:
32:fc:b1:9f:c7:5d:31:ec:72:94:f7:27:2f:aa:98:19:84:70:
53:e6:33:8e:88:ac:8d:1e:6e:ca:7b:99:03:20:a9:94:40:5e:
10:1c:5c:1f:82:cc:91:32:51:70:b6:1b:10:46:00:a9:4b:1c:
e9:6b:0c:ab:5c:89:cc:e7:47:ac:c9:61:69:3f:18:4e:e1:65:
e3:ac:51:99:e9:24:e6:fe:87:c8:8b:04:75:6e:b9:b8:e8:76:
bb:21:d8:9a:c3:18:35:77:a6:0e:0c:2c:a5:c6:82:a0:a1:60:
11:4c:ad:ee:59:20:a1:0e:51:29:8b:20:5a:51:79:d9:41:05:
2d:ed:9a:50:f7:e5:d2:3a:6f:97:60:df:59:c0:08:db:7d:d6:
f2:00:38:17:41:8a:1f:2c:04:38:c7:b0:40:7d:eb:be:99:03:
7a:28:fb:76:7f:9e:1d:13:4d:1a:d6:7d:b5:cf:35:ce:b7:16:
22:b7:61:56:46:ee:e5:48:27:ad:35:8c:06:92:df:ef:ab:b8:
21:aa:b3:c8:99:e2:14:6a:cf:2d:b3:c8:f6:08:dd:61:f6:f3:
d4:d6:e4:25
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYgf5qY93HXQpCEj5dFb80DEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZGRiZWY3ZjFjZGQ4YWQxMjcxNjBmMjBlYTBhM2Y2Yjcz
ZmE0YTIwHhcNMjMwNTE1MTQ1MzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcwNDM0MzhkMDU5MzkyM2ZlZjliODkzYzQ5ODA5NDc0OTE5OTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPgXyyNYP3n0Cv0vwTsBplL0rP8m
jMBjewmv+k6iECH+jZF8Fed1IGsKuqjRXPke1UufpAj9453Yz3NPOIJx/IEqbomH
KQ6rPSwpDGWfFDYB44dgSVUZzJd+VD/C/SUIBhSND6dBmLnP7bbFpMo6Yrpg9yCY
P7yzFzwKdJeFE8Y8NQ3jlJ/mRSb0HEOlYPYfRyMbvZKEouhxx4/nJt/JJCMfUbIC
Kz5cY0pVpdokKZW0thyKGctETYCndc0uVx+MZLHOoADNyM3j9GUTGj8SrbJe57HA
0Qg38n4+L/QCXmjBx88te9NETC/RYXfdzUxnH2NWxS5hitxf3/PzGUbEfQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMpwQ0ONBZOSP++biTxJgJR0kZk0MB8GA1UdIwQY
MBaAFGjdvvfxzditEnFg8g6go/a3P6SiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU4yLTlfSE4ySzBTY1dEeURxQ2o5cmNfcEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mMDMzZjEtMmY1ZC00NmQxLTkxOTQt
NjNmMzAxODg5NDg2LzEveW5CRFE0MEZrNUlfNzV1SlBFbUFsSFNSbVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mMDMzZjEtMmY1ZC00NmQxLTkxOTQtNjNmMzAxODg5NDg2
LzEvYU4yLTlfSE4ySzBTY1dEeURxQ2o5cmNfcEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCAjq8AwQC
Hw48AwQCuTrQAwQAwpI3AwQAwpI/AwQAwpJGAwQAwpJjMA0GCSqGSIb3DQEBCwUA
A4IBAQAnPNG2AQ9ZulSvmkNkTYHJ/Tv6bLwbsGxp9HLZgAFoOXQgdxMy/LGfx10x
7HKU9ycvqpgZhHBT5jOOiKyNHm7Ke5kDIKmUQF4QHFwfgsyRMlFwthsQRgCpSxzp
awyrXInM50esyWFpPxhO4WXjrFGZ6STm/ofIiwR1brm46Ha7Idiawxg1d6YODCyl
xoKgoWARTK3uWSChDlEpiyBaUXnZQQUt7ZpQ9+XSOm+XYN9ZwAjbfdbyADgXQYof
LAQ4x7BAfeu+mQN6KPt2f54dE00a1n21zzXOtxYit2FWRu7lSCetNYwGkt/vq7gh
qrPImeIUas8ts8j2CN1h9vPU1uQl
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:15 2024 by rpki-client on console-ams.rpki-client.org