Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/tCAcyu1P0uxAfdClrAGCq5jn3iQ.roa
File: tCAcyu1P0uxAfdClrAGCq5jn3iQ.roa (raw, json)
Hash identifier: hw1YhlO5fpetg+U2rGMsQgsJtwhUfdIqlYY9K9vBqYg=
Subject key identifier: B4:20:1C:CA:ED:4F:D2:EC:40:7D:D0:A5:AC:01:82:AB:98:E7:DE:24
Certificate issuer: /CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Certificate serial: 018CC6B905EA5E78AFACDE39BEB0EDB36BBA
Authority key identifier: 96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/tCAcyu1P0uxAfdClrAGCq5jn3iQ.roa
Signing time: Mon 01 Jan 2024 20:31:03 +0000
ROA not before: Mon 01 Jan 2024 20:31:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 40975
IP address blocks: 86.107.192.0/24 maxlen: 24
185.84.64.0/23 maxlen: 23
185.84.66.0/24 maxlen: 24
89.35.6.0/23 maxlen: 23
217.19.14.0/23 maxlen: 23
86.104.254.0/23 maxlen: 23
2a03:6fe0::/32 maxlen: 32
2a03:6fe0::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 04 Mar 2024 17:38:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b9:05:ea:5e:78:af:ac:de:39:be:b0:ed:b3:6b:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=962ae3463938b26f83b76f0c4df81dfabb15a4eb
Validity
Not Before: Jan 1 20:31:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b4201ccaed4fd2ec407dd0a5ac0182ab98e7de24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:76:70:d3:48:3e:7d:a5:fe:6a:49:21:97:89:
9d:63:35:8c:ae:ea:f0:c8:58:63:a6:93:be:be:d3:
0c:2e:45:35:42:a7:c4:76:b8:8e:5d:4a:db:a0:b8:
7e:0e:6f:c5:bc:22:50:87:64:f9:b0:af:34:b5:a0:
b5:8c:9d:a8:49:34:20:86:dc:1f:97:0b:f6:3b:f2:
41:61:d7:87:07:50:59:85:f0:10:4f:8d:45:21:a5:
24:81:e1:05:13:ff:c1:ed:c4:7e:70:7a:38:06:f3:
8f:e7:43:d3:7e:31:3d:f9:e2:ef:57:a9:58:c4:06:
c0:42:78:f9:3d:b7:07:84:be:86:a2:65:cb:c4:2a:
62:ab:6c:3d:12:18:c0:37:dc:60:15:9c:6e:be:e1:
83:b4:d7:4e:9a:11:3f:03:9c:d9:df:64:25:15:05:
4e:8b:22:f2:0b:1a:53:9e:c0:ff:97:c3:4f:8e:cf:
21:d1:7c:c5:2f:e3:ce:e0:50:8d:cb:df:7f:09:d6:
7c:cc:0d:b1:60:36:e8:3a:85:96:e9:ad:29:95:8d:
63:77:1b:a6:c4:7d:41:f4:af:8e:83:49:e0:83:1c:
fb:d7:49:7d:8e:a9:e2:0e:88:12:f6:fd:97:ab:7c:
b5:56:34:60:7b:b7:cb:01:f1:8f:ef:a2:df:e4:b6:
e1:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:20:1C:CA:ED:4F:D2:EC:40:7D:D0:A5:AC:01:82:AB:98:E7:DE:24
X509v3 Authority Key Identifier:
keyid:96:2A:E3:46:39:38:B2:6F:83:B7:6F:0C:4D:F8:1D:FA:BB:15:A4:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lirjRjk4sm-Dt28MTfgd-rsVpOs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/tCAcyu1P0uxAfdClrAGCq5jn3iQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/bb0fc3-d5f9-4bf5-9683-9edf0d17fb91/1/lirjRjk4sm-Dt28MTfgd-rsVpOs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.254.0/23
86.107.192.0/24
89.35.6.0/23
185.84.64.0-185.84.66.255
217.19.14.0/23
IPv6:
2a03:6fe0::/32
Signature Algorithm: sha256WithRSAEncryption
90:a6:19:b4:c2:f6:8b:35:77:9c:54:11:79:b8:d2:bd:dc:5e:
24:32:60:1d:81:4d:11:1b:7c:c7:b6:05:88:f5:21:0d:4c:ca:
3b:3d:fb:10:86:79:36:ed:73:b5:4f:32:6d:93:ae:ff:ce:7f:
1b:8b:03:33:64:a1:10:e2:da:4d:24:3e:a8:1b:15:30:be:45:
d6:65:8c:04:35:b0:9f:97:04:fb:86:72:15:49:88:cb:23:0b:
15:e1:a1:aa:8a:db:0b:4d:52:3b:16:f3:85:23:0e:c7:b5:ee:
02:16:81:22:7e:fc:20:45:b2:fe:70:e7:e3:ce:a7:4a:72:12:
88:dc:c4:b6:ec:eb:fe:06:08:40:4a:3e:6e:e8:c0:2f:c6:e0:
e6:56:83:63:a7:bb:54:97:fd:f4:54:3f:03:88:a3:aa:31:15:
5d:16:3f:c3:ce:2e:54:2d:f6:5b:c3:03:75:21:8a:6a:96:6f:
d1:c1:cd:f6:60:84:41:18:3e:83:f9:17:99:35:c1:30:ee:00:
8b:66:fe:68:67:9e:c9:b9:42:6f:e3:8d:c8:0e:bb:20:e9:d0:
10:71:5d:ef:24:6f:57:e8:42:58:3f:9b:da:66:91:5e:1f:1e:
b7:ab:6f:08:5e:5f:36:5a:23:05:b1:95:c7:f6:8f:b4:63:8e:
70:b1:a9:d6
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYzGuQXqXnivrN45vrDts2u6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MmFlMzQ2MzkzOGIyNmY4M2I3NmYwYzRkZjgxZGZhYmIx
NWE0ZWIwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDIwMWNjYWVkNGZkMmVjNDA3ZGQwYTVhYzAxODJhYjk4ZTdkZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnZw00g+faX+akkhl4mdYzWMrurw
yFhjppO+vtMMLkU1QqfEdriOXUrboLh+Dm/FvCJQh2T5sK80taC1jJ2oSTQghtwf
lwv2O/JBYdeHB1BZhfAQT41FIaUkgeEFE//B7cR+cHo4BvOP50PTfjE9+eLvV6lY
xAbAQnj5PbcHhL6GomXLxCpiq2w9EhjAN9xgFZxuvuGDtNdOmhE/A5zZ32QlFQVO
iyLyCxpTnsD/l8NPjs8h0XzFL+PO4FCNy99/CdZ8zA2xYDboOoWW6a0plY1jdxum
xH1B9K+Og0nggxz710l9jqniDogS9v2Xq3y1VjRge7fLAfGP76Lf5LbhuwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFLQgHMrtT9LsQH3QpawBgquY594kMB8GA1UdIwQY
MBaAFJYq40Y5OLJvg7dvDE34Hfq7FaTrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGlyalJqazRzbS1EdDI4TVRmZ2QtcnNWcE9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iYjBmYzMtZDVmOS00YmY1LTk2ODMt
OWVkZjBkMTdmYjkxLzEvdENBY3l1MVAwdXhBZmRDbHJBR0NxNWpuM2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iYjBmYzMtZDVmOS00YmY1LTk2ODMtOWVkZjBkMTdmYjkx
LzEvbGlyalJqazRzbS1EdDI4TVRmZ2QtcnNWcE9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQBVmj+AwQA
VmvAAwQBWSMGMAwDBAa5VEADBAC5VEIDBAHZEw4wDQQCAAIwBwMFACoDb+AwDQYJ
KoZIhvcNAQELBQADggEBAJCmGbTC9os1d5xUEXm40r3cXiQyYB2BTREbfMe2BYj1
IQ1Myjs9+xCGeTbtc7VPMm2Trv/OfxuLAzNkoRDi2k0kPqgbFTC+RdZljAQ1sJ+X
BPuGchVJiMsjCxXhoaqK2wtNUjsW84UjDse17gIWgSJ+/CBFsv5w5+POp0pyEojc
xLbs6/4GCEBKPm7owC/G4OZWg2Onu1SX/fRUPwOIo6oxFV0WP8POLlQt9lvDA3Uh
imqWb9HBzfZghEEYPoP5F5k1wTDuAItm/mhnnsm5Qm/jjcgOuyDp0BBxXe8kb1fo
Qlg/m9pmkV4fHrerbwheXzZaIwWxlcf2j7RjjnCxqdY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:41 2024 by rpki-client on console-fra.rpki-client.org