Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/y0FHjmn5VErEcEflZLLN6kPZixA.roa
File: y0FHjmn5VErEcEflZLLN6kPZixA.roa (raw, json)
Hash identifier: UdTPHy/JiC98QYhDeqOxbuZ4ve00i1tVeWcp2SMLfdQ=
Subject key identifier: CB:41:47:8E:69:F9:54:4A:C4:70:47:E5:64:B2:CD:EA:43:D9:8B:10
Certificate issuer: /CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
Certificate serial: 01887116FDC16CEE02947EC293FD9698E14C
Authority key identifier: 8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/y0FHjmn5VErEcEflZLLN6kPZixA.roa
Signing time: Wed 31 May 2023 09:15:12 +0000
ROA not before: Wed 31 May 2023 09:15:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203501
IP address blocks: 45.91.44.0/22 maxlen: 24
194.113.27.0/24 maxlen: 24
194.113.26.0/24 maxlen: 24
89.37.88.0/22 maxlen: 24
45.86.116.0/22 maxlen: 24
45.87.199.0/24 maxlen: 24
45.87.198.0/24 maxlen: 24
45.87.197.0/24 maxlen: 24
45.87.196.0/24 maxlen: 24
2a02:7040:ff00::/40 maxlen: 48
Validation: Failed, certificate revoked on Wed 31 May 2023 13:24:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:71:16:fd:c1:6c:ee:02:94:7e:c2:93:fd:96:98:e1:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
Validity
Not Before: May 31 09:15:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cb41478e69f9544ac47047e564b2cdea43d98b10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:53:2c:aa:f7:7f:9f:b7:02:22:0e:09:2b:71:
f5:a0:6f:d2:37:92:82:76:26:51:fd:e6:7e:c3:39:
c3:c3:9a:04:d4:8a:cf:65:be:04:c4:8e:5e:b2:2c:
42:fe:b0:7b:7c:6c:dc:c4:d5:fb:ba:3b:ec:90:8d:
0e:c4:05:a1:4b:49:52:2b:30:94:b2:7c:6c:49:21:
a3:d2:00:d5:80:81:1e:77:98:df:ad:07:cb:14:b3:
2d:74:75:5d:d3:b9:d0:2a:90:10:0b:a7:f5:76:56:
48:8b:bb:84:c4:d3:6a:a2:1c:11:bd:56:28:b3:e5:
6f:58:1b:08:e1:42:84:6d:6a:01:3b:9b:74:40:00:
fc:e3:c6:f8:cd:c1:41:65:d0:dd:f1:80:38:50:63:
4c:20:fb:6f:b9:fd:5c:1c:c5:9c:8c:ba:0e:d9:3e:
75:be:d9:39:85:16:f9:7b:d1:6b:c0:f0:6d:03:58:
f4:c0:36:98:90:83:b6:b1:65:3f:b5:a9:ca:8b:8d:
ee:49:27:36:3d:d2:d3:12:89:05:11:c3:46:24:b3:
53:ba:c9:2b:5e:40:03:38:0d:95:e2:15:67:00:c8:
75:f2:77:0f:59:21:97:53:b5:28:df:62:49:16:55:
32:e7:b7:bd:da:ca:5f:b2:3d:ed:cc:e1:e3:30:cf:
51:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:41:47:8E:69:F9:54:4A:C4:70:47:E5:64:B2:CD:EA:43:D9:8B:10
X509v3 Authority Key Identifier:
keyid:8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/y0FHjmn5VErEcEflZLLN6kPZixA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.116.0/22
45.87.196.0/22
45.91.44.0/22
89.37.88.0/22
194.113.26.0/23
IPv6:
2a02:7040:ff00::/40
Signature Algorithm: sha256WithRSAEncryption
54:5b:64:fd:9b:c6:61:9d:a0:4e:a8:78:16:d0:a3:0b:98:5c:
ae:bc:bc:a8:a8:ea:02:ef:9a:f4:e6:49:75:2d:31:33:91:fc:
33:bb:e2:7f:bf:cb:06:0e:26:1a:68:70:93:27:22:ab:cf:26:
00:e9:d1:5c:de:7b:d2:d5:fb:95:91:02:bf:99:29:b9:cb:e6:
ca:d1:0e:3a:d5:fe:19:e9:1b:92:eb:6e:c0:42:cf:2a:27:5d:
42:a5:43:68:39:cd:4a:c8:7c:84:93:44:7c:a3:84:dc:a3:e5:
e1:6a:92:f5:a7:c6:58:4f:b7:01:7d:61:ea:bf:05:71:42:20:
e3:1c:b9:da:42:b5:d3:13:82:ae:74:84:db:04:fc:81:4a:fb:
9a:25:78:a6:2d:bf:89:ac:bf:5d:c8:d9:64:b1:17:8b:a2:0a:
e5:7d:ac:9d:e6:99:ac:19:ab:41:eb:8b:9a:9c:b7:1a:e8:40:
67:0f:41:04:ee:eb:f9:d3:48:8c:88:db:d8:ea:0c:d7:5c:9e:
07:64:4b:7d:95:4f:fd:bc:6c:60:08:51:cc:d8:b7:2e:dc:20:
83:b0:e6:83:a6:ca:9d:29:97:7e:65:fb:4b:fe:ef:d9:06:7e:
5a:37:7e:09:81:80:87:ab:e4:cb:06:f5:8e:cf:f2:fa:38:e6:
02:d7:18:46
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYhxFv3BbO4ClH7Ck/2WmOFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiN2Y4MWE2ZTc4MmUyMTExODljNGYzNGU0NTliNDIyNmM3
NWY0YTYwHhcNMjMwNTMxMDkxNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjQxNDc4ZTY5Zjk1NDRhYzQ3MDQ3ZTU2NGIyY2RlYTQzZDk4YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVMsqvd/n7cCIg4JK3H1oG/SN5KC
diZR/eZ+wznDw5oE1IrPZb4ExI5esixC/rB7fGzcxNX7ujvskI0OxAWhS0lSKzCU
snxsSSGj0gDVgIEed5jfrQfLFLMtdHVd07nQKpAQC6f1dlZIi7uExNNqohwRvVYo
s+VvWBsI4UKEbWoBO5t0QAD848b4zcFBZdDd8YA4UGNMIPtvuf1cHMWcjLoO2T51
vtk5hRb5e9FrwPBtA1j0wDaYkIO2sWU/tanKi43uSSc2PdLTEokFEcNGJLNTuskr
XkADOA2V4hVnAMh18ncPWSGXU7Uo32JJFlUy57e92spfsj3tzOHjMM9R2wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFMtBR45p+VRKxHBH5WSyzepD2YsQMB8GA1UdIwQY
MBaAFIt/gabnguIRGJxPNORZtCJsdfSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUt
ZjJmNDI2ZWZlMDM5LzEveTBGSGptbjVWRXJFY0VmbFpMTE42a1BaaXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUtZjJmNDI2ZWZlMDM5
LzEvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQCLVZ0AwQC
LVfEAwQCLVssAwQCWSVYAwQBwnEaMA4EAgACMAgDBgAqAnBA/zANBgkqhkiG9w0B
AQsFAAOCAQEAVFtk/ZvGYZ2gTqh4FtCjC5hcrry8qKjqAu+a9OZJdS0xM5H8M7vi
f7/LBg4mGmhwkyciq88mAOnRXN570tX7lZECv5kpucvmytEOOtX+GekbkutuwELP
KiddQqVDaDnNSsh8hJNEfKOE3KPl4WqS9afGWE+3AX1h6r8FcUIg4xy52kK10xOC
rnSE2wT8gUr7miV4pi2/iay/XcjZZLEXi6IK5X2sneaZrBmrQeuLmpy3GuhAZw9B
BO7r+dNIjIjb2OoM11yeB2RLfZVP/bxsYAhRzNi3Ltwgg7Dmg6bKnSmXfmX7S/7v
2QZ+Wjd+CYGAh6vkywb1js/y+jjmAtcYRg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:53 2024 by rpki-client on console-ams.rpki-client.org