Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/yNIqd7MhiNg5iQoTqpimftKXBko.roa
File: yNIqd7MhiNg5iQoTqpimftKXBko.roa (raw, json)
Hash identifier: jMEbi2FeqEKNInnVCU3I0auDioXSsEJYQr43hZY/nRg=
Subject key identifier: C8:D2:2A:77:B3:21:88:D8:39:89:0A:13:AA:98:A6:7E:D2:97:06:4A
Certificate issuer: /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial: 018BD1DBAEDDA5A9E460F547BE5D2A5B79E9
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/yNIqd7MhiNg5iQoTqpimftKXBko.roa
Signing time: Wed 15 Nov 2023 07:21:57 +0000
ROA not before: Wed 15 Nov 2023 07:21:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209420
IP address blocks: 192.145.17.0/24 maxlen: 24
192.145.16.0/23 maxlen: 23
192.145.16.0/24 maxlen: 24
192.145.18.0/24 maxlen: 24
152.89.133.0/24 maxlen: 24
31.207.68.0/24 maxlen: 24
31.207.66.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d1:db:ae:dd:a5:a9:e4:60:f5:47:be:5d:2a:5b:79:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Validity
Not Before: Nov 15 07:21:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c8d22a77b32188d839890a13aa98a67ed297064a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:cd:15:ea:b0:56:57:d3:88:6e:96:55:a7:87:
48:81:bc:02:73:b9:75:88:b6:10:ed:ea:77:76:4d:
33:de:f3:c5:52:33:0e:fa:d9:17:1d:55:59:e8:7c:
2f:77:42:1c:31:4f:1e:83:87:a2:53:57:29:d3:c8:
45:a0:f7:73:dc:3b:81:e7:0a:85:cf:97:13:dc:50:
e2:83:11:de:77:9a:34:1a:af:f8:80:d6:f9:58:c5:
13:36:94:94:1a:2f:59:39:f6:3c:a1:73:29:91:9b:
78:2e:6b:33:bc:26:9c:81:f5:83:26:ae:6c:ad:6a:
3a:cb:90:9e:9d:0c:e5:64:6f:d8:f3:36:f6:a2:7e:
72:24:96:b1:0c:69:d0:fb:db:3a:16:5d:d2:88:56:
f7:43:9d:1e:94:7d:44:19:8e:dd:75:d4:1d:81:4b:
eb:b2:a4:18:e2:b5:ce:9e:ed:52:a8:78:84:4e:b7:
f7:f6:f4:33:e9:2f:4f:4d:a0:48:53:29:75:c6:8c:
ca:c8:db:54:4f:02:7d:89:41:79:42:d4:00:1c:a6:
f0:aa:95:7f:a2:b5:f7:02:ba:16:8e:62:29:91:5a:
4e:8e:95:a6:21:12:b1:91:78:bc:c0:e6:4b:f8:de:
8e:20:9e:d0:6d:6e:17:42:61:7c:98:ab:43:66:4d:
09:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:D2:2A:77:B3:21:88:D8:39:89:0A:13:AA:98:A6:7E:D2:97:06:4A
X509v3 Authority Key Identifier:
keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/yNIqd7MhiNg5iQoTqpimftKXBko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.207.66.0/24
31.207.68.0/24
152.89.133.0/24
192.145.16.0-192.145.18.255
Signature Algorithm: sha256WithRSAEncryption
5f:13:bd:1c:14:8d:06:a9:11:0c:30:dc:13:89:c6:32:c5:cc:
f6:a8:a3:83:86:9b:91:df:5c:fb:59:c3:3d:17:d6:57:96:e1:
6f:13:81:85:59:30:2c:7b:eb:25:84:97:8f:e7:d4:82:32:7c:
6f:e9:f8:e1:8d:60:a8:24:10:3d:2d:74:a4:fa:f9:9e:a3:08:
64:f3:7c:fc:02:ed:36:16:84:7a:2e:18:e4:29:f0:d2:39:6e:
0e:5c:33:bc:5c:d9:f7:78:6e:b1:a8:c2:64:05:dc:2a:fa:8e:
f4:04:2a:c6:a4:f0:4f:ff:7b:1d:4b:af:6f:c6:72:34:c1:61:
28:32:3a:c9:42:42:53:8a:f7:1e:ad:b3:ad:e8:7d:70:42:89:
be:1a:e1:10:6f:13:20:8d:50:f3:5f:3c:94:94:7a:d9:dd:1e:
ee:56:7c:38:29:ff:23:3b:b8:9a:88:6e:ef:38:8d:6c:58:36:
22:93:bc:a8:dc:ce:7d:fd:21:90:0c:90:6a:67:d7:d0:b3:8f:
d0:eb:d6:78:c0:66:66:b0:b6:30:75:dd:1e:e3:cc:aa:af:28:
56:24:40:cc:e2:3a:6f:6c:2e:98:ec:4d:df:15:25:4e:50:4d:
47:c5:4c:15:11:73:d3:d1:04:6f:14:20:18:44:5d:74:ae:b9:
11:bd:08:90
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYvR267dpankYPVHvl0qW3npMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjMxMTE1MDcyMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQyMmE3N2IzMjE4OGQ4Mzk4OTBhMTNhYTk4YTY3ZWQyOTcwNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM0V6rBWV9OIbpZVp4dIgbwCc7l1
iLYQ7ep3dk0z3vPFUjMO+tkXHVVZ6Hwvd0IcMU8eg4eiU1cp08hFoPdz3DuB5wqF
z5cT3FDigxHed5o0Gq/4gNb5WMUTNpSUGi9ZOfY8oXMpkZt4LmszvCacgfWDJq5s
rWo6y5CenQzlZG/Y8zb2on5yJJaxDGnQ+9s6Fl3SiFb3Q50elH1EGY7dddQdgUvr
sqQY4rXOnu1SqHiETrf39vQz6S9PTaBIUyl1xozKyNtUTwJ9iUF5QtQAHKbwqpV/
orX3AroWjmIpkVpOjpWmIRKxkXi8wOZL+N6OIJ7QbW4XQmF8mKtDZk0JFQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFMjSKnezIYjYOYkKE6qYpn7SlwZKMB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEveU5JcWQ3TWhpTmc1aVFvVHFwaW1mdEtYQmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAH89CAwQA
H89EAwQAmFmFMAwDBATAkRADBADAkRIwDQYJKoZIhvcNAQELBQADggEBAF8TvRwU
jQapEQww3BOJxjLFzPaoo4OGm5HfXPtZwz0X1leW4W8TgYVZMCx76yWEl4/n1IIy
fG/p+OGNYKgkED0tdKT6+Z6jCGTzfPwC7TYWhHouGOQp8NI5bg5cM7xc2fd4brGo
wmQF3Cr6jvQEKsak8E//ex1Lr2/GcjTBYSgyOslCQlOK9x6ts63ofXBCib4a4RBv
EyCNUPNfPJSUetndHu5WfDgp/yM7uJqIbu84jWxYNiKTvKjczn39IZAMkGpn19Cz
j9Dr1njAZmawtjB13R7jzKqvKFYkQMziOm9sLpjsTd8VJU5QTUfFTBURc9PRBG8U
IBhEXXSuuRG9CJA=
-----END CERTIFICATE-----
Generated at Mon Jan 1 06:30:57 2024 by rpki-client on console-fra.rpki-client.org