Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/TZCGKmzPTXs_vSGpQfxUe8O7Ya8.roa
File: TZCGKmzPTXs_vSGpQfxUe8O7Ya8.roa (raw, json)
Hash identifier: /+HDZNYHdVnpNUIUhIJBsmqKFbJlx77+ONs1GMImRL8=
Subject key identifier: 4D:90:86:2A:6C:CF:4D:7B:3F:BD:21:A9:41:FC:54:7B:C3:BB:61:AF
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018BB8F30900F79015D2B344C777E7B81612
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/TZCGKmzPTXs_vSGpQfxUe8O7Ya8.roa
Signing time: Fri 10 Nov 2023 11:16:57 +0000
ROA not before: Fri 10 Nov 2023 11:16:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12708
IP address blocks: 87.242.128.0/17 maxlen: 24
212.67.96.0/19 maxlen: 24
185.175.48.0/22 maxlen: 24
84.43.0.0/17 maxlen: 24
213.78.0.0/16 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:b8:f3:09:00:f7:90:15:d2:b3:44:c7:77:e7:b8:16:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Nov 10 11:16:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4d90862a6ccf4d7b3fbd21a941fc547bc3bb61af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:89:95:45:90:4b:5e:ce:cb:12:3d:85:54:07:
1c:0b:3a:fd:98:69:fe:1f:d4:f1:69:2c:68:06:d1:
1b:21:2d:ce:26:06:64:12:1b:8c:cb:85:45:54:a9:
52:85:a1:33:95:87:2e:d5:ca:8f:33:90:30:b0:61:
0e:b7:c9:74:43:4d:60:12:48:5b:7c:22:8e:0d:46:
52:72:8c:09:b4:8b:1b:40:aa:6e:6b:2f:30:0c:e6:
8c:6c:33:92:46:7d:69:f3:6f:32:3c:80:15:b7:0a:
ef:d2:27:ed:85:0c:46:1f:a1:f5:8c:11:73:9d:71:
b1:dd:88:2e:3f:2a:fe:23:de:87:10:ce:c5:53:23:
30:98:db:5d:00:ad:9d:eb:81:13:31:69:6e:a2:a7:
1d:78:91:34:44:61:fc:76:0d:92:05:d8:92:57:3f:
9a:b5:0c:5a:51:4f:60:d6:40:3c:df:ee:91:cb:f0:
c2:67:bc:51:61:f3:28:74:73:7d:fd:db:93:b7:80:
6d:00:f1:54:7e:c0:86:77:5a:49:ea:66:6e:e3:aa:
9b:87:cb:2b:a5:02:a7:cf:92:53:d9:ea:a8:4d:0e:
f8:0b:d4:ce:f7:03:2d:a5:84:84:bd:f2:d3:52:ec:
b5:00:a8:85:0a:8a:2c:a8:aa:93:84:ad:a8:04:2d:
62:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:90:86:2A:6C:CF:4D:7B:3F:BD:21:A9:41:FC:54:7B:C3:BB:61:AF
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/TZCGKmzPTXs_vSGpQfxUe8O7Ya8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.43.0.0/17
87.242.128.0/17
185.175.48.0/22
212.67.96.0/19
213.78.0.0/16
Signature Algorithm: sha256WithRSAEncryption
85:25:26:09:87:8d:10:30:26:c5:d2:1d:b9:60:6f:5f:5a:e3:
cd:9c:a5:27:d1:14:67:90:db:ff:09:93:43:df:2e:0c:69:03:
fd:67:84:8b:cf:6a:30:3c:83:4c:4b:50:5b:58:05:23:85:d0:
0b:ab:d9:bf:a6:25:2a:63:98:6a:dc:6a:c3:3b:f6:88:be:e7:
85:6a:52:1b:35:c5:66:dc:bb:ba:44:67:88:e5:5f:52:e2:1b:
63:8e:e9:4b:9f:aa:b0:14:32:75:94:27:c2:2a:5c:4a:eb:b4:
e8:9e:c3:22:c6:69:1d:aa:86:12:6f:bf:0c:ed:e5:80:a9:0e:
5a:80:b6:ad:21:66:b8:13:cd:88:c3:1b:6f:8f:6a:35:c9:ee:
38:16:1d:1b:59:5e:99:05:3d:c8:c0:c2:25:06:6a:bf:60:e3:
9b:eb:2f:e5:72:1e:8d:c5:67:08:21:a2:e6:55:8f:2b:bf:34:
f2:10:14:d5:7e:b3:88:0e:d7:a4:c6:95:b3:29:19:b5:79:dd:
04:bb:da:59:32:ca:76:33:56:24:37:f4:72:45:a4:f5:ae:c7:
74:8f:f5:9e:bb:40:85:d3:be:ce:b8:77:12:db:fd:9d:43:67:
fb:06:a6:aa:17:89:65:46:55:7e:02:14:d8:96:cb:1d:69:2e:
7f:3c:45:c5
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYu48wkA95AV0rNEx3fnuBYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMxMTEwMTExNjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDkwODYyYTZjY2Y0ZDdiM2ZiZDIxYTk0MWZjNTQ3YmMzYmI2MWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYmVRZBLXs7LEj2FVAccCzr9mGn+
H9TxaSxoBtEbIS3OJgZkEhuMy4VFVKlShaEzlYcu1cqPM5AwsGEOt8l0Q01gEkhb
fCKODUZScowJtIsbQKpuay8wDOaMbDOSRn1p828yPIAVtwrv0ifthQxGH6H1jBFz
nXGx3YguPyr+I96HEM7FUyMwmNtdAK2d64ETMWluoqcdeJE0RGH8dg2SBdiSVz+a
tQxaUU9g1kA83+6Ry/DCZ7xRYfModHN9/duTt4BtAPFUfsCGd1pJ6mZu46qbh8sr
pQKnz5JT2eqoTQ74C9TO9wMtpYSEvfLTUuy1AKiFCoosqKqThK2oBC1iEQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFE2Qhipsz017P70hqUH8VHvDu2GvMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvVFpDR0ttelBUWHNfdlNHcFFmeFVlOE83WWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAATAdAwQHVCsAAwQH
V/KAAwQCua8wAwQF1ENgAwMA1U4wDQYJKoZIhvcNAQELBQADggEBAIUlJgmHjRAw
JsXSHblgb19a482cpSfRFGeQ2/8Jk0PfLgxpA/1nhIvPajA8g0xLUFtYBSOF0Aur
2b+mJSpjmGrcasM79oi+54VqUhs1xWbcu7pEZ4jlX1LiG2OO6UufqrAUMnWUJ8Iq
XErrtOiewyLGaR2qhhJvvwzt5YCpDlqAtq0hZrgTzYjDG2+PajXJ7jgWHRtZXpkF
PcjAwiUGar9g45vrL+VyHo3FZwghouZVjyu/NPIQFNV+s4gO16TGlbMpGbV53QS7
2lkyynYzViQ39HJFpPWux3SP9Z67QIXTvs64dxLb/Z1DZ/sGpqoXiWVGVX4CFNiW
yx1pLn88RcU=
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:20:09 2024 by rpki-client on console-ams.rpki-client.org