Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/YPQU-3qwY6DOW_4HT7svDHCbZMA.roa
File: YPQU-3qwY6DOW_4HT7svDHCbZMA.roa (raw, json)
Hash identifier: G/hTKQ5Kk/0ApVunFkNQwIid1LB2D3Zy5iMYI0GC/QQ=
Subject key identifier: 60:F4:14:FB:7A:B0:63:A0:CE:5B:FE:07:4F:BB:2F:0C:70:9B:64:C0
Certificate issuer: /CN=284e5eb112e13a42703dbb387ba577a2e793ac3a
Certificate serial: 018CC8DD366311B984FA9B774A7497997F05
Authority key identifier: 28:4E:5E:B1:12:E1:3A:42:70:3D:BB:38:7B:A5:77:A2:E7:93:AC:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KE5esRLhOkJwPbs4e6V3oueTrDo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/YPQU-3qwY6DOW_4HT7svDHCbZMA.roa
Signing time: Tue 02 Jan 2024 06:29:49 +0000
ROA not before: Tue 02 Jan 2024 06:29:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60475
IP address blocks: 5.253.196.0/24 maxlen: 24
5.253.196.0/22 maxlen: 22
Validation: Failed, certificate revoked on Wed 07 Aug 2024 07:30:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:dd:36:63:11:b9:84:fa:9b:77:4a:74:97:99:7f:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=284e5eb112e13a42703dbb387ba577a2e793ac3a
Validity
Not Before: Jan 2 06:29:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=60f414fb7ab063a0ce5bfe074fbb2f0c709b64c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:0e:cf:e6:11:19:34:c4:39:42:de:93:3e:99:
e0:95:eb:d7:4e:93:1b:5b:a7:1c:31:68:f6:0c:da:
d7:f3:15:90:f7:96:cd:1b:bb:32:23:da:be:6f:7e:
40:44:8d:ec:87:0f:eb:b2:d0:6a:0b:a8:ac:4e:2c:
1a:b0:23:57:9e:42:b8:c4:48:e9:a7:75:36:7c:5d:
92:69:d4:cc:be:68:3a:1f:28:bf:e7:ee:e0:bd:ca:
fb:7e:2a:7d:a6:3d:10:d3:79:53:40:03:ee:b8:f8:
b8:f7:e5:ce:b4:86:39:38:ba:03:73:af:25:c1:7f:
34:cf:8a:7b:73:1d:83:5d:07:04:32:47:80:e1:ef:
31:44:ff:b4:f9:11:6f:76:b3:da:0d:53:e7:14:8e:
66:be:67:c3:ff:d3:2f:9e:8b:6c:82:48:35:94:c9:
42:d2:55:cb:99:c9:65:28:62:1e:1b:06:19:b6:5a:
cf:87:5c:75:7e:96:c5:c9:86:e3:e6:2c:7b:d5:94:
16:9d:fe:9b:0c:03:02:b0:dc:37:5a:7f:b8:58:7d:
5d:31:fb:7f:77:62:56:9a:3e:e2:1b:29:50:19:f5:
18:fe:de:4c:b2:67:2a:5c:3b:11:4a:d0:fb:eb:1e:
af:b2:64:55:15:1c:b8:07:3c:d9:ef:98:bf:96:5e:
23:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:F4:14:FB:7A:B0:63:A0:CE:5B:FE:07:4F:BB:2F:0C:70:9B:64:C0
X509v3 Authority Key Identifier:
keyid:28:4E:5E:B1:12:E1:3A:42:70:3D:BB:38:7B:A5:77:A2:E7:93:AC:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KE5esRLhOkJwPbs4e6V3oueTrDo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/YPQU-3qwY6DOW_4HT7svDHCbZMA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/a6def1-f425-49a5-aaaf-07cbeddd6418/1/KE5esRLhOkJwPbs4e6V3oueTrDo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.196.0/22
Signature Algorithm: sha256WithRSAEncryption
b4:fc:0d:e0:30:6c:cd:1b:01:56:df:25:f3:12:4f:68:de:8c:
21:00:47:9c:91:2e:fb:0b:76:e5:26:e3:5f:d5:d0:c0:dc:e2:
51:92:3a:bb:9c:55:83:a8:d7:52:b8:44:ba:82:c0:46:72:d6:
8f:3e:84:97:3a:2e:55:4a:cc:1c:aa:25:e4:26:57:92:da:da:
6f:f9:95:f6:e5:77:f4:a3:b1:f7:f4:60:73:f3:9e:31:50:c8:
7f:59:5f:4a:8d:b8:5a:89:dd:d4:ae:20:d2:19:55:1b:e2:53:
f6:38:7f:33:3e:56:0e:c4:bb:1a:15:45:3a:b5:5a:fe:1f:ad:
f3:51:59:53:ec:06:ed:69:b2:6d:9e:37:a5:4e:11:66:6b:c1:
0f:c6:1e:3d:29:4e:9c:2a:cf:3a:fb:e9:fd:16:46:0d:25:e8:
b6:ca:4a:b5:76:0f:bc:6a:b2:82:5a:af:bb:5c:10:b0:07:53:
48:cf:8a:72:72:24:15:10:2f:ac:ee:7b:48:6d:a9:08:11:24:
51:71:59:ea:01:7f:a7:45:b1:dc:26:ae:f7:c4:7d:ca:ec:f5:
74:5a:25:d8:7e:de:3d:7e:90:44:6f:2c:33:58:8f:94:df:ed:
70:16:4b:ee:c9:fc:2f:a6:5d:78:43:68:44:9f:0a:c3:52:8a:
ca:06:8d:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3TZjEbmE+pt3SnSXmX8FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NGU1ZWIxMTJlMTNhNDI3MDNkYmIzODdiYTU3N2EyZTc5
M2FjM2EwHhcNMjQwMTAyMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY0MTRmYjdhYjA2M2EwY2U1YmZlMDc0ZmJiMmYwYzcwOWI2NGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4A7P5hEZNMQ5Qt6TPpnglevXTpMb
W6ccMWj2DNrX8xWQ95bNG7syI9q+b35ARI3shw/rstBqC6isTiwasCNXnkK4xEjp
p3U2fF2SadTMvmg6Hyi/5+7gvcr7fip9pj0Q03lTQAPuuPi49+XOtIY5OLoDc68l
wX80z4p7cx2DXQcEMkeA4e8xRP+0+RFvdrPaDVPnFI5mvmfD/9Mvnotsgkg1lMlC
0lXLmcllKGIeGwYZtlrPh1x1fpbFyYbj5ix71ZQWnf6bDAMCsNw3Wn+4WH1dMft/
d2JWmj7iGylQGfUY/t5MsmcqXDsRStD76x6vsmRVFRy4BzzZ75i/ll4jnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGD0FPt6sGOgzlv+B0+7Lwxwm2TAMB8GA1UdIwQY
MBaAFChOXrES4TpCcD27OHuld6Lnk6w6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0U1ZXNSTGhPa0p3UGJzNGU2VjNvdWVUckRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hNmRlZjEtZjQyNS00OWE1LWFhYWYt
MDdjYmVkZGQ2NDE4LzEvWVBRVS0zcXdZNkRPV180SFQ3c3ZESENiWk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hNmRlZjEtZjQyNS00OWE1LWFhYWYtMDdjYmVkZGQ2NDE4
LzEvS0U1ZXNSTGhPa0p3UGJzNGU2VjNvdWVUckRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf3EMA0G
CSqGSIb3DQEBCwUAA4IBAQC0/A3gMGzNGwFW3yXzEk9o3owhAEeckS77C3blJuNf
1dDA3OJRkjq7nFWDqNdSuES6gsBGctaPPoSXOi5VSswcqiXkJleS2tpv+ZX25Xf0
o7H39GBz854xUMh/WV9Kjbhaid3UriDSGVUb4lP2OH8zPlYOxLsaFUU6tVr+H63z
UVlT7AbtabJtnjelThFma8EPxh49KU6cKs86++n9FkYNJei2ykq1dg+8arKCWq+7
XBCwB1NIz4pyciQVEC+s7ntIbakIESRRcVnqAX+nRbHcJq73xH3K7PV0WiXYft49
fpBEbywzWI+U3+1wFkvuyfwvpl14Q2hEnwrDUorKBo1Z
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:59:04 2025 by rpki-client