Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/N_grPFGpQpqJtctN7ln74LXDNBE.roa
File: N_grPFGpQpqJtctN7ln74LXDNBE.roa (raw, json)
Hash identifier: HkuB1xYw/AnyP09klRqmlNR6819HDACAd8TGfDUJpSY=
Subject key identifier: 37:F8:2B:3C:51:A9:42:9A:89:B5:CB:4D:EE:59:FB:E0:B5:C3:34:11
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 018CC501482EC01C4E482BA8A008090303BC
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/N_grPFGpQpqJtctN7ln74LXDNBE.roa
Signing time: Mon 01 Jan 2024 12:30:44 +0000
ROA not before: Mon 01 Jan 2024 12:30:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 64267
IP address blocks: 84.32.56.0/24 maxlen: 24
88.216.185.0/24 maxlen: 24
88.216.181.0/24 maxlen: 24
88.216.103.0/24 maxlen: 24
88.216.212.0/24 maxlen: 24
88.216.213.0/24 maxlen: 24
88.216.215.0/24 maxlen: 24
88.216.21.0/24 maxlen: 24
88.216.20.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jan 2024 20:36:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:48:2e:c0:1c:4e:48:2b:a8:a0:08:09:03:03:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Jan 1 12:30:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=37f82b3c51a9429a89b5cb4dee59fbe0b5c33411
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:29:69:3b:20:04:44:58:56:a4:04:87:ee:33:
aa:b1:4e:63:0d:3f:0f:8b:f9:77:5c:ae:f8:f3:5d:
d4:4e:5a:1f:33:21:d3:f5:00:3b:f6:c3:80:72:ed:
e0:29:9d:22:53:68:80:a8:94:82:ce:eb:19:50:ac:
7b:c4:aa:1a:40:2b:c9:f9:bf:6e:fd:d0:c8:98:f3:
eb:5f:f5:e8:92:7e:04:de:5e:e5:c5:d2:ea:60:c0:
cb:7c:88:57:e2:6d:07:ba:c2:7a:d7:88:bc:58:4c:
91:26:9d:e1:66:53:5f:37:69:33:c0:a1:3d:72:b3:
93:2b:b9:6c:11:66:ba:48:70:09:4a:83:d9:14:cf:
a5:55:c9:99:68:db:46:dc:41:05:20:24:22:98:01:
c7:e4:32:c7:8b:d0:32:50:14:62:d6:3b:1a:33:62:
a5:82:58:25:ec:87:e6:3b:05:21:33:e8:ae:32:d7:
17:dd:8c:cc:30:49:d9:87:5c:0b:03:da:98:74:f1:
c6:e7:70:62:5f:66:08:a0:bf:28:d2:15:2a:d4:cf:
43:05:3a:73:e5:a5:31:4a:dd:87:98:67:f4:cb:f9:
5c:96:5c:e8:d3:8d:d0:1b:56:f7:fd:5c:92:9b:7b:
7f:d1:ab:b6:e5:98:0f:75:84:d5:cb:80:59:78:78:
68:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:F8:2B:3C:51:A9:42:9A:89:B5:CB:4D:EE:59:FB:E0:B5:C3:34:11
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/N_grPFGpQpqJtctN7ln74LXDNBE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.56.0/24
88.216.20.0/23
88.216.103.0/24
88.216.181.0/24
88.216.185.0/24
88.216.212.0/23
88.216.215.0/24
Signature Algorithm: sha256WithRSAEncryption
65:38:2b:6b:0a:2f:af:b1:e3:60:12:c8:7a:b2:15:25:c8:77:
ee:c4:dd:7c:6b:f2:c6:9b:d5:a6:78:54:59:e8:ea:4c:73:7e:
c0:b6:9b:0a:91:cd:6d:bd:c8:31:e8:09:60:35:13:a8:c7:77:
77:7d:1e:b8:2f:05:06:fc:10:f0:19:10:63:3c:bc:e9:57:95:
1f:8d:5e:f5:0a:c0:5a:27:0a:46:47:57:84:6c:48:14:99:ae:
87:aa:b1:10:d2:07:01:95:4c:93:0f:b7:c6:32:7a:f7:87:4f:
03:90:8e:d9:90:6f:4f:06:b6:65:d1:e5:0f:b9:87:27:3b:cd:
74:4b:e6:b8:17:e0:95:6d:87:eb:c1:f7:19:49:0c:01:77:dc:
13:e4:a6:07:ee:e6:f0:02:8a:4c:55:8f:0f:08:3f:1a:a2:4a:
e8:57:33:d2:9b:ff:04:13:91:bf:25:28:0c:90:18:f6:e4:56:
41:86:9b:a6:0a:53:41:75:4f:13:6a:3d:35:32:22:d3:43:0b:
83:4e:af:21:c7:84:49:53:c1:f1:41:0d:f6:9b:c7:e4:ab:68:
f4:11:54:37:eb:a0:51:f9:39:93:8e:05:31:ba:1a:be:b1:7c:
96:4e:61:01:9a:53:b4:e6:52:9f:75:44:2a:28:ef:c8:82:a4:
4d:ca:d0:53
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzFAUguwBxOSCuooAgJAwO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Y4MmIzYzUxYTk0MjlhODliNWNiNGRlZTU5ZmJlMGI1YzMzNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsClpOyAERFhWpASH7jOqsU5jDT8P
i/l3XK74813UTlofMyHT9QA79sOAcu3gKZ0iU2iAqJSCzusZUKx7xKoaQCvJ+b9u
/dDImPPrX/Xokn4E3l7lxdLqYMDLfIhX4m0HusJ614i8WEyRJp3hZlNfN2kzwKE9
crOTK7lsEWa6SHAJSoPZFM+lVcmZaNtG3EEFICQimAHH5DLHi9AyUBRi1jsaM2Kl
glgl7IfmOwUhM+iuMtcX3YzMMEnZh1wLA9qYdPHG53BiX2YIoL8o0hUq1M9DBTpz
5aUxSt2HmGf0y/lcllzo043QG1b3/VySm3t/0au25ZgPdYTVy4BZeHhoSQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFDf4KzxRqUKaibXLTe5Z++C1wzQRMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvTl9nclBGR3BRcHFKdGN0Tjdsbjc0TFhETkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVCA4AwQB
WNgUAwQAWNhnAwQAWNi1AwQAWNi5AwQBWNjUAwQAWNjXMA0GCSqGSIb3DQEBCwUA
A4IBAQBlOCtrCi+vseNgEsh6shUlyHfuxN18a/LGm9WmeFRZ6OpMc37AtpsKkc1t
vcgx6AlgNROox3d3fR64LwUG/BDwGRBjPLzpV5UfjV71CsBaJwpGR1eEbEgUma6H
qrEQ0gcBlUyTD7fGMnr3h08DkI7ZkG9PBrZl0eUPuYcnO810S+a4F+CVbYfrwfcZ
SQwBd9wT5KYH7ubwAopMVY8PCD8aokroVzPSm/8EE5G/JSgMkBj25FZBhpumClNB
dU8Taj01MiLTQwuDTq8hx4RJU8HxQQ32m8fkq2j0EVQ366BR+TmTjgUxuhq+sXyW
TmEBmlO05lKfdUQqKO/IgqRNytBT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:27 2024 by rpki-client on console-ams.rpki-client.org