Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_ybr4bfm4Ea0AE2UqRncKKdEpsQ.roa
File: _ybr4bfm4Ea0AE2UqRncKKdEpsQ.roa (raw, json)
Hash identifier: uvstEyRnJ+9xgT5oq32BwXfz4dMrV2FZ4U/yVO8nTZ0=
Subject key identifier: FF:26:EB:E1:B7:E6:E0:46:B4:00:4D:94:A9:19:DC:28:A7:44:A6:C4
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 01856EAFD32B936476AD052A4E80DFFFD373
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_ybr4bfm4Ea0AE2UqRncKKdEpsQ.roa
Signing time: Sun 01 Jan 2023 18:54:54 +0000
ROA not before: Sun 01 Jan 2023 18:54:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211585
IP address blocks: 88.216.212.0/22 maxlen: 24
84.32.210.0/23 maxlen: 24
84.32.208.0/23 maxlen: 24
84.32.214.0/23 maxlen: 24
84.32.232.0/23 maxlen: 24
84.32.236.0/23 maxlen: 24
84.32.246.0/23 maxlen: 24
84.32.252.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 03 Jan 2023 06:58:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:af:d3:2b:93:64:76:ad:05:2a:4e:80:df:ff:d3:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Jan 1 18:54:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ff26ebe1b7e6e046b4004d94a919dc28a744a6c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:6d:62:d1:74:17:d7:8e:a3:8e:ae:d0:8e:8f:
e8:8c:cf:d7:4d:ff:66:70:a9:7a:5a:2b:35:91:9e:
d7:13:80:75:5b:6c:eb:c7:f7:5c:0a:55:23:5e:c2:
88:e5:f3:c1:3c:3e:51:92:25:cd:cb:17:18:9e:4e:
44:7d:e0:a5:af:28:1c:bc:58:cf:72:1e:9a:61:a1:
4a:f0:1f:b1:fb:5f:0b:d2:d2:54:5c:3f:32:24:d2:
69:6d:fe:bf:53:03:74:d5:a1:9c:54:64:6b:a1:46:
b2:24:18:ff:d1:60:16:6d:11:83:25:c3:33:cb:d7:
70:2a:0d:59:a3:50:da:a9:9b:db:9c:18:43:db:cb:
c8:92:0a:f6:50:f4:1c:b1:b3:e1:28:74:c5:f4:7d:
fa:49:12:7a:35:2f:0c:c9:ca:98:30:51:69:e0:94:
ab:8e:2e:2d:52:ea:0b:87:b1:61:e0:41:25:bb:aa:
c7:38:82:fd:8b:3f:0c:07:64:bc:8b:ed:a5:60:d0:
38:9e:18:c0:4b:cb:6c:c8:ed:70:c1:8a:4a:d3:ab:
cc:3f:7d:99:be:c5:08:8b:6c:d9:e5:ab:cf:da:32:
45:10:88:1e:a6:46:6d:43:b1:21:ad:fc:e4:89:f2:
5a:a0:17:90:bb:e7:aa:94:65:2b:24:90:c2:07:04:
95:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:26:EB:E1:B7:E6:E0:46:B4:00:4D:94:A9:19:DC:28:A7:44:A6:C4
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/_ybr4bfm4Ea0AE2UqRncKKdEpsQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.208.0/22
84.32.214.0/23
84.32.232.0/23
84.32.236.0/23
84.32.246.0/23
84.32.252.0/23
88.216.212.0/22
Signature Algorithm: sha256WithRSAEncryption
2e:fc:c8:e9:4c:64:08:d1:98:4a:83:b0:b3:7c:d7:2b:6b:ae:
fc:ce:01:f1:3a:a7:18:dc:ea:4a:a7:54:19:e4:d6:53:7a:c7:
36:10:66:2d:5f:4b:81:46:2e:b8:fa:b6:08:1b:b8:79:af:c1:
8b:b8:4c:15:86:43:92:db:37:12:ab:e5:69:a6:8a:c7:7a:80:
f1:7d:17:d4:cf:c3:7b:b1:1e:c9:dc:7b:ae:26:94:0a:69:52:
8c:d3:d3:6c:b2:32:5c:7c:48:aa:8f:4b:73:9f:ad:2b:e6:7d:
ba:ba:60:74:06:6d:84:71:93:bd:ae:93:79:f6:c0:b6:85:a4:
b8:87:d3:09:d3:33:36:75:3a:44:53:b2:a5:b9:ec:f4:4a:62:
39:ed:94:28:6c:96:ab:d6:bb:d9:c1:bf:92:4d:78:6a:09:f9:
d5:90:fe:4e:d1:ed:4f:b3:b5:bf:5f:8d:53:61:45:e3:4d:25:
a7:a0:1d:51:8c:fa:32:9b:f8:55:93:5b:65:96:26:75:9f:cf:
9e:4d:bc:a0:00:41:3f:24:02:0e:be:30:e0:f1:03:23:19:86:
94:fb:61:af:9a:6f:71:c2:8c:a3:64:28:84:ce:ae:d3:7b:3a:
38:90:8d:63:39:dc:f9:9d:12:78:dc:fb:9c:05:07:50:a3:06:
47:91:44:9d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVur9Mrk2R2rQUqToDf/9NzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMTAxMTg1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjI2ZWJlMWI3ZTZlMDQ2YjQwMDRkOTRhOTE5ZGMyOGE3NDRhNmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn21i0XQX146jjq7Qjo/ojM/XTf9m
cKl6Wis1kZ7XE4B1W2zrx/dcClUjXsKI5fPBPD5RkiXNyxcYnk5EfeClrygcvFjP
ch6aYaFK8B+x+18L0tJUXD8yJNJpbf6/UwN01aGcVGRroUayJBj/0WAWbRGDJcMz
y9dwKg1Zo1DaqZvbnBhD28vIkgr2UPQcsbPhKHTF9H36SRJ6NS8MycqYMFFp4JSr
ji4tUuoLh7Fh4EElu6rHOIL9iz8MB2S8i+2lYNA4nhjAS8tsyO1wwYpK06vMP32Z
vsUIi2zZ5avP2jJFEIgepkZtQ7EhrfzkifJaoBeQu+eqlGUrJJDCBwSVFQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFP8m6+G35uBGtABNlKkZ3CinRKbEMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvX3licjRiZm00RWEwQUUyVXFSbmNLS2RFcHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCVCDQAwQB
VCDWAwQBVCDoAwQBVCDsAwQBVCD2AwQBVCD8AwQCWNjUMA0GCSqGSIb3DQEBCwUA
A4IBAQAu/MjpTGQI0ZhKg7CzfNcra678zgHxOqcY3OpKp1QZ5NZTesc2EGYtX0uB
Ri64+rYIG7h5r8GLuEwVhkOS2zcSq+VpporHeoDxfRfUz8N7sR7J3HuuJpQKaVKM
09NssjJcfEiqj0tzn60r5n26umB0Bm2EcZO9rpN59sC2haS4h9MJ0zM2dTpEU7Kl
uez0SmI57ZQobJar1rvZwb+STXhqCfnVkP5O0e1Ps7W/X41TYUXjTSWnoB1RjPoy
m/hVk1tlliZ1n8+eTbygAEE/JAIOvjDg8QMjGYaU+2Gvmm9xwoyjZCiEzq7Tezo4
kI1jOdz5nRJ43PucBQdQowZHkUSd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:29 2024 by rpki-client on console-ams.rpki-client.org