Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lopqIL0qbeIaslQSXcGUa3pVtVw.roa
File: lopqIL0qbeIaslQSXcGUa3pVtVw.roa (raw, json)
Hash identifier: MtURwp+3vwLv04r/I7FIxgUkP5fp4Wuo3CEjapKS6V4=
Subject key identifier: 96:8A:6A:20:BD:2A:6D:E2:1A:B2:54:12:5D:C1:94:6B:7A:55:B5:5C
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 01876EBCD8D0A1745C0510DEE602846C96A5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lopqIL0qbeIaslQSXcGUa3pVtVw.roa
Signing time: Tue 11 Apr 2023 05:14:42 +0000
ROA not before: Tue 11 Apr 2023 05:14:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 84.32.214.0/23 maxlen: 24
84.32.218.0/24 maxlen: 24
84.32.221.0/24 maxlen: 24
84.32.223.0/24 maxlen: 24
84.32.224.0/24 maxlen: 24
84.32.232.0/24 maxlen: 24
84.32.239.0/24 maxlen: 24
84.32.240.0/24 maxlen: 24
84.32.244.0/23 maxlen: 24
84.32.242.0/24 maxlen: 24
84.32.243.0/24 maxlen: 24
84.32.252.0/23 maxlen: 24
84.32.250.0/24 maxlen: 24
84.32.251.0/24 maxlen: 24
84.32.57.0/24 maxlen: 24
84.32.60.0/24 maxlen: 24
84.32.70.0/24 maxlen: 24
84.32.67.0/24 maxlen: 24
84.32.77.0/24 maxlen: 24
84.32.79.0/24 maxlen: 24
84.32.89.0/24 maxlen: 24
84.32.88.0/24 maxlen: 24
84.32.8.0/24 maxlen: 24
84.32.24.0/22 maxlen: 24
84.32.24.0/24 maxlen: 24
84.32.30.0/24 maxlen: 24
84.32.40.0/24 maxlen: 24
84.32.46.0/24 maxlen: 24
84.32.174.0/24 maxlen: 24
84.32.175.0/24 maxlen: 24
84.32.177.0/24 maxlen: 24
84.32.178.0/24 maxlen: 24
84.32.179.0/24 maxlen: 24
84.32.212.0/24 maxlen: 24
84.32.108.0/23 maxlen: 24
84.32.106.0/24 maxlen: 24
84.32.148.0/23 maxlen: 24
84.32.150.0/23 maxlen: 24
84.32.157.0/24 maxlen: 24
88.216.189.0/24 maxlen: 24
88.216.212.0/22 maxlen: 24
88.216.212.0/24 maxlen: 24
88.216.128.0/24 maxlen: 24
88.216.132.0/24 maxlen: 24
88.216.130.0/23 maxlen: 24
88.216.215.0/24 maxlen: 24
88.216.220.0/24 maxlen: 24
88.216.232.0/22 maxlen: 24
88.216.93.0/24 maxlen: 24
88.216.3.0/24 maxlen: 24
88.216.1.0/24 maxlen: 24
88.216.16.0/24 maxlen: 24
88.216.21.0/24 maxlen: 24
88.216.32.0/24 maxlen: 24
88.216.44.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:6e:bc:d8:d0:a1:74:5c:05:10:de:e6:02:84:6c:96:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Apr 11 05:14:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=968a6a20bd2a6de21ab254125dc1946b7a55b55c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:2d:2c:f0:2d:96:e5:08:86:d3:fc:2c:4d:de:
86:0c:e6:96:46:a8:0f:cf:5a:3b:f5:b8:71:d1:ca:
b3:26:e9:06:41:12:bb:bf:d9:72:62:a8:1a:91:1a:
5a:98:13:8d:7d:dc:bd:e1:48:b0:8d:58:b3:a7:70:
43:b1:3a:50:9d:b4:96:6d:7a:f8:dc:2b:38:84:cc:
2a:b2:e8:ca:35:29:70:93:67:eb:0a:fc:a8:2e:c8:
81:bc:34:f0:72:d6:16:08:ad:f0:98:41:c3:e0:8a:
ad:f6:2c:3d:b0:72:26:02:22:f3:10:b8:f6:ca:1a:
eb:4b:af:10:2f:53:0a:ae:1b:77:ea:05:d4:97:a9:
f2:22:73:2e:47:6b:34:95:32:34:43:ec:4e:54:68:
5c:d7:90:d7:5f:a9:85:ce:ba:da:92:0c:c1:73:30:
18:fd:70:ed:0e:53:f7:d6:cb:2c:97:28:de:e3:9c:
58:53:9d:7b:06:ce:e9:67:83:d6:96:af:92:da:1a:
72:f0:3d:c8:c9:4d:ea:ef:6f:92:dc:dd:ae:9d:f7:
7e:87:e1:fc:d9:cb:c0:b3:2c:71:eb:93:88:82:65:
a3:51:29:66:f5:24:37:9b:8d:4f:71:c6:62:0e:75:
d8:49:f3:44:a6:dc:7c:d5:bd:bd:b3:05:04:07:ae:
87:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:8A:6A:20:BD:2A:6D:E2:1A:B2:54:12:5D:C1:94:6B:7A:55:B5:5C
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lopqIL0qbeIaslQSXcGUa3pVtVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.8.0/24
84.32.24.0/22
84.32.30.0/24
84.32.40.0/24
84.32.46.0/24
84.32.57.0/24
84.32.60.0/24
84.32.67.0/24
84.32.70.0/24
84.32.77.0/24
84.32.79.0/24
84.32.88.0/23
84.32.106.0/24
84.32.108.0/23
84.32.148.0/22
84.32.157.0/24
84.32.174.0/23
84.32.177.0-84.32.179.255
84.32.212.0/24
84.32.214.0/23
84.32.218.0/24
84.32.221.0/24
84.32.223.0-84.32.224.255
84.32.232.0/24
84.32.239.0-84.32.240.255
84.32.242.0-84.32.245.255
84.32.250.0-84.32.253.255
88.216.1.0/24
88.216.3.0/24
88.216.16.0/24
88.216.21.0/24
88.216.32.0/24
88.216.44.0/24
88.216.93.0/24
88.216.128.0/24
88.216.130.0-88.216.132.255
88.216.189.0/24
88.216.212.0/22
88.216.220.0/24
88.216.232.0/22
Signature Algorithm: sha256WithRSAEncryption
51:d5:2c:85:a8:9a:d0:16:f5:cd:22:2b:5b:ae:7f:ff:b0:e0:
1c:e1:c5:01:39:40:5f:25:0b:dc:8d:8f:50:cd:cb:47:8b:8d:
68:a8:6e:b3:5b:57:ea:fd:5a:a8:a4:6a:e3:aa:0d:5f:c5:f7:
cd:b8:1f:f8:2f:5b:c6:be:8b:e1:25:54:1b:89:d6:e2:02:94:
58:09:cb:66:ed:0d:79:f3:de:ae:09:19:7e:48:64:4e:f0:54:
5e:f9:be:2a:63:9b:7d:8c:16:d3:3b:b9:fd:4a:18:88:f4:c9:
33:89:46:a9:bb:e6:82:c3:19:0e:a6:31:8d:ad:a1:ca:c3:87:
39:b3:ed:f8:5d:75:c3:fe:78:d1:73:52:35:65:ea:85:28:1d:
a5:28:2f:ad:a7:a0:ee:5d:15:1b:08:8e:9a:43:23:a1:98:07:
f5:37:60:8a:d0:c0:92:79:a9:c3:cf:14:02:1b:ee:13:45:de:
a2:74:eb:66:59:4c:24:9b:a8:a2:c2:45:ab:0f:c3:d8:1d:1b:
32:4c:58:0c:6c:82:63:6d:52:bb:32:31:ca:6d:09:c0:df:5f:
82:f9:fa:27:40:64:73:f6:9e:04:88:11:50:1d:e3:14:78:b7:
b7:59:d8:14:bf:bb:64:47:4c:9f:4a:8c:a2:72:3e:f9:02:50:
a3:9e:24:7c
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISAYduvNjQoXRcBRDe5gKEbJalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNDExMDUxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhhNmEyMGJkMmE2ZGUyMWFiMjU0MTI1ZGMxOTQ2YjdhNTViNTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC0s8C2W5QiG0/wsTd6GDOaWRqgP
z1o79bhx0cqzJukGQRK7v9lyYqgakRpamBONfdy94UiwjVizp3BDsTpQnbSWbXr4
3Cs4hMwqsujKNSlwk2frCvyoLsiBvDTwctYWCK3wmEHD4Iqt9iw9sHImAiLzELj2
yhrrS68QL1MKrht36gXUl6nyInMuR2s0lTI0Q+xOVGhc15DXX6mFzrrakgzBczAY
/XDtDlP31ssslyje45xYU517Bs7pZ4PWlq+S2hpy8D3IyU3q72+S3N2unfd+h+H8
2cvAsyxx65OIgmWjUSlm9SQ3m41PccZiDnXYSfNEptx81b29swUEB66HKQIDAQAB
o4IDLTCCAykwHQYDVR0OBBYEFJaKaiC9Km3iGrJUEl3BlGt6VbVcMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbG9wcUlMMHFiZUlhc2xRU1hjR1VhM3BWdFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQQYIKwYBBQUHAQcBAf8EggEwMIIBLDCCASgEAgABMIIB
IAMEAFQgCAMEAlQgGAMEAFQgHgMEAFQgKAMEAFQgLgMEAFQgOQMEAFQgPAMEAFQg
QwMEAFQgRgMEAFQgTQMEAFQgTwMEAVQgWAMEAFQgagMEAVQgbAMEAlQglAMEAFQg
nQMEAVQgrjAMAwQAVCCxAwQCVCCwAwQAVCDUAwQBVCDWAwQAVCDaAwQAVCDdMAwD
BABUIN8DBABUIOADBABUIOgwDAMEAFQg7wMEAFQg8DAMAwQBVCDyAwQBVCD0MAwD
BAFUIPoDBAFUIPwDBABY2AEDBABY2AMDBABY2BADBABY2BUDBABY2CADBABY2CwD
BABY2F0DBABY2IAwDAMEAVjYggMEAFjYhAMEAFjYvQMEAljY1AMEAFjY3AMEAljY
6DANBgkqhkiG9w0BAQsFAAOCAQEAUdUshaia0Bb1zSIrW65//7DgHOHFATlAXyUL
3I2PUM3LR4uNaKhus1tX6v1aqKRq46oNX8X3zbgf+C9bxr6L4SVUG4nW4gKUWAnL
Zu0NefPergkZfkhkTvBUXvm+KmObfYwW0zu5/UoYiPTJM4lGqbvmgsMZDqYxja2h
ysOHObPt+F11w/540XNSNWXqhSgdpSgvraeg7l0VGwiOmkMjoZgH9TdgitDAknmp
w88UAhvuE0XeonTrZllMJJuoosJFqw/D2B0bMkxYDGyCY21SuzIxym0JwN9fgvn6
J0Bkc/aeBIgRUB3jFHi3t1nYFL+7ZEdMn0qMonI++QJQo54kfA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:50 2023 by rpki-client on console-fra.rpki-client.org