Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/oJUlJ_BLsOJEYPhq35M0X_szrqU.roa
File: oJUlJ_BLsOJEYPhq35M0X_szrqU.roa (raw, json)
Hash identifier: C+19wSIdbGEdAARUQhsLUMJrvwljBHSIOjUR1iy0Cus=
Subject key identifier: A0:95:25:27:F0:4B:B0:E2:44:60:F8:6A:DF:93:34:5F:FB:33:AE:A5
Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial: 0192BE260BAA85151A0A274A6B3761F47CD6
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/oJUlJ_BLsOJEYPhq35M0X_szrqU.roa
Signing time: Thu 24 Oct 2024 10:50:17 +0000
ROA not before: Thu 24 Oct 2024 10:50:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 64267
IP address blocks: 84.32.56.0/24 maxlen: 24
88.216.20.0/24 maxlen: 24
88.216.21.0/24 maxlen: 24
88.216.103.0/24 maxlen: 24
88.216.181.0/24 maxlen: 24
88.216.184.0/24 maxlen: 24
88.216.185.0/24 maxlen: 24
88.216.211.0/24 maxlen: 24
88.216.212.0/24 maxlen: 24
88.216.213.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 03 Nov 2024 14:35:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:be:26:0b:aa:85:15:1a:0a:27:4a:6b:37:61:f4:7c:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Validity
Not Before: Oct 24 10:50:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a0952527f04bb0e24460f86adf93345ffb33aea5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:6c:34:2c:92:5c:3a:50:7c:b3:d3:ce:1d:b6:
be:5b:bb:da:d5:d8:be:fb:a5:92:9e:0b:f5:05:44:
26:9e:aa:bc:e0:e2:a7:96:05:d2:97:2f:9b:65:5a:
95:9c:5d:c8:e8:bf:9c:06:3a:8e:2a:bc:4f:0d:51:
d4:d8:ac:f9:81:89:38:03:33:e9:9f:60:a5:48:50:
59:14:b0:16:d8:dd:5d:61:de:27:d1:75:00:fa:41:
34:88:80:6e:36:ef:9b:2c:3b:03:3b:a9:17:38:b9:
6d:65:94:39:59:9e:1b:31:df:db:df:2c:62:2d:89:
e0:a8:79:35:ed:84:a6:23:38:58:f5:b1:de:40:45:
db:91:8b:2a:ca:93:f0:c9:68:67:d9:9b:df:e4:cf:
12:c8:a3:4e:19:3b:d5:c5:4c:3b:2b:9c:d3:81:cb:
7b:0d:b9:ef:24:a8:ed:9d:29:c9:4d:b1:88:cb:a3:
4f:35:4a:ac:6b:07:c7:c3:f9:a7:56:b4:b3:6f:28:
eb:f8:04:1b:e4:05:ec:be:5a:f1:79:6c:c3:2c:72:
eb:8d:68:e7:93:84:a3:6a:7d:96:8e:c3:10:ab:3a:
b5:e9:9b:db:56:34:84:b5:df:fa:a9:7b:3d:32:d5:
55:55:e3:d0:97:43:25:bd:be:cd:c3:b4:34:eb:5d:
cc:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:95:25:27:F0:4B:B0:E2:44:60:F8:6A:DF:93:34:5F:FB:33:AE:A5
X509v3 Authority Key Identifier:
keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/oJUlJ_BLsOJEYPhq35M0X_szrqU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.32.56.0/24
88.216.20.0/23
88.216.103.0/24
88.216.181.0/24
88.216.184.0/23
88.216.211.0-88.216.213.255
Signature Algorithm: sha256WithRSAEncryption
2f:7e:e3:54:e7:03:a7:52:cc:2d:8f:a0:52:7e:98:61:61:15:
d4:f7:4b:7d:a4:f4:da:df:f7:6e:18:cf:42:90:c4:cf:85:85:
bd:6a:ab:0b:53:54:bc:1c:a3:58:da:b8:bd:0a:9d:37:c7:cf:
26:10:fe:76:ec:36:c8:bb:93:27:e2:d1:c3:bc:f7:0e:60:aa:
47:0a:e1:63:da:2f:69:65:27:02:a0:99:bf:e6:70:aa:d8:32:
b3:27:54:b6:2f:e7:50:a9:93:84:8b:b0:b8:e1:d8:4d:9d:52:
e7:a4:18:f3:1c:31:da:ee:a9:a1:50:25:71:0a:cd:5f:ae:b8:
4f:16:17:24:1c:5c:d1:14:c5:18:49:f9:b9:bd:68:03:05:b8:
ea:a1:78:90:29:1a:2a:6d:19:ae:0c:c7:86:20:0d:78:27:e6:
ce:d1:d8:23:6e:f8:e1:a6:88:fd:83:69:42:c6:c8:20:92:ea:
47:3a:61:43:75:55:a1:2b:c7:7a:bc:a9:b3:dd:bc:74:e4:88:
7d:e0:c2:15:9e:57:f5:16:96:85:65:6a:e4:b4:aa:9b:f9:c4:
4d:e5:68:22:82:49:88:23:8a:f8:48:42:2a:aa:af:b8:f1:d3:
3d:cf:de:57:0e:21:48:84:e3:fb:f3:a9:fb:1d:af:a0:04:cd:
d5:dd:9d:ef
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZK+JguqhRUaCidKazdh9HzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQxMDI0MTA1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk1MjUyN2YwNGJiMGUyNDQ2MGY4NmFkZjkzMzQ1ZmZiMzNhZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2w0LJJcOlB8s9POHba+W7va1di+
+6WSngv1BUQmnqq84OKnlgXSly+bZVqVnF3I6L+cBjqOKrxPDVHU2Kz5gYk4AzPp
n2ClSFBZFLAW2N1dYd4n0XUA+kE0iIBuNu+bLDsDO6kXOLltZZQ5WZ4bMd/b3yxi
LYngqHk17YSmIzhY9bHeQEXbkYsqypPwyWhn2Zvf5M8SyKNOGTvVxUw7K5zTgct7
DbnvJKjtnSnJTbGIy6NPNUqsawfHw/mnVrSzbyjr+AQb5AXsvlrxeWzDLHLrjWjn
k4Sjan2WjsMQqzq16ZvbVjSEtd/6qXs9MtVVVePQl0Mlvb7Nw7Q0613MJQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKCVJSfwS7DiRGD4at+TNF/7M66lMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvb0pVbEpfQkxzT0pFWVBocTM1TTBYX3N6cnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAVCA4AwQB
WNgUAwQAWNhnAwQAWNi1AwQBWNi4MAwDBABY2NMDBAFY2NQwDQYJKoZIhvcNAQEL
BQADggEBAC9+41TnA6dSzC2PoFJ+mGFhFdT3S32k9Nrf924Yz0KQxM+Fhb1qqwtT
VLwco1jauL0KnTfHzyYQ/nbsNsi7kyfi0cO89w5gqkcK4WPaL2llJwKgmb/mcKrY
MrMnVLYv51Cpk4SLsLjh2E2dUuekGPMcMdruqaFQJXEKzV+uuE8WFyQcXNEUxRhJ
+bm9aAMFuOqheJApGiptGa4Mx4YgDXgn5s7R2CNu+OGmiP2DaULGyCCS6kc6YUN1
VaErx3q8qbPdvHTkiH3gwhWeV/UWloVlauS0qpv5xE3laCKCSYgjivhIQiqqr7jx
0z3P3lcOIUiE4/vzqfsdr6AEzdXdne8=
-----END CERTIFICATE-----
Generated at Sun Nov 3 17:45:25 2024 by rpki-client on console-ams.rpki-client.org