Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/YepHYMZWGpj4tIzwutdjlV1On3E.roa
File: YepHYMZWGpj4tIzwutdjlV1On3E.roa (raw, json)
Hash identifier: dwjKeYgRFaxB2uy0A4yWKGeBh9gGDOxuQ7TpqGYUjkE=
Subject key identifier: 61:EA:47:60:C6:56:1A:98:F8:B4:8C:F0:BA:D7:63:95:5D:4E:9F:71
Certificate issuer: /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial: 018CC8DCDC2A674EB3902ADAB3D461AAD99C
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/YepHYMZWGpj4tIzwutdjlV1On3E.roa
Signing time: Tue 02 Jan 2024 06:29:26 +0000
ROA not before: Tue 02 Jan 2024 06:29:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25773
IP address blocks: 94.188.232.0/24 maxlen: 24
94.188.237.0/24 maxlen: 24
94.188.236.0/24 maxlen: 24
94.188.234.0/24 maxlen: 24
92.61.238.0/24 maxlen: 24
94.188.206.0/24 maxlen: 24
94.188.205.0/24 maxlen: 24
94.188.209.0/24 maxlen: 24
94.188.208.0/24 maxlen: 24
94.188.207.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 14 Feb 2024 13:39:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:dc:dc:2a:67:4e:b3:90:2a:da:b3:d4:61:aa:d9:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Validity
Not Before: Jan 2 06:29:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=61ea4760c6561a98f8b48cf0bad763955d4e9f71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:f9:4c:ab:bd:d7:26:20:85:00:86:88:98:16:
af:f5:69:2e:3f:4f:74:da:71:74:8b:c5:0c:42:90:
81:9a:88:69:73:45:d4:e2:58:c2:17:32:98:f1:59:
87:29:d7:0a:ea:82:cf:8e:d6:c6:58:7e:e0:5d:4f:
d8:74:01:c2:d7:93:e0:54:02:89:da:07:bc:f3:ea:
c2:4b:ab:34:e1:56:1c:1c:62:3f:b8:9f:d9:ff:22:
57:0f:df:85:42:61:36:9c:c9:e4:e6:ba:d5:fd:59:
38:a4:44:31:f7:d4:07:e2:9c:c6:51:6f:03:4c:dc:
0c:6c:2f:19:08:0a:bb:0d:c7:ae:d8:34:98:ca:58:
2c:15:4f:6c:a7:6f:2c:1a:45:c8:f7:c7:4b:1d:bf:
92:5d:3f:11:9b:7c:09:4e:2b:d0:b7:14:ec:38:03:
c9:66:7c:fd:55:77:03:7c:05:56:82:15:b3:a2:87:
4c:93:64:00:d6:43:b2:d2:c1:f4:3c:93:7e:cd:76:
f8:d4:1e:63:7e:9e:13:64:c1:4a:ef:4d:1f:0f:7a:
8b:88:c8:7a:2b:b5:9b:9a:ef:2b:ae:d6:32:94:92:
83:cb:b2:3e:46:e4:05:51:15:1c:b8:6a:38:c9:74:
c5:b8:04:a1:6f:67:0f:76:df:a4:39:76:79:3b:96:
20:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:EA:47:60:C6:56:1A:98:F8:B4:8C:F0:BA:D7:63:95:5D:4E:9F:71
X509v3 Authority Key Identifier:
keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/YepHYMZWGpj4tIzwutdjlV1On3E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.61.238.0/24
94.188.205.0-94.188.209.255
94.188.232.0/24
94.188.234.0/24
94.188.236.0/23
Signature Algorithm: sha256WithRSAEncryption
43:a0:55:1b:e6:52:bd:a5:07:5d:a0:f7:b8:d7:a5:55:ad:70:
55:d6:e0:22:a5:05:a4:55:1e:b3:66:c7:c3:da:07:58:36:61:
5d:f5:fe:c5:d5:23:b6:5d:fc:f7:b8:0d:6c:e2:9b:cd:ee:6e:
7c:d9:b7:fc:80:cd:5f:4f:d0:67:c1:b2:6b:53:e7:22:cc:05:
d5:1d:cf:75:83:9b:56:78:0f:f3:e2:73:c8:10:2f:bf:5c:2a:
2f:85:2f:df:d6:a5:f2:94:06:ab:24:46:56:d2:1f:97:68:0f:
de:0e:87:9d:f4:2e:8a:1a:f9:e8:08:07:fc:2a:1a:0e:b5:ca:
98:38:fc:a0:1e:e0:0c:19:50:73:12:8a:8e:c7:57:24:4f:50:
13:b3:03:c6:7c:7e:21:cc:b9:88:53:73:0b:1b:2c:16:af:ec:
69:bd:f7:63:64:52:0a:6d:f7:ea:00:22:c2:b4:fa:f3:3a:cf:
38:0c:5d:6f:06:f0:72:f2:64:7a:fb:b5:82:35:e9:22:87:2f:
0a:34:88:80:c6:00:8a:85:e4:11:db:6f:9a:9f:23:c1:cf:69:
84:c0:78:f8:3d:8b:d1:2e:87:53:be:78:06:b6:91:8b:be:ab:
9a:ef:55:5a:ad:9e:8e:aa:e0:f4:b8:65:3d:60:cf:e1:4d:85:
d3:e7:1e:9c
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYzI3NwqZ06zkCras9RhqtmcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWVhNDc2MGM2NTYxYTk4ZjhiNDhjZjBiYWQ3NjM5NTVkNGU5ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApflMq73XJiCFAIaImBav9WkuP090
2nF0i8UMQpCBmohpc0XU4ljCFzKY8VmHKdcK6oLPjtbGWH7gXU/YdAHC15PgVAKJ
2ge88+rCS6s04VYcHGI/uJ/Z/yJXD9+FQmE2nMnk5rrV/Vk4pEQx99QH4pzGUW8D
TNwMbC8ZCAq7Dceu2DSYylgsFU9sp28sGkXI98dLHb+SXT8Rm3wJTivQtxTsOAPJ
Znz9VXcDfAVWghWzoodMk2QA1kOy0sH0PJN+zXb41B5jfp4TZMFK700fD3qLiMh6
K7Wbmu8rrtYylJKDy7I+RuQFURUcuGo4yXTFuAShb2cPdt+kOXZ5O5YgWQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFGHqR2DGVhqY+LSM8LrXY5VdTp9xMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvWWVwSFlNWldHcGo0dEl6d3V0ZGpsVjFPbjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAXD3uMAwD
BABevM0DBAFevNADBABevOgDBABevOoDBAFevOwwDQYJKoZIhvcNAQELBQADggEB
AEOgVRvmUr2lB12g97jXpVWtcFXW4CKlBaRVHrNmx8PaB1g2YV31/sXVI7Zd/Pe4
DWzim83ubnzZt/yAzV9P0GfBsmtT5yLMBdUdz3WDm1Z4D/Pic8gQL79cKi+FL9/W
pfKUBqskRlbSH5doD94Oh530Looa+egIB/wqGg61ypg4/KAe4AwZUHMSio7HVyRP
UBOzA8Z8fiHMuYhTcwsbLBav7Gm992NkUgpt9+oAIsK0+vM6zzgMXW8G8HLyZHr7
tYI16SKHLwo0iIDGAIqF5BHbb5qfI8HPaYTAePg9i9Euh1O+eAa2kYu+q5rvVVqt
no6q4PS4ZT1gz+FNhdPnHpw=
-----END CERTIFICATE-----
Generated at Wed Feb 14 18:15:41 2024 by rpki-client on console-ams.rpki-client.org