Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/YyfB7XjuehRO1GDYo5t6M8XPvGA.roa
File: YyfB7XjuehRO1GDYo5t6M8XPvGA.roa (raw, json)
Hash identifier: bkyvPGIA1I+YDMiDCR/3Jw+O3VWJZCMrnB877quWc9w=
Subject key identifier: 63:27:C1:ED:78:EE:7A:14:4E:D4:60:D8:A3:9B:7A:33:C5:CF:BC:60
Certificate issuer: /CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Certificate serial: 01938EAD6AC0471B8C71E8B413D219624EC9
Authority key identifier: DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/YyfB7XjuehRO1GDYo5t6M8XPvGA.roa
Signing time: Tue 03 Dec 2024 22:39:09 +0000
ROA not before: Tue 03 Dec 2024 22:39:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204057
IP address blocks: 178.23.189.0/24 maxlen: 24
185.255.96.0/23 maxlen: 23
217.28.140.0/24 maxlen: 24
2a0d:6240::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 05 Dec 2024 11:35:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:8e:ad:6a:c0:47:1b:8c:71:e8:b4:13:d2:19:62:4e:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dfb1f6e00153a4918611b14b6b03f6812ed88a43
Validity
Not Before: Dec 3 22:39:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6327c1ed78ee7a144ed460d8a39b7a33c5cfbc60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ad:8d:4f:56:87:46:4f:4e:60:72:5e:79:1b:
a3:ce:de:d4:30:7c:ca:f0:70:9c:a4:c6:08:d6:1c:
a7:72:d5:6a:87:86:0a:c3:fe:dc:89:db:70:e0:a4:
6a:c9:7f:60:d3:57:5f:96:0c:95:a4:72:ed:4c:a9:
88:48:dd:37:99:bf:48:51:9a:61:e6:08:a5:27:40:
95:fa:d4:c0:e6:a8:cb:2d:a2:dc:65:6f:c6:f7:bb:
ac:7c:65:7c:49:1a:78:ed:a4:c6:b6:c7:cb:97:63:
a3:36:a6:54:20:c9:94:82:69:2c:a3:14:d2:cf:c9:
33:c6:c2:28:2b:e7:9b:98:64:2b:17:0d:26:38:b8:
c3:ee:ea:50:be:1f:d3:9e:0f:fc:d5:59:01:3b:76:
14:e9:6d:61:3f:af:5e:d7:d7:0f:0b:45:2a:53:a5:
5f:6c:c1:93:45:47:91:5f:bd:c2:86:fc:f6:3f:ce:
4b:96:25:30:3d:63:1b:41:10:2e:79:9c:9d:3d:00:
32:38:a8:37:a6:c6:9e:16:9b:ea:8d:97:06:ad:6b:
ce:6e:5c:87:7b:6a:68:6c:a2:60:73:1b:a5:35:24:
6b:dc:e5:ee:3c:c5:ea:13:f0:ca:03:94:02:49:13:
66:0f:83:a4:30:a3:39:2c:68:d7:ad:42:0f:eb:6e:
f2:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:27:C1:ED:78:EE:7A:14:4E:D4:60:D8:A3:9B:7A:33:C5:CF:BC:60
X509v3 Authority Key Identifier:
keyid:DF:B1:F6:E0:01:53:A4:91:86:11:B1:4B:6B:03:F6:81:2E:D8:8A:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/37H24AFTpJGGEbFLawP2gS7YikM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/YyfB7XjuehRO1GDYo5t6M8XPvGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/5379e5-3d85-41b1-9d71-810627fb2671/1/37H24AFTpJGGEbFLawP2gS7YikM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.23.189.0/24
185.255.96.0/23
217.28.140.0/24
IPv6:
2a0d:6240::/32
Signature Algorithm: sha256WithRSAEncryption
29:18:49:4d:fa:c8:ed:e0:17:19:8c:9c:fe:f1:2e:a8:35:fa:
be:d5:f8:3e:28:0e:46:2c:7a:07:54:e4:b2:02:97:d7:50:40:
7f:5c:89:2c:d0:f2:b9:34:32:d9:cf:e2:a4:d8:95:1c:3d:97:
79:ff:ca:a7:01:59:64:d7:3f:7a:0d:25:2b:28:45:91:78:77:
d3:bc:79:b8:ff:07:8b:63:05:cb:98:d3:38:b3:04:6b:82:0f:
52:7d:b3:09:be:02:42:8b:92:ce:c7:b1:15:a0:17:92:16:3a:
dd:9d:c9:bc:40:54:cd:3d:f0:34:32:e3:47:53:b3:33:e9:93:
03:43:bf:65:ac:fb:24:d4:6d:44:47:19:be:b3:d8:b7:73:be:
07:b1:3d:b8:15:28:9f:d4:27:98:ec:e8:aa:d3:66:bf:5f:37:
15:12:f6:c7:d6:af:6b:ba:ea:c5:5c:6f:ca:d9:36:48:d5:3d:
50:d0:c2:7d:ee:d4:f8:af:3f:7b:2d:64:62:2e:40:86:86:7c:
91:c5:31:e3:39:30:f6:c4:58:3a:14:3d:7e:30:13:4c:7e:8c:
d7:ad:e1:46:9c:eb:1a:3a:fd:f8:80:e4:9d:0e:18:2a:9e:13:
c3:02:2c:99:28:6a:51:bb:91:c0:63:63:4e:e7:fb:0e:98:85:
be:93:d4:02
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZOOrWrARxuMcei0E9IZYk7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmYjFmNmUwMDE1M2E0OTE4NjExYjE0YjZiMDNmNjgxMmVk
ODhhNDMwHhcNMjQxMjAzMjIzOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzI3YzFlZDc4ZWU3YTE0NGVkNDYwZDhhMzliN2EzM2M1Y2ZiYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoK2NT1aHRk9OYHJeeRujzt7UMHzK
8HCcpMYI1hynctVqh4YKw/7cidtw4KRqyX9g01dflgyVpHLtTKmISN03mb9IUZph
5gilJ0CV+tTA5qjLLaLcZW/G97usfGV8SRp47aTGtsfLl2OjNqZUIMmUgmksoxTS
z8kzxsIoK+ebmGQrFw0mOLjD7upQvh/Tng/81VkBO3YU6W1hP69e19cPC0UqU6Vf
bMGTRUeRX73Chvz2P85LliUwPWMbQRAueZydPQAyOKg3psaeFpvqjZcGrWvOblyH
e2pobKJgcxulNSRr3OXuPMXqE/DKA5QCSRNmD4OkMKM5LGjXrUIP627y0QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGMnwe147noUTtRg2KObejPFz7xgMB8GA1UdIwQY
MBaAFN+x9uABU6SRhhGxS2sD9oEu2IpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEt
ODEwNjI3ZmIyNjcxLzEvWXlmQjdYanVlaFJPMUdEWW81dDZNOFhQdkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS81Mzc5ZTUtM2Q4NS00MWIxLTlkNzEtODEwNjI3ZmIyNjcx
LzEvMzdIMjRBRlRwSkdHRWJGTGF3UDJnUzdZaWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAshe9AwQB
uf9gAwQA2RyMMA0EAgACMAcDBQAqDWJAMA0GCSqGSIb3DQEBCwUAA4IBAQApGElN
+sjt4BcZjJz+8S6oNfq+1fg+KA5GLHoHVOSyApfXUEB/XIks0PK5NDLZz+Kk2JUc
PZd5/8qnAVlk1z96DSUrKEWReHfTvHm4/weLYwXLmNM4swRrgg9SfbMJvgJCi5LO
x7EVoBeSFjrdncm8QFTNPfA0MuNHU7Mz6ZMDQ79lrPsk1G1ERxm+s9i3c74HsT24
FSif1CeY7Oiq02a/XzcVEvbH1q9ruurFXG/K2TZI1T1Q0MJ97tT4rz97LWRiLkCG
hnyRxTHjOTD2xFg6FD1+MBNMfozXreFGnOsaOv34gOSdDhgqnhPDAiyZKGpRu5HA
Y2NO5/sOmIW+k9QC
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:56:07 2025 by rpki-client