Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/_yucNAkii0g0EeQ3-t1qxGzCsP0.roa
File: _yucNAkii0g0EeQ3-t1qxGzCsP0.roa (raw, json)
Hash identifier: lV/Ln+sLJjVs8MFiS9Re4beohNwI/r2k46Y9ipPskEQ=
Subject key identifier: FF:2B:9C:34:09:22:8B:48:34:11:E4:37:FA:DD:6A:C4:6C:C2:B0:FD
Certificate issuer: /CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
Certificate serial: 01856D788B0807839420BBE9D93DF162A8DC
Authority key identifier: 44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/_yucNAkii0g0EeQ3-t1qxGzCsP0.roa
Signing time: Sun 01 Jan 2023 13:14:54 +0000
ROA not before: Sun 01 Jan 2023 13:14:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44788
IP address blocks: 178.250.0.0/21 maxlen: 24
91.199.242.0/24 maxlen: 24
185.235.84.0/24 maxlen: 24
185.235.86.0/24 maxlen: 24
185.235.87.0/24 maxlen: 24
91.212.98.0/24 maxlen: 24
2a02:2638::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:78:8b:08:07:83:94:20:bb:e9:d9:3d:f1:62:a8:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=44728fb31c4ebdfb9bf129745b91bd2e2ee8ef31
Validity
Not Before: Jan 1 13:14:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ff2b9c3409228b483411e437fadd6ac46cc2b0fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:83:d8:6b:fc:3f:a3:5b:32:91:8f:aa:e5:b1:
06:c7:b7:1d:b5:3d:87:22:87:7d:14:82:08:2b:7b:
d6:ec:34:7c:9b:ae:ae:15:8e:7f:ac:21:42:cf:04:
ec:5a:e6:28:5d:c4:e9:12:9c:2a:8a:ad:fa:75:96:
0e:54:0e:8a:b2:ac:eb:d2:50:67:eb:59:32:d1:2c:
8e:0d:2a:63:24:f8:50:6e:e2:b5:26:cd:08:b5:a6:
b1:73:5e:11:b6:b9:55:2a:05:17:df:a8:d1:df:4c:
e6:38:42:e2:12:47:d0:3d:ac:be:d5:60:81:12:5b:
c7:a9:9b:7b:d1:0d:52:51:0b:80:e0:3a:47:7a:7e:
21:e9:0d:96:72:5c:58:35:62:9d:16:fe:68:86:be:
c0:74:33:e8:fe:e5:0f:25:a1:ca:83:bb:7d:72:ef:
07:fe:dd:fc:1c:30:1c:ac:22:85:f4:96:21:12:43:
f4:b8:45:d8:e8:dc:35:61:79:a7:57:ee:9e:4e:af:
75:b2:07:30:17:68:f5:6b:23:f0:3e:4e:40:a8:26:
62:e4:50:f6:e8:b2:8b:ba:8d:19:76:0e:e8:da:ae:
99:43:69:4a:bf:fc:44:12:db:e5:5b:75:61:4a:35:
b3:8c:0b:27:08:0b:7d:13:11:ef:9d:7d:07:5c:c9:
f9:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:2B:9C:34:09:22:8B:48:34:11:E4:37:FA:DD:6A:C4:6C:C2:B0:FD
X509v3 Authority Key Identifier:
keyid:44:72:8F:B3:1C:4E:BD:FB:9B:F1:29:74:5B:91:BD:2E:2E:E8:EF:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RHKPsxxOvfub8Sl0W5G9Li7o7zE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/_yucNAkii0g0EeQ3-t1qxGzCsP0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3ac761-9ad8-4513-8a32-1f55d9999eeb/1/RHKPsxxOvfub8Sl0W5G9Li7o7zE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.199.242.0/24
91.212.98.0/24
178.250.0.0/21
185.235.84.0/24
185.235.86.0/23
IPv6:
2a02:2638::/32
Signature Algorithm: sha256WithRSAEncryption
98:4e:8c:3a:9d:d2:a3:77:7c:7a:be:45:8c:d8:f1:4e:76:e6:
f4:62:99:29:c7:96:4f:0e:e3:59:e3:41:c9:e3:f7:5c:5e:35:
10:cc:fb:2c:5d:57:f4:2b:8a:c0:51:27:af:08:7d:b5:06:e0:
a1:e2:2d:02:be:a0:57:68:aa:53:64:43:c8:cf:a7:f6:b7:f9:
53:98:dd:fe:66:ef:f4:cc:35:ca:56:a6:db:7e:5d:18:5f:00:
36:02:14:8e:79:ad:46:54:db:f6:4e:54:bc:2c:98:0f:d6:7b:
b5:02:32:9a:0a:92:e6:00:6f:56:5b:df:90:e4:69:31:32:75:
19:cd:b2:5c:e7:f1:49:ef:58:f6:27:9b:53:a0:0a:d6:21:8d:
72:3d:4b:d3:a4:56:ff:6a:33:66:78:4f:2d:65:be:d2:0a:97:
ab:b3:e9:e4:bd:81:97:0d:bf:ff:c7:77:41:9e:7d:43:13:eb:
15:0d:2f:70:7a:04:16:50:cb:66:76:eb:45:7e:30:20:79:54:
1e:df:2c:e3:bb:e3:87:4a:2f:0f:a9:4c:5f:55:0b:cd:2b:73:
40:76:25:41:b7:d7:78:ab:b9:ba:c6:56:b3:0a:21:f0:c4:1a:
13:fd:d7:32:db:96:a0:3f:b7:f7:34:e3:44:9d:17:27:52:ed:
44:13:98:43
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVteIsIB4OUILvp2T3xYqjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NzI4ZmIzMWM0ZWJkZmI5YmYxMjk3NDViOTFiZDJlMmVl
OGVmMzEwHhcNMjMwMTAxMTMxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjJiOWMzNDA5MjI4YjQ4MzQxMWU0MzdmYWRkNmFjNDZjYzJiMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkIPYa/w/o1sykY+q5bEGx7cdtT2H
Iod9FIIIK3vW7DR8m66uFY5/rCFCzwTsWuYoXcTpEpwqiq36dZYOVA6Ksqzr0lBn
61ky0SyODSpjJPhQbuK1Js0Itaaxc14RtrlVKgUX36jR30zmOELiEkfQPay+1WCB
ElvHqZt70Q1SUQuA4DpHen4h6Q2WclxYNWKdFv5ohr7AdDPo/uUPJaHKg7t9cu8H
/t38HDAcrCKF9JYhEkP0uEXY6Nw1YXmnV+6eTq91sgcwF2j1ayPwPk5AqCZi5FD2
6LKLuo0Zdg7o2q6ZQ2lKv/xEEtvlW3VhSjWzjAsnCAt9ExHvnX0HXMn5GwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFP8rnDQJIotINBHkN/rdasRswrD9MB8GA1UdIwQY
MBaAFERyj7McTr37m/EpdFuRvS4u6O8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzIt
MWY1NWQ5OTk5ZWViLzEvX3l1Y05Ba2lpMGcwRWVRMy10MXF4R3pDc1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS8zYWM3NjEtOWFkOC00NTEzLThhMzItMWY1NWQ5OTk5ZWVi
LzEvUkhLUHN4eE92ZnViOFNsMFc1RzlMaTdvN3pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW8fyAwQA
W9RiAwQDsvoAAwQAuetUAwQBuetWMA0EAgACMAcDBQAqAiY4MA0GCSqGSIb3DQEB
CwUAA4IBAQCYTow6ndKjd3x6vkWM2PFOdub0Ypkpx5ZPDuNZ40HJ4/dcXjUQzPss
XVf0K4rAUSevCH21BuCh4i0CvqBXaKpTZEPIz6f2t/lTmN3+Zu/0zDXKVqbbfl0Y
XwA2AhSOea1GVNv2TlS8LJgP1nu1AjKaCpLmAG9WW9+Q5GkxMnUZzbJc5/FJ71j2
J5tToArWIY1yPUvTpFb/ajNmeE8tZb7SCpers+nkvYGXDb//x3dBnn1DE+sVDS9w
egQWUMtmdutFfjAgeVQe3yzju+OHSi8PqUxfVQvNK3NAdiVBt9d4q7m6xlazCiHw
xBoT/dcy25agP7f3NONEnRcnUu1EE5hD
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:51:56 2024 by rpki-client on console-fra.rpki-client.org