Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/hf7G7f2GKh-xq_6FwWJ7akbGeyc.roa
File: hf7G7f2GKh-xq_6FwWJ7akbGeyc.roa (raw, json)
Hash identifier: Rev50xXWhkRr6d+WZahnHIduQTzb2WHCbxumZzoXJSU=
Subject key identifier: 85:FE:C6:ED:FD:86:2A:1F:B1:AB:FE:85:C1:62:7B:6A:46:C6:7B:27
Certificate issuer: /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial: 019423698CEE1F6B0AC0DAAC871915D54262
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/hf7G7f2GKh-xq_6FwWJ7akbGeyc.roa
Signing time: Wed 01 Jan 2025 19:48:27 +0000
ROA not before: Wed 01 Jan 2025 19:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34530
IP address blocks: 194.126.216.0/24 maxlen: 24
213.222.198.0/24 maxlen: 24
213.222.199.0/24 maxlen: 24
213.222.220.0/22 maxlen: 22
213.222.221.0/24 maxlen: 24
213.222.222.0/24 maxlen: 24
213.222.223.0/24 maxlen: 24
2a03:7580:4000::/40 maxlen: 40
Validation: Failed, certificate revoked on Mon 17 Feb 2025 10:02:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:8c:ee:1f:6b:0a:c0:da:ac:87:19:15:d5:42:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Validity
Not Before: Jan 1 19:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85fec6edfd862a1fb1abfe85c1627b6a46c67b27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:13:e9:8a:58:4f:b6:de:f8:01:f9:fa:29:ee:
a4:2c:77:4a:c0:96:0b:12:90:be:37:bf:10:79:3e:
96:db:c8:57:a7:3f:4e:c6:2f:6d:d5:d4:48:b4:e9:
1a:94:8c:fc:f9:be:13:a4:73:38:ce:28:96:67:f6:
ff:00:a9:04:54:d1:5f:e4:0c:35:94:f6:bb:30:40:
3f:ca:21:67:9b:e4:11:04:80:a7:02:58:fb:7c:38:
e2:dd:c8:60:cf:83:eb:db:a2:eb:ff:36:ff:c8:c0:
71:63:e5:1f:b7:74:ca:b1:f7:5c:20:7c:d5:4f:f9:
af:80:a0:af:2f:70:7f:e8:37:77:1a:17:42:5b:f7:
ca:b2:47:c3:be:03:ef:79:b5:f6:d7:54:ca:ae:68:
e7:f6:05:27:3e:2c:b4:96:e9:59:d1:bf:a6:fd:e5:
16:51:19:bb:0c:39:a3:39:54:21:7c:0e:32:d9:c3:
02:33:26:69:a3:46:3a:9f:23:e2:66:80:49:b3:95:
27:20:56:f4:9c:61:ba:92:e9:fb:1a:13:cf:7a:57:
77:80:d6:77:8a:6d:12:21:05:f2:37:25:cd:de:39:
cd:9b:d2:90:b5:f0:3e:84:47:a0:2c:c5:db:02:3b:
80:53:50:50:07:25:43:eb:8e:98:42:d2:74:a1:ba:
95:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:FE:C6:ED:FD:86:2A:1F:B1:AB:FE:85:C1:62:7B:6A:46:C6:7B:27
X509v3 Authority Key Identifier:
keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/hf7G7f2GKh-xq_6FwWJ7akbGeyc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.126.216.0/24
213.222.198.0/23
213.222.220.0/22
IPv6:
2a03:7580:4000::/40
Signature Algorithm: sha256WithRSAEncryption
74:25:52:51:16:ff:9a:cf:e3:b3:11:f4:1e:5b:8f:c3:fb:a3:
c8:fa:32:2b:77:37:20:b2:ee:89:b0:f4:05:f9:98:af:df:ae:
3c:0b:78:f7:4f:12:67:dd:f0:1f:6b:e4:28:f0:b7:cc:5f:58:
fb:5a:af:cc:15:59:fc:04:2e:bf:31:69:72:b8:00:cb:0e:d2:
16:5f:55:b3:c3:62:62:a5:e7:94:99:be:d9:b5:72:7e:55:f3:
bd:1e:52:29:d4:22:03:48:6c:79:fa:c8:10:c3:09:30:66:cd:
ff:49:21:95:f8:ef:78:65:a3:b4:41:f5:04:73:b3:9b:73:da:
88:12:4a:a5:a1:e4:0d:62:59:c5:4c:20:92:8a:6c:d8:c8:9b:
4e:8a:ff:55:eb:25:46:b6:8c:01:3f:36:68:ba:e0:15:4d:86:
83:ab:26:cc:0b:83:21:a9:0d:69:f0:bf:cb:ae:96:35:d0:c2:
c0:d1:1d:8c:39:9d:d1:a2:ab:83:e1:0e:eb:0b:b5:b6:cf:fd:
0a:dd:8c:a7:ba:8e:15:50:cb:88:d3:84:e6:b3:4f:2e:cd:82:
73:ab:18:96:19:19:03:a9:92:e5:ac:a3:65:42:e7:a5:2c:88:
c5:6c:75:87:28:9d:4c:b0:5f:c2:fb:73:92:f5:06:8e:eb:63:
63:d3:b7:cf
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZQjaYzuH2sKwNqshxkV1UJiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjUwMTAxMTk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZlYzZlZGZkODYyYTFmYjFhYmZlODVjMTYyN2I2YTQ2YzY3YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRPpilhPtt74Afn6Ke6kLHdKwJYL
EpC+N78QeT6W28hXpz9Oxi9t1dRItOkalIz8+b4TpHM4ziiWZ/b/AKkEVNFf5Aw1
lPa7MEA/yiFnm+QRBICnAlj7fDji3chgz4Pr26Lr/zb/yMBxY+Uft3TKsfdcIHzV
T/mvgKCvL3B/6Dd3GhdCW/fKskfDvgPvebX211TKrmjn9gUnPiy0lulZ0b+m/eUW
URm7DDmjOVQhfA4y2cMCMyZpo0Y6nyPiZoBJs5UnIFb0nGG6kun7GhPPeld3gNZ3
im0SIQXyNyXN3jnNm9KQtfA+hEegLMXbAjuAU1BQByVD646YQtJ0obqVGQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFIX+xu39hiofsav+hcFie2pGxnsnMB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEvaGY3RzdmMkdLaC14cV82RndXSjdha2JHZXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQAwn7YAwQB
1d7GAwQC1d7cMA4EAgACMAgDBgAqA3WAQDANBgkqhkiG9w0BAQsFAAOCAQEAdCVS
URb/ms/jsxH0HluPw/ujyPoyK3c3ILLuibD0BfmYr9+uPAt4908SZ93wH2vkKPC3
zF9Y+1qvzBVZ/AQuvzFpcrgAyw7SFl9Vs8NiYqXnlJm+2bVyflXzvR5SKdQiA0hs
efrIEMMJMGbN/0khlfjveGWjtEH1BHOzm3PaiBJKpaHkDWJZxUwgkops2MibTor/
VeslRraMAT82aLrgFU2Gg6smzAuDIakNafC/y66WNdDCwNEdjDmd0aKrg+EO6wu1
ts/9Ct2Mp7qOFVDLiNOE5rNPLs2Cc6sYlhkZA6mS5ayjZULnpSyIxWx1hyidTLBf
wvtzkvUGjutjY9O3zw==
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:31:04 2025 by rpki-client