Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/8PrP1DKyZbkGoRmTd9I2prvPdJ4.roa
File: 8PrP1DKyZbkGoRmTd9I2prvPdJ4.roa (raw, json)
Hash identifier: jHV3GgR0IvOAfYs+rhJI7WF6WWFUPK+zWOLuhm/2ZGg=
Subject key identifier: F0:FA:CF:D4:32:B2:65:B9:06:A1:19:93:77:D2:36:A6:BB:CF:74:9E
Certificate issuer: /CN=86afaae2e3e054073a38aab635dc96460eef487e
Certificate serial: 018C41D78EB065C0689ADB7B2119361A300F
Authority key identifier: 86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/8PrP1DKyZbkGoRmTd9I2prvPdJ4.roa
Signing time: Thu 07 Dec 2023 01:14:54 +0000
ROA not before: Thu 07 Dec 2023 01:14:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212216
IP address blocks: 195.28.10.0/24 maxlen: 24
195.28.169.0/24 maxlen: 24
195.28.168.0/24 maxlen: 24
185.73.226.0/24 maxlen: 32
80.249.115.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jan 2024 22:29:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:41:d7:8e:b0:65:c0:68:9a:db:7b:21:19:36:1a:30:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86afaae2e3e054073a38aab635dc96460eef487e
Validity
Not Before: Dec 7 01:14:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f0facfd432b265b906a1199377d236a6bbcf749e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:15:c4:8e:5b:27:06:7d:2b:34:62:6a:ab:ac:
3a:17:7d:b8:4c:49:a9:7d:4e:60:5b:1a:e1:30:ee:
49:9c:e7:28:03:d8:d1:2f:8e:a9:62:ff:df:c6:ee:
40:e0:c2:87:5d:67:0c:d1:d1:1f:a5:55:1c:3c:75:
31:79:36:d6:a2:ce:d8:ce:ec:c3:f6:dd:73:f2:70:
08:a9:ec:61:06:34:17:e2:0c:75:94:33:4b:cf:f7:
6d:5e:bd:71:39:cf:54:da:e2:8c:01:2b:32:0c:e3:
56:d9:a2:e2:7d:0e:5d:60:88:95:19:3d:9e:78:55:
29:5e:6a:30:92:41:95:e7:c6:9d:a0:83:fd:07:ef:
27:a4:0f:c1:4c:32:1e:75:f1:af:88:0e:89:21:46:
15:4a:0c:a0:47:a7:e8:1a:05:83:47:38:d0:07:5c:
55:e3:85:b6:bd:77:b2:a7:8d:e4:9a:5d:ec:a3:43:
3a:d3:1c:1a:33:3a:b9:b0:78:23:71:76:c9:17:99:
b7:ca:44:c6:50:d3:f8:de:4b:d5:60:29:ee:bd:48:
82:b1:a5:e0:e1:e0:d5:d4:81:f0:c8:e4:9a:3b:96:
22:00:85:84:6d:76:1c:d4:5f:74:89:2a:75:72:ad:
24:8b:2c:66:36:ad:bf:43:dd:88:ac:54:85:c5:8a:
da:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:FA:CF:D4:32:B2:65:B9:06:A1:19:93:77:D2:36:A6:BB:CF:74:9E
X509v3 Authority Key Identifier:
keyid:86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/8PrP1DKyZbkGoRmTd9I2prvPdJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/hq-q4uPgVAc6OKq2NdyWRg7vSH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.249.115.0/24
185.73.226.0/24
195.28.10.0/24
195.28.168.0/23
Signature Algorithm: sha256WithRSAEncryption
67:bb:8b:f5:be:d4:b1:a5:b3:5a:1b:a2:a1:35:b0:72:9d:e1:
b4:9b:8d:22:7a:c1:ae:a9:7d:70:3a:b7:6c:48:f7:17:01:89:
55:73:ee:bb:6c:c7:e5:27:39:e7:65:8d:02:84:8e:b4:fc:d3:
24:82:0b:dd:a3:64:d1:c0:33:8e:b7:f6:84:52:48:7f:f2:85:
5d:e4:39:43:38:4e:b4:ba:c1:c0:e8:c0:58:df:82:c5:65:e9:
4d:30:0c:18:98:67:6b:bc:79:ab:d8:5b:a2:55:53:28:b6:75:
69:81:dd:4a:11:1d:3f:64:35:ff:15:69:b2:cb:54:71:c1:71:
d2:85:e3:6a:8a:30:cb:19:de:eb:29:77:3a:b1:47:51:39:dd:
95:e0:c5:08:58:d3:b5:d0:62:c8:21:f2:28:eb:63:d5:ef:e7:
e5:c4:0c:31:fc:54:0c:22:90:5a:44:d3:0f:cf:f8:d4:f7:7e:
a3:b2:c5:01:18:6b:64:23:01:a1:0e:d9:4b:75:e8:99:f3:48:
82:1c:7a:bd:7a:f7:34:99:65:4f:c5:3f:e4:7d:0f:d1:14:86:
5f:e9:02:03:f5:d7:6d:df:b1:d9:66:8c:05:e7:62:ec:e3:c6:
0d:47:8f:ce:2e:49:aa:7e:b7:ee:14:6c:2b:87:af:be:be:b1:
a8:0a:a0:74
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYxB146wZcBomtt7IRk2GjAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWZhYWUyZTNlMDU0MDczYTM4YWFiNjM1ZGM5NjQ2MGVl
ZjQ4N2UwHhcNMjMxMjA3MDExNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGZhY2ZkNDMyYjI2NWI5MDZhMTE5OTM3N2QyMzZhNmJiY2Y3NDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RXEjlsnBn0rNGJqq6w6F324TEmp
fU5gWxrhMO5JnOcoA9jRL46pYv/fxu5A4MKHXWcM0dEfpVUcPHUxeTbWos7YzuzD
9t1z8nAIqexhBjQX4gx1lDNLz/dtXr1xOc9U2uKMASsyDONW2aLifQ5dYIiVGT2e
eFUpXmowkkGV58adoIP9B+8npA/BTDIedfGviA6JIUYVSgygR6foGgWDRzjQB1xV
44W2vXeyp43kml3so0M60xwaMzq5sHgjcXbJF5m3ykTGUNP43kvVYCnuvUiCsaXg
4eDV1IHwyOSaO5YiAIWEbXYc1F90iSp1cq0kiyxmNq2/Q92IrFSFxYragQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPD6z9QysmW5BqEZk3fSNqa7z3SeMB8GA1UdIwQY
MBaAFIavquLj4FQHOjiqtjXclkYO70h+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzIt
NDcyMDQwYjI0N2Y2LzEvOFByUDFES3laYmtHb1JtVGQ5STJwcnZQZEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzItNDcyMDQwYjI0N2Y2
LzEvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUPlzAwQA
uUniAwQAwxwKAwQBwxyoMA0GCSqGSIb3DQEBCwUAA4IBAQBnu4v1vtSxpbNaG6Kh
NbByneG0m40iesGuqX1wOrdsSPcXAYlVc+67bMflJznnZY0ChI60/NMkggvdo2TR
wDOOt/aEUkh/8oVd5DlDOE60usHA6MBY34LFZelNMAwYmGdrvHmr2FuiVVMotnVp
gd1KER0/ZDX/FWmyy1RxwXHSheNqijDLGd7rKXc6sUdROd2V4MUIWNO10GLIIfIo
62PV7+flxAwx/FQMIpBaRNMPz/jU936jssUBGGtkIwGhDtlLdeiZ80iCHHq9evc0
mWVPxT/kfQ/RFIZf6QID9ddt37HZZowF52Ls48YNR4/OLkmqfrfuFGwrh6++vrGo
CqB0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:23 2024 by rpki-client on console-fra.rpki-client.org