Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/PY8D0xMyBueH8SBcufJ-POYw_Xo.roa
File: PY8D0xMyBueH8SBcufJ-POYw_Xo.roa (raw, json)
Hash identifier: 3TBsD43dbRFaEegzl5NiErMxEBlj/KSLyPfTOpqGQpo=
Subject key identifier: 3D:8F:03:D3:13:32:06:E7:87:F1:20:5C:B9:F2:7E:3C:E6:30:FD:7A
Certificate issuer: /CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
Certificate serial: 018EC2BC1FB1A219E4FF6A0C445D882712F9
Authority key identifier: 98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/PY8D0xMyBueH8SBcufJ-POYw_Xo.roa
Signing time: Tue 09 Apr 2024 12:01:32 +0000
ROA not before: Tue 09 Apr 2024 12:01:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2852
IP address blocks: 147.251.0.0/16 maxlen: 24
217.69.96.0/20 maxlen: 24
2a00:5800::/32 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 01:49:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:c2:bc:1f:b1:a2:19:e4:ff:6a:0c:44:5d:88:27:12:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=98118687fdd6ff80fb098a9eeef06de377f85d6e
Validity
Not Before: Apr 9 12:01:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3d8f03d3133206e787f1205cb9f27e3ce630fd7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:16:46:e4:02:00:17:d7:80:0c:ed:24:d3:db:
72:5f:bc:d1:57:4b:4e:bc:57:ca:5f:ed:c9:43:78:
f7:db:f3:6f:68:de:cf:b5:c3:60:58:e7:8c:fe:dc:
6f:d6:77:46:7f:9f:a8:61:be:93:66:92:ab:26:05:
db:d5:e3:14:42:e6:09:3a:ff:1e:28:72:5e:dd:62:
23:34:6a:47:fa:99:96:8b:e8:68:00:25:78:70:30:
22:f7:12:d4:c7:35:9e:5b:d0:ab:4d:02:5a:2c:cf:
67:aa:53:37:89:06:e4:89:87:33:01:16:ec:8b:30:
99:33:b8:45:99:47:e2:95:37:a6:e9:77:7b:cb:5c:
15:53:c9:7d:d0:63:60:62:ad:c9:34:59:c7:17:e2:
26:ce:11:25:21:b8:df:17:d2:0f:4e:3b:de:1b:95:
3e:2f:5b:5a:e6:70:43:6d:fc:bc:39:aa:b1:24:c0:
1c:e1:27:61:33:75:3e:c5:a4:78:23:6d:fb:16:27:
04:a2:7a:e1:aa:02:d6:af:0f:27:96:18:11:fb:ac:
e6:f8:63:f8:35:d1:ce:af:81:f4:6f:fd:c0:23:16:
bc:0a:c1:5c:2f:7f:95:60:08:ed:31:f3:9f:05:5b:
1b:31:84:db:84:26:6b:5e:66:d1:f1:80:d3:6f:e4:
ee:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:8F:03:D3:13:32:06:E7:87:F1:20:5C:B9:F2:7E:3C:E6:30:FD:7A
X509v3 Authority Key Identifier:
keyid:98:11:86:87:FD:D6:FF:80:FB:09:8A:9E:EE:F0:6D:E3:77:F8:5D:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBGGh_3W_4D7CYqe7vBt43f4XW4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/PY8D0xMyBueH8SBcufJ-POYw_Xo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/5908a9-0c0f-40ab-bfd6-69af0a6e989b/1/mBGGh_3W_4D7CYqe7vBt43f4XW4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.251.0.0/16
217.69.96.0/20
IPv6:
2a00:5800::/32
Signature Algorithm: sha256WithRSAEncryption
30:3e:c5:89:19:ac:c6:9a:30:e2:c5:b6:1c:b8:2f:46:90:f9:
5f:7f:7d:ce:00:73:d1:f5:7a:fa:4b:b0:98:00:e5:ce:09:f6:
f3:47:73:b0:58:ca:a5:ab:f9:82:86:1c:5c:0f:34:1b:5a:9d:
f1:7d:1f:17:ef:9e:78:07:1d:00:77:ca:8d:5d:8c:2b:01:93:
e3:00:ea:29:0e:9f:c3:ce:2c:91:45:c2:2c:07:91:d6:e7:48:
52:5f:b3:16:ab:ef:e8:ae:47:63:32:62:b3:cf:6a:86:4b:f3:
73:ca:95:67:18:78:49:d7:6b:08:00:23:fc:54:92:52:aa:2c:
37:34:13:84:96:d3:80:5b:0a:fc:cd:3c:1a:f1:88:8b:ba:c9:
84:a5:d2:e8:8e:04:bf:cd:70:94:63:d3:bb:5c:12:f3:8c:74:
28:67:80:c3:7a:14:6f:8d:5e:b0:4e:32:60:cd:0a:d3:8a:7b:
98:9e:95:11:84:8c:f7:6b:59:8e:92:f0:11:bb:bb:13:5a:c7:
60:7d:ca:aa:ff:95:34:dd:0f:cc:a3:c9:85:5d:dd:6c:ed:bd:
d1:22:8a:b2:24:16:21:2b:ed:ed:06:ce:09:22:f9:3f:2d:df:
e3:08:9c:89:ec:f3:0a:30:67:d9:62:04:f7:5a:d2:c0:3c:54:
26:71:8b:ce
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY7CvB+xohnk/2oMRF2IJxL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTE4Njg3ZmRkNmZmODBmYjA5OGE5ZWVlZjA2ZGUzNzdm
ODVkNmUwHhcNMjQwNDA5MTIwMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhmMDNkMzEzMzIwNmU3ODdmMTIwNWNiOWYyN2UzY2U2MzBmZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhZG5AIAF9eADO0k09tyX7zRV0tO
vFfKX+3JQ3j32/NvaN7PtcNgWOeM/txv1ndGf5+oYb6TZpKrJgXb1eMUQuYJOv8e
KHJe3WIjNGpH+pmWi+hoACV4cDAi9xLUxzWeW9CrTQJaLM9nqlM3iQbkiYczARbs
izCZM7hFmUfilTem6Xd7y1wVU8l90GNgYq3JNFnHF+ImzhElIbjfF9IPTjveG5U+
L1ta5nBDbfy8OaqxJMAc4SdhM3U+xaR4I237FicEonrhqgLWrw8nlhgR+6zm+GP4
NdHOr4H0b/3AIxa8CsFcL3+VYAjtMfOfBVsbMYTbhCZrXmbR8YDTb+Tu/QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFD2PA9MTMgbnh/EgXLnyfjzmMP16MB8GA1UdIwQY
MBaAFJgRhof91v+A+wmKnu7wbeN3+F1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYt
NjlhZjBhNmU5ODliLzEvUFk4RDB4TXlCdWVIOFNCY3VmSi1QT1l3X1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy81OTA4YTktMGMwZi00MGFiLWJmZDYtNjlhZjBhNmU5ODli
LzEvbUJHR2hfM1dfNEQ3Q1lxZTd2QnQ0M2Y0WFc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAk/sDBATZ
RWAwDQQCAAIwBwMFACoAWAAwDQYJKoZIhvcNAQELBQADggEBADA+xYkZrMaaMOLF
thy4L0aQ+V9/fc4Ac9H1evpLsJgA5c4J9vNHc7BYyqWr+YKGHFwPNBtanfF9Hxfv
nngHHQB3yo1djCsBk+MA6ikOn8POLJFFwiwHkdbnSFJfsxar7+iuR2MyYrPPaoZL
83PKlWcYeEnXawgAI/xUklKqLDc0E4SW04BbCvzNPBrxiIu6yYSl0uiOBL/NcJRj
07tcEvOMdChngMN6FG+NXrBOMmDNCtOKe5ielRGEjPdrWY6S8BG7uxNax2B9yqr/
lTTdD8yjyYVd3WztvdEiirIkFiEr7e0Gzgki+T8t3+MInIns8wowZ9liBPda0sA8
VCZxi84=
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:48:53 2025 by rpki-client