Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/gYp32B83sjWZe7MQQLOcz3XtToc.roa
File: gYp32B83sjWZe7MQQLOcz3XtToc.roa (raw, json)
Hash identifier: NGKQgqHh46bmY6usC/L5PyKjjQuzDLtgGt0TAx0/yXg=
Subject key identifier: 81:8A:77:D8:1F:37:B2:35:99:7B:B3:10:40:B3:9C:CF:75:ED:4E:87
Certificate issuer: /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial: 01856F5DC518CE3B3C133690C9F43CD35032
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/gYp32B83sjWZe7MQQLOcz3XtToc.roa
Signing time: Sun 01 Jan 2023 22:04:54 +0000
ROA not before: Sun 01 Jan 2023 22:04:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12793
IP address blocks: 212.88.160.0/19 maxlen: 19
213.147.160.0/19 maxlen: 19
81.5.192.0/18 maxlen: 18
194.152.96.0/19 maxlen: 19
85.90.128.0/19 maxlen: 19
80.89.96.0/20 maxlen: 20
217.149.160.0/20 maxlen: 20
213.225.0.0/18 maxlen: 18
Validation: Failed, certificate revoked on Wed 30 Aug 2023 05:25:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:5d:c5:18:ce:3b:3c:13:36:90:c9:f4:3c:d3:50:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Validity
Not Before: Jan 1 22:04:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=818a77d81f37b235997bb31040b39ccf75ed4e87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b2:b4:f1:17:c5:36:0e:6b:42:16:77:cb:65:
6a:9f:d8:d4:10:12:44:15:b7:1a:44:23:9c:32:14:
0a:f4:3d:a3:d2:3b:6b:f9:47:ee:4c:ac:08:ca:ea:
41:ba:f1:99:44:b1:5d:b3:98:2a:f3:e2:0e:7f:d7:
79:73:3b:89:bc:4c:4d:4b:69:0c:69:85:32:67:e6:
2c:9b:07:a2:4d:16:f9:a3:c1:2a:1c:d5:82:fa:dd:
2b:28:fe:33:74:ef:15:23:e6:f1:13:19:3a:46:c6:
43:4f:51:fb:05:b6:37:fb:28:0e:f6:80:03:41:1d:
a5:93:fc:f8:23:66:23:c8:e9:44:11:53:7c:25:e5:
29:2c:75:17:63:34:46:98:78:ee:4e:f0:9e:f8:4a:
f6:42:53:cc:f6:c4:33:35:78:3b:70:ae:3c:38:03:
7f:4f:b6:b3:b0:6a:57:02:07:b8:6a:1c:83:e4:5d:
ab:3a:e5:c0:bc:88:f6:93:b2:f8:78:b8:7b:54:6d:
d6:22:71:35:da:49:b0:ae:f9:39:86:cb:8e:87:fc:
53:06:cf:fa:ed:fa:39:1a:66:4d:7e:40:d2:0f:57:
e2:46:bb:8f:a6:d4:9c:31:b5:42:16:66:e6:11:aa:
e0:7c:d0:a4:3d:83:21:f3:d6:a9:0f:d8:ba:58:45:
0a:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:8A:77:D8:1F:37:B2:35:99:7B:B3:10:40:B3:9C:CF:75:ED:4E:87
X509v3 Authority Key Identifier:
keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/gYp32B83sjWZe7MQQLOcz3XtToc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.89.96.0/20
81.5.192.0/18
85.90.128.0/19
194.152.96.0/19
212.88.160.0/19
213.147.160.0/19
213.225.0.0/18
217.149.160.0/20
Signature Algorithm: sha256WithRSAEncryption
5b:aa:39:ec:fb:6e:06:da:60:52:c7:93:8b:ab:eb:f4:7f:da:
5c:e9:7c:dd:5a:8b:6e:8e:b6:1c:8c:19:09:2b:fd:39:82:69:
98:3a:37:92:10:db:2a:8b:5e:20:ca:bc:6e:2a:ed:3e:c7:ce:
d3:a1:d8:99:d1:c3:a4:6a:6f:60:13:67:14:f7:f3:da:32:e9:
5f:b6:38:7f:68:f4:e8:b8:4c:11:02:2c:8b:c0:81:d5:e8:62:
8b:44:64:02:83:d8:bb:1c:6d:e0:d6:f3:14:c3:a0:cb:d7:0c:
44:81:8f:08:a6:e0:a7:09:39:e9:e9:37:25:2a:b1:4f:40:fe:
30:59:16:35:cc:f3:a5:f0:42:39:4e:80:b6:36:87:8b:7b:bb:
a4:4f:b4:45:fc:5d:cb:1f:e6:56:8c:89:2c:6a:92:cd:4d:c6:
a3:1f:36:21:fd:99:c9:15:8f:89:ad:77:98:c3:df:cc:5f:d0:
86:d2:91:8c:21:48:ba:79:3d:bd:82:ac:f4:2a:ab:73:80:4d:
d8:b0:8c:7c:35:d9:25:6c:93:6a:30:eb:fc:a9:93:1d:35:99:
8c:b0:be:b1:d1:d7:5d:20:18:d5:82:fb:a5:35:7f:fa:c7:1a:
a9:34:96:49:1e:67:d7:d1:92:f5:75:d2:37:59:01:c3:f4:ab:
44:07:fc:d7
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVvXcUYzjs8EzaQyfQ801AyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjMwMTAxMjIwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MThhNzdkODFmMzdiMjM1OTk3YmIzMTA0MGIzOWNjZjc1ZWQ0ZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbK08RfFNg5rQhZ3y2Vqn9jUEBJE
FbcaRCOcMhQK9D2j0jtr+UfuTKwIyupBuvGZRLFds5gq8+IOf9d5czuJvExNS2kM
aYUyZ+YsmweiTRb5o8EqHNWC+t0rKP4zdO8VI+bxExk6RsZDT1H7BbY3+ygO9oAD
QR2lk/z4I2YjyOlEEVN8JeUpLHUXYzRGmHjuTvCe+Er2QlPM9sQzNXg7cK48OAN/
T7azsGpXAge4ahyD5F2rOuXAvIj2k7L4eLh7VG3WInE12kmwrvk5hsuOh/xTBs/6
7fo5GmZNfkDSD1fiRruPptScMbVCFmbmEargfNCkPYMh89apD9i6WEUKZwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIGKd9gfN7I1mXuzEECznM917U6HMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvZ1lwMzJCODNzaldaZTdNUVFMT2N6M1h0VG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQEUFlgAwQG
UQXAAwQFVVqAAwQFwphgAwQF1FigAwQF1ZOgAwQG1eEAAwQE2ZWgMA0GCSqGSIb3
DQEBCwUAA4IBAQBbqjns+24G2mBSx5OLq+v0f9pc6XzdWotujrYcjBkJK/05gmmY
OjeSENsqi14gyrxuKu0+x87TodiZ0cOkam9gE2cU9/PaMulftjh/aPTouEwRAiyL
wIHV6GKLRGQCg9i7HG3g1vMUw6DL1wxEgY8IpuCnCTnp6TclKrFPQP4wWRY1zPOl
8EI5ToC2NoeLe7ukT7RF/F3LH+ZWjIksapLNTcajHzYh/ZnJFY+JrXeYw9/MX9CG
0pGMIUi6eT29gqz0KqtzgE3YsIx8NdklbJNqMOv8qZMdNZmMsL6x0dddIBjVgvul
NX/6xxqpNJZJHmfX0ZL1ddI3WQHD9KtEB/zX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:16 2024 by rpki-client on console-ams.rpki-client.org