Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/yktTeS3iIPftw-RO9d8QWStI7_Y.roa
File: yktTeS3iIPftw-RO9d8QWStI7_Y.roa (raw, json)
Hash identifier: wEiW6O8KZBNKIvxIGKgQA32zYOT+B4Tgz7q9dGfw6Q4=
Subject key identifier: CA:4B:53:79:2D:E2:20:F7:ED:C3:E4:4E:F5:DF:10:59:2B:48:EF:F6
Certificate issuer: /CN=2bbc002a2b359b1aa8879e1c4d70455b3192efac
Certificate serial: 01856DCACCB06A4B4657A07FFAA43A0C5847
Authority key identifier: 2B:BC:00:2A:2B:35:9B:1A:A8:87:9E:1C:4D:70:45:5B:31:92:EF:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/yktTeS3iIPftw-RO9d8QWStI7_Y.roa
Signing time: Sun 01 Jan 2023 14:44:45 +0000
ROA not before: Sun 01 Jan 2023 14:44:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29217
IP address blocks: 159.72.128.0/21 maxlen: 21
164.9.95.0/24 maxlen: 24
159.72.136.0/24 maxlen: 24
159.72.137.0/24 maxlen: 24
159.72.138.0/24 maxlen: 24
164.9.100.0/22 maxlen: 22
164.9.102.0/24 maxlen: 24
164.9.104.0/22 maxlen: 22
164.9.99.0/24 maxlen: 24
78.41.240.0/21 maxlen: 21
85.119.129.0/24 maxlen: 24
85.119.128.0/21 maxlen: 21
192.16.143.0/24 maxlen: 24
164.9.0.0/16 maxlen: 16
2a02:c58:7::/48 maxlen: 48
2a02:c58:6::/48 maxlen: 48
2a02:c58::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 16:29:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:ca:cc:b0:6a:4b:46:57:a0:7f:fa:a4:3a:0c:58:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2bbc002a2b359b1aa8879e1c4d70455b3192efac
Validity
Not Before: Jan 1 14:44:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca4b53792de220f7edc3e44ef5df10592b48eff6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:76:24:55:fc:6a:b9:57:e9:c2:3b:bc:07:cc:
bd:3c:c5:77:88:d8:2b:b0:c3:ba:f2:41:f8:a3:a4:
1f:ad:5b:43:58:32:ab:5e:8c:ab:28:d3:48:42:58:
40:c0:9d:01:f5:54:9a:95:bc:93:96:0f:28:57:e2:
78:1c:11:dd:77:26:34:9b:b3:a3:27:81:da:dc:3b:
05:98:d7:69:f9:29:63:b0:df:ab:0e:c9:d6:7d:54:
ec:5c:c2:d2:2f:75:e3:c8:01:b4:43:4f:ef:78:3d:
d6:df:9f:98:6f:df:6d:28:89:c3:ea:27:06:99:74:
e3:54:f0:60:59:e4:70:7d:67:d4:fa:64:b6:ea:73:
77:36:c6:69:19:0c:76:0a:f7:61:c1:4d:41:ee:e9:
af:b0:ca:93:15:c0:b8:1d:80:e7:0b:f0:0c:73:7f:
f2:65:2e:d0:b5:10:2a:7b:5d:5b:b9:7f:24:a1:33:
69:cc:11:a6:9f:0d:fd:5c:fd:9e:cc:e6:58:09:35:
4d:9a:0e:51:bc:8f:e4:8b:5f:1b:d8:67:a9:8f:73:
81:fe:3a:5b:18:c8:2a:8a:c5:b6:94:24:fa:2a:29:
81:3b:11:14:0a:d9:f2:14:e0:f9:b5:b4:d1:6f:1b:
78:af:49:6b:05:4e:84:d0:0f:25:97:7c:b5:0f:02:
80:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:4B:53:79:2D:E2:20:F7:ED:C3:E4:4E:F5:DF:10:59:2B:48:EF:F6
X509v3 Authority Key Identifier:
keyid:2B:BC:00:2A:2B:35:9B:1A:A8:87:9E:1C:4D:70:45:5B:31:92:EF:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K7wAKis1mxqoh54cTXBFWzGS76w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/yktTeS3iIPftw-RO9d8QWStI7_Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/7c3726-2dbe-4174-b164-a89889ce5f84/1/K7wAKis1mxqoh54cTXBFWzGS76w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.41.240.0/21
85.119.128.0/21
159.72.128.0-159.72.138.255
164.9.0.0/16
192.16.143.0/24
IPv6:
2a02:c58::/32
Signature Algorithm: sha256WithRSAEncryption
8f:d8:0f:f0:bc:e3:60:2d:ed:65:ee:60:d5:4a:ea:b5:c8:fa:
a9:1d:45:7e:ca:bc:00:53:12:ff:c3:8a:9c:f6:12:fc:ca:53:
95:2f:3a:51:e1:5f:48:6a:68:1d:a2:50:25:b1:33:c4:78:1d:
6b:72:fc:63:d6:b4:04:bb:9c:d0:3d:89:f7:5f:67:7f:15:79:
b2:9a:ce:7f:ed:2b:d8:5e:57:1a:a6:df:e6:63:0d:b5:be:d8:
8c:de:53:4b:8d:2a:f2:24:48:af:0e:e8:4a:0d:d4:a1:a9:90:
6d:5e:b8:aa:3a:3b:7b:12:6a:7f:3e:e6:d2:d0:d2:0e:8f:f6:
4d:fb:e1:37:b7:a5:bd:f6:98:d4:1d:0c:ac:c5:2a:69:f6:4f:
5b:f0:8c:86:68:c5:f4:be:dd:6d:f2:72:45:e4:51:b1:23:d3:
c8:23:60:fa:cf:ab:3e:a7:8d:2e:9c:1f:b9:78:f3:86:3f:be:
67:e9:7b:b7:43:f6:81:a1:a6:3c:32:91:9d:76:ff:81:d7:36:
bf:f2:21:cc:d6:3e:4f:cd:ad:ae:01:c4:23:6b:7d:c1:0f:00:
25:91:9c:93:c3:1c:df:a2:0d:5d:0a:b5:a9:2c:6e:08:ce:29:
53:4b:2d:31:77:97:7f:52:59:f9:cf:88:f5:31:a3:c8:72:c7:
3d:e1:24:53
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYVtysywaktGV6B/+qQ6DFhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYmMwMDJhMmIzNTliMWFhODg3OWUxYzRkNzA0NTViMzE5
MmVmYWMwHhcNMjMwMTAxMTQ0NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRiNTM3OTJkZTIyMGY3ZWRjM2U0NGVmNWRmMTA1OTJiNDhlZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXYkVfxquVfpwju8B8y9PMV3iNgr
sMO68kH4o6QfrVtDWDKrXoyrKNNIQlhAwJ0B9VSalbyTlg8oV+J4HBHddyY0m7Oj
J4Ha3DsFmNdp+SljsN+rDsnWfVTsXMLSL3XjyAG0Q0/veD3W35+Yb99tKInD6icG
mXTjVPBgWeRwfWfU+mS26nN3NsZpGQx2CvdhwU1B7umvsMqTFcC4HYDnC/AMc3/y
ZS7QtRAqe11buX8koTNpzBGmnw39XP2ezOZYCTVNmg5RvI/ki18b2Gepj3OB/jpb
GMgqisW2lCT6KimBOxEUCtnyFOD5tbTRbxt4r0lrBU6E0A8ll3y1DwKAIQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFMpLU3kt4iD37cPkTvXfEFkrSO/2MB8GA1UdIwQY
MBaAFCu8ACorNZsaqIeeHE1wRVsxku+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzd3QUtpczFteHFvaDU0Y1RYQkZXekdTNzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83YzM3MjYtMmRiZS00MTc0LWIxNjQt
YTg5ODg5Y2U1Zjg0LzEveWt0VGVTM2lJUGZ0dy1STzlkOFFXU3RJN19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83YzM3MjYtMmRiZS00MTc0LWIxNjQtYTg5ODg5Y2U1Zjg0
LzEvSzd3QUtpczFteHFvaDU0Y1RYQkZXekdTNzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDArBAIAATAlAwQDTinwAwQD
VXeAMAwDBAefSIADBACfSIoDAwCkCQMEAMAQjzANBAIAAjAHAwUAKgIMWDANBgkq
hkiG9w0BAQsFAAOCAQEAj9gP8LzjYC3tZe5g1Urqtcj6qR1Ffsq8AFMS/8OKnPYS
/MpTlS86UeFfSGpoHaJQJbEzxHgda3L8Y9a0BLuc0D2J919nfxV5sprOf+0r2F5X
Gqbf5mMNtb7YjN5TS40q8iRIrw7oSg3UoamQbV64qjo7exJqfz7m0tDSDo/2Tfvh
N7elvfaY1B0MrMUqafZPW/CMhmjF9L7dbfJyReRRsSPTyCNg+s+rPqeNLpwfuXjz
hj++Z+l7t0P2gaGmPDKRnXb/gdc2v/IhzNY+T82trgHEI2t9wQ8AJZGck8Mc36IN
XQq1qSxuCM4pU0stMXeXf1JZ+c+I9TGjyHLHPeEkUw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:25 2024 by rpki-client on console-fra.rpki-client.org