Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/16fcf1-6412-4db2-b3ae-49a3c49f393c/1/S_Xqt1bL_53FcMiYLJ3LP2hnd9U.roa
File: S_Xqt1bL_53FcMiYLJ3LP2hnd9U.roa (raw, json)
Hash identifier: vRHqKws3//ccPVZCgewVW2uY9Dn12J6DYxFuIIFlAgI=
Subject key identifier: 4B:F5:EA:B7:56:CB:FF:9D:C5:70:C8:98:2C:9D:CB:3F:68:67:77:D5
Certificate issuer: /CN=552ad3a0b4b74e85af54f58ad75a3026b7df7181
Certificate serial: 01856E5D630C75DCDADCF268646246FCAC85
Authority key identifier: 55:2A:D3:A0:B4:B7:4E:85:AF:54:F5:8A:D7:5A:30:26:B7:DF:71:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VSrToLS3ToWvVPWK11owJrffcYE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/16fcf1-6412-4db2-b3ae-49a3c49f393c/1/S_Xqt1bL_53FcMiYLJ3LP2hnd9U.roa
Signing time: Sun 01 Jan 2023 17:24:51 +0000
ROA not before: Sun 01 Jan 2023 17:24:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15426
IP address blocks: 89.255.17.0/24 maxlen: 24
217.67.239.0/24 maxlen: 24
185.157.61.0/24 maxlen: 24
185.157.63.0/24 maxlen: 24
185.157.60.0/24 maxlen: 24
185.157.62.0/24 maxlen: 24
2a03:1a00::/32 maxlen: 32
2a0a:1880::/29 maxlen: 29
2a07:a380::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 02 Jan 2024 14:35:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:5d:63:0c:75:dc:da:dc:f2:68:64:62:46:fc:ac:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=552ad3a0b4b74e85af54f58ad75a3026b7df7181
Validity
Not Before: Jan 1 17:24:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4bf5eab756cbff9dc570c8982c9dcb3f686777d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:fc:1a:4a:99:49:1c:91:9f:14:b4:e4:33:d1:
aa:94:30:cf:19:67:69:92:b0:52:83:7b:7d:ba:2c:
63:00:9d:d6:44:73:b3:9d:f3:3a:35:6a:e5:86:9e:
e9:6c:85:09:d2:ae:4b:e7:60:25:fe:45:79:ed:7c:
b4:d1:ae:c9:e4:8f:4c:a0:3d:21:8c:67:20:e1:c1:
d7:38:09:ba:41:12:99:6a:3e:86:c2:89:f6:02:c1:
68:54:bd:ff:74:19:f6:ed:24:eb:b9:c3:93:e4:37:
e0:41:79:c2:58:42:a8:c4:78:c1:6f:d7:d7:8b:5a:
fa:f1:54:c3:02:49:a7:8b:a1:67:a0:e3:f7:14:81:
51:18:89:71:a5:46:08:90:1c:37:85:17:6a:67:31:
4a:f3:cb:cb:15:9e:7c:89:45:ee:45:ac:de:ef:25:
95:3f:8c:8d:8f:a6:72:13:6a:3d:e3:81:0b:ac:b3:
ed:c3:50:50:c6:63:a4:b2:44:60:cf:1a:ce:71:5d:
79:e7:23:0f:f9:17:03:d7:0f:c1:78:d8:36:fa:a5:
d8:cc:4d:4f:ad:b8:a8:61:ee:17:24:2e:0c:7b:7a:
02:86:48:43:61:a7:57:84:8e:f2:63:a5:8a:98:17:
f3:4f:1e:a2:61:04:dd:b9:93:0a:f1:3c:e0:94:da:
07:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:F5:EA:B7:56:CB:FF:9D:C5:70:C8:98:2C:9D:CB:3F:68:67:77:D5
X509v3 Authority Key Identifier:
keyid:55:2A:D3:A0:B4:B7:4E:85:AF:54:F5:8A:D7:5A:30:26:B7:DF:71:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSrToLS3ToWvVPWK11owJrffcYE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/16fcf1-6412-4db2-b3ae-49a3c49f393c/1/S_Xqt1bL_53FcMiYLJ3LP2hnd9U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/16fcf1-6412-4db2-b3ae-49a3c49f393c/1/VSrToLS3ToWvVPWK11owJrffcYE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.255.17.0/24
185.157.60.0/22
217.67.239.0/24
IPv6:
2a03:1a00::/32
2a07:a380::/29
2a0a:1880::/29
Signature Algorithm: sha256WithRSAEncryption
b4:90:da:64:03:b1:f1:1b:db:59:30:4c:54:03:43:bb:4c:dc:
20:5e:df:12:a0:19:ef:b4:ad:b5:b2:55:66:8c:2b:04:fd:fc:
95:b3:7c:b2:c7:d7:04:8f:9f:1d:f3:f8:ee:c5:8d:61:da:9e:
a8:40:4d:b8:3e:4b:bf:66:af:49:5b:0b:87:76:0e:93:14:61:
f3:cd:43:a8:54:04:95:68:e6:21:45:c7:0d:e1:47:a1:e3:f6:
99:85:92:3e:d6:09:4f:d8:0f:2d:c4:76:d2:0c:f1:5d:8c:5d:
35:d6:23:a3:9e:2c:4e:9e:8b:dc:89:14:52:2c:8d:fd:31:75:
52:0f:45:91:45:d4:16:a8:73:5e:83:56:9b:0b:35:b1:2e:d9:
d6:57:0c:58:6b:2a:54:3e:a1:1a:5e:0d:99:ae:6d:3f:48:0c:
67:7a:02:16:fd:51:b0:c2:ba:f2:86:1b:68:59:ed:c0:76:3a:
5a:27:ea:0d:bb:73:1e:f1:39:1b:02:9b:87:2b:a8:06:0f:bd:
1e:5f:c6:e2:c5:43:a5:46:97:c4:c8:af:5e:ca:80:8a:c4:72:
20:44:40:48:b8:b0:51:f2:31:32:71:49:d9:65:0b:b5:80:40:
a7:4e:4c:c7:b0:b8:33:ec:a4:be:10:e7:9c:51:47:a8:10:69:
dc:f7:da:f3
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVuXWMMddza3PJoZGJG/KyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MmFkM2EwYjRiNzRlODVhZjU0ZjU4YWQ3NWEzMDI2Yjdk
ZjcxODEwHhcNMjMwMTAxMTcyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmY1ZWFiNzU2Y2JmZjlkYzU3MGM4OTgyYzlkY2IzZjY4Njc3N2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfwaSplJHJGfFLTkM9GqlDDPGWdp
krBSg3t9uixjAJ3WRHOznfM6NWrlhp7pbIUJ0q5L52Al/kV57Xy00a7J5I9MoD0h
jGcg4cHXOAm6QRKZaj6Gwon2AsFoVL3/dBn27STrucOT5DfgQXnCWEKoxHjBb9fX
i1r68VTDAkmni6FnoOP3FIFRGIlxpUYIkBw3hRdqZzFK88vLFZ58iUXuRaze7yWV
P4yNj6ZyE2o944ELrLPtw1BQxmOkskRgzxrOcV155yMP+RcD1w/BeNg2+qXYzE1P
rbioYe4XJC4Me3oChkhDYadXhI7yY6WKmBfzTx6iYQTduZMK8TzglNoHwwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFEv16rdWy/+dxXDImCydyz9oZ3fVMB8GA1UdIwQY
MBaAFFUq06C0t06Fr1T1itdaMCa333GBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNyVG9MUzNUb1d2VlBXSzExb3dKcmZmY1lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8xNmZjZjEtNjQxMi00ZGIyLWIzYWUt
NDlhM2M0OWYzOTNjLzEvU19YcXQxYkxfNTNGY01pWUxKM0xQMmhuZDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8xNmZjZjEtNjQxMi00ZGIyLWIzYWUtNDlhM2M0OWYzOTNj
LzEvVlNyVG9MUzNUb1d2VlBXSzExb3dKcmZmY1lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQAWf8RAwQC
uZ08AwQA2UPvMBsEAgACMBUDBQAqAxoAAwUDKgejgAMFAyoKGIAwDQYJKoZIhvcN
AQELBQADggEBALSQ2mQDsfEb21kwTFQDQ7tM3CBe3xKgGe+0rbWyVWaMKwT9/JWz
fLLH1wSPnx3z+O7FjWHanqhATbg+S79mr0lbC4d2DpMUYfPNQ6hUBJVo5iFFxw3h
R6Hj9pmFkj7WCU/YDy3EdtIM8V2MXTXWI6OeLE6ei9yJFFIsjf0xdVIPRZFF1Bao
c16DVpsLNbEu2dZXDFhrKlQ+oRpeDZmubT9IDGd6Ahb9UbDCuvKGG2hZ7cB2Olon
6g27cx7xORsCm4crqAYPvR5fxuLFQ6VGl8TIr17KgIrEciBEQEi4sFHyMTJxSdll
C7WAQKdOTMewuDPspL4Q55xRR6gQadz32vM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:39 2024 by rpki-client on console-fra.rpki-client.org