Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/2yxhYXudLgcE3Oz0GYDFEh-mX4I.roa
File: 2yxhYXudLgcE3Oz0GYDFEh-mX4I.roa (raw, json)
Hash identifier: B8NF5yBexuwEVPgFdOen3zTgoYlLPztfwZTFX7z8/gs=
Subject key identifier: DB:2C:61:61:7B:9D:2E:07:04:DC:EC:F4:19:80:C5:12:1F:A6:5F:82
Certificate issuer: /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial: 018C3A2AD57E82EE7182978D7D4702C5F268
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/2yxhYXudLgcE3Oz0GYDFEh-mX4I.roa
Signing time: Tue 05 Dec 2023 13:28:54 +0000
ROA not before: Tue 05 Dec 2023 13:28:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 217.25.12.0/24 maxlen: 24
87.254.31.0/24 maxlen: 24
87.254.10.0/24 maxlen: 24
185.210.168.0/23 maxlen: 24
185.210.170.0/23 maxlen: 24
87.254.17.0/24 maxlen: 24
87.254.22.0/24 maxlen: 24
87.254.23.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3a:2a:d5:7e:82:ee:71:82:97:8d:7d:47:02:c5:f2:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Validity
Not Before: Dec 5 13:28:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=db2c61617b9d2e0704dcecf41980c5121fa65f82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:4b:89:41:11:37:0a:50:43:51:17:bb:87:30:
31:cd:df:2d:10:60:92:5c:8b:d5:5e:ed:ad:ea:0d:
42:67:99:b7:d7:e0:60:35:02:52:47:08:f2:e1:a8:
48:31:db:b0:a8:68:2a:a8:1f:7e:53:a3:15:05:39:
d6:40:39:37:73:1c:67:fe:96:45:80:e0:a5:e1:c9:
dc:ea:b4:e7:78:1f:9e:b0:5b:46:98:88:da:f9:f1:
7d:5d:92:de:4c:32:31:d8:76:3d:ff:b9:cb:cf:0b:
ac:47:f2:d5:b6:07:d2:06:d5:ef:6a:87:d2:95:b5:
be:31:8e:da:23:98:19:83:e2:5d:8f:67:bd:dc:2e:
d3:8a:24:8e:aa:e2:0d:d2:0b:f1:59:c9:55:b3:3c:
2a:ab:b6:79:27:b9:db:6c:42:f7:ad:7f:5d:50:c6:
d3:16:34:be:04:fe:c0:0e:fc:92:c0:d4:0a:a7:74:
e3:f2:9f:41:51:b2:06:43:16:c9:55:d1:b2:c8:3d:
6d:70:27:7b:bc:46:8c:50:dd:5e:b5:6f:e1:32:c4:
9e:74:af:43:c5:b5:a9:b5:b5:80:cb:ee:15:c8:72:
15:04:bc:0c:2f:ca:e5:c9:b0:d9:6a:d7:71:e5:69:
47:67:f9:5e:a9:11:75:4f:f9:65:64:90:c4:5f:1f:
d0:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:2C:61:61:7B:9D:2E:07:04:DC:EC:F4:19:80:C5:12:1F:A6:5F:82
X509v3 Authority Key Identifier:
keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/2yxhYXudLgcE3Oz0GYDFEh-mX4I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.10.0/24
87.254.17.0/24
87.254.22.0/23
87.254.31.0/24
185.210.168.0/22
217.25.12.0/24
Signature Algorithm: sha256WithRSAEncryption
44:ea:32:13:88:4a:12:77:08:23:cc:16:db:f0:8f:39:fc:65:
d7:5f:07:a4:7f:51:b6:3f:15:d1:cc:ea:a1:f8:24:89:1f:fb:
e8:c2:64:24:52:71:fa:d0:a1:83:fe:cf:f2:d5:df:a7:bb:04:
79:3c:79:83:24:5c:c1:fc:e3:14:32:d4:c2:6a:57:3b:bf:f6:
57:6b:a5:85:bb:92:d0:74:a6:14:91:70:df:6d:f8:38:5e:7a:
6f:59:e5:a5:e8:22:25:eb:79:48:d3:1b:1c:94:35:74:93:f1:
4b:b3:80:77:7c:29:d3:5e:d3:d1:a4:8e:3d:46:d2:36:cf:1d:
fd:66:4b:71:80:5c:0d:5a:92:1d:c2:f4:a4:e2:93:42:6c:ef:
0a:2c:44:25:2a:22:ae:a8:64:99:ee:80:33:8b:91:46:c7:3d:
e2:25:fd:60:9c:10:31:38:cc:8b:34:a6:f8:51:7a:e4:d8:5b:
4e:36:d0:ba:fe:d6:0e:c0:a3:bd:d2:06:f5:cc:4a:34:c2:65:
c4:aa:7c:3a:2e:6c:93:36:6f:79:b1:54:e4:1c:21:bc:b6:72:
0d:a0:32:b9:4c:0e:1e:2b:37:d4:eb:05:3c:58:83:3c:01:e1:
bf:45:94:ab:8f:f1:f1:71:64:10:ef:64:10:63:d7:28:7f:4f:
99:83:5e:d9
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYw6KtV+gu5xgpeNfUcCxfJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjMxMjA1MTMyODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjJjNjE2MTdiOWQyZTA3MDRkY2VjZjQxOTgwYzUxMjFmYTY1ZjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0uJQRE3ClBDURe7hzAxzd8tEGCS
XIvVXu2t6g1CZ5m31+BgNQJSRwjy4ahIMduwqGgqqB9+U6MVBTnWQDk3cxxn/pZF
gOCl4cnc6rTneB+esFtGmIja+fF9XZLeTDIx2HY9/7nLzwusR/LVtgfSBtXvaofS
lbW+MY7aI5gZg+Jdj2e93C7TiiSOquIN0gvxWclVszwqq7Z5J7nbbEL3rX9dUMbT
FjS+BP7ADvySwNQKp3Tj8p9BUbIGQxbJVdGyyD1tcCd7vEaMUN1etW/hMsSedK9D
xbWptbWAy+4VyHIVBLwML8rlybDZatdx5WlHZ/leqRF1T/llZJDEXx/QxQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNssYWF7nS4HBNzs9BmAxRIfpl+CMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvMnl4aFlYdWRMZ2NFM096MEdZREZFaC1tWDRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAV/4KAwQA
V/4RAwQBV/4WAwQAV/4fAwQCudKoAwQA2RkMMA0GCSqGSIb3DQEBCwUAA4IBAQBE
6jITiEoSdwgjzBbb8I85/GXXXwekf1G2PxXRzOqh+CSJH/vowmQkUnH60KGD/s/y
1d+nuwR5PHmDJFzB/OMUMtTCalc7v/ZXa6WFu5LQdKYUkXDfbfg4XnpvWeWl6CIl
63lI0xsclDV0k/FLs4B3fCnTXtPRpI49RtI2zx39ZktxgFwNWpIdwvSk4pNCbO8K
LEQlKiKuqGSZ7oAzi5FGxz3iJf1gnBAxOMyLNKb4UXrk2FtONtC6/tYOwKO90gb1
zEo0wmXEqnw6LmyTNm95sVTkHCG8tnINoDK5TA4eKzfU6wU8WIM8AeG/RZSrj/Hx
cWQQ72QQY9cof0+Zg17Z
-----END CERTIFICATE-----
Generated at Tue Jan 2 01:50:47 2024 by rpki-client on console-fra.rpki-client.org