Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/ppyw72tX7bi8f-qHqhQDeYzpScI.roa
File: ppyw72tX7bi8f-qHqhQDeYzpScI.roa (raw, json)
Hash identifier: ZiBv+WjBMkkve/5mj2emmOBtpxkURGCC+Cg2yVbu0OQ=
Subject key identifier: A6:9C:B0:EF:6B:57:ED:B8:BC:7F:EA:87:AA:14:03:79:8C:E9:49:C2
Certificate issuer: /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial: 018BAA7A35D744890DAF0D27B13A9C5D6241
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/ppyw72tX7bi8f-qHqhQDeYzpScI.roa
Signing time: Tue 07 Nov 2023 15:50:17 +0000
ROA not before: Tue 07 Nov 2023 15:50:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 217.25.12.0/24 maxlen: 24
87.254.31.0/24 maxlen: 24
87.254.2.0/24 maxlen: 24
87.254.10.0/24 maxlen: 24
185.210.168.0/23 maxlen: 24
185.210.170.0/23 maxlen: 24
87.254.17.0/24 maxlen: 24
217.25.3.0/24 maxlen: 24
87.254.22.0/24 maxlen: 24
87.254.23.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:aa:7a:35:d7:44:89:0d:af:0d:27:b1:3a:9c:5d:62:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Validity
Not Before: Nov 7 15:50:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a69cb0ef6b57edb8bc7fea87aa1403798ce949c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:71:8c:d1:c3:4f:7b:c2:77:79:2d:18:88:41:
6f:e8:02:80:b3:30:7a:a8:a9:41:6b:a4:7c:c9:c4:
9e:01:df:f8:16:da:9b:ed:48:93:51:55:8e:72:a7:
f5:14:f1:8c:58:6e:14:b9:a5:f3:80:c6:77:d1:6c:
c7:4a:e7:1b:18:29:73:41:63:76:56:91:b3:7a:fd:
cd:d0:25:f8:5c:b6:86:98:0a:17:3c:53:f1:d9:02:
bc:09:88:0b:af:34:10:d2:ee:63:99:b0:68:17:3d:
0c:89:c0:af:9e:7e:ac:52:f3:c1:a1:85:6c:37:06:
b6:ed:f1:f1:d5:43:0d:59:bd:a2:d4:55:d8:7e:d7:
aa:86:41:84:4e:21:78:17:5a:b0:55:d6:7e:b3:7d:
3c:8b:e5:cd:00:df:a2:db:81:01:94:6c:a8:b5:09:
42:bf:c7:5a:9a:43:24:56:37:aa:d1:a8:db:82:c4:
cf:a5:d0:19:f4:90:9f:aa:69:fe:62:40:06:5a:87:
a8:4c:2f:cb:eb:ae:04:ba:01:bc:0f:fe:75:4c:ef:
29:48:31:af:05:5a:fb:a7:35:fe:36:e5:30:24:ec:
6e:d6:ac:f6:4f:34:06:21:35:c4:82:75:1b:9b:d9:
58:f3:cb:d8:a9:a5:0a:ed:b9:8a:6f:3a:bc:22:79:
71:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:9C:B0:EF:6B:57:ED:B8:BC:7F:EA:87:AA:14:03:79:8C:E9:49:C2
X509v3 Authority Key Identifier:
keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/ppyw72tX7bi8f-qHqhQDeYzpScI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.2.0/24
87.254.10.0/24
87.254.17.0/24
87.254.22.0/23
87.254.31.0/24
185.210.168.0/22
217.25.3.0/24
217.25.12.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:8f:d3:7e:d5:49:b4:73:65:ce:97:e7:4d:01:4b:94:f5:f0:
b2:c6:4b:7c:9b:15:06:60:82:73:3a:4f:3f:c8:67:85:61:f7:
7d:37:1d:6b:62:18:20:fa:d4:a4:95:83:2b:08:6d:96:30:cc:
b1:7e:7a:9f:34:42:a7:7b:71:4c:f2:69:82:6d:17:03:9b:66:
be:a8:f3:fe:a6:5c:01:c3:31:c2:d6:65:ec:64:96:2b:cb:e4:
af:cc:ae:8d:c4:e1:05:28:00:0f:13:2d:0c:3c:d8:3b:71:99:
91:cc:38:2d:22:0c:ee:39:77:8c:e4:6d:a0:9c:2c:77:d5:2b:
42:27:ed:6a:9c:9c:66:d1:24:0c:12:ee:4e:85:85:d3:32:f7:
98:a8:ca:0b:93:5d:40:a4:29:9d:24:ce:d0:56:b2:6d:b7:ae:
6f:9f:11:6c:47:ed:be:c1:0d:cb:e5:42:5a:e5:5a:c5:d5:69:
e4:2c:8c:d9:67:bf:c1:58:f3:7c:29:ce:49:b6:a3:7c:8a:a8:
75:4a:cb:e2:ee:c3:28:04:5e:a1:6a:b7:4f:10:29:af:a4:5e:
2c:1a:b0:88:ed:e3:f1:98:3e:db:f0:f1:45:7d:60:11:14:4b:
bd:11:06:bd:03:b1:7d:6a:d4:5a:71:f6:14:ca:bb:c6:89:46:
1c:d5:35:ff
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYuqejXXRIkNrw0nsTqcXWJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjMxMTA3MTU1MDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjljYjBlZjZiNTdlZGI4YmM3ZmVhODdhYTE0MDM3OThjZTk0OWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnGM0cNPe8J3eS0YiEFv6AKAszB6
qKlBa6R8ycSeAd/4Ftqb7UiTUVWOcqf1FPGMWG4UuaXzgMZ30WzHSucbGClzQWN2
VpGzev3N0CX4XLaGmAoXPFPx2QK8CYgLrzQQ0u5jmbBoFz0MicCvnn6sUvPBoYVs
Nwa27fHx1UMNWb2i1FXYfteqhkGETiF4F1qwVdZ+s308i+XNAN+i24EBlGyotQlC
v8damkMkVjeq0ajbgsTPpdAZ9JCfqmn+YkAGWoeoTC/L664EugG8D/51TO8pSDGv
BVr7pzX+NuUwJOxu1qz2TzQGITXEgnUbm9lY88vYqaUK7bmKbzq8InlxswIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKacsO9rV+24vH/qh6oUA3mM6UnCMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvcHB5dzcydFg3Ymk4Zi1xSHFoUURlWXpwU2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAV/4CAwQA
V/4KAwQAV/4RAwQBV/4WAwQAV/4fAwQCudKoAwQA2RkDAwQA2RkMMA0GCSqGSIb3
DQEBCwUAA4IBAQCbj9N+1Um0c2XOl+dNAUuU9fCyxkt8mxUGYIJzOk8/yGeFYfd9
Nx1rYhgg+tSklYMrCG2WMMyxfnqfNEKne3FM8mmCbRcDm2a+qPP+plwBwzHC1mXs
ZJYry+SvzK6NxOEFKAAPEy0MPNg7cZmRzDgtIgzuOXeM5G2gnCx31StCJ+1qnJxm
0SQMEu5OhYXTMveYqMoLk11ApCmdJM7QVrJtt65vnxFsR+2+wQ3L5UJa5VrF1Wnk
LIzZZ7/BWPN8Kc5JtqN8iqh1Ssvi7sMoBF6hardPECmvpF4sGrCI7ePxmD7b8PFF
fWARFEu9EQa9A7F9atRacfYUyrvGiUYc1TX/
-----END CERTIFICATE-----
Generated at Fri Dec 1 12:00:02 2023 by rpki-client on console-ams.rpki-client.org