Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/tFkQv10J-jWzJXxcvt4F1xFjxIo.roa
File: tFkQv10J-jWzJXxcvt4F1xFjxIo.roa (raw, json)
Hash identifier: 92RRjQ4LZwiQie19NJzbTu80gKQfy6kPdM50H6JWhFk=
Subject key identifier: B4:59:10:BF:5D:09:FA:35:B3:25:7C:5C:BE:DE:05:D7:11:63:C4:8A
Certificate issuer: /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial: 018B4759741B8274231C58E90E7D17D59359
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/tFkQv10J-jWzJXxcvt4F1xFjxIo.roa
Signing time: Thu 19 Oct 2023 09:52:06 +0000
ROA not before: Thu 19 Oct 2023 09:52:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 217.25.12.0/24 maxlen: 24
87.254.31.0/24 maxlen: 24
87.254.2.0/24 maxlen: 24
87.254.10.0/24 maxlen: 24
185.210.168.0/23 maxlen: 24
185.210.170.0/23 maxlen: 24
87.254.17.0/24 maxlen: 24
87.254.22.0/24 maxlen: 24
87.254.23.0/24 maxlen: 24
87.254.18.0/24 maxlen: 24
87.254.19.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:47:59:74:1b:82:74:23:1c:58:e9:0e:7d:17:d5:93:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Validity
Not Before: Oct 19 09:52:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b45910bf5d09fa35b3257c5cbede05d71163c48a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:2e:9d:7c:5a:71:e0:97:9c:36:f8:a5:13:c1:
9d:72:dd:5c:47:7d:25:fc:fe:44:57:f4:34:9f:6a:
71:1b:5c:a2:42:f2:15:3a:54:cb:c0:36:94:4a:13:
dd:cd:37:80:10:22:ff:e8:67:e3:68:92:27:74:25:
f7:71:f6:7e:40:21:16:ce:e0:79:18:e1:b4:ea:d2:
ac:a0:36:d1:61:84:dd:13:03:4c:48:44:bd:7e:bd:
a1:c4:f0:19:3a:6c:f0:07:32:2d:6b:a6:70:35:bd:
08:cb:9d:42:f8:17:1a:2a:6a:f8:70:de:cd:7d:05:
4b:9f:19:9a:98:86:04:76:c3:a7:a4:f5:2f:93:48:
a8:68:c6:cb:76:26:d9:32:41:04:25:5e:cb:18:18:
fc:d2:2f:93:e0:ca:1e:ba:d8:9f:c5:91:d7:19:97:
10:a3:99:5b:5e:fe:42:77:db:03:99:b4:30:22:88:
fd:d4:1c:0a:fc:e3:4b:ab:11:ee:a7:9b:7e:4f:fe:
0a:c3:82:3f:8f:1a:40:8e:5b:02:37:4f:07:e4:22:
1d:1c:c8:01:a3:6c:1d:cd:ee:ab:7b:d2:b3:0a:5e:
da:3a:68:ef:41:d0:b1:54:9b:6c:17:0e:3c:ab:89:
76:18:c8:8e:6d:61:cf:8d:48:b0:af:de:51:1e:eb:
67:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:59:10:BF:5D:09:FA:35:B3:25:7C:5C:BE:DE:05:D7:11:63:C4:8A
X509v3 Authority Key Identifier:
keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/tFkQv10J-jWzJXxcvt4F1xFjxIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.254.2.0/24
87.254.10.0/24
87.254.17.0-87.254.19.255
87.254.22.0/23
87.254.31.0/24
185.210.168.0/22
217.25.12.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:b9:90:b9:cb:52:87:2e:8b:d4:c1:5c:06:e5:52:b1:d2:1f:
a0:ea:f9:39:59:75:cb:4a:81:fd:58:66:e6:14:c5:ee:1d:a5:
e2:99:08:cb:5e:77:0e:c5:c5:28:90:9e:b7:44:fb:96:51:20:
e3:42:c8:77:01:4e:c0:86:6a:0d:65:9b:6d:f3:52:2c:a2:5a:
46:79:75:7b:f8:0b:9c:8c:ee:5a:67:76:2c:b0:f9:d3:1b:ed:
90:f1:fa:19:b7:14:02:72:51:b1:03:bf:e8:71:9f:2b:3a:c9:
aa:89:f7:48:8a:92:3a:4c:b6:f8:9c:63:90:b6:94:b8:36:22:
99:c6:d9:01:9b:f3:d2:82:b1:af:05:7b:bb:9e:f1:9b:e4:7b:
12:e0:c4:b6:ce:60:01:c7:a1:ea:be:3a:fc:30:bf:aa:1c:44:
ca:82:1e:da:a9:7c:38:9e:ef:22:70:45:b1:e0:93:19:e7:f4:
1b:2c:0f:e2:7e:ab:e5:03:46:65:7d:e6:28:b4:b8:22:2b:fd:
0d:00:47:b6:0b:11:94:c3:02:a7:03:52:32:b5:96:a8:d9:aa:
63:38:be:e8:a4:0d:11:46:33:ba:4b:73:d0:44:f6:42:1a:06:
0d:c2:1b:77:69:22:a0:94:b6:b1:37:64:b6:6b:f4:68:47:75:
c6:37:7e:c9
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYtHWXQbgnQjHFjpDn0X1ZNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjMxMDE5MDk1MjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU5MTBiZjVkMDlmYTM1YjMyNTdjNWNiZWRlMDVkNzExNjNjNDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS6dfFpx4JecNvilE8Gdct1cR30l
/P5EV/Q0n2pxG1yiQvIVOlTLwDaUShPdzTeAECL/6GfjaJIndCX3cfZ+QCEWzuB5
GOG06tKsoDbRYYTdEwNMSES9fr2hxPAZOmzwBzIta6ZwNb0Iy51C+BcaKmr4cN7N
fQVLnxmamIYEdsOnpPUvk0ioaMbLdibZMkEEJV7LGBj80i+T4MoeutifxZHXGZcQ
o5lbXv5Cd9sDmbQwIoj91BwK/ONLqxHup5t+T/4Kw4I/jxpAjlsCN08H5CIdHMgB
o2wdze6re9KzCl7aOmjvQdCxVJtsFw48q4l2GMiObWHPjUiwr95RHutngwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLRZEL9dCfo1syV8XL7eBdcRY8SKMB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvdEZrUXYxMEotald6Slh4Y3Z0NEYxeEZqeElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAV/4CAwQA
V/4KMAwDBABX/hEDBAJX/hADBAFX/hYDBABX/h8DBAK50qgDBADZGQwwDQYJKoZI
hvcNAQELBQADggEBAA+5kLnLUocui9TBXAblUrHSH6Dq+TlZdctKgf1YZuYUxe4d
peKZCMtedw7FxSiQnrdE+5ZRIONCyHcBTsCGag1lm23zUiyiWkZ5dXv4C5yM7lpn
diyw+dMb7ZDx+hm3FAJyUbEDv+hxnys6yaqJ90iKkjpMtvicY5C2lLg2IpnG2QGb
89KCsa8Fe7ue8ZvkexLgxLbOYAHHoeq+Ovwwv6ocRMqCHtqpfDie7yJwRbHgkxnn
9BssD+J+q+UDRmV95ii0uCIr/Q0AR7YLEZTDAqcDUjK1lqjZqmM4vuikDRFGM7pL
c9BE9kIaBg3CG3dpIqCUtrE3ZLZr9GhHdcY3fsk=
Generated at Fri Oct 20 13:54:45 2023 by rpki-client on console-ams.rpki-client.org