Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hbra3MnGEUjse1Po1kRiX7RedTM.roa
File: hbra3MnGEUjse1Po1kRiX7RedTM.roa (raw, json)
Hash identifier: qYY1lh5T6iq4myEmMG594Izh6EpiH4qcjc4Bg1adM7E=
Subject key identifier: 85:BA:DA:DC:C9:C6:11:48:EC:7B:53:E8:D6:44:62:5F:B4:5E:75:33
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 0194AF6B36EF6F0E972F35526B0C7EBC8E51
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hbra3MnGEUjse1Po1kRiX7RedTM.roa
Signing time: Wed 29 Jan 2025 00:17:06 +0000
ROA not before: Wed 29 Jan 2025 00:17:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 14.102.226.0/23 maxlen: 24
14.102.232.0/24 maxlen: 24
77.111.96.0/22 maxlen: 22
77.111.96.0/24 maxlen: 24
77.111.107.0/24 maxlen: 24
94.229.210.0/24 maxlen: 24
94.229.212.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 02 Feb 2025 02:14:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:af:6b:36:ef:6f:0e:97:2f:35:52:6b:0c:7e:bc:8e:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: Jan 29 00:17:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85badadcc9c61148ec7b53e8d644625fb45e7533
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:3f:b7:8a:89:bb:81:ed:1b:05:db:fb:c9:bf:
79:cf:f9:4a:40:41:82:d5:92:57:a2:24:3a:93:56:
5d:48:6e:40:bc:0c:19:e5:59:26:1c:09:18:eb:9c:
97:5a:93:45:f9:80:90:8c:66:9a:e0:37:90:e1:4b:
82:c5:c6:30:20:8c:ad:38:78:bb:69:09:e0:c3:a2:
d5:3c:a8:2d:80:5c:a2:11:61:77:81:25:2b:83:1a:
55:3d:a8:14:c0:23:43:65:01:a0:c0:2a:d1:4a:e1:
dc:22:52:78:c1:3d:93:ac:86:0a:1b:2b:04:e1:58:
bd:07:60:29:f5:80:fc:dd:2a:00:d5:02:d7:e8:a6:
cb:ab:27:f6:fb:27:44:04:c1:25:93:7a:29:10:fb:
83:09:62:51:45:12:61:c1:96:0e:a4:ab:db:c5:7f:
21:49:fa:fc:90:05:0b:1b:99:af:78:01:74:2f:3c:
03:7d:ea:a8:24:9b:de:32:6d:45:77:e4:1c:55:a7:
1f:a2:e1:df:ce:d2:fe:b0:f1:e0:46:66:2a:c1:64:
f8:7b:b2:45:c6:88:bc:0f:8e:e3:3b:f7:9e:ad:c1:
5f:e1:1d:61:c3:26:68:64:83:39:1c:9d:53:9f:87:
10:4a:50:40:56:56:4b:cf:9c:0e:bc:4d:72:86:8c:
e6:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:BA:DA:DC:C9:C6:11:48:EC:7B:53:E8:D6:44:62:5F:B4:5E:75:33
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/hbra3MnGEUjse1Po1kRiX7RedTM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.226.0/23
14.102.232.0/24
77.111.96.0/22
77.111.107.0/24
94.229.210.0/24
94.229.212.0/24
Signature Algorithm: sha256WithRSAEncryption
dc:4c:1e:b8:0c:86:de:ba:69:cd:85:89:cd:2e:77:22:a0:b3:
07:d8:81:04:12:5d:91:48:af:31:d0:e1:3a:98:9d:d9:96:43:
72:24:10:17:37:30:c9:10:d1:c7:a3:44:5b:5d:6f:0b:3f:e2:
87:dd:d1:0a:19:cd:ed:f3:02:fe:fd:98:bd:4a:62:d6:56:8d:
31:d2:14:84:e6:d9:83:9a:cb:4e:2e:9f:61:30:85:91:49:27:
5f:a5:3a:92:e5:40:42:26:00:5c:06:71:0a:03:c8:e1:02:a1:
70:c2:24:be:32:85:04:39:17:99:5c:6b:a6:b2:c9:1a:1d:04:
95:7f:57:f5:12:b2:31:d4:ae:32:c3:1b:95:40:4b:ec:9d:b1:
68:c1:64:f6:2a:c2:04:ac:ab:a5:ba:78:3c:62:1a:54:e9:1c:
9b:90:1e:b4:bd:0d:1e:ea:04:24:f8:45:ea:7d:cb:e6:52:f2:
fc:65:2e:3d:a4:dd:6e:a9:b7:12:51:0f:d9:ff:37:53:85:ce:
6a:f9:85:ca:22:01:1f:99:0c:82:86:42:c8:04:8d:b3:0d:2c:
0f:85:ab:c0:a4:74:ae:bd:0a:32:d8:7e:81:94:71:96:9d:d5:
9a:42:14:2f:11:36:92:32:68:78:3a:f6:d0:ee:5e:69:ea:76:
e2:86:07:8b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZSvazbvbw6XLzVSawx+vI5RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTI5MDAxNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWJhZGFkY2M5YzYxMTQ4ZWM3YjUzZThkNjQ0NjI1ZmI0NWU3NTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtT+3iom7ge0bBdv7yb95z/lKQEGC
1ZJXoiQ6k1ZdSG5AvAwZ5VkmHAkY65yXWpNF+YCQjGaa4DeQ4UuCxcYwIIytOHi7
aQngw6LVPKgtgFyiEWF3gSUrgxpVPagUwCNDZQGgwCrRSuHcIlJ4wT2TrIYKGysE
4Vi9B2Ap9YD83SoA1QLX6KbLqyf2+ydEBMElk3opEPuDCWJRRRJhwZYOpKvbxX8h
Sfr8kAULG5mveAF0LzwDfeqoJJveMm1Fd+QcVacfouHfztL+sPHgRmYqwWT4e7JF
xoi8D47jO/eercFf4R1hwyZoZIM5HJ1Tn4cQSlBAVlZLz5wOvE1yhozmIQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIW62tzJxhFI7HtT6NZEYl+0XnUzMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvaGJyYTNNbkdFVWpzZTFQbzFrUmlYN1JlZFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBDmbiAwQA
DmboAwQCTW9gAwQATW9rAwQAXuXSAwQAXuXUMA0GCSqGSIb3DQEBCwUAA4IBAQDc
TB64DIbeumnNhYnNLncioLMH2IEEEl2RSK8x0OE6mJ3ZlkNyJBAXNzDJENHHo0Rb
XW8LP+KH3dEKGc3t8wL+/Zi9SmLWVo0x0hSE5tmDmstOLp9hMIWRSSdfpTqS5UBC
JgBcBnEKA8jhAqFwwiS+MoUEOReZXGumsskaHQSVf1f1ErIx1K4ywxuVQEvsnbFo
wWT2KsIErKulung8YhpU6RybkB60vQ0e6gQk+EXqfcvmUvL8ZS49pN1uqbcSUQ/Z
/zdThc5q+YXKIgEfmQyChkLIBI2zDSwPhavApHSuvQoy2H6BlHGWndWaQhQvETaS
Mmh4OvbQ7l5p6nbihgeL
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:06:25 2025 by rpki-client