Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/pfeJncr6tmOjYRPv7z9yXNnKAv8.roa
File: pfeJncr6tmOjYRPv7z9yXNnKAv8.roa (raw, json)
Hash identifier: GYUBJVET5GS73ZV1ZvMt1ALSanBFR6GbhTxr34h7llc=
Subject key identifier: A5:F7:89:9D:CA:FA:B6:63:A3:61:13:EF:EF:3F:72:5C:D9:CA:02:FF
Certificate issuer: /CN=fb744006eac3084bf88f128349b0e733bb3d79e3
Certificate serial: 018CC4933C8D3A5AB05D6533893ACD30C423
Authority key identifier: FB:74:40:06:EA:C3:08:4B:F8:8F:12:83:49:B0:E7:33:BB:3D:79:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/pfeJncr6tmOjYRPv7z9yXNnKAv8.roa
Signing time: Mon 01 Jan 2024 10:30:32 +0000
ROA not before: Mon 01 Jan 2024 10:30:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35133
IP address blocks: 2.58.58.0/24 maxlen: 24
2.58.57.0/24 maxlen: 24
2.58.59.0/24 maxlen: 24
2a09:e244::/33 maxlen: 33
2a09:e240:22::/48 maxlen: 48
2a09:e240:2::/48 maxlen: 48
2a09:e240::/48 maxlen: 48
2a09:e240:1::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 30 Jan 2024 13:01:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:3c:8d:3a:5a:b0:5d:65:33:89:3a:cd:30:c4:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fb744006eac3084bf88f128349b0e733bb3d79e3
Validity
Not Before: Jan 1 10:30:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a5f7899dcafab663a36113efef3f725cd9ca02ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:3a:15:37:95:19:ae:0b:95:f1:b7:e6:fb:ba:
11:0f:a7:7a:f9:59:63:7c:10:4e:5f:8c:73:b4:2c:
60:cb:7b:c6:04:32:53:3e:93:a0:d9:7a:ce:19:33:
51:da:61:e0:7b:50:c3:9e:27:71:76:61:3e:ac:cc:
6c:98:1d:06:cf:d2:35:0e:9e:04:a1:0a:44:5d:db:
51:e5:61:9d:0b:a6:38:17:e9:19:74:91:d5:ab:7f:
59:cd:77:54:53:94:a7:74:75:aa:1d:df:51:a1:d1:
76:69:bf:97:9f:37:4c:76:1d:76:c0:00:84:59:0a:
30:cb:81:05:d7:e9:78:00:5e:d7:11:d0:16:13:31:
f0:67:9f:d6:fd:e8:3f:8c:08:2c:a2:dd:a0:a9:58:
d7:68:a6:ca:8a:9d:6a:ae:c8:9e:b0:64:fd:09:46:
42:8f:4d:99:86:01:08:fa:e9:a2:43:79:5f:22:d5:
69:ab:62:50:70:84:14:dd:9d:55:f7:3b:de:9a:85:
98:a6:31:71:96:4d:50:95:03:ba:a4:b2:c1:02:6a:
b1:78:79:a8:30:83:aa:11:af:39:c5:b1:4f:8b:82:
61:c6:4f:37:07:9d:45:2a:4e:23:34:d0:34:56:58:
68:00:51:af:a4:f8:a4:67:59:26:38:d5:1e:73:a1:
f2:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:F7:89:9D:CA:FA:B6:63:A3:61:13:EF:EF:3F:72:5C:D9:CA:02:FF
X509v3 Authority Key Identifier:
keyid:FB:74:40:06:EA:C3:08:4B:F8:8F:12:83:49:B0:E7:33:BB:3D:79:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/pfeJncr6tmOjYRPv7z9yXNnKAv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/1-3RABurDCEv4jxKDSbDnM7s9eeM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.57.0-2.58.59.255
IPv6:
2a09:e240::-2a09:e240:2:ffff:ffff:ffff:ffff:ffff
2a09:e240:22::/48
2a09:e244::/33
Signature Algorithm: sha256WithRSAEncryption
18:66:6c:b4:21:f0:3a:10:b2:40:ed:58:9c:31:15:65:4d:99:
6b:98:1f:4d:39:85:43:2a:e4:77:db:bc:ef:c2:74:6b:b9:f1:
3e:3f:02:57:c5:a7:f1:61:a0:64:3f:4e:15:70:f4:b0:ea:22:
3e:c3:18:7f:1f:ca:e0:82:da:5b:90:d9:02:e9:a3:9b:13:b7:
46:bb:ac:d8:0d:75:60:24:52:63:50:1e:5b:a2:02:ad:42:dd:
1a:b5:71:e7:83:71:98:f5:5d:f8:f1:57:e4:b7:c0:64:f2:d2:
6a:2d:93:2a:9c:70:56:d7:a4:fd:4a:47:fb:f4:78:cf:0a:8b:
18:61:e5:9f:7f:d9:f2:8c:b9:8f:4b:49:29:23:02:8d:be:15:
24:85:8c:fe:b7:5e:db:f4:b7:1d:6c:6d:81:37:ff:9f:f6:12:
2f:81:a7:a6:bf:3d:3b:cb:1c:a7:3b:72:da:3a:5e:51:79:6c:
cb:c4:1b:22:e8:1a:06:3e:33:e8:6c:fc:98:44:fb:96:db:1c:
77:ea:0c:90:a0:eb:4b:6f:f8:84:5f:39:ca:3d:58:89:8d:38:
2f:d7:74:fb:4d:2a:df:ae:2b:72:88:26:8d:04:b0:9a:3e:6e:
18:e4:a5:27:65:f9:1a:ef:fb:c2:2d:80:4b:bb:f6:a0:30:b8:
bf:2a:ea:ff
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzEkzyNOlqwXWUziTrNMMQjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzQ0MDA2ZWFjMzA4NGJmODhmMTI4MzQ5YjBlNzMzYmIz
ZDc5ZTMwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWY3ODk5ZGNhZmFiNjYzYTM2MTEzZWZlZjNmNzI1Y2Q5Y2EwMmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDoVN5UZrguV8bfm+7oRD6d6+Vlj
fBBOX4xztCxgy3vGBDJTPpOg2XrOGTNR2mHge1DDnidxdmE+rMxsmB0Gz9I1Dp4E
oQpEXdtR5WGdC6Y4F+kZdJHVq39ZzXdUU5SndHWqHd9RodF2ab+XnzdMdh12wACE
WQowy4EF1+l4AF7XEdAWEzHwZ5/W/eg/jAgsot2gqVjXaKbKip1qrsiesGT9CUZC
j02ZhgEI+umiQ3lfItVpq2JQcIQU3Z1V9zvemoWYpjFxlk1QlQO6pLLBAmqxeHmo
MIOqEa85xbFPi4Jhxk83B51FKk4jNNA0VlhoAFGvpPikZ1kmONUec6Hy3QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFKX3iZ3K+rZjo2ET7+8/clzZygL/MB8GA1UdIwQY
MBaAFPt0QAbqwwhL+I8Sg0mw5zO7PXnjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zUkFCdXJEQ0V2NGp4S0RTYkRuTTdzOWVlTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvMTc4MzZhLWQ2NzgtNDFjYS04ZmIy
LTVlYjdiZWY5YTdhOC8xL3BmZUpuY3I2dG1PallSUHY3ejl5WE5uS0F2OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvMTc4MzZhLWQ2NzgtNDFjYS04ZmIyLTVlYjdiZWY5YTdh
OC8xLzEtM1JBQnVyRENFdjRqeEtEU2JEbk03czllZU0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUgYIKwYBBQUHAQcBAf8EQzBBMBQEAgABMA4wDAMEAAI6
OQMEAgI6ODApBAIAAjAjMBADBQYqCeJAAwcAKgniQAACAwcAKgniQAAiAwYHKgni
RAAwDQYJKoZIhvcNAQELBQADggEBABhmbLQh8DoQskDtWJwxFWVNmWuYH005hUMq
5HfbvO/CdGu58T4/AlfFp/FhoGQ/ThVw9LDqIj7DGH8fyuCC2luQ2QLpo5sTt0a7
rNgNdWAkUmNQHluiAq1C3Rq1ceeDcZj1XfjxV+S3wGTy0motkyqccFbXpP1KR/v0
eM8Kixhh5Z9/2fKMuY9LSSkjAo2+FSSFjP63Xtv0tx1sbYE3/5/2Ei+Bp6a/PTvL
HKc7cto6XlF5bMvEGyLoGgY+M+hs/JhE+5bbHHfqDJCg60tv+IRfOco9WImNOC/X
dPtNKt+uK3KIJo0EsJo+bhjkpSdl+Rrv+8ItgEu79qAwuL8q6v8=
-----END CERTIFICATE-----
Generated at Tue Jan 30 16:41:45 2024 by rpki-client on console-fra.rpki-client.org