Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/ia-NStwE0K2tIW1xoiRXKUdpCRE.roa
File: ia-NStwE0K2tIW1xoiRXKUdpCRE.roa (raw, json)
Hash identifier: MtBTfoPvt6qk4REn+E3UFqOGs7nChZpYZAsRDaajG/U=
Subject key identifier: 89:AF:8D:4A:DC:04:D0:AD:AD:21:6D:71:A2:24:57:29:47:69:09:11
Certificate issuer: /CN=dafef97ca010bad4ff59ef7d2b6bc9077860aab2
Certificate serial: 019541F1393C0F384FCB77766AC917C55C70
Authority key identifier: DA:FE:F9:7C:A0:10:BA:D4:FF:59:EF:7D:2B:6B:C9:07:78:60:AA:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2v75fKAQutT_We99K2vJB3hgqrI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/ia-NStwE0K2tIW1xoiRXKUdpCRE.roa
Signing time: Wed 26 Feb 2025 11:08:02 +0000
ROA not before: Wed 26 Feb 2025 11:08:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201078
IP address blocks: 82.163.160.0/22 maxlen: 22
85.194.233.0/24 maxlen: 24
185.85.4.0/22 maxlen: 22
185.158.60.0/22 maxlen: 22
185.201.104.0/22 maxlen: 22
2a05:a900::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 27 Feb 2025 13:24:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:41:f1:39:3c:0f:38:4f:cb:77:76:6a:c9:17:c5:5c:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dafef97ca010bad4ff59ef7d2b6bc9077860aab2
Validity
Not Before: Feb 26 11:08:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89af8d4adc04d0adad216d71a224572947690911
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:4c:bc:b2:fd:8c:1e:4b:bb:54:35:a2:be:ef:
9a:f7:49:47:c8:8f:88:1d:47:24:a9:1f:67:80:3f:
74:66:9c:77:2c:55:8b:40:ad:f7:2a:2b:35:7a:3c:
23:5c:0c:66:f2:10:93:bc:37:da:2a:d1:92:d2:98:
23:cf:2f:db:e0:78:55:44:ec:e4:73:ef:e9:f8:f0:
37:81:ea:a7:63:96:90:63:af:f0:9f:34:66:f1:1d:
75:17:7c:ba:a0:92:d7:34:88:cb:71:ef:87:9f:6b:
d3:7e:f5:e2:a6:8a:d2:4d:d1:95:16:38:5b:9f:18:
bc:d6:2e:f0:28:b4:97:1c:1c:5d:06:99:bd:5f:e6:
c8:52:c0:3d:21:31:c0:0f:9b:45:6f:10:8f:bb:f3:
cf:f2:d8:85:17:d3:ff:fc:31:0e:a6:34:c0:56:37:
97:3a:60:b8:8a:da:8c:87:45:5b:f2:93:9c:85:68:
e3:a4:80:a1:25:c1:fa:b3:5d:e5:61:12:8e:46:e8:
c7:bb:48:03:d9:71:12:64:25:d2:41:c4:66:c5:d3:
6f:6a:4d:16:63:f1:4a:90:17:4a:19:44:17:d4:79:
7d:1e:67:b8:06:70:52:21:1e:03:91:b7:80:65:e4:
84:97:68:ea:23:29:bd:8d:6b:65:7a:6c:39:78:81:
cf:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:AF:8D:4A:DC:04:D0:AD:AD:21:6D:71:A2:24:57:29:47:69:09:11
X509v3 Authority Key Identifier:
keyid:DA:FE:F9:7C:A0:10:BA:D4:FF:59:EF:7D:2B:6B:C9:07:78:60:AA:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2v75fKAQutT_We99K2vJB3hgqrI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/ia-NStwE0K2tIW1xoiRXKUdpCRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2921e6-81c6-4447-9d78-bfa94eb1aa02/1/2v75fKAQutT_We99K2vJB3hgqrI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.163.160.0/22
85.194.233.0/24
185.85.4.0/22
185.158.60.0/22
185.201.104.0/22
IPv6:
2a05:a900::/32
Signature Algorithm: sha256WithRSAEncryption
88:66:a6:92:0b:b9:46:02:b0:d5:d7:a3:98:73:d4:3c:40:5f:
27:6c:d7:08:d2:c6:5d:8d:96:e2:c0:28:a1:87:9b:91:38:fa:
59:93:5d:e7:21:cf:bc:62:8e:77:a1:ba:82:04:77:4b:2a:a7:
ae:c1:0a:40:e9:d9:3a:9d:b8:50:70:92:1b:c5:c1:ff:05:3b:
ab:33:73:a9:8a:3f:e1:67:47:50:d9:26:c5:d9:0d:9d:83:1d:
14:36:36:7b:57:13:05:e0:27:04:16:b1:c8:03:e3:96:fa:a0:
61:15:61:a4:79:fb:84:be:35:75:07:ac:4d:7e:98:4f:02:70:
b7:1b:2a:88:70:9c:ac:a9:a4:a0:a1:a2:b6:ee:85:8d:7f:12:
48:7a:f8:2d:ce:55:21:cd:1a:66:96:6f:66:b8:33:a4:68:7d:
d9:d3:e9:b8:a8:0a:92:7f:b7:91:9a:d2:7e:48:4a:a8:be:22:
ee:82:20:f9:d9:0f:ef:85:de:7b:39:19:ba:0f:c9:ef:c8:ec:
e3:e1:de:d1:18:b9:db:6a:f4:df:5a:d5:be:f3:a4:a4:ca:17:
4a:16:90:97:b0:0f:ca:0d:a4:9e:cd:d0:a6:8a:59:c6:41:d6:
8d:cc:10:40:10:78:67:a3:25:61:b5:f3:e9:26:79:55:0b:a9:
78:ec:78:9f
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZVB8Tk8DzhPy3d2askXxVxwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmVmOTdjYTAxMGJhZDRmZjU5ZWY3ZDJiNmJjOTA3Nzg2
MGFhYjIwHhcNMjUwMjI2MTEwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFmOGQ0YWRjMDRkMGFkYWQyMTZkNzFhMjI0NTcyOTQ3NjkwOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEy8sv2MHku7VDWivu+a90lHyI+I
HUckqR9ngD90Zpx3LFWLQK33Kis1ejwjXAxm8hCTvDfaKtGS0pgjzy/b4HhVROzk
c+/p+PA3geqnY5aQY6/wnzRm8R11F3y6oJLXNIjLce+Hn2vTfvXiporSTdGVFjhb
nxi81i7wKLSXHBxdBpm9X+bIUsA9ITHAD5tFbxCPu/PP8tiFF9P//DEOpjTAVjeX
OmC4itqMh0Vb8pOchWjjpIChJcH6s13lYRKORujHu0gD2XESZCXSQcRmxdNvak0W
Y/FKkBdKGUQX1Hl9Hme4BnBSIR4DkbeAZeSEl2jqIym9jWtlemw5eIHPzwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFImvjUrcBNCtrSFtcaIkVylHaQkRMB8GA1UdIwQY
MBaAFNr++XygELrU/1nvfStryQd4YKqyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnY3NWZLQVF1dFRfV2U5OUsydkpCM2hncXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yOTIxZTYtODFjNi00NDQ3LTlkNzgt
YmZhOTRlYjFhYTAyLzEvaWEtTlN0d0UwSzJ0SVcxeG9pUlhLVWRwQ1JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yOTIxZTYtODFjNi00NDQ3LTlkNzgtYmZhOTRlYjFhYTAy
LzEvMnY3NWZLQVF1dFRfV2U5OUsydkpCM2hncXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCUqOgAwQA
VcLpAwQCuVUEAwQCuZ48AwQCucloMA0EAgACMAcDBQAqBakAMA0GCSqGSIb3DQEB
CwUAA4IBAQCIZqaSC7lGArDV16OYc9Q8QF8nbNcI0sZdjZbiwCihh5uROPpZk13n
Ic+8Yo53obqCBHdLKqeuwQpA6dk6nbhQcJIbxcH/BTurM3Opij/hZ0dQ2SbF2Q2d
gx0UNjZ7VxMF4CcEFrHIA+OW+qBhFWGkefuEvjV1B6xNfphPAnC3GyqIcJysqaSg
oaK27oWNfxJIevgtzlUhzRpmlm9muDOkaH3Z0+m4qAqSf7eRmtJ+SEqoviLugiD5
2Q/vhd57ORm6D8nvyOzj4d7RGLnbavTfWtW+86SkyhdKFpCXsA/KDaSezdCmilnG
QdaNzBBAEHhnoyVhtfPpJnlVC6l47Hif
-----END CERTIFICATE-----
Generated at Mon Apr 21 11:19:26 2025 by rpki-client