Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/OM2G7oZf-Y_JzdH_I395X3XNqbU.roa
File: OM2G7oZf-Y_JzdH_I395X3XNqbU.roa (raw, json)
Hash identifier: l5ce3bbcL87aRuqB3BMC/qBfZ0oSpisRu/MsWSIjcD0=
Subject key identifier: 38:CD:86:EE:86:5F:F9:8F:C9:CD:D1:FF:23:7F:79:5F:75:CD:A9:B5
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 019542F53CEBD17AA83F45E0CF3D9FC6E1BC
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/OM2G7oZf-Y_JzdH_I395X3XNqbU.roa
Signing time: Wed 26 Feb 2025 15:52:02 +0000
ROA not before: Wed 26 Feb 2025 15:52:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.201.0/24 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
212.42.208.0/20 maxlen: 24
Validation: Failed, certificate revoked on Thu 27 Feb 2025 11:16:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:42:f5:3c:eb:d1:7a:a8:3f:45:e0:cf:3d:9f:c6:e1:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Feb 26 15:52:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=38cd86ee865ff98fc9cdd1ff237f795f75cda9b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:0a:75:e7:14:e3:eb:0f:48:72:df:ce:a4:a4:
bb:a3:05:da:68:3d:65:84:89:6d:cc:e4:03:fd:64:
95:ba:84:7d:3c:28:e2:05:bf:6e:d3:07:27:2f:27:
b0:e4:72:da:3d:33:ff:52:93:87:3a:8f:db:16:25:
d6:3b:cb:ac:66:70:4b:d4:2b:10:f0:56:36:df:0b:
99:33:77:eb:f0:d5:f7:d5:7b:db:e5:74:4a:1c:e0:
42:f5:7b:71:80:b9:c6:c2:f0:e9:42:c3:09:8d:e5:
31:81:f6:3c:14:1b:c3:60:99:b8:d0:ec:a8:62:8c:
64:d4:d5:42:79:60:ad:d2:bf:2c:50:24:5c:7a:00:
0d:cb:86:39:53:a0:9b:f8:79:bc:52:32:a0:96:a2:
f4:60:e7:19:0d:73:d3:25:b1:8a:4d:56:be:5b:cf:
b1:f8:fe:48:f3:76:d5:55:b2:4e:97:6b:8c:98:07:
86:0f:e0:a4:39:bd:f8:50:ab:46:b5:a9:6a:db:cb:
47:c3:e1:d6:32:bb:a9:da:64:6a:1d:54:34:1b:59:
14:40:14:63:7c:67:4e:f2:b7:e6:76:ad:9c:8b:74:
3e:f4:b0:36:dc:ac:04:3d:67:05:9c:35:99:ae:20:
a2:76:f9:9e:e3:8a:cc:8e:2f:16:46:cb:75:bc:4b:
1b:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:CD:86:EE:86:5F:F9:8F:C9:CD:D1:FF:23:7F:79:5F:75:CD:A9:B5
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/OM2G7oZf-Y_JzdH_I395X3XNqbU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.201.0/24
89.249.206.0/23
212.42.192.0/19
Signature Algorithm: sha256WithRSAEncryption
ac:f3:7d:d3:88:2d:c8:83:57:e1:c5:eb:15:75:51:36:e4:f1:
a2:64:bb:ef:64:ed:c2:61:9c:e9:b9:22:ca:ba:05:f6:91:9a:
70:a2:d4:c3:4e:50:ff:fe:47:10:0f:88:7a:db:6c:c4:85:6b:
3e:30:c7:86:09:db:63:33:81:73:6d:94:8a:a9:e6:70:53:06:
af:35:1c:ce:72:b3:d2:3e:c6:66:ce:05:fb:35:45:ec:d1:00:
90:da:ae:b4:eb:30:c8:21:d6:96:24:81:ca:99:4a:a9:b1:49:
02:c7:e7:44:57:d1:87:9d:04:ac:4e:c9:3a:54:35:6d:65:7a:
8c:ff:8b:32:f9:d2:38:5e:0e:5e:43:22:d3:70:e0:d2:26:9e:
8e:70:97:1e:bb:b2:eb:aa:c9:b1:a9:5a:e0:de:70:bf:83:86:
b0:13:9c:8f:6b:70:82:f2:c4:b5:0f:b5:76:d0:d4:2b:f8:dd:
78:f0:40:24:f3:f8:50:ac:d1:28:7a:e2:3a:3a:af:0c:44:6b:
e2:68:14:d5:4f:2f:e2:51:38:d1:e6:a8:e0:aa:af:08:9b:ed:
fa:48:47:ae:93:e3:4a:ad:b4:ac:69:c0:2a:32:29:2b:62:25:
c4:a8:cb:cf:bc:fe:20:ee:16:83:f4:dc:39:24:1b:aa:0b:64:
9c:f4:fc:69
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZVC9Tzr0XqoP0Xgzz2fxuG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMjI2MTU1MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNkODZlZTg2NWZmOThmYzljZGQxZmYyMzdmNzk1Zjc1Y2RhOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgp15xTj6w9Ict/OpKS7owXaaD1l
hIltzOQD/WSVuoR9PCjiBb9u0wcnLyew5HLaPTP/UpOHOo/bFiXWO8usZnBL1CsQ
8FY23wuZM3fr8NX31Xvb5XRKHOBC9XtxgLnGwvDpQsMJjeUxgfY8FBvDYJm40Oyo
Yoxk1NVCeWCt0r8sUCRcegANy4Y5U6Cb+Hm8UjKglqL0YOcZDXPTJbGKTVa+W8+x
+P5I83bVVbJOl2uMmAeGD+CkOb34UKtGtalq28tHw+HWMrup2mRqHVQ0G1kUQBRj
fGdO8rfmdq2ci3Q+9LA23KwEPWcFnDWZriCidvme44rMji8WRst1vEsbsQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDjNhu6GX/mPyc3R/yN/eV91zam1MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvT00yRzdvWmYtWV9KemRIX0kzOTVYM1hOcWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDWfnAAwQA
WfnJAwQBWfnOAwQF1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQCs833TiC3Ig1fhxesV
dVE25PGiZLvvZO3CYZzpuSLKugX2kZpwotTDTlD//kcQD4h622zEhWs+MMeGCdtj
M4FzbZSKqeZwUwavNRzOcrPSPsZmzgX7NUXs0QCQ2q606zDIIdaWJIHKmUqpsUkC
x+dEV9GHnQSsTsk6VDVtZXqM/4sy+dI4Xg5eQyLTcODSJp6OcJceu7LrqsmxqVrg
3nC/g4awE5yPa3CC8sS1D7V20NQr+N148EAk8/hQrNEoeuI6Oq8MRGviaBTVTy/i
UTjR5qjgqq8Im+36SEeuk+NKrbSsacAqMikrYiXEqMvPvP4g7haD9Nw5JBuqC2Sc
9Pxp
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:41:13 2025 by rpki-client