Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/1IvfkdFrjB7d-vIZc6K96hwmL1g.roa
File: 1IvfkdFrjB7d-vIZc6K96hwmL1g.roa (raw, json)
Hash identifier: 6PAQwjOASt70/eEYqFp9gIb0vrrkay4WCRf6mX5OTlM=
Subject key identifier: D4:8B:DF:91:D1:6B:8C:1E:DD:FA:F2:19:73:A2:BD:EA:1C:26:2F:58
Certificate issuer: /CN=49dd8f1a62a5d7f80212de0f3efe75b2fa338ffe
Certificate serial: 018CC86F42C1A3C9F0AFDB92635F298464C5
Authority key identifier: 49:DD:8F:1A:62:A5:D7:F8:02:12:DE:0F:3E:FE:75:B2:FA:33:8F:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Sd2PGmKl1_gCEt4PPv51svozj_4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/1IvfkdFrjB7d-vIZc6K96hwmL1g.roa
Signing time: Tue 02 Jan 2024 04:29:43 +0000
ROA not before: Tue 02 Jan 2024 04:29:43 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51684
IP address blocks: 185.16.26.0/24 maxlen: 24
185.16.26.0/23 maxlen: 23
5.181.198.0/24 maxlen: 24
5.181.196.0/24 maxlen: 24
5.181.197.0/24 maxlen: 24
89.46.204.0/23 maxlen: 23
89.46.206.0/24 maxlen: 24
89.46.206.0/23 maxlen: 23
89.46.203.0/24 maxlen: 24
89.46.202.0/23 maxlen: 23
89.46.202.0/24 maxlen: 24
89.46.204.0/24 maxlen: 24
89.46.205.0/24 maxlen: 24
89.46.200.0/24 maxlen: 24
89.46.200.0/23 maxlen: 23
89.46.201.0/24 maxlen: 24
89.46.207.0/24 maxlen: 24
223.25.123.0/24 maxlen: 24
223.25.124.0/24 maxlen: 24
223.25.125.0/24 maxlen: 24
223.25.120.0/24 maxlen: 24
223.25.121.0/24 maxlen: 24
223.25.122.0/24 maxlen: 24
223.25.126.0/24 maxlen: 24
91.217.185.0/24 maxlen: 24
185.254.203.0/24 maxlen: 24
185.254.200.0/24 maxlen: 24
185.254.200.0/23 maxlen: 23
185.254.201.0/24 maxlen: 24
82.199.208.0/23 maxlen: 23
82.199.208.0/24 maxlen: 24
82.199.209.0/24 maxlen: 24
82.199.210.0/24 maxlen: 24
82.199.211.0/24 maxlen: 24
82.199.212.0/23 maxlen: 23
82.199.212.0/24 maxlen: 24
82.199.213.0/24 maxlen: 24
82.199.214.0/23 maxlen: 23
82.199.218.0/23 maxlen: 23
82.199.218.0/24 maxlen: 24
82.199.219.0/24 maxlen: 24
82.199.214.0/24 maxlen: 24
82.199.215.0/24 maxlen: 24
82.199.216.0/24 maxlen: 24
82.199.216.0/23 maxlen: 23
82.199.217.0/24 maxlen: 24
82.199.221.0/24 maxlen: 24
82.199.222.0/24 maxlen: 24
82.199.222.0/23 maxlen: 23
82.199.223.0/24 maxlen: 24
82.199.220.0/24 maxlen: 24
82.199.220.0/23 maxlen: 23
212.95.128.0/24 maxlen: 24
212.95.129.0/24 maxlen: 24
212.95.130.0/24 maxlen: 24
212.95.131.0/24 maxlen: 24
212.95.132.0/24 maxlen: 24
212.95.138.0/24 maxlen: 24
212.95.139.0/24 maxlen: 24
212.95.134.0/24 maxlen: 24
212.95.135.0/24 maxlen: 24
212.95.136.0/24 maxlen: 24
212.95.137.0/24 maxlen: 24
212.95.133.0/24 maxlen: 24
185.247.37.0/24 maxlen: 24
185.247.38.0/24 maxlen: 24
212.95.141.0/24 maxlen: 24
185.247.36.0/24 maxlen: 24
185.247.36.0/23 maxlen: 23
212.95.140.0/24 maxlen: 24
185.95.204.0/23 maxlen: 23
185.95.204.0/24 maxlen: 24
185.95.205.0/24 maxlen: 24
185.95.206.0/24 maxlen: 24
185.95.206.0/23 maxlen: 23
185.95.207.0/24 maxlen: 24
91.213.191.0/24 maxlen: 24
185.247.38.0/23 maxlen: 23
185.247.39.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 14 May 2024 05:57:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:42:c1:a3:c9:f0:af:db:92:63:5f:29:84:64:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=49dd8f1a62a5d7f80212de0f3efe75b2fa338ffe
Validity
Not Before: Jan 2 04:29:43 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d48bdf91d16b8c1eddfaf21973a2bdea1c262f58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:bf:32:5c:e8:2f:b8:38:6c:82:1a:cc:92:48:
36:6b:fa:5c:fc:79:ce:16:7b:27:3d:ff:cd:1e:d4:
8a:4f:b1:c0:2b:7f:44:09:dd:94:6c:c9:f5:4e:de:
cd:f2:86:3d:24:21:1f:ba:78:f9:33:84:17:08:12:
76:af:4d:d3:31:4c:f7:88:8b:42:0d:5f:c5:c4:e2:
c4:bf:6e:ca:72:4b:d8:9d:8e:64:48:49:5d:68:6a:
70:04:3c:37:fb:f5:63:a4:06:b8:b2:ef:cb:91:ba:
d3:a6:fc:0a:cc:2c:70:51:21:9d:5d:bd:8a:e8:27:
e7:38:d5:47:1b:2c:80:ed:91:0b:9c:6d:4b:75:d3:
55:a1:f7:be:7a:75:8e:b3:42:43:6f:3e:5f:cb:48:
3e:fc:8e:a4:c9:02:00:9c:c2:07:67:67:9c:ec:e6:
8f:2e:b5:68:ec:36:d6:87:31:e1:a6:c3:dc:c2:a7:
ee:f7:f7:4a:5d:c0:72:7b:43:73:6e:ec:c4:0b:90:
66:a4:13:c3:df:5e:ff:c7:aa:70:75:f7:99:8e:33:
8d:62:0c:dd:20:96:44:f4:7a:ce:85:e6:6a:bd:c8:
c7:34:c1:aa:45:fb:d5:60:de:12:dc:fa:fc:24:f9:
a8:db:cb:d0:bc:28:ba:8d:e9:d5:bf:71:9e:1f:c5:
86:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:8B:DF:91:D1:6B:8C:1E:DD:FA:F2:19:73:A2:BD:EA:1C:26:2F:58
X509v3 Authority Key Identifier:
keyid:49:DD:8F:1A:62:A5:D7:F8:02:12:DE:0F:3E:FE:75:B2:FA:33:8F:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sd2PGmKl1_gCEt4PPv51svozj_4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/1IvfkdFrjB7d-vIZc6K96hwmL1g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/01b1ef-233b-4d6f-8dcf-ceec49124c0f/1/Sd2PGmKl1_gCEt4PPv51svozj_4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.196.0-5.181.198.255
82.199.208.0/20
89.46.200.0/21
91.213.191.0/24
91.217.185.0/24
185.16.26.0/23
185.95.204.0/22
185.247.36.0/22
185.254.200.0/23
185.254.203.0/24
212.95.128.0-212.95.141.255
223.25.120.0-223.25.126.255
Signature Algorithm: sha256WithRSAEncryption
33:a6:74:f0:e0:19:4f:8c:61:80:8d:88:61:ae:6a:e8:97:32:
3b:bb:4b:49:9a:93:78:d1:00:3e:03:cf:df:08:a6:06:ff:ef:
6c:ae:0d:40:a2:02:a3:21:db:83:24:54:32:24:d2:07:99:74:
f0:2f:0e:46:79:7d:b9:fb:e7:1f:25:32:32:2c:b3:af:6b:2f:
19:37:eb:99:7e:f8:98:59:e7:63:3e:d1:ed:c4:f4:13:43:11:
ad:97:d5:70:82:56:c6:25:b1:a2:0b:f9:9a:02:05:8d:03:a3:
2b:da:b1:fd:62:a7:ec:d1:2f:56:ad:cb:c4:c3:cc:7b:13:98:
f1:60:c0:69:53:82:0d:72:09:9c:a2:60:3f:27:92:c0:99:32:
9d:7d:95:49:91:b3:b0:79:5a:34:c4:b2:b2:b2:91:d6:60:be:
64:15:ea:b5:6f:00:13:e5:00:53:b2:9e:62:96:c7:fa:c5:d4:
a1:57:b0:ba:2f:02:ba:11:10:59:35:47:0e:07:7e:6b:32:8d:
6f:5a:a2:9e:c0:02:50:dd:84:06:b9:85:fa:c7:60:7a:8e:ca:
5c:f2:ed:9a:15:48:d9:d3:5a:13:d9:ea:81:e9:e4:a5:9b:30:
e0:24:0f:4c:d5:de:6b:6c:85:03:9e:2e:06:fa:c8:92:6e:f0:
05:ef:94:44
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYzIb0LBo8nwr9uSY18phGTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZGQ4ZjFhNjJhNWQ3ZjgwMjEyZGUwZjNlZmU3NWIyZmEz
MzhmZmUwHhcNMjQwMTAyMDQyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhiZGY5MWQxNmI4YzFlZGRmYWYyMTk3M2EyYmRlYTFjMjYyZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhL8yXOgvuDhsghrMkkg2a/pc/HnO
FnsnPf/NHtSKT7HAK39ECd2UbMn1Tt7N8oY9JCEfunj5M4QXCBJ2r03TMUz3iItC
DV/FxOLEv27KckvYnY5kSEldaGpwBDw3+/VjpAa4su/LkbrTpvwKzCxwUSGdXb2K
6CfnONVHGyyA7ZELnG1LddNVofe+enWOs0JDbz5fy0g+/I6kyQIAnMIHZ2ec7OaP
LrVo7DbWhzHhpsPcwqfu9/dKXcBye0NzbuzEC5BmpBPD317/x6pwdfeZjjONYgzd
IJZE9HrOheZqvcjHNMGqRfvVYN4S3Pr8JPmo28vQvCi6jenVv3GeH8WG6QIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFNSL35HRa4we3fryGXOiveocJi9YMB8GA1UdIwQY
MBaAFEndjxpipdf4AhLeDz7+dbL6M4/+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2QyUEdtS2wxX2dDRXQ0UFB2NTFzdm96al80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8wMWIxZWYtMjMzYi00ZDZmLThkY2Yt
Y2VlYzQ5MTI0YzBmLzEvMUl2ZmtkRnJqQjdkLXZJWmM2Szk2aHdtTDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8wMWIxZWYtMjMzYi00ZDZmLThkY2YtY2VlYzQ5MTI0YzBm
LzEvU2QyUEdtS2wxX2dDRXQ0UFB2NTFzdm96al80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgMAwDBAIFtcQD
BAAFtcYDBARSx9ADBANZLsgDBABb1b8DBABb2bkDBAG5EBoDBAK5X8wDBAK59yQD
BAG5/sgDBAC5/sswDAMEB9RfgAMEAdRfjDAMAwQD3xl4AwQA3xl+MA0GCSqGSIb3
DQEBCwUAA4IBAQAzpnTw4BlPjGGAjYhhrmrolzI7u0tJmpN40QA+A8/fCKYG/+9s
rg1AogKjIduDJFQyJNIHmXTwLw5GeX25++cfJTIyLLOvay8ZN+uZfviYWedjPtHt
xPQTQxGtl9VwglbGJbGiC/maAgWNA6Mr2rH9Yqfs0S9WrcvEw8x7E5jxYMBpU4IN
cgmcomA/J5LAmTKdfZVJkbOweVo0xLKyspHWYL5kFeq1bwAT5QBTsp5ilsf6xdSh
V7C6LwK6ERBZNUcOB35rMo1vWqKewAJQ3YQGuYX6x2B6jspc8u2aFUjZ01oT2eqB
6eSlmzDgJA9M1d5rbIUDni4G+siSbvAF75RE
-----END CERTIFICATE-----
Generated at Sat Apr 19 13:58:47 2025 by rpki-client