Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/69ajBwb-zmrtlJnUzZB4uBNBa64.roa
File: 69ajBwb-zmrtlJnUzZB4uBNBa64.roa (raw, json)
Hash identifier: mxyyOZP3l5Bs//OmDK+1s8D4QtyXB2zU9PnXLyhgARg=
Subject key identifier: EB:D6:A3:07:06:FE:CE:6A:ED:94:99:D4:CD:90:78:B8:13:41:6B:AE
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 019426D9FBC1E7F93C429BBE650352F3219B
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/69ajBwb-zmrtlJnUzZB4uBNBa64.roa
Signing time: Thu 02 Jan 2025 11:50:07 +0000
ROA not before: Thu 02 Jan 2025 11:50:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34358
IP address blocks: 37.251.128.0/19 maxlen: 19
37.251.160.0/20 maxlen: 20
37.251.248.0/21 maxlen: 24
37.251.255.0/24 maxlen: 24
77.81.164.0/23 maxlen: 23
86.105.192.0/24 maxlen: 24
89.32.44.0/22 maxlen: 22
89.32.44.0/24 maxlen: 24
89.35.173.0/24 maxlen: 24
89.36.128.0/23 maxlen: 23
89.36.128.0/24 maxlen: 24
89.36.129.0/24 maxlen: 24
89.36.130.0/24 maxlen: 24
89.36.132.0/23 maxlen: 24
89.36.134.0/24 maxlen: 24
89.36.135.0/24 maxlen: 24
89.38.248.0/24 maxlen: 24
89.38.249.0/24 maxlen: 24
89.38.250.0/23 maxlen: 23
89.38.252.0/22 maxlen: 22
89.42.11.0/24 maxlen: 24
89.45.192.0/21 maxlen: 21
89.45.192.0/23 maxlen: 23
91.200.120.0/22 maxlen: 22
91.200.120.0/23 maxlen: 23
91.200.122.0/23 maxlen: 23
91.208.142.0/24 maxlen: 24
93.119.227.0/24 maxlen: 24
94.24.29.0/24 maxlen: 24
94.24.48.0/21 maxlen: 21
94.24.72.0/22 maxlen: 22
94.24.76.0/23 maxlen: 23
94.24.78.0/24 maxlen: 24
109.95.8.0/21 maxlen: 21
128.0.46.0/23 maxlen: 23
185.171.184.0/24 maxlen: 24
185.171.185.0/24 maxlen: 24
185.171.187.0/24 maxlen: 24
188.214.142.0/24 maxlen: 24
188.215.48.0/21 maxlen: 21
193.239.130.0/23 maxlen: 23
193.242.120.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 03 Jan 2025 08:03:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:fb:c1:e7:f9:3c:42:9b:be:65:03:52:f3:21:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Jan 2 11:50:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ebd6a30706fece6aed9499d4cd9078b813416bae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:a3:fb:b3:14:fe:cc:46:b7:cb:90:33:da:01:
0f:03:a1:ba:9a:59:a7:0f:4f:eb:ae:e0:bd:69:30:
ed:9d:8b:4c:76:71:c5:b4:eb:2d:48:06:05:10:0b:
81:23:dc:2a:13:06:e1:1f:46:14:e0:20:7c:a9:50:
e3:db:d0:7a:70:82:93:d3:2b:5a:f5:35:08:fb:15:
67:28:f7:3b:78:e4:8a:61:3b:a6:db:98:0f:50:74:
c1:a2:25:01:3a:db:67:02:35:55:4b:3a:a0:87:07:
d9:b5:e8:9b:6c:50:7a:8e:8b:99:23:79:bb:a8:e7:
90:1d:42:3e:60:4a:1f:a9:88:d5:1c:ef:dd:d0:b3:
6f:d3:fe:b8:46:9f:cd:c7:84:f9:11:60:7c:4c:60:
71:ae:12:80:6a:22:22:ba:0a:70:7b:6c:52:bf:74:
5e:f6:e4:a4:fd:1c:27:5f:8f:eb:24:cd:e5:00:e1:
cd:98:77:62:f7:a0:ca:89:fc:85:3a:34:99:47:58:
c8:eb:cb:82:2b:98:2b:43:45:26:26:fc:34:01:af:
65:9a:51:5b:ee:c2:bc:88:e4:45:63:01:3b:3e:78:
f1:35:bb:c5:52:10:c1:fc:6c:24:f9:e4:84:16:63:
56:01:d1:53:88:9c:b7:ef:1d:9b:ac:59:c1:9c:c1:
9d:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:D6:A3:07:06:FE:CE:6A:ED:94:99:D4:CD:90:78:B8:13:41:6B:AE
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/69ajBwb-zmrtlJnUzZB4uBNBa64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.251.128.0-37.251.175.255
37.251.248.0/21
77.81.164.0/23
86.105.192.0/24
89.32.44.0/22
89.35.173.0/24
89.36.128.0-89.36.130.255
89.36.132.0/22
89.38.248.0/21
89.42.11.0/24
89.45.192.0/21
91.200.120.0/22
91.208.142.0/24
93.119.227.0/24
94.24.29.0/24
94.24.48.0/21
94.24.72.0-94.24.78.255
109.95.8.0/21
128.0.46.0/23
185.171.184.0/23
185.171.187.0/24
188.214.142.0/24
188.215.48.0/21
193.239.130.0/23
193.242.120.0/24
Signature Algorithm: sha256WithRSAEncryption
11:20:7b:c2:77:ce:96:15:88:41:31:f4:ba:1f:c7:90:8c:01:
48:f5:75:62:41:31:52:ec:db:c0:9d:85:d2:4d:25:2f:27:2c:
b5:24:8f:a2:1b:a9:c5:35:7a:00:0b:31:ac:12:cf:ba:87:70:
c3:d9:c2:3b:30:2a:16:55:0b:3d:66:c5:9f:30:0d:d7:7a:d7:
12:0d:1e:83:d2:6c:7d:16:a0:0f:ae:f9:ac:80:6f:00:17:25:
8d:bc:8a:3e:37:97:5c:34:90:4b:08:dd:a2:36:d3:b4:74:ba:
f0:aa:7f:3d:e1:2d:e5:5f:02:3c:7a:54:7b:14:27:3c:49:8e:
b0:20:94:85:23:9d:c6:b2:bf:06:7f:56:ae:86:b9:ce:c0:4c:
a4:3d:71:6a:78:29:3a:6b:1c:71:18:42:a6:89:4c:75:e4:8b:
84:66:d1:e3:e2:10:62:f9:33:75:7c:a8:5f:5e:44:5b:5a:44:
4b:15:92:1f:72:9f:70:af:6a:24:6f:8f:12:b2:77:16:3e:4a:
a9:b6:5b:3b:88:6c:e2:a5:a4:50:a9:68:74:80:ef:6e:aa:c6:
40:f3:f6:65:65:98:aa:f6:be:a2:9d:87:a1:6b:0b:8e:9e:ca:
9f:6d:30:1f:86:db:c7:68:bd:1e:33:bc:c5:35:13:e8:29:76:
59:2c:dd:53
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgISAZQm2fvB5/k8Qpu+ZQNS8yGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQ2YTMwNzA2ZmVjZTZhZWQ5NDk5ZDRjZDkwNzhiODEzNDE2YmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6P7sxT+zEa3y5Az2gEPA6G6mlmn
D0/rruC9aTDtnYtMdnHFtOstSAYFEAuBI9wqEwbhH0YU4CB8qVDj29B6cIKT0yta
9TUI+xVnKPc7eOSKYTum25gPUHTBoiUBOttnAjVVSzqghwfZteibbFB6jouZI3m7
qOeQHUI+YEofqYjVHO/d0LNv0/64Rp/Nx4T5EWB8TGBxrhKAaiIiugpwe2xSv3Re
9uSk/RwnX4/rJM3lAOHNmHdi96DKifyFOjSZR1jI68uCK5grQ0UmJvw0Aa9lmlFb
7sK8iORFYwE7PnjxNbvFUhDB/Gwk+eSEFmNWAdFTiJy37x2brFnBnMGdaQIDAQAB
o4ICtjCCArIwHQYDVR0OBBYEFOvWowcG/s5q7ZSZ1M2QeLgTQWuuMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvNjlhakJ3Yi16bXJ0bEpuVXpaQjR1Qk5CYTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4wDAME
ByX7gAMEBCX7oAMEAyX7+AMEAU1RpAMEAFZpwAMEAlkgLAMEAFkjrTAMAwQHWSSA
AwQAWSSCAwQCWSSEAwQDWSb4AwQAWSoLAwQDWS3AAwQCW8h4AwQAW9COAwQAXXfj
AwQAXhgdAwQDXhgwMAwDBANeGEgDBABeGE4DBANtXwgDBAGAAC4DBAG5q7gDBAC5
q7sDBAC81o4DBAO81zADBAHB74IDBADB8ngwDQYJKoZIhvcNAQELBQADggEBABEg
e8J3zpYViEEx9Lofx5CMAUj1dWJBMVLs28CdhdJNJS8nLLUkj6IbqcU1egALMawS
z7qHcMPZwjswKhZVCz1mxZ8wDdd61xINHoPSbH0WoA+u+ayAbwAXJY28ij43l1w0
kEsI3aI207R0uvCqfz3hLeVfAjx6VHsUJzxJjrAglIUjncayvwZ/Vq6Guc7ATKQ9
cWp4KTprHHEYQqaJTHXki4Rm0ePiEGL5M3V8qF9eRFtaREsVkh9yn3CvaiRvjxKy
dxY+Sqm2WzuIbOKlpFCpaHSA726qxkDz9mVlmKr2vqKdh6FrC46eyp9tMB+G28do
vR4zvMU1E+gpdlks3VM=
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:42:43 2025 by rpki-client