Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/xX3iwDDmG3Anzi23PlOyc26eMRM.roa
File: xX3iwDDmG3Anzi23PlOyc26eMRM.roa (raw, json)
Hash identifier: DN+FZ2zGGpClrh+jtWAENvx1NSZxlYMoJz44ealJPEY=
Subject key identifier: C5:7D:E2:C0:30:E6:1B:70:27:CE:2D:B7:3E:53:B2:73:6E:9E:31:13
Certificate issuer: /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial: 0196351AA28CAF5E88B45D73C381CA2A4B64
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/xX3iwDDmG3Anzi23PlOyc26eMRM.roa
Signing time: Mon 14 Apr 2025 16:21:00 +0000
ROA not before: Mon 14 Apr 2025 16:21:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.135.182.0/24 maxlen: 24
45.135.183.0/24 maxlen: 24
46.102.237.0/24 maxlen: 24
89.34.106.0/24 maxlen: 24
93.114.183.0/24 maxlen: 24
93.115.106.0/24 maxlen: 24
94.177.106.0/24 maxlen: 24
185.34.101.0/24 maxlen: 24
194.85.251.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 16 Apr 2025 11:54:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:35:1a:a2:8c:af:5e:88:b4:5d:73:c3:81:ca:2a:4b:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Validity
Not Before: Apr 14 16:21:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c57de2c030e61b7027ce2db73e53b2736e9e3113
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:eb:c5:6f:fd:ea:a4:23:6b:a0:03:d0:fb:0d:
9f:4c:0c:8b:16:66:f5:6b:69:b9:ca:73:2e:e7:f0:
91:ce:4b:2a:64:12:71:2d:88:76:0e:a6:93:66:21:
02:66:25:e7:59:df:f7:35:91:54:0d:07:19:ad:b9:
fe:4f:8a:66:dc:c5:28:12:99:0f:44:f9:6a:94:8a:
71:8a:56:4e:95:7c:3a:72:b1:9c:4a:48:df:10:10:
f5:c6:52:5b:25:32:fd:80:91:e9:e0:9f:d5:b4:df:
5e:50:80:91:02:f8:39:e9:56:75:38:0e:d3:5a:05:
4b:55:fb:30:46:c6:04:f2:61:3f:bc:a6:f2:4e:6b:
98:02:70:0a:85:b5:0b:ca:9e:0f:2e:14:36:c7:b5:
45:0c:d1:96:12:ef:0a:f0:f3:a0:59:c7:31:d8:da:
2b:55:0b:ec:cf:23:4c:51:91:0d:88:0d:cb:66:a7:
68:4c:c6:75:8e:96:d9:47:6c:0d:01:3b:91:2f:85:
3e:b2:84:32:9f:1c:9a:02:9b:b6:2d:c4:60:ca:c8:
e7:bb:01:81:b3:5b:d6:e7:97:fa:85:52:99:f2:c1:
d0:12:3b:c2:0e:76:d3:d4:74:3f:57:74:03:67:66:
8c:7f:13:cd:c0:ef:3f:d9:a2:bd:26:e4:a7:2b:9b:
da:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:7D:E2:C0:30:E6:1B:70:27:CE:2D:B7:3E:53:B2:73:6E:9E:31:13
X509v3 Authority Key Identifier:
keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/xX3iwDDmG3Anzi23PlOyc26eMRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.135.182.0/23
46.102.237.0/24
89.34.106.0/24
93.114.183.0/24
93.115.106.0/24
94.177.106.0/24
185.34.101.0/24
194.85.251.0/24
Signature Algorithm: sha256WithRSAEncryption
90:e6:df:73:82:af:04:46:5b:8a:73:b4:52:59:46:b8:6e:92:
88:97:21:05:24:3a:cd:ea:7e:a6:69:9d:9a:9d:8a:22:1d:41:
dd:b0:e2:e9:bb:97:82:eb:6c:06:6c:10:ef:a1:75:55:03:72:
a0:12:69:10:f2:50:1a:b3:bb:77:62:2d:b2:0f:ea:0a:71:f8:
33:e4:20:a2:b5:13:90:36:b7:a0:a9:8e:f3:3e:aa:df:58:03:
9c:b2:00:1d:f6:4c:f8:ae:71:31:bf:42:ab:10:90:26:ed:5a:
78:04:52:e8:34:61:0c:1f:a8:c3:dd:95:41:5d:a4:76:ab:94:
56:b7:4a:78:01:dc:2d:98:e2:aa:7e:c2:89:47:2c:95:02:98:
7e:9b:58:ed:5c:b2:d7:c4:e6:a5:3b:90:e4:a0:c8:99:50:ef:
23:62:3a:76:70:07:52:ec:e4:30:46:10:45:1b:45:34:81:4c:
97:76:64:cf:cf:5c:d8:80:7e:8d:25:da:9d:5a:47:c5:18:24:
2f:08:ce:79:49:ab:3e:4b:c2:a3:b5:f1:9a:6a:c3:f5:07:b9:
bf:70:4d:d1:f3:50:70:cb:af:45:22:bf:95:9a:e5:58:be:ad:
00:db:71:52:72:6c:92:f2:76:f8:1e:c0:3b:f0:f1:2e:6e:fe:
d6:9b:f9:34
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZY1GqKMr16ItF1zw4HKKktkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNDE0MTYyMTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTdkZTJjMDMwZTYxYjcwMjdjZTJkYjczZTUzYjI3MzZlOWUzMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+vFb/3qpCNroAPQ+w2fTAyLFmb1
a2m5ynMu5/CRzksqZBJxLYh2DqaTZiECZiXnWd/3NZFUDQcZrbn+T4pm3MUoEpkP
RPlqlIpxilZOlXw6crGcSkjfEBD1xlJbJTL9gJHp4J/VtN9eUICRAvg56VZ1OA7T
WgVLVfswRsYE8mE/vKbyTmuYAnAKhbULyp4PLhQ2x7VFDNGWEu8K8POgWccx2Nor
VQvszyNMUZENiA3LZqdoTMZ1jpbZR2wNATuRL4U+soQynxyaApu2LcRgysjnuwGB
s1vW55f6hVKZ8sHQEjvCDnbT1HQ/V3QDZ2aMfxPNwO8/2aK9JuSnK5vaCQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMV94sAw5htwJ84ttz5TsnNunjETMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEveFgzaXdERG1HM0FuemkyM1BsT3ljMjZlTVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLYe2AwQA
LmbtAwQAWSJqAwQAXXK3AwQAXXNqAwQAXrFqAwQAuSJlAwQAwlX7MA0GCSqGSIb3
DQEBCwUAA4IBAQCQ5t9zgq8ERluKc7RSWUa4bpKIlyEFJDrN6n6maZ2anYoiHUHd
sOLpu5eC62wGbBDvoXVVA3KgEmkQ8lAas7t3Yi2yD+oKcfgz5CCitROQNregqY7z
PqrfWAOcsgAd9kz4rnExv0KrEJAm7Vp4BFLoNGEMH6jD3ZVBXaR2q5RWt0p4Adwt
mOKqfsKJRyyVAph+m1jtXLLXxOalO5DkoMiZUO8jYjp2cAdS7OQwRhBFG0U0gUyX
dmTPz1zYgH6NJdqdWkfFGCQvCM55Sas+S8KjtfGaasP1B7m/cE3R81Bwy69FIr+V
muVYvq0A23FScmyS8nb4HsA78PEubv7Wm/k0
-----END CERTIFICATE-----
Generated at Sat Apr 19 09:56:46 2025 by rpki-client