Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/mvva32lYzZfVloEZEd3f8FncvK0.roa
File: mvva32lYzZfVloEZEd3f8FncvK0.roa (raw, json)
Hash identifier: P/4+RfEMGhG74rx11FcKkZLcPCmzSPi9x/eW4nWrCmk=
Subject key identifier: 9A:FB:DA:DF:69:58:CD:97:D5:96:81:19:11:DD:DF:F0:59:DC:BC:AD
Certificate issuer: /CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Certificate serial: 01953C7876E0FA35DFA8288374E001401C25
Authority key identifier: C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/mvva32lYzZfVloEZEd3f8FncvK0.roa
Signing time: Tue 25 Feb 2025 09:38:02 +0000
ROA not before: Tue 25 Feb 2025 09:38:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198949
IP address blocks: 2.59.68.0/22 maxlen: 24
2.59.72.0/22 maxlen: 24
5.252.60.0/22 maxlen: 24
5.252.88.0/22 maxlen: 24
45.11.148.0/22 maxlen: 24
45.65.104.0/21 maxlen: 24
45.85.176.0/22 maxlen: 24
45.90.224.0/22 maxlen: 24
45.129.48.0/22 maxlen: 24
45.152.184.0/22 maxlen: 24
80.240.176.0/21 maxlen: 24
80.240.184.0/21 maxlen: 24
91.92.18.0/23 maxlen: 24
95.214.44.0/22 maxlen: 24
109.70.16.0/21 maxlen: 24
128.127.16.0/21 maxlen: 24
185.13.180.0/22 maxlen: 24
185.61.144.0/22 maxlen: 24
185.107.84.0/22 maxlen: 24
185.128.140.0/22 maxlen: 24
185.163.60.0/22 maxlen: 24
185.189.20.0/22 maxlen: 24
185.203.180.0/22 maxlen: 24
185.229.176.0/22 maxlen: 24
185.253.36.0/22 maxlen: 24
188.92.64.0/21 maxlen: 24
193.8.116.0/22 maxlen: 24
193.56.168.0/22 maxlen: 24
194.36.137.0/24 maxlen: 24
194.36.169.0/24 maxlen: 24
194.36.221.0/24 maxlen: 24
194.182.112.0/20 maxlen: 24
212.104.240.0/20 maxlen: 24
2a02:79e0::/32 maxlen: 48
2a02:cfc0::/29 maxlen: 48
2a06:4280::/29 maxlen: 48
Validation: Failed, certificate revoked on Tue 25 Feb 2025 14:16:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:3c:78:76:e0:fa:35:df:a8:28:83:74:e0:01:40:1c:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Validity
Not Before: Feb 25 09:38:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9afbdadf6958cd97d596811911dddff059dcbcad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:a1:57:b0:3b:74:aa:b1:f7:f6:e2:a9:3f:24:
7e:71:d1:55:5a:db:49:ba:db:f7:ac:d0:8f:dd:40:
cf:81:13:42:7e:74:37:2b:88:15:c7:b5:79:a3:dc:
53:e2:8b:09:46:c6:01:8f:59:7d:bc:5f:fa:84:af:
41:ad:60:09:b4:46:9b:6e:58:2f:8c:74:43:2f:ce:
de:54:c7:93:7e:c8:29:01:73:6c:98:2e:fc:99:ca:
4c:5c:cd:52:82:02:4d:e7:f5:e4:87:69:a3:fe:0a:
19:27:2a:53:36:b1:b9:52:12:ab:3c:fb:30:92:5f:
92:9c:68:38:88:9b:1b:5e:f2:8c:84:99:75:0b:14:
a3:6e:e1:a4:e0:68:ce:38:96:67:83:04:12:56:d3:
32:e7:b5:ae:b5:72:7b:fc:87:06:36:20:12:35:09:
be:de:ba:f6:11:a6:6e:70:f7:81:1c:56:1a:b1:3e:
1f:ae:89:18:a4:e5:c3:8e:25:eb:dc:19:b5:71:6e:
81:52:16:fc:df:d2:b7:5f:43:eb:da:f0:0c:c9:c1:
f0:36:16:61:33:6e:38:e8:da:9d:8f:5e:10:b2:7f:
0b:49:f0:36:8a:4a:dd:78:49:43:f2:85:00:46:d4:
7a:0b:c3:15:bd:2e:5c:57:6a:f1:0a:f4:ad:9b:83:
bd:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:FB:DA:DF:69:58:CD:97:D5:96:81:19:11:DD:DF:F0:59:DC:BC:AD
X509v3 Authority Key Identifier:
keyid:C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/mvva32lYzZfVloEZEd3f8FncvK0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.68.0-2.59.75.255
5.252.60.0/22
5.252.88.0/22
45.11.148.0/22
45.65.104.0/21
45.85.176.0/22
45.90.224.0/22
45.129.48.0/22
45.152.184.0/22
80.240.176.0/20
91.92.18.0/23
95.214.44.0/22
109.70.16.0/21
128.127.16.0/21
185.13.180.0/22
185.61.144.0/22
185.107.84.0/22
185.128.140.0/22
185.163.60.0/22
185.189.20.0/22
185.203.180.0/22
185.229.176.0/22
185.253.36.0/22
188.92.64.0/21
193.8.116.0/22
193.56.168.0/22
194.36.137.0/24
194.36.169.0/24
194.36.221.0/24
194.182.112.0/20
212.104.240.0/20
IPv6:
2a02:79e0::/32
2a02:cfc0::/29
2a06:4280::/29
Signature Algorithm: sha256WithRSAEncryption
28:88:ca:0f:b6:7d:fb:98:c0:a3:67:e1:f9:8d:a9:12:e6:b4:
67:bc:f9:00:28:58:76:78:25:15:45:2c:0c:87:c7:85:56:f1:
30:5f:de:88:21:19:3f:cc:fd:0e:3e:1b:34:6b:4a:fe:be:98:
64:10:c1:85:ca:5f:ef:a3:fb:7f:40:ff:43:9a:76:1e:7c:77:
73:8b:43:27:37:ea:84:fd:44:19:d3:ec:4a:da:c3:04:28:26:
8b:7d:23:a9:cb:69:32:0b:6e:37:42:fa:bf:bb:53:52:69:1f:
9a:a8:57:6d:59:f1:61:ea:d4:76:10:f3:a7:a0:1d:4d:fe:15:
99:bd:3e:40:da:c9:82:fe:a8:89:57:f2:9c:7d:f8:a8:46:a0:
41:b4:4a:cc:1a:85:d2:de:e4:45:57:ec:0a:9c:4f:3d:d0:1c:
53:86:0a:02:1c:99:f7:5e:eb:91:8d:12:39:56:aa:74:9c:0c:
0a:b1:d0:99:53:d6:c6:ed:4d:9c:ed:f9:e2:f1:08:93:8f:36:
83:a6:d4:18:d2:77:54:fa:2a:28:de:d5:e5:0d:78:c9:95:86:
75:97:0d:61:41:47:25:6b:d4:cf:61:d1:c8:22:ab:7c:8e:7a:
fc:fb:34:cf:e0:53:30:a3:c4:33:b9:0c:2b:19:45:3f:e5:47:
2d:10:fb:d2
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgISAZU8eHbg+jXfqCiDdOABQBwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjhjYTgyMTQ3ZWQyMjc3YjRiY2M2OWE1Mjg1YmFlNzM1
ZjJlNDQwHhcNMjUwMjI1MDkzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWZiZGFkZjY5NThjZDk3ZDU5NjgxMTkxMWRkZGZmMDU5ZGNiY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaFXsDt0qrH39uKpPyR+cdFVWttJ
utv3rNCP3UDPgRNCfnQ3K4gVx7V5o9xT4osJRsYBj1l9vF/6hK9BrWAJtEabblgv
jHRDL87eVMeTfsgpAXNsmC78mcpMXM1SggJN5/Xkh2mj/goZJypTNrG5UhKrPPsw
kl+SnGg4iJsbXvKMhJl1CxSjbuGk4GjOOJZngwQSVtMy57WutXJ7/IcGNiASNQm+
3rr2EaZucPeBHFYasT4frokYpOXDjiXr3Bm1cW6BUhb839K3X0Pr2vAMycHwNhZh
M2446Nqdj14Qsn8LSfA2ikrdeElD8oUARtR6C8MVvS5cV2rxCvStm4O9kwIDAQAB
o4IC5zCCAuMwHQYDVR0OBBYEFJr72t9pWM2X1ZaBGRHd3/BZ3LytMB8GA1UdIwQY
MBaAFMhoyoIUftIne0vMaaUoW65zXy5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTIt
NjY4NDkwMTk2MjdlLzEvbXZ2YTMybFl6WmZWbG9FWkVkM2Y4Rm5jdkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTItNjY4NDkwMTk2Mjdl
LzEveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH8BggrBgEFBQcBBwEB/wSB7DCB6TCByQQCAAEwgcIwDAME
AgI7RAMEAgI7SAMEAgX8PAMEAgX8WAMEAi0LlAMEAy1BaAMEAi1VsAMEAi1a4AME
Ai2BMAMEAi2YuAMEBFDwsAMEAVtcEgMEAl/WLAMEA21GEAMEA4B/EAMEArkNtAME
Ark9kAMEArlrVAMEArmAjAMEArmjPAMEArm9FAMEArnLtAMEArnlsAMEArn9JAME
A7xcQAMEAsEIdAMEAsE4qAMEAMIkiQMEAMIkqQMEAMIk3QMEBMK2cAMEBNRo8DAb
BAIAAjAVAwUAKgJ54AMFAyoCz8ADBQMqBkKAMA0GCSqGSIb3DQEBCwUAA4IBAQAo
iMoPtn37mMCjZ+H5jakS5rRnvPkAKFh2eCUVRSwMh8eFVvEwX96IIRk/zP0OPhs0
a0r+vphkEMGFyl/vo/t/QP9DmnYefHdzi0MnN+qE/UQZ0+xK2sMEKCaLfSOpy2ky
C243Qvq/u1NSaR+aqFdtWfFh6tR2EPOnoB1N/hWZvT5A2smC/qiJV/KcffioRqBB
tErMGoXS3uRFV+wKnE890BxThgoCHJn3XuuRjRI5Vqp0nAwKsdCZU9bG7U2c7fni
8QiTjzaDptQY0ndU+ioo3tXlDXjJlYZ1lw1hQUcla9TPYdHIIqt8jnr8+zTP4FMw
o8QzuQwrGUU/5UctEPvS
-----END CERTIFICATE-----
Generated at Wed Apr 16 04:57:29 2025 by rpki-client