Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0KRx2JMNanFlY22Q_VMiaaX6wAY.roa
File: 0KRx2JMNanFlY22Q_VMiaaX6wAY.roa (raw, json)
Hash identifier: I0GfPtpUDd8ihvdSkpazFJIQRbd61wNoTe9k8xbpmDg=
Subject key identifier: D0:A4:71:D8:93:0D:6A:71:65:63:6D:90:FD:53:22:69:A5:FA:C0:06
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0193B53BEA5ADDE30271F7AE21EE915D5221
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0KRx2JMNanFlY22Q_VMiaaX6wAY.roa
Signing time: Wed 11 Dec 2024 10:20:22 +0000
ROA not before: Wed 11 Dec 2024 10:20:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16276
IP address blocks: 82.152.8.0/24 maxlen: 24
82.152.98.0/24 maxlen: 24
82.153.205.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.50.0/24 maxlen: 24
109.176.244.0/24 maxlen: 24
212.38.79.0/24 maxlen: 24
213.218.234.0/24 maxlen: 24
213.218.238.0/24 maxlen: 24
217.145.68.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 09:47:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:b5:3b:ea:5a:dd:e3:02:71:f7:ae:21:ee:91:5d:52:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 11 10:20:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d0a471d8930d6a7165636d90fd532269a5fac006
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:35:d7:3e:0f:8a:c5:24:ea:ff:71:d6:95:10:
43:b6:c2:b5:4d:3d:7e:60:85:d0:a9:25:c5:26:2e:
73:21:bb:8e:7d:8f:38:24:fc:31:a0:a7:b0:be:b0:
df:58:7c:60:b9:aa:bb:e6:a9:74:a7:c8:8f:8c:c6:
69:ed:d7:fb:f6:72:09:c3:0a:ef:fa:cf:ae:d3:4c:
bc:81:59:8b:18:0f:f4:1a:82:77:01:48:9c:d2:ff:
c7:1f:3e:c8:aa:62:8b:ba:69:96:27:64:c4:0d:d3:
6d:5a:12:bb:46:2a:72:88:77:e7:20:cf:d3:4f:ef:
2d:1c:92:85:e3:c8:9d:97:76:95:41:16:fa:4d:71:
31:90:26:ef:21:00:b7:d3:77:e7:99:1d:05:59:5d:
56:5c:1e:74:8b:32:7e:98:f9:c9:4e:a2:94:83:9a:
4b:24:63:b6:6b:a3:37:78:42:63:b3:cd:ea:e0:bf:
93:39:17:2f:fc:25:58:d0:2c:3c:4b:d1:5a:90:29:
24:22:bb:01:22:27:a1:e0:a9:9e:e5:18:b5:43:a5:
8f:c6:45:d8:fa:44:88:50:40:fe:64:b1:2d:5d:0a:
12:b4:d3:46:d8:77:24:3e:a0:cf:5b:c0:09:c6:9c:
01:11:b7:8d:99:62:cb:4d:1b:c0:c5:d1:f3:37:00:
c4:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:A4:71:D8:93:0D:6A:71:65:63:6D:90:FD:53:22:69:A5:FA:C0:06
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/0KRx2JMNanFlY22Q_VMiaaX6wAY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.8.0/24
82.152.98.0/24
82.153.205.0/24
82.153.222.0/24
82.153.243.0/24
89.213.50.0/24
109.176.244.0/24
212.38.79.0/24
213.218.234.0/24
213.218.238.0/24
217.145.68.0/24
Signature Algorithm: sha256WithRSAEncryption
38:32:cc:5d:35:54:09:18:40:04:9c:a2:44:a2:f0:34:18:4f:
3d:24:3d:37:a8:3b:c0:0e:96:ee:72:8a:2c:ec:c9:d9:21:a3:
bb:1b:5e:81:1f:6f:9b:e4:92:98:e6:02:fe:eb:96:e0:21:35:
b5:6b:13:67:a5:73:02:3a:71:b0:0a:ae:75:45:cc:e8:b9:70:
cb:30:73:02:16:b9:62:11:b9:2a:5c:3d:80:0e:a9:92:82:c5:
72:ea:65:67:3c:af:23:f7:5e:df:79:da:6c:4b:23:48:2a:b9:
96:cc:97:9b:b1:f5:91:b2:96:a9:e1:20:ab:f8:09:71:92:36:
52:14:58:86:77:ee:25:5a:f4:d9:d0:f4:bd:8a:7e:37:15:c1:
7f:c5:0e:34:f1:a7:83:7e:64:46:dc:8b:b9:9f:e3:81:36:f0:
9d:fa:64:89:ba:d0:04:f0:fe:44:01:e1:cc:7a:1d:a4:16:c8:
ed:da:74:9d:b7:e1:2e:28:0a:da:11:e9:f2:94:78:41:0d:72:
89:37:05:79:1e:5c:c7:8e:6a:f0:c8:fc:03:50:f2:2d:2e:6f:
fe:1e:3a:9c:09:e4:74:27:93:20:d5:74:a4:ee:8d:52:82:2c:
63:f7:33:f9:a2:90:a0:9c:89:17:40:76:0c:a4:a2:75:b9:2c:
71:ae:6a:be
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZO1O+pa3eMCcfeuIe6RXVIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMjExMTAyMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGE0NzFkODkzMGQ2YTcxNjU2MzZkOTBmZDUzMjI2OWE1ZmFjMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzXXPg+KxSTq/3HWlRBDtsK1TT1+
YIXQqSXFJi5zIbuOfY84JPwxoKewvrDfWHxguaq75ql0p8iPjMZp7df79nIJwwrv
+s+u00y8gVmLGA/0GoJ3AUic0v/HHz7IqmKLummWJ2TEDdNtWhK7RipyiHfnIM/T
T+8tHJKF48idl3aVQRb6TXExkCbvIQC303fnmR0FWV1WXB50izJ+mPnJTqKUg5pL
JGO2a6M3eEJjs83q4L+TORcv/CVY0Cw8S9FakCkkIrsBIieh4Kme5Ri1Q6WPxkXY
+kSIUED+ZLEtXQoStNNG2HckPqDPW8AJxpwBEbeNmWLLTRvAxdHzNwDEMQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFNCkcdiTDWpxZWNtkP1TImml+sAGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMEtSeDJKTU5hbkZsWTIyUV9WTWlhYVg2d0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUpgIAwQA
UphiAwQAUpnNAwQAUpneAwQAUpnzAwQAWdUyAwQAbbD0AwQA1CZPAwQA1drqAwQA
1druAwQA2ZFEMA0GCSqGSIb3DQEBCwUAA4IBAQA4MsxdNVQJGEAEnKJEovA0GE89
JD03qDvADpbucoos7MnZIaO7G16BH2+b5JKY5gL+65bgITW1axNnpXMCOnGwCq51
RczouXDLMHMCFrliEbkqXD2ADqmSgsVy6mVnPK8j917fedpsSyNIKrmWzJebsfWR
spap4SCr+AlxkjZSFFiGd+4lWvTZ0PS9in43FcF/xQ408aeDfmRG3Iu5n+OBNvCd
+mSJutAE8P5EAeHMeh2kFsjt2nSdt+EuKAraEenylHhBDXKJNwV5HlzHjmrwyPwD
UPItLm/+HjqcCeR0J5Mg1XSk7o1Sgixj9zP5opCgnIkXQHYMpKJ1uSxxrmq+
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:36:20 2025 by rpki-client