Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2Pfs3kar05t4sIT9GCbkG_WBQ8I.roa
File: 2Pfs3kar05t4sIT9GCbkG_WBQ8I.roa (raw, json)
Hash identifier: u4kVpXcnvtXm3qn+cPICddBTZq3J2AFZ4wCliNf5H/4=
Subject key identifier: D8:F7:EC:DE:46:AB:D3:9B:78:B0:84:FD:18:26:E4:1B:F5:81:43:C2
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01948888AFC1ADB99DD10D5A7BC0E9350E1A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2Pfs3kar05t4sIT9GCbkG_WBQ8I.roa
Signing time: Tue 21 Jan 2025 11:04:06 +0000
ROA not before: Tue 21 Jan 2025 11:04:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 81.168.122.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.131.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.35.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.222.0/24 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.159.0/24 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.171.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.211.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Wed 22 Jan 2025 10:37:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:88:88:af:c1:ad:b9:9d:d1:0d:5a:7b:c0:e9:35:0e:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 21 11:04:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8f7ecde46abd39b78b084fd1826e41bf58143c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:66:df:54:7b:4a:7b:42:ff:31:4c:b7:98:99:
63:c8:29:a3:d1:e6:31:ec:ba:86:6c:2f:7a:7b:b6:
4b:69:02:15:a8:64:24:5e:f1:de:9e:9d:40:9d:d7:
17:ca:a7:cd:02:4a:9f:99:f7:b6:0d:59:71:ba:40:
a6:82:c5:88:82:f9:9d:d3:5d:4f:c8:cd:39:86:a3:
4f:47:0d:8f:00:84:25:de:1b:d8:b7:e1:36:52:de:
66:db:42:25:f9:a2:3a:34:42:a1:16:33:2c:a0:86:
9c:d5:0b:b7:03:6d:5d:5f:9b:0e:0a:73:5a:09:41:
2d:1f:4f:03:73:a6:85:89:f9:bb:92:2e:bd:11:1a:
b9:c3:0d:6e:bc:4a:78:40:c8:94:6f:14:1f:2a:ec:
8c:bd:af:7f:e8:26:09:de:8e:56:8a:ac:1e:e7:c4:
73:b6:cc:dd:06:8b:d3:60:74:82:96:f9:da:67:ae:
55:56:e0:ec:07:ac:0e:d9:a8:8f:e1:03:20:73:6a:
36:38:1e:ec:5b:05:f9:85:48:b5:d4:1f:a4:cf:54:
2c:7d:0c:44:7a:0c:69:3e:e4:2f:24:13:79:79:e1:
e3:8b:ab:0c:79:59:e9:09:38:74:c5:db:ee:0f:b2:
34:24:0c:5f:23:d2:ba:ed:de:63:fd:12:2e:28:bd:
d3:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:F7:EC:DE:46:AB:D3:9B:78:B0:84:FD:18:26:E4:1B:F5:81:43:C2
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2Pfs3kar05t4sIT9GCbkG_WBQ8I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.122.0/24
82.152.8.0/24
82.152.131.0/24
82.152.176.0/23
82.153.35.0/24
82.153.136.0/22
82.153.222.0/24
82.153.243.0/24
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.164.0/24
89.213.167.0/24
89.213.169.0/24
89.213.171.0-89.213.175.255
89.213.181.0/24
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.152.43.0/24
213.210.52.0/22
213.218.211.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
9b:ca:8b:72:1a:37:a9:93:c7:aa:59:a4:80:c2:84:7d:07:a1:
71:54:fa:67:c5:77:2b:bb:a8:99:76:9d:1f:bd:d1:f2:e7:d1:
89:f2:5e:9b:87:6c:90:2b:68:83:d7:fa:f6:bd:3a:8f:9c:26:
0b:93:97:81:a6:37:ec:04:89:e7:20:f0:82:ef:da:bb:ae:9c:
8d:2d:eb:1b:f9:07:19:f3:62:ee:f3:6a:37:53:37:c1:78:d1:
4d:89:dd:99:20:2c:a5:0c:7c:f7:60:03:64:7a:4a:2b:b4:96:
e7:7c:60:3b:0b:39:58:18:bd:d7:a1:73:d0:0d:8e:1a:44:52:
24:7a:36:6e:a8:41:2d:e8:a9:4f:05:81:9c:fc:45:ea:dd:a0:
32:89:f0:24:d0:34:e5:a3:fb:2e:b6:c1:7a:55:77:30:fa:91:
8c:23:3f:c5:d3:79:89:b6:e8:83:44:cc:4e:f4:a8:07:2e:57:
e3:4a:5d:dd:3d:d0:ba:2a:b8:27:83:f9:10:ca:65:2e:fb:7f:
1e:96:73:a2:fb:d7:b7:42:93:84:77:0f:09:32:de:31:10:dd:
b0:a0:fe:68:fe:b4:a8:cd:da:0f:9b:18:1f:96:eb:03:dc:a7:
d3:86:f3:16:49:ea:1b:6a:06:1a:16:14:5a:26:8c:e9:c9:6a:
4a:b6:c4:8d
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgISAZSIiK/Brbmd0Q1ae8DpNQ4aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTIxMTEwNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGY3ZWNkZTQ2YWJkMzliNzhiMDg0ZmQxODI2ZTQxYmY1ODE0M2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAombfVHtKe0L/MUy3mJljyCmj0eYx
7LqGbC96e7ZLaQIVqGQkXvHenp1AndcXyqfNAkqfmfe2DVlxukCmgsWIgvmd011P
yM05hqNPRw2PAIQl3hvYt+E2Ut5m20Il+aI6NEKhFjMsoIac1Qu3A21dX5sOCnNa
CUEtH08Dc6aFifm7ki69ERq5ww1uvEp4QMiUbxQfKuyMva9/6CYJ3o5Wiqwe58Rz
tszdBovTYHSClvnaZ65VVuDsB6wO2aiP4QMgc2o2OB7sWwX5hUi11B+kz1QsfQxE
egxpPuQvJBN5eeHji6sMeVnpCTh0xdvuD7I0JAxfI9K67d5j/RIuKL3TbQIDAQAB
o4IDITCCAx0wHQYDVR0OBBYEFNj37N5Gq9ObeLCE/Rgm5Bv1gUPCMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMlBmczNrYXIwNXQ0c0lUOUdDYmtHX1dCUThJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNQYIKwYBBQUHAQcBAf8EggEkMIIBIDCCARwEAgABMIIB
FAMEAFGoegMEAFKYCAMEAFKYgwMEAVKYsAMEAFKZIwMEAlKZiAMEAFKZ3gMEAFKZ
8wMEAVnVLAMEAVnVMgMEAlnVOAMEAFnVgQMEAFnVhAMEAFnViwMEAFnVjzAMAwQA
WdWRAwQAWdWSMAwDBAJZ1ZQDBAVZ1YADBABZ1aIDBABZ1aQDBABZ1acDBABZ1akw
DAMEAFnVqwMEBFnVoAMEAFnVtQMEAFnVvzAMAwQCWdXEAwQEWdXAMAwDBAJZ1eQD
BARZ1eADBANtsBADBAJtsMwDBAFtsPIDBAG5MX4DBATCaVADBADUJk8DBAHUJlgD
BADVmCsDBALV0jQDBADV2tMwDAMEANmRQQMEANmRQgMEA9mRSDANBgkqhkiG9w0B
AQsFAAOCAQEAm8qLcho3qZPHqlmkgMKEfQehcVT6Z8V3K7uomXadH73R8ufRifJe
m4dskCtog9f69r06j5wmC5OXgaY37ASJ5yDwgu/au66cjS3rG/kHGfNi7vNqN1M3
wXjRTYndmSAspQx892ADZHpKK7SW53xgOws5WBi916Fz0A2OGkRSJHo2bqhBLeip
TwWBnPxF6t2gMonwJNA05aP7LrbBelV3MPqRjCM/xdN5ibbog0TMTvSoBy5X40pd
3T3Quiq4J4P5EMplLvt/HpZzovvXt0KThHcPCTLeMRDdsKD+aP60qM3aD5sYH5br
A9yn04bzFknqG2oGGhYUWiaM6clqSrbEjQ==
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:44:01 2025 by rpki-client