Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3a8j5FNBk2Y38DkWaP0bqTI0RFw.roa
File: 3a8j5FNBk2Y38DkWaP0bqTI0RFw.roa (raw, json)
Hash identifier: f4xHVlA/H4BE7EiTi07dxgdR/PbbgKaKYATzcqP9DeA=
Subject key identifier: DD:AF:23:E4:53:41:93:66:37:F0:39:16:68:FD:1B:A9:32:34:44:5C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01942143D30B32B147EA2F1E269C4356B448
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3a8j5FNBk2Y38DkWaP0bqTI0RFw.roa
Signing time: Wed 01 Jan 2025 09:48:00 +0000
ROA not before: Wed 01 Jan 2025 09:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 81.5.156.0/24 maxlen: 24
81.168.41.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
82.152.250.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.67.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.139.0/24 maxlen: 24
82.153.140.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
82.153.248.0/24 maxlen: 24
82.153.250.0/24 maxlen: 24
89.213.135.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.137.0/24 maxlen: 24
89.213.141.0/24 maxlen: 24
89.213.153.0/24 maxlen: 24
89.213.163.0/24 maxlen: 24
89.213.168.0/24 maxlen: 24
89.213.170.0/24 maxlen: 24
89.213.185.0/24 maxlen: 24
89.213.188.0/24 maxlen: 24
89.213.189.0/24 maxlen: 24
109.176.209.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
213.152.61.0/24 maxlen: 24
213.152.62.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 13 Jan 2025 18:33:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:d3:0b:32:b1:47:ea:2f:1e:26:9c:43:56:b4:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 1 09:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddaf23e45341936637f0391668fd1ba93234445c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:a2:8d:c8:22:cb:ee:5d:3d:62:67:93:28:8d:
d0:54:17:14:29:45:7b:b0:46:d1:05:bf:db:ab:8e:
26:56:ed:f0:74:db:f6:57:3f:d2:75:b9:2d:51:17:
fc:2d:0d:11:eb:14:95:db:a2:36:37:94:fe:89:73:
4c:6b:4e:cf:61:12:e2:38:71:6f:39:df:5a:0c:33:
23:1a:4b:46:7a:58:29:bf:ae:78:8e:68:00:cf:1b:
5a:1a:59:55:f1:ff:66:9b:2d:96:36:ce:3b:fd:e9:
c4:3f:e8:34:bc:12:b5:57:ee:4c:63:69:c1:6c:e7:
ee:17:1d:eb:06:c4:52:a0:dc:72:a0:3b:63:97:cb:
87:6a:fc:28:63:8b:e1:38:23:31:8f:31:b0:da:18:
5a:01:81:02:c1:eb:f5:47:8a:d1:e0:6c:44:20:ed:
48:86:05:89:b2:f7:b0:ce:0f:25:83:1c:4a:a2:34:
74:4a:73:15:56:9e:fa:ca:b3:ee:82:98:64:98:e8:
e8:93:a1:60:03:e1:03:35:fe:9b:ce:0b:e6:35:a6:
69:b2:98:35:f2:f7:12:d2:74:b5:64:54:96:64:81:
bb:52:38:8a:f6:64:d2:bb:43:85:10:71:c7:e3:16:
97:df:4c:85:03:03:5b:c7:fc:00:42:d1:61:3e:b8:
8c:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:AF:23:E4:53:41:93:66:37:F0:39:16:68:FD:1B:A9:32:34:44:5C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/3a8j5FNBk2Y38DkWaP0bqTI0RFw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
82.152.111.0/24
82.152.250.0/24
82.152.252.0/23
82.152.255.0/24
82.153.67.0/24
82.153.73.0/24
82.153.78.0/24
82.153.137.0/24
82.153.139.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.240.0/24
82.153.248.0/24
82.153.250.0/24
89.213.135.0-89.213.137.255
89.213.141.0/24
89.213.153.0/24
89.213.163.0/24
89.213.168.0/24
89.213.170.0/24
89.213.185.0/24
89.213.188.0/23
109.176.209.0/24
109.176.211.0/24
109.176.216.0/21
109.176.249.0/24
185.49.125.0/24
213.152.61.0-213.152.62.255
Signature Algorithm: sha256WithRSAEncryption
57:97:5b:07:de:4e:95:08:f2:ef:02:5a:d9:59:91:e3:ce:b8:
47:5b:0e:d5:1c:a6:2a:c7:00:aa:b6:fc:92:09:b7:cb:49:4d:
c2:e9:d1:14:b7:4d:3b:2d:ac:4f:c0:2d:bf:f7:78:ca:d6:9e:
97:cf:ab:16:04:e3:5b:f2:81:a9:90:c2:ab:20:5d:9b:97:78:
7d:7e:3c:ed:9a:cc:ea:55:05:52:70:ed:f5:f4:d7:96:97:40:
21:70:16:7b:b7:25:7c:8c:39:ed:29:21:3d:8f:0e:86:f0:76:
8e:a7:33:79:71:62:49:7e:14:e5:a3:c5:9f:c4:cf:f1:61:fd:
59:c2:e1:eb:15:7c:70:46:cb:26:29:20:fc:c7:15:fa:20:b2:
db:57:6c:01:ee:0c:45:0d:66:21:99:bc:ea:89:b8:56:2e:83:
88:ac:04:67:51:c1:62:2a:8e:4d:15:42:7f:c2:e2:57:c1:81:
99:fe:c2:3c:42:52:37:fb:9c:dc:0c:f0:e9:7b:85:24:ac:3a:
7d:71:70:f2:b4:f2:a9:d4:c8:bb:8b:44:b4:33:6b:76:d7:df:
b1:5b:66:90:3d:4f:f6:64:6b:43:ef:28:76:14:7f:51:93:a5:
d3:26:f6:22:1f:8b:d9:7a:06:f9:16:9d:17:16:ff:7a:79:0b:
9b:7f:a2:b7
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgISAZQhQ9MLMrFH6i8eJpxDVrRIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGFmMjNlNDUzNDE5MzY2MzdmMDM5MTY2OGZkMWJhOTMyMzQ0NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKKNyCLL7l09YmeTKI3QVBcUKUV7
sEbRBb/bq44mVu3wdNv2Vz/SdbktURf8LQ0R6xSV26I2N5T+iXNMa07PYRLiOHFv
Od9aDDMjGktGelgpv654jmgAzxtaGllV8f9mmy2WNs47/enEP+g0vBK1V+5MY2nB
bOfuFx3rBsRSoNxyoDtjl8uHavwoY4vhOCMxjzGw2hhaAYECwev1R4rR4GxEIO1I
hgWJsvewzg8lgxxKojR0SnMVVp76yrPugphkmOjok6FgA+EDNf6bzgvmNaZpspg1
8vcS0nS1ZFSWZIG7UjiK9mTSu0OFEHHH4xaX30yFAwNbx/wAQtFhPriMywIDAQAB
o4IC1DCCAtAwHQYDVR0OBBYEFN2vI+RTQZNmN/A5Fmj9G6kyNERcMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvM2E4ajVGTkJrMlkzOERrV2FQMGJxVEkwUkZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHpBggrBgEFBQcBBwEB/wSB2TCB1jCB0wQCAAEwgcwDBABR
BZwDBABRqCkDBABSmG8DBABSmPoDBAFSmPwDBABSmP8DBABSmUMDBABSmUkDBABS
mU4DBABSmYkwDAMEAFKZiwMEAFKZjAMEAFKZ3QMEAFKZ3wMEAFKZ8AMEAFKZ+AME
AFKZ+jAMAwQAWdWHAwQBWdWIAwQAWdWNAwQAWdWZAwQAWdWjAwQAWdWoAwQAWdWq
AwQAWdW5AwQBWdW8AwQAbbDRAwQAbbDTAwQDbbDYAwQAbbD5AwQAuTF9MAwDBADV
mD0DBADVmD4wDQYJKoZIhvcNAQELBQADggEBAFeXWwfeTpUI8u8CWtlZkePOuEdb
DtUcpirHAKq2/JIJt8tJTcLp0RS3TTstrE/ALb/3eMrWnpfPqxYE41vygamQwqsg
XZuXeH1+PO2azOpVBVJw7fX015aXQCFwFnu3JXyMOe0pIT2PDobwdo6nM3lxYkl+
FOWjxZ/Ez/Fh/VnC4esVfHBGyyYpIPzHFfogsttXbAHuDEUNZiGZvOqJuFYug4is
BGdRwWIqjk0VQn/C4lfBgZn+wjxCUjf7nNwM8Ol7hSSsOn1xcPK08qnUyLuLRLQz
a3bX37FbZpA9T/Zka0PvKHYUf1GTpdMm9iIfi9l6BvkWnRcW/3p5C5t/orc=
-----END CERTIFICATE-----
Generated at Fri Mar 28 13:12:42 2025 by rpki-client