Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8xBS0sAy9e7hDo7fIaTWCuRW4KY.roa
File: 8xBS0sAy9e7hDo7fIaTWCuRW4KY.roa (raw, json)
Hash identifier: +KGSdCjZSgrxyRDo5Zf0pIn14k95ju3B8xyvs+9I/qc=
Subject key identifier: F3:10:52:D2:C0:32:F5:EE:E1:0E:8E:DF:21:A4:D6:0A:E4:56:E0:A6
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01944167F3CF42F95B751BFC4B0F991EB7C7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8xBS0sAy9e7hDo7fIaTWCuRW4KY.roa
Signing time: Tue 07 Jan 2025 15:35:19 +0000
ROA not before: Tue 07 Jan 2025 15:35:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.136.0/22 maxlen: 22
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.210.0/24 maxlen: 24
213.218.211.0/24 maxlen: 24
213.218.212.0/24 maxlen: 24
213.218.215.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Mon 13 Jan 2025 09:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:41:67:f3:cf:42:f9:5b:75:1b:fc:4b:0f:99:1e:b7:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 7 15:35:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f31052d2c032f5eee10e8edf21a4d60ae456e0a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:21:a7:1e:14:d2:f8:79:5c:d0:44:aa:4a:ab:
df:66:94:83:11:f8:9a:ec:2f:a4:ac:e7:3f:a1:1c:
7d:1e:37:12:6b:db:97:1d:2d:93:43:b8:fd:ac:57:
73:12:5a:89:42:79:80:5d:f9:5f:41:eb:71:b5:39:
9c:cf:71:33:65:cc:66:25:bd:2a:0e:89:de:3e:d3:
86:5d:82:15:39:33:67:ab:d5:28:d7:58:df:3b:d7:
70:80:55:4c:28:70:37:53:77:ba:ca:de:63:50:ee:
b0:21:93:1b:91:57:f7:50:2a:b2:18:3b:0d:d2:d1:
fa:21:13:04:87:0e:e9:b5:4e:b1:a0:3d:6d:81:5c:
af:d0:8f:b6:ba:f9:a1:b5:d6:3d:09:28:04:58:b8:
cb:91:88:39:b4:7d:68:fb:47:c9:28:42:8d:bd:9f:
50:29:b8:0b:a7:1b:36:81:47:4b:b7:61:be:1b:1d:
98:95:00:8f:6a:d4:c0:52:13:05:d7:7c:3f:9b:9f:
0b:b0:c3:a0:e5:33:de:0d:9a:e5:50:c9:1b:20:9e:
be:8c:5d:cd:06:7e:46:2e:e3:d7:e8:4f:39:61:eb:
9f:62:ef:84:16:e2:9a:c4:e2:42:b2:de:4a:25:ac:
94:4b:7f:da:bc:c5:a6:d9:5c:c5:33:2f:03:f4:f1:
00:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:10:52:D2:C0:32:F5:EE:E1:0E:8E:DF:21:A4:D6:0A:E4:56:E0:A6
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/8xBS0sAy9e7hDo7fIaTWCuRW4KY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.8.0/24
82.152.176.0/23
82.153.136.0/22
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.164.0/24
89.213.167.0/24
89.213.169.0/24
89.213.172.0/22
89.213.181.0/24
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.152.43.0/24
213.210.52.0/22
213.218.210.0-213.218.212.255
213.218.215.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
0b:00:7e:56:41:21:27:19:34:34:0c:3d:c5:c8:f9:7d:83:58:
ec:20:ad:2f:6b:13:df:50:e0:01:6d:34:3c:c2:c5:01:e4:48:
dd:f2:9b:f9:ed:68:10:0f:a0:96:b3:da:c6:2d:89:96:94:ab:
fd:c2:fe:86:86:e4:01:b5:1a:b7:f6:8c:45:06:c6:46:dd:45:
80:53:c3:df:69:20:e4:0d:a1:86:16:c8:f5:cb:95:e7:83:c9:
2e:81:c2:c2:29:9d:0b:f8:0f:fb:94:0c:bb:0b:d8:a7:f9:1d:
ef:c4:25:e1:64:eb:86:c9:1f:cf:1e:e6:b0:ec:38:c7:70:0d:
1a:f2:da:24:e0:82:67:b8:ad:40:91:73:71:10:de:43:37:88:
73:f2:ee:c6:1b:09:e3:7c:b9:32:86:2f:16:18:bf:6c:94:1c:
5e:23:bd:2f:8a:10:24:37:35:30:3b:04:d8:d5:5a:72:04:69:
75:f8:18:f2:ee:a7:03:19:8d:33:06:67:51:7a:c8:20:52:1e:
3f:69:bf:40:5e:7a:8c:71:86:83:96:8e:86:e8:58:58:52:9e:
fb:2f:ec:dd:4b:66:19:f2:d2:aa:07:b7:c5:d9:85:43:00:27:
9d:c6:be:75:e1:9e:a6:d7:3e:a2:38:48:2f:41:d6:70:73:58:
66:60:03:44
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZRBZ/PPQvlbdRv8Sw+ZHrfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTA3MTUzNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzEwNTJkMmMwMzJmNWVlZTEwZThlZGYyMWE0ZDYwYWU0NTZlMGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriGnHhTS+Hlc0ESqSqvfZpSDEfia
7C+krOc/oRx9HjcSa9uXHS2TQ7j9rFdzElqJQnmAXflfQetxtTmcz3EzZcxmJb0q
DonePtOGXYIVOTNnq9Uo11jfO9dwgFVMKHA3U3e6yt5jUO6wIZMbkVf3UCqyGDsN
0tH6IRMEhw7ptU6xoD1tgVyv0I+2uvmhtdY9CSgEWLjLkYg5tH1o+0fJKEKNvZ9Q
KbgLpxs2gUdLt2G+Gx2YlQCPatTAUhMF13w/m58LsMOg5TPeDZrlUMkbIJ6+jF3N
Bn5GLuPX6E85YeufYu+EFuKaxOJCst5KJayUS3/avMWm2VzFMy8D9PEANQIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFPMQUtLAMvXu4Q6O3yGk1grkVuCmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOHhCUzBzQXk5ZTdoRG83ZklhVFdDdVJXNEtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCCAQMEAgABMIH8
AwQAUpgIAwQBUpiwAwQCUpmIAwQBWdUsAwQBWdUyAwQCWdU4AwQAWdWBAwQAWdWE
AwQAWdWLAwQAWdWPMAwDBABZ1ZEDBABZ1ZIwDAMEAlnVlAMEBVnVgAMEAFnVogME
AFnVpAMEAFnVpwMEAFnVqQMEAlnVrAMEAFnVtQMEAFnVvzAMAwQCWdXEAwQEWdXA
MAwDBAJZ1eQDBARZ1eADBANtsBADBAJtsMwDBAFtsPIDBAG5MX4DBATCaVADBADU
Jk8DBAHUJlgDBADVmCsDBALV0jQwDAMEAdXa0gMEANXa1AMEANXa1zAMAwQA2ZFB
AwQA2ZFCAwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQALAH5WQSEnGTQ0DD3FyPl9
g1jsIK0vaxPfUOABbTQ8wsUB5Ejd8pv57WgQD6CWs9rGLYmWlKv9wv6GhuQBtRq3
9oxFBsZG3UWAU8PfaSDkDaGGFsj1y5Xng8kugcLCKZ0L+A/7lAy7C9in+R3vxCXh
ZOuGyR/PHuaw7DjHcA0a8tok4IJnuK1AkXNxEN5DN4hz8u7GGwnjfLkyhi8WGL9s
lBxeI70vihAkNzUwOwTY1VpyBGl1+Bjy7qcDGY0zBmdResggUh4/ab9AXnqMcYaD
lo6G6FhYUp77L+zdS2YZ8tKqB7fF2YVDACedxr514Z6m1z6iOEgvQdZwc1hmYANE
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:05:00 2025 by rpki-client