Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/M7jP7RWnIXBGZSPq3U4aV-QF2_A.roa
File: M7jP7RWnIXBGZSPq3U4aV-QF2_A.roa (raw, json)
Hash identifier: R79S5r+Ozv0JazBk+kinZP/ZaSO7PhZ6I8m6sLwqm/g=
Subject key identifier: 33:B8:CF:ED:15:A7:21:70:46:65:23:EA:DD:4E:1A:57:E4:05:DB:F0
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01942143D556CA273AE87F29B1541841D182
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/M7jP7RWnIXBGZSPq3U4aV-QF2_A.roa
Signing time: Wed 01 Jan 2025 09:48:01 +0000
ROA not before: Wed 01 Jan 2025 09:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 82.152.8.0/24 maxlen: 24
82.152.98.0/24 maxlen: 24
82.153.205.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.50.0/24 maxlen: 24
109.176.244.0/24 maxlen: 24
212.38.79.0/24 maxlen: 24
213.218.234.0/24 maxlen: 24
213.218.238.0/24 maxlen: 24
217.145.68.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 17 Jan 2025 11:29:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:d5:56:ca:27:3a:e8:7f:29:b1:54:18:41:d1:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 1 09:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=33b8cfed15a72170466523eadd4e1a57e405dbf0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:29:41:b4:2f:dd:01:cf:b9:50:70:ad:67:dd:
10:91:c5:ad:4e:3b:c2:90:d9:b2:a1:38:c9:7c:ec:
25:a7:c1:b9:62:03:60:ac:85:e4:d9:38:13:23:a2:
15:e4:48:62:b7:09:bc:fa:53:5e:51:2b:ae:37:80:
83:b9:0f:d3:59:ef:c4:09:7a:da:7c:1e:3b:f6:78:
e5:9e:ce:19:d1:a6:7b:04:b6:17:dd:a1:7d:27:8b:
b2:8d:d1:65:21:d0:64:fa:ad:c4:49:7f:7a:2b:00:
cc:fb:68:2f:9f:6f:5d:a3:3e:d2:14:3c:d9:63:97:
d6:4a:50:27:43:f5:0d:92:9a:ac:0e:c4:68:d7:93:
f0:7e:35:8b:eb:84:08:c3:b0:ca:1b:64:5b:ac:9c:
5b:e4:95:f7:20:cc:10:c7:0a:71:b9:74:3e:f4:0d:
86:fb:20:b6:ce:08:8b:18:ea:2a:f2:00:5a:c6:da:
ef:89:2d:a4:eb:d0:39:1d:61:82:92:ac:82:16:8d:
dc:14:62:07:52:7c:65:e9:4a:16:d2:40:d4:2c:b2:
0e:cb:d7:bd:1a:82:8e:ca:7a:43:3f:bc:1f:87:44:
9c:c7:bd:e1:53:67:93:18:6d:1f:a6:43:26:04:df:
6e:74:40:2d:7d:17:7d:9d:e2:4b:d9:1e:ad:b1:16:
d2:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:B8:CF:ED:15:A7:21:70:46:65:23:EA:DD:4E:1A:57:E4:05:DB:F0
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/M7jP7RWnIXBGZSPq3U4aV-QF2_A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.8.0/24
82.152.98.0/24
82.153.205.0/24
82.153.222.0/24
82.153.243.0/24
89.213.50.0/24
109.176.244.0/24
212.38.79.0/24
213.218.234.0/24
213.218.238.0/24
217.145.68.0/24
Signature Algorithm: sha256WithRSAEncryption
48:8a:4e:d6:2e:59:f0:38:7e:36:ce:ee:b4:00:be:9c:9f:40:
98:83:c3:df:1e:ed:b2:1d:91:53:c8:74:8c:de:4b:86:4d:e6:
9f:72:60:cb:f4:e8:4f:fc:1f:67:20:0a:59:09:b5:c1:04:64:
34:d2:ae:7b:b9:d7:72:61:06:ec:8e:93:c3:7f:20:4c:58:ed:
c1:07:47:14:95:15:cc:1e:82:70:a0:10:a4:32:aa:a8:3d:d6:
54:07:3b:3e:37:d3:bb:48:9f:09:cd:8e:eb:1f:c9:95:c0:80:
9c:f5:ee:81:88:67:a9:a1:1e:e9:6b:73:81:f4:2c:ad:cb:10:
75:3c:d5:50:36:08:5b:0d:b3:27:da:21:92:6b:0b:08:b0:23:
a9:d6:36:ea:9d:10:f9:68:e9:50:2b:11:42:ec:09:00:75:b1:
1a:04:e3:0e:21:d2:8f:c6:7f:8c:62:c4:8f:22:78:42:fc:f0:
bd:26:92:86:5e:ad:d9:5a:62:c3:74:4f:ff:90:2e:17:a9:2e:
f0:5b:51:ee:73:70:8d:8b:e1:2b:cc:7b:7d:be:92:88:49:cc:
70:69:6a:7b:3a:dd:5e:23:5c:1c:f2:dc:f6:9f:96:ee:d5:62:
c5:6b:fc:8e:f4:8e:54:80:fb:57:59:67:7c:e2:37:6a:48:a0:
b9:ce:8d:af
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAZQhQ9VWyic66H8psVQYQdGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2I4Y2ZlZDE1YTcyMTcwNDY2NTIzZWFkZDRlMWE1N2U0MDVkYmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSlBtC/dAc+5UHCtZ90QkcWtTjvC
kNmyoTjJfOwlp8G5YgNgrIXk2TgTI6IV5Ehitwm8+lNeUSuuN4CDuQ/TWe/ECXra
fB479njlns4Z0aZ7BLYX3aF9J4uyjdFlIdBk+q3ESX96KwDM+2gvn29doz7SFDzZ
Y5fWSlAnQ/UNkpqsDsRo15PwfjWL64QIw7DKG2RbrJxb5JX3IMwQxwpxuXQ+9A2G
+yC2zgiLGOoq8gBaxtrviS2k69A5HWGCkqyCFo3cFGIHUnxl6UoW0kDULLIOy9e9
GoKOynpDP7wfh0Scx73hU2eTGG0fpkMmBN9udEAtfRd9neJL2R6tsRbSGQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFDO4z+0VpyFwRmUj6t1OGlfkBdvwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTTdqUDdSV25JWEJHWlNQcTNVNGFWLVFGMl9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAUpgIAwQA
UphiAwQAUpnNAwQAUpneAwQAUpnzAwQAWdUyAwQAbbD0AwQA1CZPAwQA1drqAwQA
1druAwQA2ZFEMA0GCSqGSIb3DQEBCwUAA4IBAQBIik7WLlnwOH42zu60AL6cn0CY
g8PfHu2yHZFTyHSM3kuGTeafcmDL9OhP/B9nIApZCbXBBGQ00q57uddyYQbsjpPD
fyBMWO3BB0cUlRXMHoJwoBCkMqqoPdZUBzs+N9O7SJ8JzY7rH8mVwICc9e6BiGep
oR7pa3OB9CytyxB1PNVQNghbDbMn2iGSawsIsCOp1jbqnRD5aOlQKxFC7AkAdbEa
BOMOIdKPxn+MYsSPInhC/PC9JpKGXq3ZWmLDdE//kC4XqS7wW1Huc3CNi+ErzHt9
vpKIScxwaWp7Ot1eI1wc8tz2n5bu1WLFa/yO9I5UgPtXWWd84jdqSKC5zo2v
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:12:45 2025 by rpki-client