Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MDSJgwAfnatuVB43t8VmsABKDS8.roa
File: MDSJgwAfnatuVB43t8VmsABKDS8.roa (raw, json)
Hash identifier: MRyn90aies0HzL5L0oFIlowz0YWIoh4XhkiSkHliQRs=
Subject key identifier: 30:34:89:83:00:1F:9D:AB:6E:54:1E:37:B7:C5:66:B0:00:4A:0D:2F
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0194B7C324EA452C3DD12EAE29C737CB941A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MDSJgwAfnatuVB43t8VmsABKDS8.roa
Signing time: Thu 30 Jan 2025 15:10:06 +0000
ROA not before: Thu 30 Jan 2025 15:10:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.152.176.0/24 maxlen: 24
82.153.50.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.222.0/24 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.159.0/24 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.171.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.196.0/24 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
89.213.248.0/24 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.211.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Fri 31 Jan 2025 11:08:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b7:c3:24:ea:45:2c:3d:d1:2e:ae:29:c7:37:cb:94:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 30 15:10:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30348983001f9dab6e541e37b7c566b0004a0d2f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:84:e1:61:a9:03:7e:54:df:79:9c:e5:71:a2:
8a:88:0f:50:31:e9:ae:c0:d7:2a:a2:8c:c9:b2:35:
da:07:c3:5f:16:36:a8:49:26:07:cf:00:7a:52:83:
81:33:27:d3:91:07:c4:77:a7:5a:b0:11:76:48:61:
11:d6:ab:68:dd:c2:07:37:7b:6f:bd:38:f0:47:30:
a1:33:03:41:99:b0:a3:5b:16:7a:1f:7a:4a:d5:8f:
af:8e:e6:6d:ba:a0:53:21:1e:6d:fc:bb:67:27:44:
31:0a:71:14:7a:2c:97:a4:ff:55:75:e5:98:6e:29:
4b:c4:f6:aa:61:10:56:4c:d5:0c:14:93:ca:b3:a3:
38:d9:a9:4f:cc:13:a9:e3:4f:09:28:1c:01:03:c5:
ff:30:06:c3:95:dc:05:94:dd:85:5f:de:7b:fe:b5:
da:72:8b:20:da:09:74:19:19:27:f7:23:8d:31:42:
30:66:9d:ba:30:57:26:e0:7b:8d:46:95:1a:e1:f4:
bc:f4:ff:20:9b:5b:7b:91:80:e5:d9:e2:cc:8f:0b:
ef:5c:58:46:d4:a3:54:b7:b2:a1:f1:2a:20:c0:58:
19:d6:14:84:35:6c:1b:56:e5:39:74:37:17:04:95:
0c:4a:1a:ef:6b:ce:a3:19:dd:af:5f:1d:33:79:85:
fc:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:34:89:83:00:1F:9D:AB:6E:54:1E:37:B7:C5:66:B0:00:4A:0D:2F
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/MDSJgwAfnatuVB43t8VmsABKDS8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.8.0/24
82.152.176.0/23
82.153.50.0/24
82.153.136.0/22
82.153.222.0/24
82.153.243.0/24
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.164.0/24
89.213.167.0/24
89.213.169.0/24
89.213.171.0-89.213.175.255
89.213.181.0/24
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
89.213.248.0/24
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.152.43.0/24
213.210.52.0/22
213.218.211.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
93:51:ca:09:cc:ed:9c:53:72:af:ae:16:6c:13:a5:32:8d:1d:
5f:9a:31:bd:4f:0a:cd:be:da:82:f7:c0:37:1e:e1:96:d9:bb:
7b:8d:a1:5e:e0:6f:d9:0f:7e:12:79:00:0e:32:b2:9f:d6:66:
e1:62:d9:58:6c:40:a9:b4:5f:41:21:ca:79:7d:8a:53:a8:0a:
5a:de:f4:ef:0f:a2:9d:c3:c4:25:7e:a9:91:a2:e1:4e:b4:bc:
fc:26:4b:2a:bd:d6:1b:19:c7:c2:9b:e8:ab:4c:98:9e:48:0c:
96:d5:08:a3:62:2e:aa:45:f1:ae:b7:61:a4:c8:b5:7e:6b:9a:
7d:1a:d2:1b:4d:df:fa:91:eb:91:51:ab:5d:ca:78:98:0a:e5:
ce:3d:18:ba:b5:db:a5:ac:54:48:d7:8d:ec:0e:cd:9c:30:2c:
05:12:37:df:0a:1a:21:cc:e2:3a:54:0d:45:c0:98:3a:0b:a8:
e0:43:68:36:37:65:59:a8:f2:e1:02:da:95:83:5d:7a:f0:3f:
23:55:5f:43:3e:9d:d2:c8:d5:7f:b9:86:20:e9:b4:53:bb:e9:
61:6c:9a:6c:d8:e5:c5:bc:24:44:4c:e1:af:74:1d:59:51:10:
a0:46:36:6a:0a:b2:2e:fb:f0:b5:04:f9:04:29:ef:82:b4:9c:
1b:ba:3a:8c
-----BEGIN CERTIFICATE-----
MIIGDzCCBPegAwIBAgISAZS3wyTqRSw90S6uKcc3y5QaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTMwMTUxMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDM0ODk4MzAwMWY5ZGFiNmU1NDFlMzdiN2M1NjZiMDAwNGEwZDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4ThYakDflTfeZzlcaKKiA9QMemu
wNcqoozJsjXaB8NfFjaoSSYHzwB6UoOBMyfTkQfEd6dasBF2SGER1qto3cIHN3tv
vTjwRzChMwNBmbCjWxZ6H3pK1Y+vjuZtuqBTIR5t/LtnJ0QxCnEUeiyXpP9VdeWY
bilLxPaqYRBWTNUMFJPKs6M42alPzBOp408JKBwBA8X/MAbDldwFlN2FX957/rXa
cosg2gl0GRkn9yONMUIwZp26MFcm4HuNRpUa4fS89P8gm1t7kYDl2eLMjwvvXFhG
1KNUt7Kh8SogwFgZ1hSENWwbVuU5dDcXBJUMShrva86jGd2vXx0zeYX86wIDAQAB
o4IDGzCCAxcwHQYDVR0OBBYEFDA0iYMAH52rblQeN7fFZrAASg0vMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTURTSmd3QWZuYXR1VkI0M3Q4Vm1zQUJLRFM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLwYIKwYBBQUHAQcBAf8EggEeMIIBGjCCARYEAgABMIIB
DgMEAFKYCAMEAVKYsAMEAFKZMgMEAlKZiAMEAFKZ3gMEAFKZ8wMEAVnVLAMEAVnV
MgMEAlnVOAMEAFnVgQMEAFnVhAMEAFnViwMEAFnVjzAMAwQAWdWRAwQAWdWSMAwD
BAJZ1ZQDBAVZ1YADBABZ1aIDBABZ1aQDBABZ1acDBABZ1akwDAMEAFnVqwMEBFnV
oAMEAFnVtQMEAFnVvzAMAwQCWdXEAwQEWdXAMAwDBAJZ1eQDBARZ1eADBABZ1fgD
BANtsBADBAJtsMwDBAFtsPIDBAG5MX4DBATCaVADBADUJk8DBAHUJlgDBADVmCsD
BALV0jQDBADV2tMwDAMEANmRQQMEANmRQgMEA9mRSDANBgkqhkiG9w0BAQsFAAOC
AQEAk1HKCcztnFNyr64WbBOlMo0dX5oxvU8Kzb7agvfANx7hltm7e42hXuBv2Q9+
EnkADjKyn9Zm4WLZWGxAqbRfQSHKeX2KU6gKWt707w+incPEJX6pkaLhTrS8/CZL
Kr3WGxnHwpvoq0yYnkgMltUIo2IuqkXxrrdhpMi1fmuafRrSG03f+pHrkVGrXcp4
mArlzj0YurXbpaxUSNeN7A7NnDAsBRI33woaIcziOlQNRcCYOguo4ENoNjdlWajy
4QLalYNdevA/I1VfQz6d0sjVf7mGIOm0U7vpYWyabNjlxbwkREzhr3QdWVEQoEY2
agqyLvvwtQT5BCnvgrScG7o6jA==
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:07:44 2025 by rpki-client