Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/W8z3PSraK7D-fYKd2T9N7bt1WDc.roa
File: W8z3PSraK7D-fYKd2T9N7bt1WDc.roa (raw, json)
Hash identifier: p4Wt2rm5gyhLljRR0VWwFDQGDb+K3eLzU1sEjkSQmPg=
Subject key identifier: 5B:CC:F7:3D:2A:DA:2B:B0:FE:7D:82:9D:D9:3F:4D:ED:BB:75:58:37
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01980D11D42AD78D9795724C31A4A220A478
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/W8z3PSraK7D-fYKd2T9N7bt1WDc.roa
Signing time: Tue 15 Jul 2025 07:52:08 +0000
ROA not before: Tue 15 Jul 2025 07:52:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 81.5.189.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.69.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.159.0/24 maxlen: 24
82.153.217.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
89.213.0.0/22 maxlen: 24
89.213.6.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.139.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.20.0/24 maxlen: 24
109.176.25.0/24 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
185.101.47.0/24 maxlen: 24
194.105.76.0/22 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.130.132.0/22 maxlen: 22
213.130.134.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.208.0/24 maxlen: 24
213.218.211.0/24 maxlen: 24
213.218.244.0/22 maxlen: 22
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
217.145.78.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 18 Jul 2025 08:26:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:0d:11:d4:2a:d7:8d:97:95:72:4c:31:a4:a2:20:a4:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 15 07:52:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5bccf73d2ada2bb0fe7d829dd93f4dedbb755837
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:11:3b:97:9d:22:0e:08:a1:84:92:c4:a4:86:
60:56:04:6a:4b:14:d8:6c:9f:5b:c3:fd:e7:65:7b:
ba:b0:27:af:5b:9b:b2:5d:b3:51:f1:5d:39:7c:b8:
98:50:b0:3b:12:4e:09:3e:9a:dd:13:ac:55:f3:93:
da:67:0d:cd:4d:32:0c:b0:ff:5d:b4:aa:8a:53:71:
54:ab:1b:f8:1c:e3:91:58:12:e6:a4:ef:4b:3d:c3:
2c:78:b0:ea:08:23:fc:4e:d1:61:36:f5:d3:6c:b4:
3b:f8:b7:8c:75:b4:0a:d5:ce:8d:ae:53:b2:43:e3:
fe:a0:bb:ca:27:4d:8f:0b:4d:35:de:19:c9:56:ab:
30:26:9b:b6:70:a8:74:0a:90:46:7f:92:0e:95:f9:
50:ec:cc:17:36:2f:36:1b:33:1e:e6:88:88:d3:29:
d9:79:91:39:19:6b:b8:22:ee:70:f1:ea:66:ac:c3:
3c:51:ae:d9:65:46:fa:89:44:9f:46:9b:6e:48:46:
75:e0:30:93:55:9e:44:09:0a:9d:ef:5e:f9:ed:99:
97:87:01:6a:ca:fa:09:dc:89:bd:79:11:a7:73:aa:
78:c8:33:fb:f8:3f:4f:07:bc:20:ab:22:d6:28:0a:
15:42:37:44:11:5d:11:73:9a:56:4e:74:00:e2:03:
ef:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:CC:F7:3D:2A:DA:2B:B0:FE:7D:82:9D:D9:3F:4D:ED:BB:75:58:37
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/W8z3PSraK7D-fYKd2T9N7bt1WDc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
82.152.8.0/24
82.152.176.0/23
82.153.69.0/24
82.153.136.0/22
82.153.159.0/24
82.153.217.0/24
82.153.222.0/24
89.213.0.0/22
89.213.6.0/24
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.139.0/24
89.213.148.0-89.213.159.255
89.213.172.0/22
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.25.0/24
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
185.101.47.0/24
194.105.76.0-194.105.95.255
212.38.79.0/24
212.38.88.0/23
213.130.132.0/22
213.152.43.0/24
213.210.52.0/22
213.218.208.0/24
213.218.211.0/24
213.218.244.0/22
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
44:67:81:d5:82:77:30:19:23:84:41:f9:ec:62:83:5f:a6:a7:
12:93:e0:94:1d:9c:d7:1b:93:30:cd:8f:1e:59:6b:a8:a6:6d:
b2:97:57:a2:d6:91:1b:50:c3:5a:43:ab:4d:07:33:0f:7e:82:
df:ec:da:49:53:77:75:74:a4:31:54:e2:7d:2c:13:eb:fb:f4:
88:ed:fb:0f:83:47:c1:68:71:a9:24:64:ef:49:d3:68:d2:63:
21:bb:80:26:10:d1:7a:6a:66:6f:02:25:59:04:30:f9:b8:23:
c4:76:bc:28:03:32:ee:af:00:40:24:1d:c9:4d:59:95:da:ea:
c9:21:e5:62:d0:28:9a:a6:11:94:76:ff:c0:4e:50:f9:66:3d:
f2:94:73:99:41:02:73:48:ac:72:5b:d2:06:e0:72:53:0a:45:
aa:09:f5:41:0b:33:8e:1e:2e:27:a4:c0:5f:13:9b:fa:88:ee:
5c:d5:20:bc:eb:dd:41:01:ce:b3:f0:85:4f:75:3a:65:92:ce:
03:14:ad:27:eb:9c:e0:6a:5c:b2:cb:fb:72:1d:b8:c7:77:1f:
33:ce:e8:c4:79:de:5d:90:f3:37:56:46:b6:a1:27:ec:3f:be:
90:46:ac:e5:2b:86:ff:34:48:7d:8c:6d:4b:d1:1a:6b:b7:31:
35:38:e7:3a
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgISAZgNEdQq142XlXJMMaSiIKR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNzE1MDc1MjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNjZjczZDJhZGEyYmIwZmU3ZDgyOWRkOTNmNGRlZGJiNzU1ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBE7l50iDgihhJLEpIZgVgRqSxTY
bJ9bw/3nZXu6sCevW5uyXbNR8V05fLiYULA7Ek4JPprdE6xV85PaZw3NTTIMsP9d
tKqKU3FUqxv4HOORWBLmpO9LPcMseLDqCCP8TtFhNvXTbLQ7+LeMdbQK1c6NrlOy
Q+P+oLvKJ02PC0013hnJVqswJpu2cKh0CpBGf5IOlflQ7MwXNi82GzMe5oiI0ynZ
eZE5GWu4Iu5w8epmrMM8Ua7ZZUb6iUSfRptuSEZ14DCTVZ5ECQqd71757ZmXhwFq
yvoJ3Im9eRGnc6p4yDP7+D9PB7wgqyLWKAoVQjdEEV0Rc5pWTnQA4gPv6QIDAQAB
o4IDBjCCAwIwHQYDVR0OBBYEFFvM9z0q2iuw/n2Cndk/Te27dVg3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVzh6M1BTcmFLN0QtZllLZDJUOU43YnQxV0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBGgYIKwYBBQUHAQcBAf8EggEJMIIBBTCCAQEEAgABMIH6
AwQAUQW9AwQAUpgIAwQBUpiwAwQAUplFAwQCUpmIAwQAUpmfAwQAUpnZAwQAUpne
AwQCWdUAAwQAWdUGAwQBWdUsAwQBWdUyAwQCWdU4AwQAWdWLMAwDBAJZ1ZQDBAVZ
1YADBAJZ1awwDAMEAlnVxAMEBFnVwDAMAwQCWdXkAwQEWdXgAwQDbbAQAwQAbbAZ
AwQCbbDMAwQBbbDyAwQBuTF+AwQAuWUvMAwDBALCaUwDBAXCaUADBADUJk8DBAHU
JlgDBALVgoQDBADVmCsDBALV0jQDBADV2tADBADV2tMDBALV2vQwDAMEANmRQQME
ANmRQgMEA9mRSDANBgkqhkiG9w0BAQsFAAOCAQEARGeB1YJ3MBkjhEH57GKDX6an
EpPglB2c1xuTMM2PHllrqKZtspdXotaRG1DDWkOrTQczD36C3+zaSVN3dXSkMVTi
fSwT6/v0iO37D4NHwWhxqSRk70nTaNJjIbuAJhDRempmbwIlWQQw+bgjxHa8KAMy
7q8AQCQdyU1ZldrqySHlYtAomqYRlHb/wE5Q+WY98pRzmUECc0isclvSBuByUwpF
qgn1QQszjh4uJ6TAXxOb+ojuXNUgvOvdQQHOs/CFT3U6ZZLOAxStJ+uc4Gpcssv7
ch24x3cfM87oxHneXZDzN1ZGtqEn7D++kEas5SuG/zRIfYxtS9Eaa7cxNTjnOg==
-----END CERTIFICATE-----
Generated at Thu Jul 31 23:31:37 2025 by rpki-client