Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XKAozgqC89qKrmJ2DKXlIO-54cQ.roa
File: XKAozgqC89qKrmJ2DKXlIO-54cQ.roa (raw, json)
Hash identifier: bCaXremhp3QcGoh6edWNG05wpnS6gzKFPdr5JddGgBg=
Subject key identifier: 5C:A0:28:CE:0A:82:F3:DA:8A:AE:62:76:0C:A5:E5:20:EF:B9:E1:C4
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0194ADC353CDF5A72F55332418B34F060F97
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XKAozgqC89qKrmJ2DKXlIO-54cQ.roa
Signing time: Tue 28 Jan 2025 16:34:06 +0000
ROA not before: Tue 28 Jan 2025 16:34:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 82.152.7.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.50.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.222.0/24 maxlen: 24
82.153.228.0/23 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.159.0/24 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.171.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.196.0/24 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.211.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Wed 29 Jan 2025 14:44:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ad:c3:53:cd:f5:a7:2f:55:33:24:18:b3:4f:06:0f:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 28 16:34:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5ca028ce0a82f3da8aae62760ca5e520efb9e1c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:0f:1d:2f:41:50:de:b9:10:d9:2b:c8:d1:a3:
a7:30:77:00:9b:2b:fa:38:99:dd:1b:2f:9e:07:45:
09:c3:8a:b0:ba:1a:07:ab:3d:e9:23:8b:c3:6b:1a:
ba:29:36:ef:63:e6:3a:95:47:aa:48:08:b5:d3:ba:
91:51:5a:6a:d0:90:43:45:d5:ce:7c:8e:b7:18:fd:
07:23:49:1f:ed:60:60:45:8a:eb:23:4b:e6:5d:db:
02:fc:5e:be:5e:b1:79:30:d2:c0:f1:57:16:cb:c9:
73:8d:2e:57:e0:82:5f:dd:46:00:28:c7:71:34:f1:
75:f8:5c:70:31:70:9f:7f:24:95:f2:86:b3:c8:a2:
3b:4d:7c:60:8e:0b:20:be:6a:84:76:8d:ba:9e:b8:
fe:3d:9e:af:ef:9a:90:31:20:13:90:4a:e6:3e:2a:
92:00:43:a6:77:bb:52:70:a9:47:00:43:15:8f:ab:
53:c6:29:5a:62:34:74:a0:8e:d3:24:5a:56:d4:6d:
5f:98:0b:9f:b6:81:02:a0:61:48:09:de:00:84:63:
a8:17:be:68:1a:46:50:22:10:dd:99:8c:16:3b:ae:
41:72:c1:e2:fd:e2:e8:3a:e0:70:d4:cf:af:72:ed:
4c:bb:2a:ea:76:4e:83:5f:c8:cf:a2:c8:3d:2e:2e:
db:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:A0:28:CE:0A:82:F3:DA:8A:AE:62:76:0C:A5:E5:20:EF:B9:E1:C4
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/XKAozgqC89qKrmJ2DKXlIO-54cQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.7.0-82.152.8.255
82.152.176.0/23
82.153.50.0/24
82.153.136.0/22
82.153.222.0/24
82.153.228.0/23
82.153.243.0/24
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.164.0/24
89.213.167.0/24
89.213.169.0/24
89.213.171.0-89.213.175.255
89.213.181.0/24
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.152.43.0/24
213.210.52.0/22
213.218.211.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
25:8d:e5:1c:ce:f5:8e:30:ab:24:64:b2:e8:34:38:37:a9:b2:
6d:9e:f1:08:7e:69:40:1d:e0:c4:b8:5b:1a:56:fd:1b:24:a4:
5a:31:5b:cf:a6:d0:4f:ab:71:18:fb:1f:d9:4d:83:28:02:cf:
66:84:5c:19:3e:8c:88:be:63:f3:ae:13:31:d7:42:7f:bf:82:
66:cf:f1:b3:37:78:15:c7:e4:40:05:fc:3a:ab:9d:b2:ec:3d:
08:a0:1d:1c:67:cf:67:28:f4:76:4f:8b:1a:55:e5:c2:69:94:
0a:40:ae:6c:c7:da:83:86:f1:ed:12:1a:b0:43:87:ac:78:51:
57:41:fb:69:50:19:7f:8c:6c:6d:27:ba:e1:19:aa:55:ab:69:
0c:c0:d4:60:6c:4f:d1:c3:88:ae:4e:66:c1:da:38:4a:e3:3d:
50:81:01:49:60:49:b4:92:8c:e3:8b:98:6d:12:a4:d5:da:0d:
77:09:c5:06:bf:9c:5b:51:b9:ea:b7:db:62:55:fc:93:74:18:
89:2e:41:04:74:df:f6:a6:4c:af:f8:e5:06:51:08:6e:d6:f2:
f4:b8:73:3a:6c:3e:ef:49:b0:fc:01:9e:8b:24:8f:77:c7:1c:
79:d5:21:0b:3c:92:34:d1:5a:1b:05:0f:2b:76:57:3c:2a:48:
63:de:a1:28
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAZStw1PN9acvVTMkGLNPBg+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTI4MTYzNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2EwMjhjZTBhODJmM2RhOGFhZTYyNzYwY2E1ZTUyMGVmYjllMWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA8dL0FQ3rkQ2SvI0aOnMHcAmyv6
OJndGy+eB0UJw4qwuhoHqz3pI4vDaxq6KTbvY+Y6lUeqSAi107qRUVpq0JBDRdXO
fI63GP0HI0kf7WBgRYrrI0vmXdsC/F6+XrF5MNLA8VcWy8lzjS5X4IJf3UYAKMdx
NPF1+FxwMXCffySV8oazyKI7TXxgjgsgvmqEdo26nrj+PZ6v75qQMSATkErmPiqS
AEOmd7tScKlHAEMVj6tTxilaYjR0oI7TJFpW1G1fmAuftoECoGFICd4AhGOoF75o
GkZQIhDdmYwWO65BcsHi/eLoOuBw1M+vcu1Muyrqdk6DX8jPosg9Li7bgQIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFFygKM4KgvPaiq5idgyl5SDvueHEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWEtBb3pncUM4OXFLcm1KMkRLWGxJTy01NGNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FjAMAwQAUpgHAwQAUpgIAwQBUpiwAwQAUpkyAwQCUpmIAwQAUpneAwQBUpnkAwQA
UpnzAwQBWdUsAwQBWdUyAwQCWdU4AwQAWdWBAwQAWdWEAwQAWdWLAwQAWdWPMAwD
BABZ1ZEDBABZ1ZIwDAMEAlnVlAMEBVnVgAMEAFnVogMEAFnVpAMEAFnVpwMEAFnV
qTAMAwQAWdWrAwQEWdWgAwQAWdW1AwQAWdW/MAwDBAJZ1cQDBARZ1cAwDAMEAlnV
5AMEBFnV4AMEA22wEAMEAm2wzAMEAW2w8gMEAbkxfgMEBMJpUAMEANQmTwMEAdQm
WAMEANWYKwMEAtXSNAMEANXa0zAMAwQA2ZFBAwQA2ZFCAwQD2ZFIMA0GCSqGSIb3
DQEBCwUAA4IBAQAljeUczvWOMKskZLLoNDg3qbJtnvEIfmlAHeDEuFsaVv0bJKRa
MVvPptBPq3EY+x/ZTYMoAs9mhFwZPoyIvmPzrhMx10J/v4Jmz/GzN3gVx+RABfw6
q52y7D0IoB0cZ89nKPR2T4saVeXCaZQKQK5sx9qDhvHtEhqwQ4eseFFXQftpUBl/
jGxtJ7rhGapVq2kMwNRgbE/Rw4iuTmbB2jhK4z1QgQFJYEm0kozji5htEqTV2g13
CcUGv5xbUbnqt9tiVfyTdBiJLkEEdN/2pkyv+OUGUQhu1vL0uHM6bD7vSbD8AZ6L
JI93xxx51SELPJI00VobBQ8rdlc8Kkhj3qEo
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:28:01 2025 by rpki-client