Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z-Kg3msFa430zYmykflbITe3Llw.roa
File: Z-Kg3msFa430zYmykflbITe3Llw.roa (raw, json)
Hash identifier: hjbn9TAKrG+qeWL4DLD2OhiMOgfgE9gy9QlDobg/eqU=
Subject key identifier: 67:E2:A0:DE:6B:05:6B:8D:F4:CD:89:B2:91:F9:5B:21:37:B7:2E:5C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01942CAE7BC4F495485FB5757330A2030D3E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z-Kg3msFa430zYmykflbITe3Llw.roa
Signing time: Fri 03 Jan 2025 15:00:19 +0000
ROA not before: Fri 03 Jan 2025 15:00:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.136.0/22 maxlen: 22
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.210.0/24 maxlen: 24
213.218.211.0/24 maxlen: 24
213.218.212.0/24 maxlen: 24
213.218.215.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Mon 06 Jan 2025 09:26:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:2c:ae:7b:c4:f4:95:48:5f:b5:75:73:30:a2:03:0d:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 3 15:00:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67e2a0de6b056b8df4cd89b291f95b2137b72e5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:4a:09:46:f6:5f:72:7e:1c:bf:53:ce:3e:64:
92:d1:33:c9:c6:a9:17:04:dc:b2:ff:a2:90:2c:73:
be:df:4e:53:89:05:76:9f:49:72:96:61:a8:c8:19:
67:02:d5:b2:7e:09:6c:43:89:10:84:c1:b0:93:22:
f1:94:f2:bf:ae:32:03:6f:d0:aa:4f:26:df:60:c1:
22:25:a2:36:12:1f:53:5c:d0:74:14:1b:e1:e0:56:
b2:00:4c:02:00:6f:4b:5a:ad:e9:c8:93:1a:60:23:
4e:b1:ae:1f:07:8c:81:24:89:23:b8:2c:fc:c8:f9:
09:4e:b9:5c:75:a9:21:12:33:bb:d8:3e:b2:cb:56:
8a:96:85:33:a2:08:b3:3c:91:84:8c:87:91:64:80:
00:51:80:96:cb:ad:b3:00:5e:48:6a:cc:2a:92:58:
c1:0f:0b:79:a5:47:5e:8d:2b:d4:51:a3:88:84:e2:
f7:2b:9c:47:d1:e7:5a:f4:e1:ad:34:76:13:b0:32:
a0:ed:dc:73:91:69:f3:a5:2b:41:58:63:79:d4:a0:
30:cf:21:9d:d8:ee:50:3a:98:25:4d:31:b3:2a:a6:
c2:42:9f:5f:1c:0b:ee:37:d7:98:f2:dc:b6:1e:1a:
be:b0:0f:f2:56:80:43:5c:db:1c:6b:33:32:4c:7c:
b8:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:E2:A0:DE:6B:05:6B:8D:F4:CD:89:B2:91:F9:5B:21:37:B7:2E:5C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Z-Kg3msFa430zYmykflbITe3Llw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.8.0/24
82.152.176.0/23
82.153.136.0/22
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.164.0/24
89.213.167.0/24
89.213.169.0/24
89.213.172.0/22
89.213.181.0/24
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.152.43.0/24
213.210.52.0/22
213.218.210.0-213.218.212.255
213.218.215.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
16:c6:c0:ec:fb:ee:ed:37:87:5a:cc:19:ae:47:e0:75:35:60:
87:78:d8:6c:9f:34:12:5b:cc:d1:05:dc:99:54:57:2a:85:c5:
09:76:0b:f1:5a:62:0b:4b:25:82:0d:e7:4f:bd:aa:16:a2:61:
2c:72:d5:c2:e1:1e:86:ef:21:99:aa:4f:a9:57:ed:6a:3e:9b:
5a:09:5e:c5:9e:e3:50:fb:11:36:31:b2:b0:22:d4:f1:66:77:
cf:15:6b:34:5a:4c:f5:d1:09:50:57:51:6e:cf:5e:0c:95:65:
fb:5b:9e:f6:fd:93:d0:2e:7f:68:05:41:c5:8e:3a:85:2a:2f:
66:9f:b4:25:15:d1:6a:09:5b:5a:f1:7a:9e:f3:c0:e2:b6:c0:
39:65:4b:95:85:e3:77:9c:fe:56:0e:ec:61:7c:8b:bf:90:b6:
2c:b5:e3:ef:2d:c3:02:d7:6b:e1:a4:4f:9d:c1:c9:0a:84:37:
a1:59:26:fc:8b:18:76:0d:57:15:2d:f7:90:c4:72:d1:6f:a4:
16:fd:95:29:8c:90:ed:94:09:69:c0:d7:f3:1b:d1:04:ea:62:
de:33:e6:ef:d2:9e:65:4a:d9:12:0b:32:af:a8:1e:72:90:1e:
e6:21:3e:0d:76:96:7c:8a:85:10:82:54:d6:48:97:f4:c0:9a:
3c:21:6b:c6
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZQsrnvE9JVIX7V1czCiAw0+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAzMTUwMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2UyYTBkZTZiMDU2YjhkZjRjZDg5YjI5MWY5NWIyMTM3YjcyZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUoJRvZfcn4cv1POPmSS0TPJxqkX
BNyy/6KQLHO+305TiQV2n0lylmGoyBlnAtWyfglsQ4kQhMGwkyLxlPK/rjIDb9Cq
TybfYMEiJaI2Eh9TXNB0FBvh4FayAEwCAG9LWq3pyJMaYCNOsa4fB4yBJIkjuCz8
yPkJTrlcdakhEjO72D6yy1aKloUzogizPJGEjIeRZIAAUYCWy62zAF5IaswqkljB
Dwt5pUdejSvUUaOIhOL3K5xH0eda9OGtNHYTsDKg7dxzkWnzpStBWGN51KAwzyGd
2O5QOpglTTGzKqbCQp9fHAvuN9eY8ty2Hhq+sA/yVoBDXNscazMyTHy44wIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFGfioN5rBWuN9M2JspH5WyE3ty5cMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWi1LZzNtc0ZhNDMwellteWtmbGJJVGUzTGx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCCAQMEAgABMIH8
AwQAUpgIAwQBUpiwAwQCUpmIAwQBWdUsAwQBWdUyAwQCWdU4AwQAWdWBAwQAWdWE
AwQAWdWLAwQAWdWPMAwDBABZ1ZEDBABZ1ZIwDAMEAlnVlAMEBVnVgAMEAFnVogME
AFnVpAMEAFnVpwMEAFnVqQMEAlnVrAMEAFnVtQMEAFnVvzAMAwQCWdXEAwQEWdXA
MAwDBAJZ1eQDBARZ1eADBANtsBADBAJtsMwDBAFtsPIDBAG5MX4DBATCaVADBADU
Jk8DBAHUJlgDBADVmCsDBALV0jQwDAMEAdXa0gMEANXa1AMEANXa1zAMAwQA2ZFB
AwQA2ZFCAwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQAWxsDs++7tN4dazBmuR+B1
NWCHeNhsnzQSW8zRBdyZVFcqhcUJdgvxWmILSyWCDedPvaoWomEsctXC4R6G7yGZ
qk+pV+1qPptaCV7FnuNQ+xE2MbKwItTxZnfPFWs0Wkz10QlQV1Fuz14MlWX7W572
/ZPQLn9oBUHFjjqFKi9mn7QlFdFqCVta8Xqe88DitsA5ZUuVheN3nP5WDuxhfIu/
kLYstePvLcMC12vhpE+dwckKhDehWSb8ixh2DVcVLfeQxHLRb6QW/ZUpjJDtlAlp
wNfzG9EE6mLeM+bv0p5lStkSCzKvqB5ykB7mIT4NdpZ8ioUQglTWSJf0wJo8IWvG
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:32:22 2025 by rpki-client