Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ntTUOT82K6zyTWion8Sh6atDB40.roa
File: ntTUOT82K6zyTWion8Sh6atDB40.roa (raw, json)
Hash identifier: W6jQ2HYVe0CFc7EztrxxwnYRls/YHVNFVj4GB4E6xX8=
Subject key identifier: 9E:D4:D4:39:3F:36:2B:AC:F2:4D:68:A8:9F:C4:A1:E9:AB:43:07:8D
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018F388822BAB716D0D62F993D27B7142849
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ntTUOT82K6zyTWion8Sh6atDB40.roa
Signing time: Thu 02 May 2024 08:59:56 +0000
ROA not before: Thu 02 May 2024 08:59:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 174
IP address blocks: 82.153.216.0/24 maxlen: 24
82.153.217.0/24 maxlen: 24
82.153.218.0/24 maxlen: 24
82.153.219.0/24 maxlen: 24
109.176.204.0/22 maxlen: 22
213.130.132.0/22 maxlen: 22
213.210.52.0/22 maxlen: 22
213.218.244.0/22 maxlen: 22
217.145.72.0/21 maxlen: 22
Validation: Failed, certificate revoked on Tue 04 Jun 2024 07:11:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:38:88:22:ba:b7:16:d0:d6:2f:99:3d:27:b7:14:28:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 2 08:59:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9ed4d4393f362bacf24d68a89fc4a1e9ab43078d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d8:f5:18:99:52:79:d6:2d:cc:eb:1e:d6:a3:
4d:b1:51:31:33:0f:03:73:45:85:f1:37:a9:1e:ab:
40:a0:36:dd:34:8c:7e:17:f7:00:24:77:4f:88:61:
6b:ec:aa:5d:f1:c5:e8:cf:57:6e:a3:32:9e:58:82:
1a:da:49:70:eb:5e:8d:7a:71:ff:87:09:9b:5e:db:
ef:13:47:4b:c7:7f:eb:9c:42:99:c8:fc:00:b3:dd:
82:c3:32:0c:d1:e9:bf:b8:c3:63:5c:5f:a8:8f:2d:
9e:ef:10:3b:0d:05:92:c1:97:d2:8c:34:57:ef:d4:
91:73:a0:6e:ca:0a:d4:9d:48:12:ab:31:b9:26:e7:
85:97:66:4d:77:cd:7e:a7:3f:72:a9:2d:63:d2:cb:
a9:50:15:c1:da:d5:2a:22:c6:e5:0b:23:da:99:fd:
c9:d6:42:81:9b:a8:b4:f4:0e:0e:c6:83:cd:22:a4:
7d:7f:2f:47:5a:22:22:4b:ca:61:5e:b3:b0:35:ff:
c9:a5:7e:5e:4b:5c:c8:45:14:57:1e:cf:f4:93:91:
6e:98:e7:68:e9:15:77:b7:25:9f:a5:3b:d5:fe:2a:
bd:e0:60:39:5f:95:0b:16:68:23:5a:8d:a4:11:4f:
3d:c9:da:77:6b:3a:39:df:f7:52:02:77:3f:1d:2d:
56:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:D4:D4:39:3F:36:2B:AC:F2:4D:68:A8:9F:C4:A1:E9:AB:43:07:8D
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ntTUOT82K6zyTWion8Sh6atDB40.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.216.0/22
109.176.204.0/22
213.130.132.0/22
213.210.52.0/22
213.218.244.0/22
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
07:03:bf:69:86:25:38:ba:9c:8e:63:9c:00:4b:60:ad:63:e9:
92:12:41:50:64:b0:56:39:ec:97:22:24:64:22:c8:3b:94:bd:
23:0b:69:cb:2f:9d:6b:e5:f6:aa:4d:3d:55:fa:35:42:d5:b0:
7d:61:14:54:0d:00:0e:f6:36:2b:a1:fa:ac:09:f0:ef:d3:3c:
34:22:a4:db:15:5c:71:36:de:1a:22:b9:8a:a9:62:a4:09:56:
b8:74:6a:4a:69:7f:02:8f:87:c8:0a:35:f9:63:9e:ae:79:78:
e2:e4:87:8f:60:94:e5:a3:f5:78:12:c2:4f:ad:d0:2b:d9:e0:
f4:f7:bf:82:c7:55:1e:f3:94:89:94:9e:a0:1b:0f:b4:46:d1:
20:33:17:0d:1e:25:27:fe:4e:a0:09:f0:eb:0d:a6:08:7b:8b:
83:06:03:34:d8:c2:46:09:ad:cb:4d:5d:bb:ac:4c:72:b2:76:
e3:7c:d7:73:2a:8c:27:6c:25:db:99:94:12:10:79:ad:e5:3f:
60:a1:43:02:17:3a:0c:ab:6e:b6:bd:51:07:45:16:b3:fc:19:
e4:95:f3:e0:39:98:b6:88:c0:68:45:ea:b1:10:94:15:43:8f:
e6:85:ba:77:11:78:14:9a:68:22:fb:69:20:7a:79:5f:47:74:
b5:b9:a5:03
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY84iCK6txbQ1i+ZPSe3FChJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTAyMDg1OTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ0ZDQzOTNmMzYyYmFjZjI0ZDY4YTg5ZmM0YTFlOWFiNDMwNzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtj1GJlSedYtzOse1qNNsVExMw8D
c0WF8TepHqtAoDbdNIx+F/cAJHdPiGFr7Kpd8cXoz1duozKeWIIa2klw616NenH/
hwmbXtvvE0dLx3/rnEKZyPwAs92CwzIM0em/uMNjXF+ojy2e7xA7DQWSwZfSjDRX
79SRc6BuygrUnUgSqzG5JueFl2ZNd81+pz9yqS1j0supUBXB2tUqIsblCyPamf3J
1kKBm6i09A4OxoPNIqR9fy9HWiIiS8phXrOwNf/JpX5eS1zIRRRXHs/0k5FumOdo
6RV3tyWfpTvV/iq94GA5X5ULFmgjWo2kEU89ydp3azo53/dSAnc/HS1WewIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJ7U1Dk/Nius8k1oqJ/EoemrQweNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbnRUVU9UODJLNnp5VFdpb244U2g2YXREQjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCUpnYAwQC
bbDMAwQC1YKEAwQC1dI0AwQC1dr0AwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQAH
A79phiU4upyOY5wAS2CtY+mSEkFQZLBWOeyXIiRkIsg7lL0jC2nLL51r5faqTT1V
+jVC1bB9YRRUDQAO9jYrofqsCfDv0zw0IqTbFVxxNt4aIrmKqWKkCVa4dGpKaX8C
j4fICjX5Y56ueXji5IePYJTlo/V4EsJPrdAr2eD097+Cx1Ue85SJlJ6gGw+0RtEg
MxcNHiUn/k6gCfDrDaYIe4uDBgM02MJGCa3LTV27rExysnbjfNdzKownbCXbmZQS
EHmt5T9goUMCFzoMq262vVEHRRaz/BnklfPgOZi2iMBoReqxEJQVQ4/mhbp3EXgU
mmgi+2kgenlfR3S1uaUD
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:06:10 2025 by rpki-client