Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/p9HY68Khbox3cTMExZJdjhsyvPo.roa
File: p9HY68Khbox3cTMExZJdjhsyvPo.roa (raw, json)
Hash identifier: DONSXwBlQlV2i4448i1XnMBGcAGjPbawfo1ZvqbC6yA=
Subject key identifier: A7:D1:D8:EB:C2:A1:6E:8C:77:71:33:04:C5:92:5D:8E:1B:32:BC:FA
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019396157AE77E2BED0A1308FC5E02FF9CAB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/p9HY68Khbox3cTMExZJdjhsyvPo.roa
Signing time: Thu 05 Dec 2024 09:10:10 +0000
ROA not before: Thu 05 Dec 2024 09:10:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.136.0/22 maxlen: 22
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.88.0/23 maxlen: 24
213.130.153.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.211.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Sun 08 Dec 2024 22:20:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:96:15:7a:e7:7e:2b:ed:0a:13:08:fc:5e:02:ff:9c:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 5 09:10:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a7d1d8ebc2a16e8c77713304c5925d8e1b32bcfa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:f4:fc:27:3d:53:63:23:2b:1e:12:2e:6c:97:
0d:51:ea:b1:0e:58:e4:b3:a1:80:ee:68:cb:c4:9b:
14:67:f0:2e:ef:40:4d:24:df:d9:3f:d0:3e:0f:98:
5d:31:84:fa:b2:f5:ad:fb:6e:f3:44:03:ee:bb:29:
17:73:0b:79:45:82:30:76:f5:17:96:8d:23:b4:2b:
24:07:90:3d:7b:51:04:0b:ec:4b:f6:4f:bf:e0:82:
3e:72:31:60:59:0d:27:34:5b:b3:d9:fa:45:8f:4a:
5e:8f:f6:82:b9:bd:3c:76:d7:fe:f4:a4:14:d3:76:
f5:c8:e6:43:a6:55:30:28:17:49:3c:be:67:cd:c7:
10:4b:ed:05:3a:72:2e:f7:6b:9a:23:2e:7e:cd:fe:
42:ac:ad:78:b2:4a:71:6b:20:f3:54:dd:69:17:a7:
98:a2:f9:03:ba:60:69:70:2e:ab:9f:a0:51:20:29:
91:29:29:8a:30:a5:a6:d3:bf:6d:40:21:b7:74:0e:
14:d3:80:76:de:1b:86:41:25:ba:9c:be:c7:34:df:
65:c0:15:f7:d2:65:51:88:89:cb:b9:84:bd:dc:c5:
ea:ea:a6:d2:f1:57:ba:59:29:5f:c3:33:fd:b8:fd:
25:75:e3:c1:60:1c:33:29:4f:fa:b7:62:4e:f0:f0:
c9:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:D1:D8:EB:C2:A1:6E:8C:77:71:33:04:C5:92:5D:8E:1B:32:BC:FA
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/p9HY68Khbox3cTMExZJdjhsyvPo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.8.0/24
82.152.176.0/23
82.153.136.0/22
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.167.0/24
89.213.172.0/22
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.88.0/23
213.130.153.0/24
213.210.52.0/22
213.218.211.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
3b:88:2b:a6:8c:b8:10:22:76:53:cd:42:c8:dd:fc:78:15:ad:
c9:98:2e:3b:73:b3:a5:34:84:5a:1e:a0:d0:f2:52:a2:9d:ab:
32:cc:d1:e8:ac:d2:40:31:a3:86:18:7a:1a:56:74:00:82:d1:
f2:ab:70:df:ff:4a:6e:96:eb:cf:72:75:10:ce:10:de:35:ff:
53:fa:40:f3:01:5c:48:bf:b0:c1:2a:22:68:0b:a6:27:65:1e:
a3:03:d0:41:d5:d5:9c:b5:8e:c6:f6:b9:01:e3:74:74:fb:65:
b9:f9:4d:f8:3f:21:55:57:ad:af:a7:82:c8:1d:a7:32:be:3f:
4a:84:a2:e6:0b:87:17:ca:32:74:6b:c7:31:be:4e:29:fc:51:
2e:ec:48:59:3c:c1:c0:5d:a1:6c:d7:aa:e8:93:b7:a8:78:38:
14:88:c9:e9:2e:e5:57:ff:a7:03:44:f9:01:19:f8:3c:62:8f:
4c:99:61:a5:3e:c2:2a:4e:2e:2f:33:01:93:37:4b:bd:6d:67:
36:1d:a3:17:52:42:69:3a:7b:36:b2:9a:52:dc:84:dd:a1:ca:
c9:ec:1d:30:81:cf:a1:02:b6:e2:0a:90:01:99:a2:a2:14:0c:
1f:88:1e:e3:0a:bc:76:bb:db:e9:74:77:a4:f4:3f:6e:d6:3e:
fa:ba:7f:d7
-----BEGIN CERTIFICATE-----
MIIFzDCCBLSgAwIBAgISAZOWFXrnfivtChMI/F4C/5yrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMjA1MDkxMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2QxZDhlYmMyYTE2ZThjNzc3MTMzMDRjNTkyNWQ4ZTFiMzJiY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/T8Jz1TYyMrHhIubJcNUeqxDljk
s6GA7mjLxJsUZ/Au70BNJN/ZP9A+D5hdMYT6svWt+27zRAPuuykXcwt5RYIwdvUX
lo0jtCskB5A9e1EEC+xL9k+/4II+cjFgWQ0nNFuz2fpFj0pej/aCub08dtf+9KQU
03b1yOZDplUwKBdJPL5nzccQS+0FOnIu92uaIy5+zf5CrK14skpxayDzVN1pF6eY
ovkDumBpcC6rn6BRICmRKSmKMKWm079tQCG3dA4U04B23huGQSW6nL7HNN9lwBX3
0mVRiInLuYS93MXq6qbS8Ve6WSlfwzP9uP0ldePBYBwzKU/6t2JO8PDJ8QIDAQAB
o4IC2DCCAtQwHQYDVR0OBBYEFKfR2OvCoW6Md3EzBMWSXY4bMrz6MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcDlIWTY4S2hib3gzY1RNRXhaSmRqaHN5dlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHtBggrBgEFBQcBBwEB/wSB3TCB2jCB1wQCAAEwgdADBABS
mAgDBAFSmLADBAJSmYgDBAFZ1SwDBAFZ1TIDBAJZ1TgDBABZ1YEDBABZ1YQDBABZ
1YswDAMEAFnVkQMEAFnVkjAMAwQCWdWUAwQFWdWAAwQAWdWiAwQAWdWnAwQCWdWs
AwQAWdW/MAwDBAJZ1cQDBARZ1cAwDAMEAlnV5AMEBFnV4AMEA22wEAMEAm2wzAME
AW2w8gMEAbkxfgMEBMJpUAMEAdQmWAMEANWCmQMEAtXSNAMEANXa0zAMAwQA2ZFB
AwQA2ZFCAwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQA7iCumjLgQInZTzULI3fx4
Fa3JmC47c7OlNIRaHqDQ8lKinasyzNHorNJAMaOGGHoaVnQAgtHyq3Df/0puluvP
cnUQzhDeNf9T+kDzAVxIv7DBKiJoC6YnZR6jA9BB1dWctY7G9rkB43R0+2W5+U34
PyFVV62vp4LIHacyvj9KhKLmC4cXyjJ0a8cxvk4p/FEu7EhZPMHAXaFs16rok7eo
eDgUiMnpLuVX/6cDRPkBGfg8Yo9MmWGlPsIqTi4vMwGTN0u9bWc2HaMXUkJpOns2
sppS3ITdocrJ7B0wgc+hArbiCpABmaKiFAwfiB7jCrx2u9vpdHek9D9u1j76un/X
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:20:38 2025 by rpki-client