Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r3YBfNe9dQ4_eZXbhp6zBOxPltE.roa
File: r3YBfNe9dQ4_eZXbhp6zBOxPltE.roa (raw, json)
Hash identifier: e+ubcOIkv88S5/4o6LzttGH6NxvN4qWpTvFlTNH8XG8=
Subject key identifier: AF:76:01:7C:D7:BD:75:0E:3F:79:95:DB:86:9E:B3:04:EC:4F:96:D1
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0194076AAEFBD9A3FF91E4BC72AC547E1F81
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r3YBfNe9dQ4_eZXbhp6zBOxPltE.roa
Signing time: Fri 27 Dec 2024 09:20:19 +0000
ROA not before: Fri 27 Dec 2024 09:20:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20473
IP address blocks: 81.5.189.0/24 maxlen: 24
81.168.122.0/24 maxlen: 24
82.152.131.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.176.0/24 maxlen: 24
89.213.183.0/24 maxlen: 24
109.176.230.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 31 Dec 2024 09:41:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:07:6a:ae:fb:d9:a3:ff:91:e4:bc:72:ac:54:7e:1f:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 27 09:20:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=af76017cd7bd750e3f7995db869eb304ec4f96d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:8a:54:e6:8b:71:1f:7e:51:fc:23:b1:70:32:
96:01:7c:5b:df:1e:4b:23:3b:c9:fd:96:9b:1f:a2:
23:b4:c8:a8:d1:d3:cb:77:cb:5e:3b:45:28:a1:c5:
13:80:b3:d9:36:93:a5:71:dd:52:8b:45:87:ab:c5:
b3:32:74:07:10:0c:c7:56:51:45:db:b8:02:f1:39:
22:2f:ac:fc:e5:4d:99:85:da:c0:48:21:2a:3f:4b:
d3:7b:d2:9a:37:95:42:56:e5:b9:6c:96:1a:ff:ef:
e6:b0:7c:3e:ff:34:22:37:a6:1e:16:e2:a7:98:da:
f1:96:31:22:97:1c:c8:81:22:cd:0b:35:08:27:c5:
6e:0f:a7:a9:6e:b7:f0:63:3b:70:14:fe:ba:65:c3:
e5:e9:86:55:f8:3b:6f:3a:a2:3d:39:53:6a:32:3b:
7c:d0:42:b4:83:e0:c3:51:3a:df:89:f0:9f:3e:42:
25:d7:37:fe:df:a5:88:eb:29:b0:33:04:74:74:c9:
97:bf:c7:93:fa:f4:dc:72:89:14:ee:d8:d7:f2:93:
d0:1d:3e:3d:5b:61:7e:2c:7b:d4:6c:1a:e7:49:2b:
d2:29:35:54:90:f0:51:8f:21:e6:ad:0b:3d:0e:53:
73:64:d8:28:48:93:06:bc:c1:99:6c:50:af:8e:93:
b4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:76:01:7C:D7:BD:75:0E:3F:79:95:DB:86:9E:B3:04:EC:4F:96:D1
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/r3YBfNe9dQ4_eZXbhp6zBOxPltE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
81.168.122.0/24
82.152.131.0/24
89.213.143.0/24
89.213.152.0/24
89.213.176.0/24
89.213.183.0/24
109.176.230.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:cb:20:33:0e:cb:96:64:04:ae:d7:01:4e:f7:75:5b:63:16:
1b:bd:1c:fd:7c:ed:f7:bd:5a:ee:12:ac:dd:c7:8c:66:7f:cd:
d2:9a:db:00:dd:14:e2:40:cd:b2:5a:cd:57:b3:5f:31:07:74:
97:a4:60:fa:63:b7:b0:11:8c:e9:d7:b3:b2:b2:05:61:04:da:
0b:a8:04:28:fe:64:b0:ce:a4:61:0d:44:39:07:ad:f3:09:58:
13:93:ad:39:6e:cc:9e:a6:79:e6:8a:0e:8e:da:a7:63:88:59:
fa:06:4f:ef:78:53:a7:be:05:7d:e9:6a:6b:a8:cf:2f:2f:63:
45:84:13:11:35:3b:45:1c:26:45:8f:25:e7:35:e4:e2:ab:07:
8f:56:56:5e:7f:66:ad:b6:ae:a1:c2:45:57:6e:86:25:59:df:
9d:b9:32:17:08:c2:f4:6f:1d:d1:bf:05:b8:79:ec:1f:e7:ab:
87:b1:f2:fb:57:20:39:06:36:e2:4e:06:6c:36:79:72:4e:ee:
e0:1c:d8:fe:f0:1b:59:12:f7:99:d4:6b:b1:f3:da:14:e8:c4:
d8:bc:7c:0c:8d:3c:c8:58:86:d9:5f:2b:bf:b2:73:95:ee:86:
d1:79:c3:8b:1f:13:e4:f3:a8:ef:6d:70:78:d2:6c:a3:b3:c9:
90:99:a3:f5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQHaq772aP/keS8cqxUfh+BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMjI3MDkyMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjc2MDE3Y2Q3YmQ3NTBlM2Y3OTk1ZGI4NjllYjMwNGVjNGY5NmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4pU5otxH35R/COxcDKWAXxb3x5L
IzvJ/ZabH6IjtMio0dPLd8teO0UoocUTgLPZNpOlcd1Si0WHq8WzMnQHEAzHVlFF
27gC8TkiL6z85U2ZhdrASCEqP0vTe9KaN5VCVuW5bJYa/+/msHw+/zQiN6YeFuKn
mNrxljEilxzIgSLNCzUIJ8VuD6epbrfwYztwFP66ZcPl6YZV+DtvOqI9OVNqMjt8
0EK0g+DDUTrfifCfPkIl1zf+36WI6ymwMwR0dMmXv8eT+vTccokU7tjX8pPQHT49
W2F+LHvUbBrnSSvSKTVUkPBRjyHmrQs9DlNzZNgoSJMGvMGZbFCvjpO0QQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFK92AXzXvXUOP3mV24aeswTsT5bRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcjNZQmZOZTlkUTRfZVpYYmhwNnpCT3hQbHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUQW9AwQA
Uah6AwQAUpiDAwQAWdWPAwQAWdWYAwQAWdWwAwQAWdW3AwQAbbDmMA0GCSqGSIb3
DQEBCwUAA4IBAQBryyAzDsuWZASu1wFO93VbYxYbvRz9fO33vVruEqzdx4xmf83S
mtsA3RTiQM2yWs1Xs18xB3SXpGD6Y7ewEYzp17OysgVhBNoLqAQo/mSwzqRhDUQ5
B63zCVgTk605bsyepnnmig6O2qdjiFn6Bk/veFOnvgV96WprqM8vL2NFhBMRNTtF
HCZFjyXnNeTiqwePVlZef2attq6hwkVXboYlWd+duTIXCML0bx3RvwW4eewf56uH
sfL7VyA5BjbiTgZsNnlyTu7gHNj+8BtZEveZ1Gux89oU6MTYvHwMjTzIWIbZXyu/
snOV7obRecOLHxPk86jvbXB40myjs8mQmaP1
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:08:55 2025 by rpki-client