Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yiZ0ei5a6gYktdVAvjTJKjLMwzA.roa
File: yiZ0ei5a6gYktdVAvjTJKjLMwzA.roa (raw, json)
Hash identifier: PD7TAYivI71FUqmdCR9vkBWxOwZilJp8dyWRjfOuUDc=
Subject key identifier: CA:26:74:7A:2E:5A:EA:06:24:B5:D5:40:BE:34:C9:2A:32:CC:C3:30
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019493DFD310F47D518BD0DC69011452E325
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yiZ0ei5a6gYktdVAvjTJKjLMwzA.roa
Signing time: Thu 23 Jan 2025 15:55:06 +0000
ROA not before: Thu 23 Jan 2025 15:55:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 82.152.7.0/24 maxlen: 24
82.152.8.0/24 maxlen: 24
82.152.176.0/23 maxlen: 23
82.153.0.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.222.0/24 maxlen: 24
82.153.228.0/23 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.132.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.143.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.159.0/24 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.171.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.191.0/24 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.196.0/24 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.88.0/23 maxlen: 24
213.152.43.0/24 maxlen: 24
213.210.52.0/22 maxlen: 22
213.218.211.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
Validation: Failed, certificate revoked on Fri 24 Jan 2025 10:06:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:93:df:d3:10:f4:7d:51:8b:d0:dc:69:01:14:52:e3:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 23 15:55:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ca26747a2e5aea0624b5d540be34c92a32ccc330
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:20:cc:bc:a9:33:aa:34:91:62:68:7d:e9:b1:
b5:1a:8d:ce:db:d8:0d:9a:e4:41:c3:d5:67:c3:cb:
61:e2:b6:39:ce:d1:40:5f:f6:8f:89:cd:40:a6:f6:
61:67:f3:22:49:d7:92:db:7f:11:40:47:9b:79:c2:
f9:d9:be:07:c5:5e:3e:e4:8c:f3:eb:62:f1:70:1e:
19:8d:cf:b6:86:57:9d:7f:5b:58:8c:16:1a:2a:70:
21:33:55:38:57:34:c0:9d:d7:4b:e9:05:39:b6:f0:
75:6f:4e:a5:b1:a7:da:92:50:e5:e7:56:a8:e7:a1:
0e:34:da:71:d7:a2:ce:96:ed:23:6c:69:db:78:0f:
bb:49:68:3e:e2:d6:35:0c:1d:69:5c:c1:0d:7c:c4:
e9:35:7a:5d:44:33:f8:77:e7:dd:4a:b1:89:80:65:
a8:72:0f:f9:3e:0e:17:66:7c:40:e1:50:05:5a:a6:
9a:12:e3:d9:45:9e:e2:a2:36:33:2a:0f:a6:4b:fa:
a0:ac:4a:02:17:b0:66:1c:e2:4a:c7:c8:8c:c2:85:
74:b9:67:f4:03:4e:34:28:e7:02:5a:cb:7a:b1:5e:
85:50:d9:29:18:a5:d3:8f:95:a5:85:3b:32:35:10:
73:01:5e:74:84:4f:f8:22:b7:f4:72:4d:b9:9e:41:
5a:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:26:74:7A:2E:5A:EA:06:24:B5:D5:40:BE:34:C9:2A:32:CC:C3:30
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yiZ0ei5a6gYktdVAvjTJKjLMwzA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.7.0-82.152.8.255
82.152.176.0/23
82.153.0.0/24
82.153.136.0/22
82.153.222.0/24
82.153.228.0/23
82.153.243.0/24
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.132.0/24
89.213.139.0/24
89.213.143.0/24
89.213.145.0-89.213.146.255
89.213.148.0-89.213.159.255
89.213.162.0/24
89.213.164.0/24
89.213.167.0/24
89.213.169.0/24
89.213.171.0-89.213.175.255
89.213.181.0/24
89.213.191.0/24
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.79.0/24
212.38.88.0/23
213.152.43.0/24
213.210.52.0/22
213.218.211.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
81:5f:13:8d:bc:cf:19:a9:3c:73:97:75:47:c4:04:da:d1:0c:
0b:43:b6:34:b8:1f:c2:61:5e:71:96:96:31:e9:d0:8a:b8:af:
90:17:fb:9d:48:ae:4d:87:59:d8:1d:8e:61:a5:02:43:f9:3e:
eb:36:84:31:df:7b:0f:06:d8:31:84:61:37:97:96:ef:b5:56:
35:ff:8e:e6:60:11:61:02:1c:59:c6:b1:c2:f4:b5:ec:12:60:
20:75:19:7b:3d:e1:3f:19:85:de:ff:29:7f:78:30:d5:f7:2a:
ac:a9:24:74:30:d9:0c:8c:c9:21:3d:a4:0e:64:cb:3c:06:7a:
6e:b5:2c:af:2f:90:45:6c:fb:09:ee:66:62:cf:0d:f9:ad:fc:
0d:ed:28:5e:43:3b:5f:d8:23:4b:24:03:4a:ce:05:92:8c:2a:
3f:a0:a8:f1:cf:6f:64:aa:e2:52:46:92:88:c9:f7:21:27:2c:
7c:c1:5c:35:14:09:89:9f:37:d1:75:23:6e:d5:37:98:a5:02:
af:bd:3d:87:22:fe:30:73:28:4f:ca:df:8d:8c:b4:ae:a2:b9:
a7:fa:d7:21:1f:3e:22:0c:3c:4f:21:4a:f0:1b:72:13:ac:f0:
52:65:70:95:19:e0:ec:2b:d5:3e:65:6d:c6:02:34:ea:17:d2:
74:26:e8:ce
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAZST39MQ9H1Ri9DcaQEUUuMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTIzMTU1NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI2NzQ3YTJlNWFlYTA2MjRiNWQ1NDBiZTM0YzkyYTMyY2NjMzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSDMvKkzqjSRYmh96bG1Go3O29gN
muRBw9Vnw8th4rY5ztFAX/aPic1ApvZhZ/MiSdeS238RQEebecL52b4HxV4+5Izz
62LxcB4Zjc+2hledf1tYjBYaKnAhM1U4VzTAnddL6QU5tvB1b06lsafaklDl51ao
56EONNpx16LOlu0jbGnbeA+7SWg+4tY1DB1pXMENfMTpNXpdRDP4d+fdSrGJgGWo
cg/5Pg4XZnxA4VAFWqaaEuPZRZ7iojYzKg+mS/qgrEoCF7BmHOJKx8iMwoV0uWf0
A040KOcCWst6sV6FUNkpGKXTj5WlhTsyNRBzAV50hE/4Irf0ck25nkFaKwIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFMomdHouWuoGJLXVQL40ySoyzMMwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveWlaMGVpNWE2Z1lrdGRWQXZqVEpLakxNd3pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FjAMAwQAUpgHAwQAUpgIAwQBUpiwAwQAUpkAAwQCUpmIAwQAUpneAwQBUpnkAwQA
UpnzAwQBWdUsAwQBWdUyAwQCWdU4AwQAWdWBAwQAWdWEAwQAWdWLAwQAWdWPMAwD
BABZ1ZEDBABZ1ZIwDAMEAlnVlAMEBVnVgAMEAFnVogMEAFnVpAMEAFnVpwMEAFnV
qTAMAwQAWdWrAwQEWdWgAwQAWdW1AwQAWdW/MAwDBAJZ1cQDBARZ1cAwDAMEAlnV
5AMEBFnV4AMEA22wEAMEAm2wzAMEAW2w8gMEAbkxfgMEBMJpUAMEANQmTwMEAdQm
WAMEANWYKwMEAtXSNAMEANXa0zAMAwQA2ZFBAwQA2ZFCAwQD2ZFIMA0GCSqGSIb3
DQEBCwUAA4IBAQCBXxONvM8ZqTxzl3VHxATa0QwLQ7Y0uB/CYV5xlpYx6dCKuK+Q
F/udSK5Nh1nYHY5hpQJD+T7rNoQx33sPBtgxhGE3l5bvtVY1/47mYBFhAhxZxrHC
9LXsEmAgdRl7PeE/GYXe/yl/eDDV9yqsqSR0MNkMjMkhPaQOZMs8BnputSyvL5BF
bPsJ7mZizw35rfwN7SheQztf2CNLJANKzgWSjCo/oKjxz29kquJSRpKIyfchJyx8
wVw1FAmJnzfRdSNu1TeYpQKvvT2HIv4wcyhPyt+NjLSuormn+tchHz4iDDxPIUrw
G3ITrPBSZXCVGeDsK9U+ZW3GAjTqF9J0JujO
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:29:21 2025 by rpki-client