Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/L9DkXkvL_HN8qfYMESVqLXpYeJI.roa
File: L9DkXkvL_HN8qfYMESVqLXpYeJI.roa (raw, json)
Hash identifier: EX35ZUmn/Zw5LZzZ/mMA+gTentnfU5cMp1WZ/2Dz9Sw=
Subject key identifier: 2F:D0:E4:5E:4B:CB:FC:73:7C:A9:F6:0C:11:25:6A:2D:7A:58:78:92
Certificate issuer: /CN=86afaae2e3e054073a38aab635dc96460eef487e
Certificate serial: 0194214071ED2D282A83263A552E9E66EDCC
Authority key identifier: 86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/L9DkXkvL_HN8qfYMESVqLXpYeJI.roa
Signing time: Wed 01 Jan 2025 09:44:19 +0000
ROA not before: Wed 01 Jan 2025 09:44:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212216
IP address blocks: 80.249.115.0/24 maxlen: 24
185.73.226.0/24 maxlen: 32
185.106.200.0/24 maxlen: 24
185.106.201.0/24 maxlen: 24
185.223.160.0/24 maxlen: 24
195.28.10.0/24 maxlen: 24
195.28.168.0/24 maxlen: 24
195.28.169.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 17:48:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:40:71:ed:2d:28:2a:83:26:3a:55:2e:9e:66:ed:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86afaae2e3e054073a38aab635dc96460eef487e
Validity
Not Before: Jan 1 09:44:19 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2fd0e45e4bcbfc737ca9f60c11256a2d7a587892
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:0b:f8:2f:aa:50:91:00:57:75:3b:88:6a:79:
e3:0e:5f:2e:cb:ff:d2:9a:cd:2a:73:9f:13:21:75:
0d:d2:de:13:55:56:1d:fd:60:97:b7:79:e5:22:fd:
fc:b9:6d:20:c2:5d:e9:a5:c4:0e:01:3f:ef:d8:95:
8b:4f:e7:bf:44:ea:04:72:00:56:94:ac:a2:8f:d3:
59:f9:78:88:04:00:a8:47:9c:4b:18:2b:54:b7:c6:
59:93:00:36:b4:b9:78:53:3c:ba:83:d0:b9:6e:9c:
dc:37:2b:68:ed:78:f3:81:e8:a9:65:aa:43:8a:39:
a5:ba:e8:06:f4:c8:b9:72:fb:b0:14:a4:fe:91:95:
96:37:ee:45:04:4a:28:de:21:e8:dd:99:f0:d4:89:
b7:fa:40:1a:d6:90:e4:b2:31:b0:fd:f5:2d:fa:fe:
4f:e0:a5:9c:bb:77:f8:15:d3:bf:01:77:db:05:05:
73:16:c7:17:0c:8c:a8:5e:68:d9:02:24:c1:d1:ac:
d5:ca:9d:91:30:b1:15:61:fb:35:42:3a:ee:7c:38:
7d:ee:7b:f5:f6:0c:e1:42:b7:d9:a5:13:39:69:f6:
b1:95:f8:de:31:85:2c:1e:98:e3:94:d9:4a:84:3e:
75:1d:cf:50:47:d4:b1:e7:a6:54:17:5f:7e:8b:1b:
ee:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:D0:E4:5E:4B:CB:FC:73:7C:A9:F6:0C:11:25:6A:2D:7A:58:78:92
X509v3 Authority Key Identifier:
keyid:86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/L9DkXkvL_HN8qfYMESVqLXpYeJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/hq-q4uPgVAc6OKq2NdyWRg7vSH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.249.115.0/24
185.73.226.0/24
185.106.200.0/23
185.223.160.0/24
195.28.10.0/24
195.28.168.0/23
Signature Algorithm: sha256WithRSAEncryption
32:65:95:b5:ab:51:be:d1:79:b2:c4:87:6d:8b:d2:80:c5:9e:
ce:ec:32:d7:2a:f3:46:aa:61:ac:68:a2:d9:83:c1:a8:d7:28:
45:95:8f:07:5a:18:2c:d9:15:10:00:3c:8d:39:4f:64:40:a6:
a2:97:31:11:40:fd:14:6e:9c:b3:10:4c:20:f7:1a:7e:46:59:
3b:db:60:74:5e:0b:70:0d:19:3c:e3:10:fa:22:36:6a:1f:7b:
2a:52:45:69:3f:78:c4:3d:8c:24:48:70:ed:e3:2e:e4:94:9c:
ee:4d:c3:bc:33:b2:cb:bb:ef:c5:e7:02:20:3b:a1:c0:9a:f1:
6c:19:c7:cb:94:ad:f2:c5:ee:56:98:fb:07:7b:cd:2b:c1:13:
7a:b3:19:90:2b:3f:eb:3a:44:26:1c:98:03:5b:8c:84:9c:be:
8e:ae:2c:ee:cf:4d:8f:aa:dc:41:dc:10:33:8f:14:e0:de:c1:
46:0c:99:f0:fa:82:fb:d6:c9:78:31:25:0a:6e:7c:3e:21:15:
58:57:8c:05:16:ba:fa:4e:e8:e2:24:13:7f:9e:e7:43:c2:cd:
ea:51:d2:b4:c3:36:19:c1:0b:69:0a:4e:d0:cd:a4:79:62:17:
f8:1c:f0:60:23:44:ea:57:93:f6:ac:33:01:7f:0d:ea:36:00:
11:57:24:86
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQhQHHtLSgqgyY6VS6eZu3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWZhYWUyZTNlMDU0MDczYTM4YWFiNjM1ZGM5NjQ2MGVl
ZjQ4N2UwHhcNMjUwMTAxMDk0NDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmQwZTQ1ZTRiY2JmYzczN2NhOWY2MGMxMTI1NmEyZDdhNTg3ODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAv4L6pQkQBXdTuIannjDl8uy//S
ms0qc58TIXUN0t4TVVYd/WCXt3nlIv38uW0gwl3ppcQOAT/v2JWLT+e/ROoEcgBW
lKyij9NZ+XiIBACoR5xLGCtUt8ZZkwA2tLl4Uzy6g9C5bpzcNyto7XjzgeipZapD
ijmluugG9Mi5cvuwFKT+kZWWN+5FBEoo3iHo3Znw1Im3+kAa1pDksjGw/fUt+v5P
4KWcu3f4FdO/AXfbBQVzFscXDIyoXmjZAiTB0azVyp2RMLEVYfs1QjrufDh97nv1
9gzhQrfZpRM5afaxlfjeMYUsHpjjlNlKhD51Hc9QR9Sx56ZUF19+ixvuIQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFC/Q5F5Ly/xzfKn2DBElai16WHiSMB8GA1UdIwQY
MBaAFIavquLj4FQHOjiqtjXclkYO70h+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzIt
NDcyMDQwYjI0N2Y2LzEvTDlEa1hrdkxfSE44cWZZTUVTVnFMWHBZZUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzItNDcyMDQwYjI0N2Y2
LzEvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUPlzAwQA
uUniAwQBuWrIAwQAud+gAwQAwxwKAwQBwxyoMA0GCSqGSIb3DQEBCwUAA4IBAQAy
ZZW1q1G+0XmyxIdti9KAxZ7O7DLXKvNGqmGsaKLZg8Go1yhFlY8HWhgs2RUQADyN
OU9kQKailzERQP0UbpyzEEwg9xp+Rlk722B0XgtwDRk84xD6IjZqH3sqUkVpP3jE
PYwkSHDt4y7klJzuTcO8M7LLu+/F5wIgO6HAmvFsGcfLlK3yxe5WmPsHe80rwRN6
sxmQKz/rOkQmHJgDW4yEnL6Orizuz02PqtxB3BAzjxTg3sFGDJnw+oL71sl4MSUK
bnw+IRVYV4wFFrr6TujiJBN/nudDws3qUdK0wzYZwQtpCk7QzaR5Yhf4HPBgI0Tq
V5P2rDMBfw3qNgARVySG
-----END CERTIFICATE-----
Generated at Mon Jun 9 02:41:36 2025 by rpki-client