Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/A42GzXeppTlF8eFpKYUQXCZndpY.roa
File: A42GzXeppTlF8eFpKYUQXCZndpY.roa (raw, json)
Hash identifier: XDgCZE3OaaLIQCJJpDFiXkGvhFk62Bp90vmeDBkPPT4=
Subject key identifier: 03:8D:86:CD:77:A9:A5:39:45:F1:E1:69:29:85:10:5C:26:67:76:96
Certificate issuer: /CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Certificate serial: 0190A25232EC2A5F1D467FF84EC08432C2FA
Authority key identifier: C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/A42GzXeppTlF8eFpKYUQXCZndpY.roa
Signing time: Thu 11 Jul 2024 15:03:34 +0000
ROA not before: Thu 11 Jul 2024 15:03:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35625
IP address blocks: 37.16.78.0/24 maxlen: 24
37.235.88.0/21 maxlen: 24
45.15.204.0/22 maxlen: 24
45.88.140.0/22 maxlen: 24
45.138.192.0/22 maxlen: 24
46.29.120.0/21 maxlen: 24
85.208.216.0/22 maxlen: 24
91.212.236.0/24 maxlen: 24
91.229.136.0/24 maxlen: 24
94.158.180.0/22 maxlen: 24
109.71.136.0/21 maxlen: 24
109.197.240.0/21 maxlen: 24
109.205.0.0/21 maxlen: 24
185.31.148.0/22 maxlen: 24
185.39.168.0/22 maxlen: 24
185.71.148.0/22 maxlen: 24
185.75.140.0/22 maxlen: 24
185.117.18.0/24 maxlen: 24
185.161.44.0/22 maxlen: 24
185.167.76.0/24 maxlen: 24
185.181.4.0/22 maxlen: 24
185.218.212.0/22 maxlen: 24
185.220.72.0/22 maxlen: 24
185.227.0.0/22 maxlen: 24
185.230.96.0/22 maxlen: 24
185.246.26.0/24 maxlen: 24
185.246.96.0/22 maxlen: 24
185.252.156.0/22 maxlen: 24
193.176.64.0/22 maxlen: 24
194.88.112.0/21 maxlen: 24
194.126.178.0/24 maxlen: 24
195.90.116.0/22 maxlen: 24
195.190.27.0/24 maxlen: 24
2a00:ba60::/32 maxlen: 32
2a00:ba61::/32 maxlen: 32
2a00:ba62::/32 maxlen: 32
2a00:ba67::/32 maxlen: 32
2a01:6600:2e00::/40 maxlen: 40
2a01:6603::/32 maxlen: 32
2a01:6604::/32 maxlen: 32
2a01:6605::/32 maxlen: 32
2a02:21c8::/32 maxlen: 32
2a09:8c40::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 06 Aug 2024 12:43:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:a2:52:32:ec:2a:5f:1d:46:7f:f8:4e:c0:84:32:c2:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8acf59abd4abbfbf830a060225a96a2179a2694
Validity
Not Before: Jul 11 15:03:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=038d86cd77a9a53945f1e1692985105c26677696
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:d8:a6:7b:8b:cd:d5:43:e3:d3:89:24:e5:0a:
68:7a:ea:09:a3:05:1f:2f:ff:3a:87:25:48:e5:bc:
f9:12:fb:e4:9f:d5:a0:f6:0e:b3:29:1f:4d:41:80:
ca:d6:47:a9:da:ec:bc:0f:75:2c:de:50:33:f2:35:
29:26:58:73:79:b6:51:a4:db:7e:4d:15:48:a7:50:
3f:40:53:29:3d:32:79:44:d0:ad:50:66:13:21:30:
11:c0:93:2f:59:d0:1c:36:8c:61:0c:04:f2:3f:3e:
07:05:eb:92:1d:8f:81:dd:6c:e0:4b:3a:5e:56:73:
4f:8f:32:16:aa:d0:19:01:b2:62:98:c1:4e:cd:00:
52:3e:b1:f3:e2:77:e2:78:d4:92:39:c9:8c:c9:2d:
50:70:c0:cf:ca:9d:5b:9d:00:4e:44:6e:03:3a:d7:
de:1f:ad:f3:98:cc:18:fa:7b:44:3a:ea:78:87:06:
0b:8f:2a:4f:16:d1:b3:72:30:92:f0:c1:b7:2b:f7:
b1:73:9c:b7:fe:58:09:ed:e2:6f:84:63:56:52:57:
dc:4f:5c:70:39:ab:e7:66:19:84:59:87:3a:d8:3e:
01:56:67:01:5d:59:25:f3:47:1b:04:43:d5:f8:c9:
fb:cc:0c:89:e6:d0:64:48:06:eb:0b:d3:a5:27:9a:
8a:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:8D:86:CD:77:A9:A5:39:45:F1:E1:69:29:85:10:5C:26:67:76:96
X509v3 Authority Key Identifier:
keyid:C8:AC:F5:9A:BD:4A:BB:FB:F8:30:A0:60:22:5A:96:A2:17:9A:26:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/A42GzXeppTlF8eFpKYUQXCZndpY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/cf7f6d-b225-4bdf-9504-838ebf412a61/1/yKz1mr1Ku_v4MKBgIlqWoheaJpQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.16.78.0/24
37.235.88.0/21
45.15.204.0/22
45.88.140.0/22
45.138.192.0/22
46.29.120.0/21
85.208.216.0/22
91.212.236.0/24
91.229.136.0/24
94.158.180.0/22
109.71.136.0/21
109.197.240.0/21
109.205.0.0/21
185.31.148.0/22
185.39.168.0/22
185.71.148.0/22
185.75.140.0/22
185.117.18.0/24
185.161.44.0/22
185.167.76.0/24
185.181.4.0/22
185.218.212.0/22
185.220.72.0/22
185.227.0.0/22
185.230.96.0/22
185.246.26.0/24
185.246.96.0/22
185.252.156.0/22
193.176.64.0/22
194.88.112.0/21
194.126.178.0/24
195.90.116.0/22
195.190.27.0/24
IPv6:
2a00:ba60::-2a00:ba62:ffff:ffff:ffff:ffff:ffff:ffff
2a00:ba67::/32
2a01:6600:2e00::/40
2a01:6603::-2a01:6605:ffff:ffff:ffff:ffff:ffff:ffff
2a02:21c8::/32
2a09:8c40::/29
Signature Algorithm: sha256WithRSAEncryption
12:fc:d2:be:4d:e1:3f:f3:92:46:62:62:36:92:42:a1:3e:9e:
2f:6d:61:05:b7:e5:e6:d9:4d:2b:d3:da:2f:50:c9:cc:68:d3:
d0:e4:27:0b:24:6d:63:6e:1d:31:13:55:48:57:5a:24:14:fe:
d4:2c:ff:ef:2f:d1:e9:7d:75:4d:bc:71:21:d6:c5:9b:df:70:
2f:d7:90:5f:8c:df:46:93:fa:7d:8c:93:ca:c1:d9:21:d5:91:
15:50:6e:18:ae:28:48:8e:cf:20:09:fe:5c:c7:10:0a:91:35:
8d:2a:ba:36:7d:8a:8c:53:3c:4b:7e:e4:6e:52:d3:30:69:8b:
4c:f9:94:a3:08:1b:c3:d4:20:95:1a:53:b9:1d:98:65:be:ca:
a7:42:58:88:c1:e1:c4:b8:ab:35:f4:b8:7f:76:20:26:21:95:
2c:33:38:16:9d:c2:e4:fd:f4:7e:4f:33:7d:ed:cf:10:45:fe:
32:8b:0d:9d:f0:e5:eb:e9:6d:9d:f8:54:74:e1:07:55:17:cc:
87:a9:7c:2d:07:05:a5:c7:e9:f0:0b:0c:f3:39:7a:20:8b:6d:
59:66:cc:63:ce:bf:48:94:00:e8:c6:06:b6:c1:12:a5:97:1c:
df:f4:e5:e0:5f:9c:d7:af:44:37:cb:06:cf:14:a1:fd:ec:ff:
bd:10:ec:3a
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAZCiUjLsKl8dRn/4TsCEMsL6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4YWNmNTlhYmQ0YWJiZmJmODMwYTA2MDIyNWE5NmEyMTc5
YTI2OTQwHhcNMjQwNzExMTUwMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzhkODZjZDc3YTlhNTM5NDVmMWUxNjkyOTg1MTA1YzI2Njc3Njk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttime4vN1UPj04kk5QpoeuoJowUf
L/86hyVI5bz5Evvkn9Wg9g6zKR9NQYDK1kep2uy8D3Us3lAz8jUpJlhzebZRpNt+
TRVIp1A/QFMpPTJ5RNCtUGYTITARwJMvWdAcNoxhDATyPz4HBeuSHY+B3WzgSzpe
VnNPjzIWqtAZAbJimMFOzQBSPrHz4nfieNSSOcmMyS1QcMDPyp1bnQBORG4DOtfe
H63zmMwY+ntEOup4hwYLjypPFtGzcjCS8MG3K/exc5y3/lgJ7eJvhGNWUlfcT1xw
OavnZhmEWYc62D4BVmcBXVkl80cbBEPV+Mn7zAyJ5tBkSAbrC9OlJ5qKAQIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFAONhs13qaU5RfHhaSmFEFwmZ3aWMB8GA1UdIwQY
MBaAFMis9Zq9Srv7+DCgYCJalqIXmiaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQt
ODM4ZWJmNDEyYTYxLzEvQTQyR3pYZXBwVGxGOGVGcEtZVVFYQ1puZHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9jZjdmNmQtYjIyNS00YmRmLTk1MDQtODM4ZWJmNDEyYTYx
LzEveUt6MW1yMUt1X3Y0TUtCZ0lscVdvaGVhSnBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKgYIKwYBBQUHAQcBAf8EggEZMIIBFTCBzQQCAAEwgcYD
BAAlEE4DBAMl61gDBAItD8wDBAItWIwDBAItisADBAMuHXgDBAJV0NgDBABb1OwD
BABb5YgDBAJenrQDBANtR4gDBANtxfADBANtzQADBAK5H5QDBAK5J6gDBAK5R5QD
BAK5S4wDBAC5dRIDBAK5oSwDBAC5p0wDBAK5tQQDBAK52tQDBAK53EgDBAK54wAD
BAK55mADBAC59hoDBAK59mADBAK5/JwDBALBsEADBAPCWHADBADCfrIDBALDWnQD
BADDvhswQwQCAAIwPTAOAwUFKgC6YAMFACoAumIDBQAqALpnAwYAKgFmAC4wDgMF
ACoBZgMDBQEqAWYEAwUAKgIhyAMFAyoJjEAwDQYJKoZIhvcNAQELBQADggEBABL8
0r5N4T/zkkZiYjaSQqE+ni9tYQW35ebZTSvT2i9Qycxo09DkJwskbWNuHTETVUhX
WiQU/tQs/+8v0el9dU28cSHWxZvfcC/XkF+M30aT+n2Mk8rB2SHVkRVQbhiuKEiO
zyAJ/lzHEAqRNY0qujZ9ioxTPEt+5G5S0zBpi0z5lKMIG8PUIJUaU7kdmGW+yqdC
WIjB4cS4qzX0uH92ICYhlSwzOBadwuT99H5PM33tzxBF/jKLDZ3w5evpbZ34VHTh
B1UXzIepfC0HBaXH6fALDPM5eiCLbVlmzGPOv0iUAOjGBrbBEqWXHN/05eBfnNev
RDfLBs8Uof3s/70Q7Do=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:50:58 2025 by rpki-client