Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7UqLnbbC5d5oXujb_uvat6d3WmM.roa
File: 7UqLnbbC5d5oXujb_uvat6d3WmM.roa (raw, json)
Hash identifier: EXZrwWm1ad8dPn2s9Fnr9C9Kb0gOCuoXsAhjMymvL6Q=
Subject key identifier: ED:4A:8B:9D:B6:C2:E5:DE:68:5E:E8:DB:FE:EB:DA:B7:A7:77:5A:63
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019427803BBB81DB5011D5A99409E291DEE8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7UqLnbbC5d5oXujb_uvat6d3WmM.roa
Signing time: Thu 02 Jan 2025 14:51:42 +0000
ROA not before: Thu 02 Jan 2025 14:51:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 45.8.21.0/24 maxlen: 24
185.126.82.0/24 maxlen: 24
185.220.250.0/23 maxlen: 24
185.225.0.0/23 maxlen: 23
185.227.146.0/23 maxlen: 24
185.227.147.0/24 maxlen: 24
185.230.53.0/24 maxlen: 24
193.8.112.0/23 maxlen: 24
193.58.146.0/23 maxlen: 24
Validation: Failed, certificate revoked on Mon 06 Jan 2025 11:50:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:80:3b:bb:81:db:50:11:d5:a9:94:09:e2:91:de:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Jan 2 14:51:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ed4a8b9db6c2e5de685ee8dbfeebdab7a7775a63
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:11:53:e9:4e:e9:f4:72:a8:bf:52:07:30:a4:
9c:64:6e:ad:3b:25:cf:6f:6e:dd:20:9b:06:34:ca:
73:45:af:e9:7a:9b:f1:93:fe:53:1e:0a:cb:30:ff:
05:0e:6b:9d:cf:b4:ae:9c:98:dd:96:86:bf:32:71:
22:cd:9c:05:f1:83:d8:e0:e0:56:b4:77:e2:2d:c2:
65:9f:91:96:e6:7c:0e:fc:67:8d:d3:3e:c8:5c:03:
a7:70:4c:fe:e0:3e:87:a5:45:47:14:2b:2f:b6:29:
78:57:8a:06:08:8d:ee:4f:e5:6c:3e:0c:ed:ab:9f:
80:3c:d6:94:5a:fa:90:8c:c1:a6:28:fb:06:c6:e1:
60:f2:51:59:88:1f:48:f3:95:a8:0f:95:d2:c4:2f:
3c:f5:1c:ae:9f:2e:30:13:83:d4:78:4e:76:22:5b:
43:c5:a0:6d:ef:49:c4:b5:cd:04:f7:24:b5:dd:44:
76:23:83:5f:ef:5e:4c:7d:35:9d:e3:e5:d5:e1:c7:
d4:90:68:ed:d3:d0:a3:1a:f9:67:e5:5e:75:05:d3:
4f:93:48:fb:72:12:d5:d8:3c:51:e8:9e:82:3e:c9:
eb:c8:36:a0:92:1d:e6:f1:22:23:fe:58:de:6d:0e:
02:6a:4a:6a:8b:e8:aa:00:bc:55:24:c3:93:27:ef:
56:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:4A:8B:9D:B6:C2:E5:DE:68:5E:E8:DB:FE:EB:DA:B7:A7:77:5A:63
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/7UqLnbbC5d5oXujb_uvat6d3WmM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
185.126.82.0/24
185.220.250.0/23
185.225.0.0/23
185.227.146.0/23
185.230.53.0/24
193.8.112.0/23
193.58.146.0/23
Signature Algorithm: sha256WithRSAEncryption
23:cd:8c:59:10:fb:c0:c0:52:79:b3:55:eb:06:5d:bd:18:d6:
11:a5:d9:9b:ff:c5:30:48:ef:0d:a0:93:85:55:46:24:f3:ae:
9b:b9:00:8f:db:34:db:8f:a6:a7:ab:c0:88:e3:f8:d2:38:04:
c8:18:dd:c5:4d:a7:d5:38:7b:4c:78:a0:29:91:28:49:85:a5:
93:0b:8e:a8:b8:e6:c3:b4:91:a9:70:e9:52:ba:f7:b6:76:d4:
ee:f2:f4:d7:c2:ab:f0:66:3a:e8:94:9f:77:d2:67:b3:2f:25:
3a:bc:3b:dd:8e:e7:86:12:67:e6:e2:53:72:dd:b6:6e:14:7a:
10:33:c3:36:1d:5f:f8:fc:46:c2:0e:b5:10:4d:cf:d1:2e:5f:
3d:4b:af:b5:8f:11:ba:68:ae:ad:10:53:ad:91:25:9c:e4:bb:
f9:b1:a2:73:a9:5a:fd:f8:70:57:a0:3f:cd:3e:7d:44:ff:7a:
11:91:b8:6e:f3:05:0f:99:5a:ba:be:64:e7:a6:cf:dd:a7:38:
86:5a:93:18:d4:96:df:3e:33:97:dd:c8:12:53:2b:72:cb:5f:
52:20:e4:a0:c7:6d:15:77:74:a0:01:17:23:3c:e6:ae:eb:99:
ca:47:93:6c:02:c9:58:3e:2f:6f:b1:f1:a0:2b:2f:45:53:06:
92:85:e8:29
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQngDu7gdtQEdWplAnikd7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAyMTQ1MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDRhOGI5ZGI2YzJlNWRlNjg1ZWU4ZGJmZWViZGFiN2E3Nzc1YTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhFT6U7p9HKov1IHMKScZG6tOyXP
b27dIJsGNMpzRa/pepvxk/5THgrLMP8FDmudz7SunJjdloa/MnEizZwF8YPY4OBW
tHfiLcJln5GW5nwO/GeN0z7IXAOncEz+4D6HpUVHFCsvtil4V4oGCI3uT+VsPgzt
q5+APNaUWvqQjMGmKPsGxuFg8lFZiB9I85WoD5XSxC889Ryuny4wE4PUeE52IltD
xaBt70nEtc0E9yS13UR2I4Nf715MfTWd4+XV4cfUkGjt09CjGvln5V51BdNPk0j7
chLV2DxR6J6CPsnryDagkh3m8SIj/ljebQ4Cakpqi+iqALxVJMOTJ+9WVwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFO1Ki522wuXeaF7o2/7r2rend1pjMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvN1VxTG5iYkM1ZDVvWHVqYl91dmF0NmQzV21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQgVAwQA
uX5SAwQBudz6AwQBueEAAwQBueOSAwQAueY1AwQBwQhwAwQBwTqSMA0GCSqGSIb3
DQEBCwUAA4IBAQAjzYxZEPvAwFJ5s1XrBl29GNYRpdmb/8UwSO8NoJOFVUYk866b
uQCP2zTbj6anq8CI4/jSOATIGN3FTafVOHtMeKApkShJhaWTC46ouObDtJGpcOlS
uve2dtTu8vTXwqvwZjrolJ930mezLyU6vDvdjueGEmfm4lNy3bZuFHoQM8M2HV/4
/EbCDrUQTc/RLl89S6+1jxG6aK6tEFOtkSWc5Lv5saJzqVr9+HBXoD/NPn1E/3oR
kbhu8wUPmVq6vmTnps/dpziGWpMY1JbfPjOX3cgSUytyy19SIOSgx20Vd3SgARcj
POau65nKR5NsAslYPi9vsfGgKy9FUwaShegp
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:24:36 2025 by rpki-client