Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/X89pIF31IKwYgrthbiqRECvQQv0.roa
File: X89pIF31IKwYgrthbiqRECvQQv0.roa (raw, json)
Hash identifier: 0KmiSue+vkwrv/Ii8zPtysACc7Phkv4+dSt7tq9uHUo=
Subject key identifier: 5F:CF:69:20:5D:F5:20:AC:18:82:BB:61:6E:2A:91:10:2B:D0:42:FD
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0195A87847BFBD563B77C19E94929E707788
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/X89pIF31IKwYgrthbiqRECvQQv0.roa
Signing time: Tue 18 Mar 2025 08:56:49 +0000
ROA not before: Tue 18 Mar 2025 08:56:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 77.242.150.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.221.0/24 maxlen: 24
88.209.224.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
Validation: Failed, certificate revoked on Fri 21 Mar 2025 08:51:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a8:78:47:bf:bd:56:3b:77:c1:9e:94:92:9e:70:77:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Mar 18 08:56:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5fcf69205df520ac1882bb616e2a91102bd042fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:9b:d6:bf:d7:b5:b8:2f:57:53:fa:63:89:a0:
c1:31:46:c5:39:d0:8c:5a:1b:ee:f4:ad:a6:51:9a:
86:db:1c:be:79:07:85:75:62:96:30:02:e1:ed:b2:
49:6c:99:64:95:f0:3b:66:c3:c2:9a:91:93:75:ca:
13:3a:71:4c:17:9b:44:e0:7f:3c:4b:6d:c0:e4:ad:
d2:5d:09:50:2e:6b:92:b1:5c:c3:68:0e:9b:11:0a:
0c:b3:53:f6:5f:e2:a3:69:39:d2:b7:cd:20:15:9d:
6e:1b:e0:f8:b2:c8:d9:04:c1:60:c3:83:aa:72:d6:
78:4f:d3:50:c8:26:c8:d0:fe:b7:1e:88:06:ae:ba:
01:9e:f7:1b:16:9a:e7:09:57:e4:69:5e:3c:07:fb:
c8:fc:10:5c:df:77:17:52:7b:60:90:ff:32:dd:81:
1d:86:de:f0:27:d6:6a:2f:d6:0a:a9:8f:6c:77:0e:
29:8c:b8:02:74:5d:44:3d:f1:fa:33:86:e6:58:f6:
64:0d:1d:ab:0c:4b:62:c0:64:6d:9b:e7:a9:45:db:
11:f2:be:e0:ed:23:70:7e:cc:3c:c6:76:01:c3:e7:
ad:c5:c6:68:e5:cb:14:83:f3:4f:7a:99:aa:e0:bb:
0b:e4:d9:ab:96:16:b7:da:ab:de:24:48:0c:a6:b9:
2d:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:CF:69:20:5D:F5:20:AC:18:82:BB:61:6E:2A:91:10:2B:D0:42:FD
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/X89pIF31IKwYgrthbiqRECvQQv0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.242.150.0/24
88.151.56.0/23
88.209.221.0/24
88.209.224.0/24
88.209.232.0/22
Signature Algorithm: sha256WithRSAEncryption
20:03:e1:c5:3f:bd:96:de:f4:3f:74:3f:86:99:fb:20:d5:9b:
67:a4:ea:b3:d5:82:5c:b2:2f:81:68:bc:2f:c7:50:f5:80:9f:
29:4b:18:c2:08:cd:90:94:b5:77:18:5f:94:0e:cf:ea:26:55:
99:d0:eb:9d:db:2f:79:a3:9b:0f:7c:28:77:27:65:b1:d5:1d:
f6:22:9a:51:16:9d:1f:d6:4f:4f:0d:41:e5:e2:c8:75:a0:b4:
03:63:2a:16:e3:c5:20:d1:e1:53:b8:f1:56:41:04:b0:66:eb:
49:f6:7c:f7:41:91:ab:bf:eb:71:d4:ed:ef:6c:28:a9:cc:9a:
35:6b:77:94:c2:f1:34:63:72:b9:6a:57:5e:6d:97:18:90:78:
be:fd:eb:2e:54:81:90:eb:bf:c8:9d:48:6b:72:21:39:11:db:
da:8a:fa:f4:1f:8b:95:1e:6d:fc:d4:25:d4:d9:53:7b:9c:33:
64:ed:55:d1:30:04:78:a8:f9:bf:0c:0d:49:a6:f6:e0:93:41:
23:42:e1:bd:19:4d:12:c6:9e:64:29:db:69:40:5e:68:85:58:
87:b1:a7:30:be:55:ac:62:8b:43:7c:82:50:72:5f:30:bd:77:
4c:77:fe:e3:c2:cb:c8:89:a8:47:8c:9c:07:e8:05:c0:e0:d7:
3f:d7:c5:69
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZWoeEe/vVY7d8GelJKecHeIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwMzE4MDg1NjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmNmNjkyMDVkZjUyMGFjMTg4MmJiNjE2ZTJhOTExMDJiZDA0MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJvWv9e1uC9XU/pjiaDBMUbFOdCM
Whvu9K2mUZqG2xy+eQeFdWKWMALh7bJJbJlklfA7ZsPCmpGTdcoTOnFMF5tE4H88
S23A5K3SXQlQLmuSsVzDaA6bEQoMs1P2X+KjaTnSt80gFZ1uG+D4ssjZBMFgw4Oq
ctZ4T9NQyCbI0P63HogGrroBnvcbFprnCVfkaV48B/vI/BBc33cXUntgkP8y3YEd
ht7wJ9ZqL9YKqY9sdw4pjLgCdF1EPfH6M4bmWPZkDR2rDEtiwGRtm+epRdsR8r7g
7SNwfsw8xnYBw+etxcZo5csUg/NPepmq4LsL5Nmrlha32qveJEgMprktgQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFF/PaSBd9SCsGIK7YW4qkRAr0EL9MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWDg5cElGMzFJS3dZZ3J0aGJpcVJFQ3ZRUXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQATfKWAwQB
WJc4AwQAWNHdAwQAWNHgAwQCWNHoMA0GCSqGSIb3DQEBCwUAA4IBAQAgA+HFP72W
3vQ/dD+Gmfsg1ZtnpOqz1YJcsi+BaLwvx1D1gJ8pSxjCCM2QlLV3GF+UDs/qJlWZ
0Oud2y95o5sPfCh3J2Wx1R32IppRFp0f1k9PDUHl4sh1oLQDYyoW48Ug0eFTuPFW
QQSwZutJ9nz3QZGrv+tx1O3vbCipzJo1a3eUwvE0Y3K5aldebZcYkHi+/esuVIGQ
67/InUhrciE5Edvaivr0H4uVHm381CXU2VN7nDNk7VXRMAR4qPm/DA1Jpvbgk0Ej
QuG9GU0Sxp5kKdtpQF5ohViHsacwvlWsYotDfIJQcl8wvXdMd/7jwsvIiahHjJwH
6AXA4Nc/18Vp
-----END CERTIFICATE-----
Generated at Sun Apr 20 17:53:49 2025 by rpki-client