Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/BKbF_4MJCUmeZoRvnxhhDaH1pTQ.roa
File: BKbF_4MJCUmeZoRvnxhhDaH1pTQ.roa (raw, json)
Hash identifier: KaScotPOhucU3RDSMWPpqeewOfCD1gqUFyCDbEjQ1eU=
Subject key identifier: 04:A6:C5:FF:83:09:09:49:9E:66:84:6F:9F:18:61:0D:A1:F5:A5:34
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 0195A42CBC5B9BC2C82643B5DB05717480E7
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/BKbF_4MJCUmeZoRvnxhhDaH1pTQ.roa
Signing time: Mon 17 Mar 2025 12:55:49 +0000
ROA not before: Mon 17 Mar 2025 12:55:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.140.0/22 maxlen: 22
85.133.140.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/22 maxlen: 22
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.146.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/22 maxlen: 22
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.152.0/22 maxlen: 22
85.133.152.0/24 maxlen: 24
85.133.153.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.166.0/24 maxlen: 24
85.133.167.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.168.0/24 maxlen: 24
85.133.169.0/24 maxlen: 24
85.133.170.0/24 maxlen: 24
85.133.171.0/24 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.173.0/24 maxlen: 24
85.133.174.0/24 maxlen: 24
85.133.175.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.176.0/24 maxlen: 24
85.133.177.0/24 maxlen: 24
85.133.178.0/24 maxlen: 24
85.133.179.0/24 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.180.0/24 maxlen: 24
85.133.181.0/24 maxlen: 24
85.133.182.0/24 maxlen: 24
85.133.183.0/24 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.184.0/24 maxlen: 24
85.133.185.0/24 maxlen: 24
85.133.186.0/24 maxlen: 24
85.133.187.0/24 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.188.0/24 maxlen: 24
85.133.189.0/24 maxlen: 24
85.133.190.0/24 maxlen: 24
85.133.191.0/24 maxlen: 24
85.133.192.0/24 maxlen: 24
85.133.193.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.210.0/24 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.220.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.229.0/24 maxlen: 24
85.133.230.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.239.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.245.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 18 Mar 2025 20:58:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a4:2c:bc:5b:9b:c2:c8:26:43:b5:db:05:71:74:80:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Mar 17 12:55:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04a6c5ff830909499e66846f9f18610da1f5a534
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:94:fa:aa:86:1e:a9:e3:9c:99:68:fb:dd:5e:
82:b2:37:4d:47:d6:54:ae:f9:40:16:13:81:46:30:
4c:24:14:f8:4b:c1:fc:cb:6d:11:d3:58:22:b9:7c:
50:82:9b:60:1c:c8:14:2e:fa:83:01:2d:04:6c:d8:
07:84:39:2b:cf:48:dc:08:5a:b3:bf:af:72:b2:98:
7a:3a:36:da:7f:00:d1:78:ec:12:bf:77:74:79:3f:
68:8a:8b:1e:1b:28:78:45:c8:62:5f:3e:b0:fc:8c:
d4:30:62:14:8f:9b:67:8c:5b:45:be:82:be:c2:31:
ff:dc:55:ae:e7:fa:6b:00:98:43:05:26:de:9d:82:
dd:0d:90:0f:95:e3:fc:f2:c5:63:3b:c1:40:ca:76:
28:42:19:d4:ff:e9:8e:3e:1d:bb:7f:b5:ba:0a:a8:
8c:57:d9:54:d7:c0:04:80:81:49:70:aa:25:4a:ce:
02:5a:eb:e9:1d:c5:f4:b9:2c:79:ee:f9:61:9a:8e:
da:dc:78:25:60:d5:3c:f7:5c:f4:43:21:cc:33:79:
df:9f:8e:59:55:bb:3c:7c:4a:2e:13:d4:99:94:68:
3a:46:18:83:f0:86:4e:68:3d:38:4f:0b:b2:2c:c7:
a7:d7:ab:9f:4e:08:e1:3f:c2:9f:30:ce:d4:5e:41:
c2:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:A6:C5:FF:83:09:09:49:9E:66:84:6F:9F:18:61:0D:A1:F5:A5:34
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/BKbF_4MJCUmeZoRvnxhhDaH1pTQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0/19
85.133.164.0-85.133.193.255
85.133.210.0-85.133.213.255
85.133.220.0/24
85.133.223.0/24
85.133.226.0/24
85.133.229.0-85.133.232.255
85.133.235.0/24
85.133.239.0/24
85.133.244.0/23
85.133.255.0/24
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
56:10:4b:c9:5e:b3:51:31:15:db:24:cc:c3:77:83:9b:eb:00:
c9:19:13:9b:e5:bf:80:df:f4:30:19:60:ce:f1:8c:e2:91:4d:
9d:fb:54:29:c3:34:5f:12:58:ca:ad:5e:01:a4:ac:a5:6c:dc:
14:1c:a3:24:65:9e:51:8a:bb:b4:86:da:10:c6:bc:7a:f6:b4:
5e:2d:ab:8e:2c:e6:7b:43:7d:53:65:99:37:05:f0:41:d8:4c:
8f:ce:a4:ca:bf:a0:51:20:4f:08:9e:cf:39:9e:7e:ee:f0:9d:
d3:34:4f:56:ec:3b:9d:40:07:ca:c0:1e:f6:0e:41:81:ce:13:
73:8c:af:2c:8f:2b:64:d6:ef:ff:af:92:50:39:e4:c7:83:73:
73:ba:8f:43:bd:03:18:39:6c:ae:05:aa:70:1b:68:1f:46:c8:
dd:15:67:eb:6e:44:93:83:f5:26:cc:a4:c6:39:57:db:aa:77:
da:78:21:29:e1:6c:bb:82:78:2f:c3:fa:f8:de:b0:e9:58:06:
ef:2c:a9:3a:aa:cb:fb:fc:02:33:dc:f2:eb:13:35:8a:4c:28:
0c:d4:91:38:29:41:a1:d7:6a:7c:b6:2a:1f:95:b7:68:41:77:
af:7f:4c:a1:2e:b7:21:4f:dd:e5:b0:ce:f6:31:12:79:5d:9e:
a4:7a:58:d2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZWkLLxbm8LIJkO12wVxdIDnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjUwMzE3MTI1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGE2YzVmZjgzMDkwOTQ5OWU2Njg0NmY5ZjE4NjEwZGExZjVhNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZT6qoYeqeOcmWj73V6CsjdNR9ZU
rvlAFhOBRjBMJBT4S8H8y20R01giuXxQgptgHMgULvqDAS0EbNgHhDkrz0jcCFqz
v69ysph6OjbafwDReOwSv3d0eT9oioseGyh4RchiXz6w/IzUMGIUj5tnjFtFvoK+
wjH/3FWu5/prAJhDBSbenYLdDZAPleP88sVjO8FAynYoQhnU/+mOPh27f7W6CqiM
V9lU18AEgIFJcKolSs4CWuvpHcX0uSx57vlhmo7a3HglYNU891z0QyHMM3nfn45Z
Vbs8fEouE9SZlGg6RhiD8IZOaD04TwuyLMen16ufTgjhP8KfMM7UXkHCkQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFASmxf+DCQlJnmaEb58YYQ2h9aU0MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvQktiRl80TUpDVW1lWm9Sdm54aGhEYUgxcFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEBVWFgDAM
AwQCVYWkAwQBVYXAMAwDBAFVhdIDBAFVhdQDBABVhdwDBABVhd8DBABVheIwDAME
AFWF5QMEAFWF6AMEAFWF6wMEAFWF7wMEAVWF9AMEAFWF/zANBAIAAjAHAwUDKgSH
wDANBgkqhkiG9w0BAQsFAAOCAQEAVhBLyV6zUTEV2yTMw3eDm+sAyRkTm+W/gN/0
MBlgzvGM4pFNnftUKcM0XxJYyq1eAaSspWzcFByjJGWeUYq7tIbaEMa8eva0Xi2r
jizme0N9U2WZNwXwQdhMj86kyr+gUSBPCJ7POZ5+7vCd0zRPVuw7nUAHysAe9g5B
gc4Tc4yvLI8rZNbv/6+SUDnkx4Nzc7qPQ70DGDlsrgWqcBtoH0bI3RVn625Ek4P1
JsykxjlX26p32nghKeFsu4J4L8P6+N6w6VgG7yypOqrL+/wCM9zy6xM1ikwoDNSR
OClBoddqfLYqH5W3aEF3r39MoS63IU/d5bDO9jESeV2epHpY0g==
-----END CERTIFICATE-----
Generated at Mon Apr 21 11:21:08 2025 by rpki-client