Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/z3F844qSJC2K73bQaXMzNuOWTlk.roa
File: z3F844qSJC2K73bQaXMzNuOWTlk.roa (raw, json)
Hash identifier: u4TnRtBB23NPb/UQwit/nZFm/5EUQibttzZp9lNwgZ8=
Subject key identifier: CF:71:7C:E3:8A:92:24:2D:8A:EF:76:D0:69:73:33:36:E3:96:4E:59
Certificate issuer: /CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Certificate serial: 019566F2D00903DABCFF4AC1CFDC4EFC6AFD
Authority key identifier: 09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/z3F844qSJC2K73bQaXMzNuOWTlk.roa
Signing time: Wed 05 Mar 2025 15:35:43 +0000
ROA not before: Wed 05 Mar 2025 15:35:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202053
IP address blocks: 5.22.208.0/22 maxlen: 22
5.22.212.0/22 maxlen: 22
5.22.216.0/22 maxlen: 22
5.22.220.0/22 maxlen: 22
80.69.172.0/22 maxlen: 22
83.136.248.0/21 maxlen: 21
85.9.192.0/19 maxlen: 19
85.9.220.0/22 maxlen: 22
94.237.0.0/24 maxlen: 24
94.237.1.0/24 maxlen: 24
94.237.2.0/23 maxlen: 23
94.237.4.0/22 maxlen: 22
94.237.8.0/21 maxlen: 21
94.237.16.0/21 maxlen: 21
94.237.24.0/21 maxlen: 21
94.237.32.0/21 maxlen: 21
94.237.40.0/21 maxlen: 21
94.237.48.0/20 maxlen: 20
94.237.64.0/20 maxlen: 20
94.237.80.0/20 maxlen: 20
94.237.96.0/21 maxlen: 21
94.237.104.0/22 maxlen: 22
94.237.108.0/22 maxlen: 22
94.237.112.0/21 maxlen: 21
94.237.120.0/22 maxlen: 22
94.237.124.0/23 maxlen: 23
94.237.126.0/24 maxlen: 24
95.111.192.0/21 maxlen: 21
95.111.200.0/22 maxlen: 22
95.111.204.0/22 maxlen: 22
95.111.208.0/22 maxlen: 22
95.111.216.0/21 maxlen: 21
185.20.136.0/22 maxlen: 22
185.26.48.0/22 maxlen: 22
185.70.196.0/22 maxlen: 22
194.62.96.0/22 maxlen: 22
2a04:3540::/32 maxlen: 32
2a04:3541::/32 maxlen: 32
2a04:3541:8000::/34 maxlen: 34
2a04:3542::/32 maxlen: 32
2a04:3542:8000::/34 maxlen: 34
2a04:3543::/32 maxlen: 32
2a04:3544::/32 maxlen: 32
2a04:3544:8000::/34 maxlen: 34
2a04:3545::/32 maxlen: 32
2a04:3546::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 14 Mar 2025 13:09:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:66:f2:d0:09:03:da:bc:ff:4a:c1:cf:dc:4e:fc:6a:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Validity
Not Before: Mar 5 15:35:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cf717ce38a92242d8aef76d069733336e3964e59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e7:d9:fa:00:23:7c:da:e0:99:68:10:a9:2c:
8e:c8:d9:c0:1c:ce:73:05:a9:86:42:60:d0:ae:29:
4e:35:a6:3f:3c:a3:9e:93:fa:66:7d:fc:67:c0:e7:
ea:f5:b1:08:16:01:b2:b7:2d:f4:f5:28:26:67:7c:
73:15:6e:d8:11:1a:cf:30:80:3a:6b:32:31:75:80:
a1:f7:a2:27:58:17:ad:ec:8b:f0:dd:c2:df:e2:45:
cb:84:44:15:47:93:1a:e8:eb:3f:ed:14:9e:92:51:
a7:ec:76:ac:c8:12:d7:1d:9d:54:8f:24:db:80:aa:
8a:eb:8f:52:8b:f2:c4:40:45:66:8b:8e:46:19:70:
16:25:04:13:9f:28:8d:20:7a:98:a9:c1:c7:07:e5:
35:53:5b:ad:17:73:38:6d:c5:ac:4a:cf:bb:34:20:
27:61:ee:7a:17:b2:71:8d:a6:b8:73:39:86:b2:fb:
48:ff:1d:1a:c0:20:8f:0b:50:ba:d8:b5:57:f3:31:
a3:eb:4b:0f:c6:59:b2:f0:82:cd:0f:71:17:14:83:
f9:a0:d7:6b:2f:c4:79:b4:66:f5:93:ae:c1:a7:6c:
c5:ab:4d:6d:8b:60:4c:58:c4:a7:56:d3:ab:d5:6c:
49:1d:a4:cf:c1:84:33:4d:93:cb:66:00:5f:2a:ca:
7c:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:71:7C:E3:8A:92:24:2D:8A:EF:76:D0:69:73:33:36:E3:96:4E:59
X509v3 Authority Key Identifier:
keyid:09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/z3F844qSJC2K73bQaXMzNuOWTlk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.208.0/20
80.69.172.0/22
83.136.248.0/21
85.9.192.0/19
94.237.0.0-94.237.126.255
95.111.192.0-95.111.211.255
95.111.216.0/21
185.20.136.0/22
185.26.48.0/22
185.70.196.0/22
194.62.96.0/22
IPv6:
2a04:3540::-2a04:3546:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
60:86:10:ba:11:76:34:c0:b2:5e:5f:87:40:67:ca:f8:af:bf:
55:b5:41:e9:75:f7:21:58:2c:ab:3b:f3:08:34:fb:a8:14:78:
bf:01:4b:c4:8a:86:53:0a:5d:3a:53:54:79:28:aa:bf:6e:66:
d4:cc:59:3b:bb:a3:fa:5d:d4:a9:53:51:de:62:50:03:57:22:
7f:cb:15:4a:d1:d5:cf:06:8f:d4:42:e1:57:7b:c5:0f:04:56:
b1:f5:39:bb:17:2f:1e:12:f7:e9:ef:17:d9:77:0c:cc:09:3e:
e2:c2:af:39:66:35:b9:83:44:f3:08:f1:ca:92:cd:4a:21:00:
46:fa:e6:22:c5:04:72:20:7f:3c:0b:3e:3a:7f:d3:fa:8c:6b:
ad:1f:dd:92:1b:3f:42:9e:79:e8:8f:56:da:30:13:11:f0:64:
d6:79:db:61:05:da:a3:bf:a8:0b:8c:8b:83:90:f3:e2:06:12:
1d:a4:cb:c7:8c:26:c7:83:38:95:42:56:8a:28:b0:28:bc:c2:
f5:21:a4:69:8d:15:43:1b:57:ee:d7:19:fd:9c:58:87:29:b8:
e4:14:71:c5:94:9c:a0:04:39:1d:2e:48:c7:43:d7:56:36:cd:
6a:2d:70:02:7f:f9:a8:61:e3:96:f7:02:9b:95:36:1a:d8:33:
e7:0c:90:cf
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAZVm8tAJA9q8/0rBz9xO/Gr9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWExZjJkYmY3YjdhODRhZTU3YjhkNjc0MjZiN2U0ZTQy
MGZhYjUwHhcNMjUwMzA1MTUzNTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjcxN2NlMzhhOTIyNDJkOGFlZjc2ZDA2OTczMzMzNmUzOTY0ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOfZ+gAjfNrgmWgQqSyOyNnAHM5z
BamGQmDQrilONaY/PKOek/pmffxnwOfq9bEIFgGyty309SgmZ3xzFW7YERrPMIA6
azIxdYCh96InWBet7Ivw3cLf4kXLhEQVR5Ma6Os/7RSeklGn7HasyBLXHZ1UjyTb
gKqK649Si/LEQEVmi45GGXAWJQQTnyiNIHqYqcHHB+U1U1utF3M4bcWsSs+7NCAn
Ye56F7Jxjaa4czmGsvtI/x0awCCPC1C62LVX8zGj60sPxlmy8ILND3EXFIP5oNdr
L8R5tGb1k67Bp2zFq01ti2BMWMSnVtOr1WxJHaTPwYQzTZPLZgBfKsp8jwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFM9xfOOKkiQtiu920GlzMzbjlk5ZMB8GA1UdIwQY
MBaAFAmaHy2/e3qErle41nQmt+TkIPq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAt
OWNkNjhmMjIxZTIxLzEvejNGODQ0cVNKQzJLNzNiUWFYTXpOdU9XVGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAtOWNkNjhmMjIxZTIx
LzEvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwVwQCAAEwUQMEBAUW0AME
AlBFrAMEA1OI+AMEBVUJwDALAwMAXu0DBABe7X4wDAMEBl9vwAMEAl9v0AMEA19v
2AMEArkUiAMEArkaMAMEArlGxAMEAsI+YDAWBAIAAjAQMA4DBQYqBDVAAwUAKgQ1
RjANBgkqhkiG9w0BAQsFAAOCAQEAYIYQuhF2NMCyXl+HQGfK+K+/VbVB6XX3IVgs
qzvzCDT7qBR4vwFLxIqGUwpdOlNUeSiqv25m1MxZO7uj+l3UqVNR3mJQA1cif8sV
StHVzwaP1ELhV3vFDwRWsfU5uxcvHhL36e8X2XcMzAk+4sKvOWY1uYNE8wjxypLN
SiEARvrmIsUEciB/PAs+On/T+oxrrR/dkhs/Qp556I9W2jATEfBk1nnbYQXao7+o
C4yLg5Dz4gYSHaTLx4wmx4M4lUJWiiiwKLzC9SGkaY0VQxtX7tcZ/ZxYhym45BRx
xZScoAQ5HS5Ix0PXVjbNai1wAn/5qGHjlvcCm5U2Gtgz5wyQzw==
-----END CERTIFICATE-----
Generated at Wed Apr 16 00:31:08 2025 by rpki-client