Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/hLJSC7jXlzSNpk0RGvVV0NBty1A.roa
File: hLJSC7jXlzSNpk0RGvVV0NBty1A.roa (raw, json)
Hash identifier: 5hp/4HCwfcCVlmLvF9JKCOt2AstxIHDyRZADJbivq4I=
Subject key identifier: 84:B2:52:0B:B8:D7:97:34:8D:A6:4D:11:1A:F5:55:D0:D0:6D:CB:50
Certificate issuer: /CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Certificate serial: 0195488C76BDF6988B9F2672CFC5BB4F7E53
Authority key identifier: 9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/hLJSC7jXlzSNpk0RGvVV0NBty1A.roa
Signing time: Thu 27 Feb 2025 17:55:19 +0000
ROA not before: Thu 27 Feb 2025 17:55:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 37.72.168.0/21 maxlen: 32
37.72.170.0/23 maxlen: 23
37.72.170.0/24 maxlen: 24
37.72.171.0/24 maxlen: 24
37.72.172.0/23 maxlen: 23
37.72.174.0/23 maxlen: 23
45.158.36.0/23 maxlen: 32
45.158.38.0/24 maxlen: 24
45.158.39.0/24 maxlen: 24
46.21.144.0/20 maxlen: 32
46.21.144.0/24 maxlen: 24
46.21.145.0/24 maxlen: 24
46.21.146.0/24 maxlen: 24
46.21.147.0/24 maxlen: 24
46.21.148.0/24 maxlen: 24
46.21.150.0/24 maxlen: 24
46.21.151.0/24 maxlen: 24
46.21.152.0/24 maxlen: 24
46.21.153.0/24 maxlen: 24
46.21.156.0/24 maxlen: 24
46.21.157.0/24 maxlen: 24
46.21.158.0/23 maxlen: 23
89.233.104.0/21 maxlen: 24
89.233.104.0/24 maxlen: 24
89.233.105.0/24 maxlen: 24
89.233.106.0/24 maxlen: 24
89.233.107.0/24 maxlen: 24
94.100.16.0/20 maxlen: 32
94.100.16.0/24 maxlen: 24
94.100.17.0/24 maxlen: 24
94.100.18.0/24 maxlen: 24
94.100.19.0/24 maxlen: 24
94.100.20.0/24 maxlen: 24
94.100.21.0/24 maxlen: 24
94.100.22.0/24 maxlen: 24
94.100.23.0/24 maxlen: 24
94.100.24.0/24 maxlen: 24
94.100.25.0/24 maxlen: 24
94.100.26.0/24 maxlen: 24
94.100.27.0/24 maxlen: 24
94.100.28.0/24 maxlen: 24
94.100.29.0/24 maxlen: 24
94.100.30.0/24 maxlen: 24
94.100.31.0/24 maxlen: 24
149.255.32.0/21 maxlen: 32
149.255.35.0/24 maxlen: 24
149.255.36.0/24 maxlen: 32
149.255.37.0/24 maxlen: 24
149.255.38.0/24 maxlen: 24
149.255.39.0/24 maxlen: 24
178.236.176.0/21 maxlen: 24
178.236.181.0/24 maxlen: 24
178.236.182.0/24 maxlen: 24
178.236.186.0/24 maxlen: 24
178.236.187.0/24 maxlen: 24
194.126.172.0/22 maxlen: 24
194.126.172.0/24 maxlen: 24
194.126.173.0/24 maxlen: 24
194.126.175.0/24 maxlen: 24
195.242.152.0/23 maxlen: 24
195.242.153.0/24 maxlen: 24
217.79.240.0/20 maxlen: 24
217.79.240.0/24 maxlen: 24
217.79.242.0/23 maxlen: 24
2a02:748::/32 maxlen: 48
2a02:748::/35 maxlen: 35
2a02:748:6000::/48 maxlen: 48
2a02:748:c000::/35 maxlen: 35
2a02:748:e000::/35 maxlen: 35
2a02:748:f000::/36 maxlen: 36
2a0f:5180::/29 maxlen: 48
2a0f:5180::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 28 Feb 2025 19:35:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:48:8c:76:bd:f6:98:8b:9f:26:72:cf:c5:bb:4f:7e:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d23f4cb4bab5c10801a770658df891cfb8c68c6
Validity
Not Before: Feb 27 17:55:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=84b2520bb8d797348da64d111af555d0d06dcb50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:40:cd:1b:ab:1e:8c:42:63:0b:c6:90:a7:89:
f8:15:7f:33:41:c7:ac:64:c8:43:4d:98:f9:bb:d5:
61:44:2c:a2:ca:d0:34:5f:75:6a:cf:19:dd:05:78:
fa:c7:ca:5f:53:b1:94:2c:b9:cc:91:cf:b1:b5:85:
60:50:0d:10:83:f6:5d:4a:98:36:4c:1a:1d:af:f8:
14:96:46:b2:60:be:d8:f1:8b:dc:7d:5e:d3:46:98:
da:d6:72:bd:cc:36:a0:c2:8a:a9:2b:65:38:db:d4:
0d:35:0d:74:3c:25:d6:a5:20:e5:83:df:d7:7c:81:
89:e5:b9:f0:c7:04:59:06:61:41:75:ae:c3:e3:fe:
f8:d3:64:c9:6b:c4:c0:29:c7:55:31:9d:d4:af:57:
83:82:e9:6d:8f:e0:a7:6c:fc:16:49:13:32:19:e7:
96:79:a7:0b:f9:e3:75:dd:ee:bc:63:3d:89:d9:43:
fd:13:de:a9:51:c6:04:9f:7c:8d:44:51:85:82:58:
2d:8b:a7:30:15:c6:b7:ca:8a:ca:cb:8a:a8:ca:ef:
43:b3:b6:91:88:15:53:a5:d8:b3:7c:fb:97:50:7a:
9e:98:14:58:2f:34:18:cb:0e:27:c6:a0:a6:fe:c2:
5d:c6:58:0f:b9:9f:79:a2:41:c0:b5:5b:a6:aa:36:
77:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:B2:52:0B:B8:D7:97:34:8D:A6:4D:11:1A:F5:55:D0:D0:6D:CB:50
X509v3 Authority Key Identifier:
keyid:9D:23:F4:CB:4B:AB:5C:10:80:1A:77:06:58:DF:89:1C:FB:8C:68:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSP0y0urXBCAGncGWN-JHPuMaMY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/hLJSC7jXlzSNpk0RGvVV0NBty1A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4eca4d-3a2e-4a84-a789-01577a927fa9/1/nSP0y0urXBCAGncGWN-JHPuMaMY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.72.168.0/21
45.158.36.0/22
46.21.144.0/20
89.233.104.0/21
94.100.16.0/20
149.255.32.0/21
178.236.176.0/21
178.236.186.0/23
194.126.172.0/22
195.242.152.0/23
217.79.240.0/20
IPv6:
2a02:748::/32
2a0f:5180::/29
Signature Algorithm: sha256WithRSAEncryption
c4:02:ff:58:22:28:36:a2:fd:a7:0e:cd:b4:3f:46:72:fb:6e:
9c:6c:19:42:b1:e3:27:2e:16:05:64:17:9d:25:01:aa:05:04:
51:b0:7a:2b:ad:11:90:91:4f:11:b1:87:a4:f4:d5:54:d2:2b:
f1:5f:62:2b:33:fa:ef:ae:6e:71:7c:08:13:b3:6c:25:0c:55:
c8:ce:dd:8d:47:35:3e:3a:83:d4:15:3d:da:c3:63:6e:6c:31:
b7:a1:5e:6e:05:8f:58:a9:79:ba:a8:66:4f:d6:39:be:c3:c5:
1c:a4:30:a1:88:85:5a:cb:a9:be:a1:6a:84:14:95:43:0c:d0:
db:41:c0:c1:94:eb:86:7e:e9:c7:4d:03:d4:c3:1f:a2:c6:13:
d1:a5:fd:ff:23:eb:bf:63:6e:2b:3f:73:a5:74:03:bf:b7:72:
18:ad:77:81:83:cd:d6:b3:f1:8e:ea:50:94:1b:82:be:4a:42:
f6:2f:2b:de:f9:ac:b3:47:2a:08:87:7f:8e:78:6d:f2:5d:c2:
87:c3:fa:db:51:b3:7f:3c:6a:dd:e6:ca:fa:15:c2:6d:02:33:
31:6f:e3:d4:5e:84:e8:e7:7f:c1:87:f3:5b:b8:d8:94:bd:60:
ef:34:fc:cd:6b:05:0e:f8:70:bf:35:f2:7a:c2:fc:cc:c6:40:
f2:3d:78:65
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZVIjHa99piLnyZyz8W7T35TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjNmNGNiNGJhYjVjMTA4MDFhNzcwNjU4ZGY4OTFjZmI4
YzY4YzYwHhcNMjUwMjI3MTc1NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGIyNTIwYmI4ZDc5NzM0OGRhNjRkMTExYWY1NTVkMGQwNmRjYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkDNG6sejEJjC8aQp4n4FX8zQces
ZMhDTZj5u9VhRCyiytA0X3VqzxndBXj6x8pfU7GULLnMkc+xtYVgUA0Qg/ZdSpg2
TBodr/gUlkayYL7Y8YvcfV7TRpja1nK9zDagwoqpK2U429QNNQ10PCXWpSDlg9/X
fIGJ5bnwxwRZBmFBda7D4/7402TJa8TAKcdVMZ3Ur1eDgultj+CnbPwWSRMyGeeW
eacL+eN13e68Yz2J2UP9E96pUcYEn3yNRFGFglgti6cwFca3yorKy4qoyu9Ds7aR
iBVTpdizfPuXUHqemBRYLzQYyw4nxqCm/sJdxlgPuZ95okHAtVumqjZ3SwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFISyUgu415c0jaZNERr1VdDQbctQMB8GA1UdIwQY
MBaAFJ0j9MtLq1wQgBp3BljfiRz7jGjGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODkt
MDE1NzdhOTI3ZmE5LzEvaExKU0M3alhselNOcGswUkd2VlYwTkJ0eTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZWNhNGQtM2EyZS00YTg0LWE3ODktMDE1NzdhOTI3ZmE5
LzEvblNQMHkwdXJYQkNBR25jR1dOLUpIUHVNYU1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQDJUioAwQC
LZ4kAwQELhWQAwQDWeloAwQEXmQQAwQDlf8gAwQDsuywAwQBsuy6AwQCwn6sAwQB
w/KYAwQE2U/wMBQEAgACMA4DBQAqAgdIAwUDKg9RgDANBgkqhkiG9w0BAQsFAAOC
AQEAxAL/WCIoNqL9pw7NtD9GcvtunGwZQrHjJy4WBWQXnSUBqgUEUbB6K60RkJFP
EbGHpPTVVNIr8V9iKzP6765ucXwIE7NsJQxVyM7djUc1PjqD1BU92sNjbmwxt6Fe
bgWPWKl5uqhmT9Y5vsPFHKQwoYiFWsupvqFqhBSVQwzQ20HAwZTrhn7px00D1MMf
osYT0aX9/yPrv2NuKz9zpXQDv7dyGK13gYPN1rPxjupQlBuCvkpC9i8r3vmss0cq
CId/jnht8l3Ch8P621Gzfzxq3ebK+hXCbQIzMW/j1F6E6Od/wYfzW7jYlL1g7zT8
zWsFDvhwvzXyesL8zMZA8j14ZQ==
-----END CERTIFICATE-----
Generated at Tue Apr 29 16:14:38 2025 by rpki-client