Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/MDnZQtLAzh0rw4pcMrV47hZM_wI.roa
File: MDnZQtLAzh0rw4pcMrV47hZM_wI.roa (raw, json)
Hash identifier: JA97KgGw1XD13/YUibbxIijRWOH0XsALIzK2nrKxocs=
Subject key identifier: 30:39:D9:42:D2:C0:CE:1D:2B:C3:8A:5C:32:B5:78:EE:16:4C:FF:02
Certificate issuer: /CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Certificate serial: 019614BC09925D393389D694C39E80A1B8BC
Authority key identifier: EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/MDnZQtLAzh0rw4pcMrV47hZM_wI.roa
Signing time: Tue 08 Apr 2025 09:29:49 +0000
ROA not before: Tue 08 Apr 2025 09:29:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24961
IP address blocks: 5.104.104.0/21 maxlen: 24
5.199.128.0/20 maxlen: 24
37.157.248.0/21 maxlen: 24
46.20.32.0/20 maxlen: 24
46.228.192.0/20 maxlen: 24
62.141.32.0/20 maxlen: 24
78.31.64.0/21 maxlen: 24
80.82.208.0/20 maxlen: 24
81.30.144.0/20 maxlen: 24
83.136.80.0/21 maxlen: 24
85.14.192.0/18 maxlen: 24
85.114.128.0/19 maxlen: 24
89.163.128.0/17 maxlen: 24
91.194.84.0/24 maxlen: 24
91.212.153.0/24 maxlen: 24
91.212.159.0/24 maxlen: 24
91.212.163.0/24 maxlen: 24
91.212.193.0/24 maxlen: 24
93.186.192.0/20 maxlen: 24
146.0.32.0/20 maxlen: 24
146.19.166.0/24 maxlen: 24
152.89.92.0/22 maxlen: 24
185.15.244.0/22 maxlen: 24
185.45.248.0/22 maxlen: 24
185.145.196.0/22 maxlen: 24
185.219.208.0/22 maxlen: 24
193.111.198.0/23 maxlen: 24
194.107.129.0/24 maxlen: 24
194.126.198.0/24 maxlen: 24
195.93.242.0/23 maxlen: 24
213.202.192.0/18 maxlen: 24
217.79.176.0/20 maxlen: 24
2001:4ba0::/32 maxlen: 32
2001:4ba1::/32 maxlen: 32
2001:4ba3::/32 maxlen: 32
2001:4ba4::/32 maxlen: 32
2a00:c320::/32 maxlen: 48
2a01:480::/32 maxlen: 32
2a0a:db80:1000::/36 maxlen: 36
2a0a:db80:2000::/36 maxlen: 36
2a0a:db80:3000::/36 maxlen: 36
2a0a:db80:4000::/36 maxlen: 36
2a0a:db80:5000::/36 maxlen: 36
2a0a:db80:8000::/36 maxlen: 36
2a0c:6b00::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 10 Apr 2025 08:13:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:14:bc:09:92:5d:39:33:89:d6:94:c3:9e:80:a1:b8:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec6b42021886d8eedbae90d9e6ab1de533c50d20
Validity
Not Before: Apr 8 09:29:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3039d942d2c0ce1d2bc38a5c32b578ee164cff02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:b3:c7:88:1e:f9:05:84:4f:2e:9b:f9:70:4f:
57:7a:0b:f2:72:96:c6:d4:6c:58:50:a1:24:28:84:
95:73:17:c1:02:f0:9d:66:9c:41:1c:10:e9:b3:dd:
52:5c:62:97:c3:e6:0a:d9:89:e3:6e:f2:a6:df:a3:
c6:cc:dc:23:80:5d:48:4b:6e:39:8a:e4:cb:43:3f:
42:84:7a:b4:3e:a8:77:8b:bf:cb:15:09:78:9f:81:
66:a9:a2:14:10:9a:c7:9f:7d:b8:cd:39:06:ae:6d:
e2:fb:4c:31:b3:96:45:32:02:ab:76:0c:ee:50:3e:
07:6e:d3:f8:66:cc:a7:d2:34:4e:62:c5:fc:25:3c:
3a:f4:12:bf:c6:19:29:2f:42:48:fd:41:43:ec:20:
de:8e:89:e9:88:b9:19:a9:b1:a5:a0:c3:d6:74:38:
93:f9:a0:0e:4f:11:bf:fc:fc:65:7e:f4:23:de:4e:
48:3b:7d:7d:5f:83:78:d9:b5:1d:05:03:30:59:b6:
42:f0:18:d7:d1:e6:19:86:3d:75:fe:df:98:c6:f0:
0e:d5:7d:e9:37:51:62:b6:05:5a:cb:d6:38:38:0d:
59:e6:90:90:ff:f3:e1:65:e1:a4:51:bf:6c:c0:25:
8c:4d:99:bb:70:73:ae:c8:97:ee:e4:66:84:c7:25:
b4:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:39:D9:42:D2:C0:CE:1D:2B:C3:8A:5C:32:B5:78:EE:16:4C:FF:02
X509v3 Authority Key Identifier:
keyid:EC:6B:42:02:18:86:D8:EE:DB:AE:90:D9:E6:AB:1D:E5:33:C5:0D:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7GtCAhiG2O7brpDZ5qsd5TPFDSA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/MDnZQtLAzh0rw4pcMrV47hZM_wI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/26c3e1-6486-4e09-99a4-a6873b374e26/1/7GtCAhiG2O7brpDZ5qsd5TPFDSA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.104.104.0/21
5.199.128.0/20
37.157.248.0/21
46.20.32.0/20
46.228.192.0/20
62.141.32.0/20
78.31.64.0/21
80.82.208.0/20
81.30.144.0/20
83.136.80.0/21
85.14.192.0/18
85.114.128.0/19
89.163.128.0/17
91.194.84.0/24
91.212.153.0/24
91.212.159.0/24
91.212.163.0/24
91.212.193.0/24
93.186.192.0/20
146.0.32.0/20
146.19.166.0/24
152.89.92.0/22
185.15.244.0/22
185.45.248.0/22
185.145.196.0/22
185.219.208.0/22
193.111.198.0/23
194.107.129.0/24
194.126.198.0/24
195.93.242.0/23
213.202.192.0/18
217.79.176.0/20
IPv6:
2001:4ba0::/31
2001:4ba3::-2001:4ba4:ffff:ffff:ffff:ffff:ffff:ffff
2a00:c320::/32
2a01:480::/32
2a0a:db80:1000::-2a0a:db80:5fff:ffff:ffff:ffff:ffff:ffff
2a0a:db80:8000::/36
2a0c:6b00::/32
Signature Algorithm: sha256WithRSAEncryption
39:9b:7d:10:b5:94:a3:be:04:3b:6f:19:4e:a7:e2:fb:b9:b8:
d7:3e:a7:70:46:4c:bb:44:64:a1:fd:99:b4:6f:f1:7c:bc:7c:
58:92:45:b9:ee:58:00:2c:a6:81:5b:05:d5:75:c7:b9:15:0c:
9a:14:db:48:7c:ad:d5:68:38:f0:bc:9b:fd:d0:63:94:10:e3:
d4:e8:17:02:a1:88:79:95:c7:51:1f:17:5f:19:b2:81:ad:f2:
2f:4f:ba:f3:c5:4f:e8:6c:8f:e4:52:97:53:25:54:48:f7:db:
3a:f3:08:27:6d:4f:67:3d:15:5b:93:74:d5:76:be:17:a3:30:
b0:16:3a:1c:0d:9f:0f:3f:5b:f6:24:b2:e6:45:2a:1a:80:a8:
a7:39:ea:cf:62:79:b2:3e:1e:a6:c6:7e:65:5f:08:37:b1:1f:
9f:cb:51:56:14:8a:f5:9f:a6:f8:51:a4:00:84:c8:bd:85:e2:
e4:0c:90:e9:57:6f:34:99:8b:f8:22:fb:e9:d5:18:1e:1f:02:
9e:74:8f:55:42:7f:b2:39:f8:ed:f9:a6:02:a8:73:65:7c:69:
04:7d:98:ae:22:5a:20:3d:8c:36:0e:d1:ec:3f:80:c0:7c:48:
30:d3:17:db:22:61:0a:ff:87:bb:97:2d:8b:f3:9b:54:d5:63:
83:79:7a:3e
-----BEGIN CERTIFICATE-----
MIIGDTCCBPWgAwIBAgISAZYUvAmSXTkzidaUw56Aobi8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI0MjAyMTg4NmQ4ZWVkYmFlOTBkOWU2YWIxZGU1MzNj
NTBkMjAwHhcNMjUwNDA4MDkyOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDM5ZDk0MmQyYzBjZTFkMmJjMzhhNWMzMmI1NzhlZTE2NGNmZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbPHiB75BYRPLpv5cE9XegvycpbG
1GxYUKEkKISVcxfBAvCdZpxBHBDps91SXGKXw+YK2YnjbvKm36PGzNwjgF1IS245
iuTLQz9ChHq0Pqh3i7/LFQl4n4FmqaIUEJrHn324zTkGrm3i+0wxs5ZFMgKrdgzu
UD4HbtP4Zsyn0jROYsX8JTw69BK/xhkpL0JI/UFD7CDejonpiLkZqbGloMPWdDiT
+aAOTxG//PxlfvQj3k5IO319X4N42bUdBQMwWbZC8BjX0eYZhj11/t+YxvAO1X3p
N1FitgVay9Y4OA1Z5pCQ//PhZeGkUb9swCWMTZm7cHOuyJfu5GaExyW06QIDAQAB
o4IDGTCCAxUwHQYDVR0OBBYEFDA52ULSwM4dK8OKXDK1eO4WTP8CMB8GA1UdIwQY
MBaAFOxrQgIYhtju266Q2earHeUzxQ0gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQt
YTY4NzNiMzc0ZTI2LzEvTURuWlF0TEF6aDBydzRwY01yVjQ3aFpNX3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yNmMzZTEtNjQ4Ni00ZTA5LTk5YTQtYTY4NzNiMzc0ZTI2
LzEvN0d0Q0FoaUcyTzdicnBEWjVxc2Q1VFBGRFNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLQYIKwYBBQUHAQcBAf8EggEcMIIBGDCBxwQCAAEwgcAD
BAMFaGgDBAQFx4ADBAMlnfgDBAQuFCADBAQu5MADBAQ+jSADBANOH0ADBARQUtAD
BARRHpADBANTiFADBAZVDsADBAVVcoADBAdZo4ADBABbwlQDBABb1JkDBABb1J8D
BABb1KMDBABb1MEDBARdusADBASSACADBACSE6YDBAKYWVwDBAK5D/QDBAK5LfgD
BAK5kcQDBAK529ADBAHBb8YDBADCa4EDBADCfsYDBAHDXfIDBAbVysADBATZT7Aw
TAQCAAIwRgMFASABS6AwDgMFACABS6MDBQAgAUukAwUAKgDDIAMFACoBBIAwEAMG
BCoK24AQAwYFKgrbgEADBgQqCtuAgAMFACoMawAwDQYJKoZIhvcNAQELBQADggEB
ADmbfRC1lKO+BDtvGU6n4vu5uNc+p3BGTLtEZKH9mbRv8Xy8fFiSRbnuWAAspoFb
BdV1x7kVDJoU20h8rdVoOPC8m/3QY5QQ49ToFwKhiHmVx1EfF18ZsoGt8i9PuvPF
T+hsj+RSl1MlVEj32zrzCCdtT2c9FVuTdNV2vhejMLAWOhwNnw8/W/YksuZFKhqA
qKc56s9iebI+HqbGfmVfCDexH5/LUVYUivWfpvhRpACEyL2F4uQMkOlXbzSZi/gi
++nVGB4fAp50j1VCf7I5+O35pgKoc2V8aQR9mK4iWiA9jDYO0ew/gMB8SDDTF9si
YQr/h7uXLYvzm1TVY4N5ej4=
-----END CERTIFICATE-----
Generated at Tue Jun 17 15:43:53 2025 by rpki-client