Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/2Y0Dmo5S5zOJSpABYTltUWqPC_Y.roa
File: 2Y0Dmo5S5zOJSpABYTltUWqPC_Y.roa (raw, json)
Hash identifier: 6oZHk+zFEG+ueTUATZBwi//HwZXWOgMajK0aYTbELnY=
Subject key identifier: D9:8D:03:9A:8E:52:E7:33:89:4A:90:01:61:39:6D:51:6A:8F:0B:F6
Certificate issuer: /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial: 0194CB3710DA6B62BF61B6892437EEE17E99
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/2Y0Dmo5S5zOJSpABYTltUWqPC_Y.roa
Signing time: Mon 03 Feb 2025 09:49:31 +0000
ROA not before: Mon 03 Feb 2025 09:49:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34471
IP address blocks: 2.59.108.0/22 maxlen: 24
2.59.111.0/24 maxlen: 24
31.25.176.0/21 maxlen: 24
37.122.219.0/24 maxlen: 24
45.92.132.0/22 maxlen: 24
46.28.160.0/21 maxlen: 24
89.40.84.0/22 maxlen: 24
89.44.36.0/22 maxlen: 24
91.242.148.0/22 maxlen: 24
109.235.16.0/21 maxlen: 24
176.56.64.0/19 maxlen: 24
185.4.32.0/22 maxlen: 24
185.5.84.0/22 maxlen: 24
185.10.248.0/22 maxlen: 24
185.70.152.0/22 maxlen: 24
185.83.132.0/22 maxlen: 24
185.85.255.0/24 maxlen: 24
185.102.204.0/22 maxlen: 24
185.103.148.0/22 maxlen: 24
185.153.16.0/22 maxlen: 24
185.176.104.0/22 maxlen: 24
185.205.253.0/24 maxlen: 24
185.205.254.0/24 maxlen: 24
185.223.216.0/22 maxlen: 24
185.228.124.0/22 maxlen: 24
185.239.160.0/22 maxlen: 24
185.243.136.0/22 maxlen: 24
193.108.206.0/23 maxlen: 24
193.108.230.0/23 maxlen: 24
193.246.154.0/23 maxlen: 24
193.246.156.0/23 maxlen: 24
194.156.72.0/22 maxlen: 24
2a02:5dc0::/32 maxlen: 32
2a02:5fc0::/32 maxlen: 48
2a03:440::/32 maxlen: 32
2a05:9b00::/29 maxlen: 29
2a05:a800::/29 maxlen: 29
2a06:3c00::/29 maxlen: 29
2a09:eac0::/29 maxlen: 29
2a0a:1280::/29 maxlen: 29
2a0b:c40::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 25 Feb 2025 15:29:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:cb:37:10:da:6b:62:bf:61:b6:89:24:37:ee:e1:7e:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
Validity
Not Before: Feb 3 09:49:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d98d039a8e52e733894a900161396d516a8f0bf6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:0e:06:65:ac:50:5b:c1:98:5a:9e:49:ad:7c:
0f:bf:9a:7d:5c:5f:ad:5b:2c:fd:b6:e7:83:64:e9:
b1:69:f5:60:aa:fc:6f:60:97:25:2c:1f:44:9f:3f:
d9:61:20:55:10:94:40:76:90:2f:76:10:ab:65:2a:
55:09:5c:6f:c5:89:88:e6:8d:3d:fe:b9:e0:fb:58:
ac:6f:09:bb:69:c0:75:8b:91:18:3e:ad:cf:e4:86:
72:57:ec:5e:ca:ac:f1:69:44:59:93:86:84:4f:af:
18:a0:5c:29:5a:67:96:27:9c:83:2a:d1:30:33:8b:
1b:8c:1e:a2:ac:39:15:35:3d:5a:90:54:ed:bb:5b:
11:c0:96:df:ae:86:b7:8f:ac:01:33:10:c1:c2:13:
88:ab:03:b3:88:8a:11:5b:e3:cd:d5:8c:9f:b7:39:
81:58:bd:79:45:ac:61:c2:3a:54:da:65:50:5e:75:
b9:a5:41:f9:9b:ba:a8:0d:14:f2:74:d3:c3:63:86:
1b:45:32:2e:dc:36:b2:7b:a7:18:87:ee:32:36:93:
d5:3a:ad:9f:91:95:b2:31:59:a4:9a:57:9a:5c:b6:
5d:6e:e7:e8:c2:2e:51:18:f8:ed:16:81:00:6d:13:
e0:41:70:45:ad:c7:c6:a9:29:9c:c2:81:95:a2:27:
90:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:8D:03:9A:8E:52:E7:33:89:4A:90:01:61:39:6D:51:6A:8F:0B:F6
X509v3 Authority Key Identifier:
keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/2Y0Dmo5S5zOJSpABYTltUWqPC_Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.108.0/22
31.25.176.0/21
37.122.219.0/24
45.92.132.0/22
46.28.160.0/21
89.40.84.0/22
89.44.36.0/22
91.242.148.0/22
109.235.16.0/21
176.56.64.0/19
185.4.32.0/22
185.5.84.0/22
185.10.248.0/22
185.70.152.0/22
185.83.132.0/22
185.85.255.0/24
185.102.204.0/22
185.103.148.0/22
185.153.16.0/22
185.176.104.0/22
185.205.253.0-185.205.254.255
185.223.216.0/22
185.228.124.0/22
185.239.160.0/22
185.243.136.0/22
193.108.206.0/23
193.108.230.0/23
193.246.154.0-193.246.157.255
194.156.72.0/22
IPv6:
2a02:5dc0::/32
2a02:5fc0::/32
2a03:440::/32
2a05:9b00::/29
2a05:a800::/29
2a06:3c00::/29
2a09:eac0::/29
2a0a:1280::/29
2a0b:c40::/29
Signature Algorithm: sha256WithRSAEncryption
34:68:dd:d0:82:6e:96:cf:ac:fe:a8:a5:c6:02:5e:11:97:7b:
31:18:ce:94:11:05:57:a7:0c:9e:24:95:7f:07:b0:54:22:a6:
68:52:fd:75:34:e5:ac:ec:96:2b:38:2b:3b:9a:e8:26:8e:52:
ca:a2:d4:55:e0:72:56:fe:9a:af:11:ca:db:b9:1a:40:6b:77:
1a:24:a7:5c:a7:39:22:45:f8:99:d7:1f:b2:1a:6a:9a:c3:b3:
1c:ff:00:c4:85:01:76:f3:8c:46:0c:a2:03:14:96:94:19:dd:
dc:8a:fc:07:6b:bc:0e:a0:57:29:1d:90:76:95:47:f2:55:e8:
28:61:06:cd:72:6b:d8:6d:23:e2:c2:c4:be:e8:27:6d:17:5c:
cc:20:c2:b9:5c:de:86:37:4d:30:89:fe:f1:a1:e7:c6:ac:0c:
a4:b3:1b:a0:1d:5e:2e:d8:55:69:6e:6d:ff:ba:ed:99:c7:9a:
1a:4c:70:f4:35:3b:03:a1:36:78:b0:d1:0d:51:a0:2a:88:70:
00:5f:2a:28:0c:57:90:f2:a3:92:97:44:a2:f8:12:fa:e9:91:
29:aa:ba:b2:40:d7:27:1a:79:7a:a8:9f:c6:2b:56:18:bd:6c:
c9:ca:49:9a:a3:7b:a4:ff:45:e4:c0:fd:33:ab:b0:a5:5c:e0:
7a:b0:d9:de
-----BEGIN CERTIFICATE-----
MIIGBDCCBOygAwIBAgISAZTLNxDaa2K/YbaJJDfu4X6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjUwMjAzMDk0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOThkMDM5YThlNTJlNzMzODk0YTkwMDE2MTM5NmQ1MTZhOGYwYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuw4GZaxQW8GYWp5JrXwPv5p9XF+t
Wyz9tueDZOmxafVgqvxvYJclLB9Enz/ZYSBVEJRAdpAvdhCrZSpVCVxvxYmI5o09
/rng+1isbwm7acB1i5EYPq3P5IZyV+xeyqzxaURZk4aET68YoFwpWmeWJ5yDKtEw
M4sbjB6irDkVNT1akFTtu1sRwJbfroa3j6wBMxDBwhOIqwOziIoRW+PN1YyftzmB
WL15RaxhwjpU2mVQXnW5pUH5m7qoDRTydNPDY4YbRTIu3Daye6cYh+4yNpPVOq2f
kZWyMVmkmleaXLZdbufowi5RGPjtFoEAbRPgQXBFrcfGqSmcwoGVoieQaQIDAQAB
o4IDEDCCAwwwHQYDVR0OBBYEFNmNA5qOUucziUqQAWE5bVFqjwv2MB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvMlkwRG1vNVM1ek9KU3BBQllUbHRVV3FQQ19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJAYIKwYBBQUHAQcBAf8EggETMIIBDzCBxQQCAAEwgb4D
BAICO2wDBAMfGbADBAAletsDBAItXIQDBAMuHKADBAJZKFQDBAJZLCQDBAJb8pQD
BANt6xADBAWwOEADBAK5BCADBAK5BVQDBAK5CvgDBAK5RpgDBAK5U4QDBAC5Vf8D
BAK5ZswDBAK5Z5QDBAK5mRADBAK5sGgwDAMEALnN/QMEALnN/gMEArnf2AMEArnk
fAMEArnvoAMEArnziAMEAcFszgMEAcFs5jAMAwQBwfaaAwQBwfacAwQCwpxIMEUE
AgACMD8DBQAqAl3AAwUAKgJfwAMFACoDBEADBQMqBZsAAwUDKgWoAAMFAyoGPAAD
BQMqCerAAwUDKgoSgAMFAyoLDEAwDQYJKoZIhvcNAQELBQADggEBADRo3dCCbpbP
rP6opcYCXhGXezEYzpQRBVenDJ4klX8HsFQipmhS/XU05azslis4Kzua6CaOUsqi
1FXgclb+mq8Rytu5GkBrdxokp1ynOSJF+JnXH7IaaprDsxz/AMSFAXbzjEYMogMU
lpQZ3dyK/AdrvA6gVykdkHaVR/JV6ChhBs1ya9htI+LCxL7oJ20XXMwgwrlc3oY3
TTCJ/vGh58asDKSzG6AdXi7YVWlubf+67ZnHmhpMcPQ1OwOhNniw0Q1RoCqIcABf
KigMV5Dyo5KXRKL4EvrpkSmqurJA1ycaeXqon8YrVhi9bMnKSZqje6T/ReTA/TOr
sKVc4Hqw2d4=
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:59:57 2025 by rpki-client