Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/kmDWN7nHOu3IdvwghPHg7r1CrXU.roa
File: kmDWN7nHOu3IdvwghPHg7r1CrXU.roa (raw, json)
Hash identifier: Kn1DTfpMk+BRdQuhlLQW1YfThtb00EWOmKrk7WtRjIc=
Subject key identifier: 92:60:D6:37:B9:C7:3A:ED:C8:76:FC:20:84:F1:E0:EE:BD:42:AD:75
Certificate issuer: /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial: 0194C1350C139C8C0789BD681B4CE2E37BA3
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/kmDWN7nHOu3IdvwghPHg7r1CrXU.roa
Signing time: Sat 01 Feb 2025 11:11:06 +0000
ROA not before: Sat 01 Feb 2025 11:11:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34471
IP address blocks: 2.59.108.0/22 maxlen: 24
2.59.111.0/24 maxlen: 24
31.25.176.0/21 maxlen: 24
37.122.219.0/24 maxlen: 24
45.92.132.0/22 maxlen: 24
46.28.160.0/21 maxlen: 24
89.40.84.0/22 maxlen: 24
89.44.36.0/22 maxlen: 24
91.242.148.0/22 maxlen: 24
109.235.16.0/21 maxlen: 24
176.56.64.0/19 maxlen: 24
185.4.32.0/22 maxlen: 24
185.5.84.0/22 maxlen: 24
185.10.248.0/22 maxlen: 24
185.70.152.0/22 maxlen: 24
185.83.132.0/22 maxlen: 24
185.85.255.0/24 maxlen: 24
185.102.204.0/22 maxlen: 24
185.103.148.0/22 maxlen: 24
185.153.16.0/22 maxlen: 24
185.176.104.0/22 maxlen: 24
185.205.253.0/24 maxlen: 24
185.205.254.0/24 maxlen: 24
185.223.216.0/22 maxlen: 24
185.228.124.0/22 maxlen: 24
185.239.160.0/22 maxlen: 24
185.243.136.0/22 maxlen: 24
193.108.230.0/23 maxlen: 24
193.246.154.0/23 maxlen: 24
193.246.156.0/23 maxlen: 24
194.156.72.0/22 maxlen: 24
2a02:5dc0::/32 maxlen: 32
2a02:5fc0::/32 maxlen: 48
2a03:440::/32 maxlen: 32
2a05:9b00::/29 maxlen: 29
2a05:a800::/29 maxlen: 29
2a06:3c00::/29 maxlen: 29
2a09:eac0::/29 maxlen: 29
2a0a:1280::/29 maxlen: 29
2a0b:c40::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 03 Feb 2025 09:49:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:c1:35:0c:13:9c:8c:07:89:bd:68:1b:4c:e2:e3:7b:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
Validity
Not Before: Feb 1 11:11:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9260d637b9c73aedc876fc2084f1e0eebd42ad75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:1a:70:9b:ee:66:9a:a2:89:4a:f3:96:e2:5b:
9b:dd:08:ba:b3:44:3c:0b:21:a3:18:b2:84:74:63:
22:6b:8e:1a:8e:fb:32:39:ec:f4:fc:e9:bd:e3:42:
7b:5b:eb:d0:b8:20:a3:15:4b:37:fb:36:6e:bc:d5:
26:dc:d9:95:d0:5e:39:ea:5f:7e:0a:ce:aa:6c:fa:
fe:59:50:8a:1e:95:30:88:0a:c6:18:cb:5e:b0:10:
fc:5a:10:6b:dc:8e:24:2f:12:78:37:7d:df:1a:28:
f8:d4:2a:48:e1:90:7b:7b:f1:98:a9:c0:c8:d5:fd:
f8:0f:b0:ce:6a:20:c4:84:7d:a5:64:05:b0:28:30:
28:b4:61:85:b6:63:e5:10:57:4f:d0:30:f3:c8:93:
d7:b6:91:31:52:8a:98:78:e6:7c:55:f2:e5:d6:ad:
db:dc:f8:02:01:5a:dc:b5:cf:bd:01:fc:00:9f:1d:
bf:bd:2e:43:2f:34:26:8e:c0:bf:e2:14:d0:b4:fa:
63:1b:bc:bf:3e:67:a7:cf:a7:91:2e:8a:47:22:bb:
ec:ec:b1:1a:e4:10:f7:c3:80:18:96:0b:4a:0a:19:
09:82:29:6d:1a:7b:c0:b0:9a:36:a8:e1:87:2b:74:
e9:9d:ce:32:3a:bb:01:87:b9:f9:6c:7e:fb:1a:ca:
91:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:60:D6:37:B9:C7:3A:ED:C8:76:FC:20:84:F1:E0:EE:BD:42:AD:75
X509v3 Authority Key Identifier:
keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/kmDWN7nHOu3IdvwghPHg7r1CrXU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.108.0/22
31.25.176.0/21
37.122.219.0/24
45.92.132.0/22
46.28.160.0/21
89.40.84.0/22
89.44.36.0/22
91.242.148.0/22
109.235.16.0/21
176.56.64.0/19
185.4.32.0/22
185.5.84.0/22
185.10.248.0/22
185.70.152.0/22
185.83.132.0/22
185.85.255.0/24
185.102.204.0/22
185.103.148.0/22
185.153.16.0/22
185.176.104.0/22
185.205.253.0-185.205.254.255
185.223.216.0/22
185.228.124.0/22
185.239.160.0/22
185.243.136.0/22
193.108.230.0/23
193.246.154.0-193.246.157.255
194.156.72.0/22
IPv6:
2a02:5dc0::/32
2a02:5fc0::/32
2a03:440::/32
2a05:9b00::/29
2a05:a800::/29
2a06:3c00::/29
2a09:eac0::/29
2a0a:1280::/29
2a0b:c40::/29
Signature Algorithm: sha256WithRSAEncryption
aa:14:83:42:7e:90:4a:a6:b8:b9:64:06:3e:79:44:12:46:dd:
3e:a0:ec:8b:0a:85:fa:07:39:4b:68:6c:b6:b6:41:f6:9b:2c:
7c:1d:d1:a0:49:c4:b7:39:2f:48:99:11:10:4c:90:41:a8:00:
ea:30:59:1a:f7:aa:b4:b1:4f:c8:69:e7:ae:a1:72:82:97:15:
d1:09:59:19:34:49:35:5a:21:7e:03:3e:08:f3:f3:32:37:ea:
b9:54:ca:89:c3:73:3b:df:01:77:67:8e:68:2c:ae:6c:a1:d1:
a8:f5:bf:98:79:98:ec:94:9c:df:08:33:49:0c:e9:4a:9c:57:
b4:c3:39:ad:7d:4e:61:4e:7f:f1:10:de:88:75:d9:43:18:c2:
2f:06:ee:7c:8a:df:3f:0c:86:2a:93:38:9c:98:af:c9:b2:d7:
40:90:50:e2:fd:74:a4:c8:45:f3:f0:a6:5a:82:2a:38:68:6c:
07:29:1d:fa:53:e4:ff:8b:a1:32:09:a5:a7:e1:ee:e7:cd:f7:
6d:5f:d1:d7:a8:68:38:f9:24:3c:10:03:78:e8:09:d2:52:74:
57:a3:15:e3:d6:cf:7d:23:1b:30:98:05:7b:d7:48:4d:7c:13:
0e:e9:d1:c9:b7:bd:91:ae:38:6a:f7:68:d0:e0:38:be:67:33:
5b:d3:1f:7c
-----BEGIN CERTIFICATE-----
MIIF/jCCBOagAwIBAgISAZTBNQwTnIwHib1oG0zi43ujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjUwMjAxMTExMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjYwZDYzN2I5YzczYWVkYzg3NmZjMjA4NGYxZTBlZWJkNDJhZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthpwm+5mmqKJSvOW4lub3Qi6s0Q8
CyGjGLKEdGMia44ajvsyOez0/Om940J7W+vQuCCjFUs3+zZuvNUm3NmV0F456l9+
Cs6qbPr+WVCKHpUwiArGGMtesBD8WhBr3I4kLxJ4N33fGij41CpI4ZB7e/GYqcDI
1f34D7DOaiDEhH2lZAWwKDAotGGFtmPlEFdP0DDzyJPXtpExUoqYeOZ8VfLl1q3b
3PgCAVrctc+9AfwAnx2/vS5DLzQmjsC/4hTQtPpjG7y/Pmenz6eRLopHIrvs7LEa
5BD3w4AYlgtKChkJgiltGnvAsJo2qOGHK3Tpnc4yOrsBh7n5bH77GsqRYwIDAQAB
o4IDCjCCAwYwHQYDVR0OBBYEFJJg1je5xzrtyHb8IITx4O69Qq11MB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEva21EV043bkhPdTNJZHZ3Z2hQSGc3cjFDclhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHgYIKwYBBQUHAQcBAf8EggENMIIBCTCBvwQCAAEwgbgD
BAICO2wDBAMfGbADBAAletsDBAItXIQDBAMuHKADBAJZKFQDBAJZLCQDBAJb8pQD
BANt6xADBAWwOEADBAK5BCADBAK5BVQDBAK5CvgDBAK5RpgDBAK5U4QDBAC5Vf8D
BAK5ZswDBAK5Z5QDBAK5mRADBAK5sGgwDAMEALnN/QMEALnN/gMEArnf2AMEArnk
fAMEArnvoAMEArnziAMEAcFs5jAMAwQBwfaaAwQBwfacAwQCwpxIMEUEAgACMD8D
BQAqAl3AAwUAKgJfwAMFACoDBEADBQMqBZsAAwUDKgWoAAMFAyoGPAADBQMqCerA
AwUDKgoSgAMFAyoLDEAwDQYJKoZIhvcNAQELBQADggEBAKoUg0J+kEqmuLlkBj55
RBJG3T6g7IsKhfoHOUtobLa2QfabLHwd0aBJxLc5L0iZERBMkEGoAOowWRr3qrSx
T8hp566hcoKXFdEJWRk0STVaIX4DPgjz8zI36rlUyonDczvfAXdnjmgsrmyh0aj1
v5h5mOyUnN8IM0kM6UqcV7TDOa19TmFOf/EQ3oh12UMYwi8G7nyK3z8MhiqTOJyY
r8my10CQUOL9dKTIRfPwplqCKjhobAcpHfpT5P+LoTIJpafh7ufN921f0deoaDj5
JDwQA3joCdJSdFejFePWz30jGzCYBXvXSE18Ew7p0cm3vZGuOGr3aNDgOL5nM1vT
H3w=
-----END CERTIFICATE-----
Generated at Mon Apr 28 15:55:26 2025 by rpki-client