Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/MXZm8WxYrgtXTMnngxDJj_bpIb0.roa
File: MXZm8WxYrgtXTMnngxDJj_bpIb0.roa (raw, json)
Hash identifier: /2OOZTkRl/Kw5n/CYHeVZ+aIjMGNZPyTztpzlZ13CTI=
Subject key identifier: 31:76:66:F1:6C:58:AE:0B:57:4C:C9:E7:83:10:C9:8F:F6:E9:21:BD
Certificate issuer: /CN=addd2a815060aa7e621a2094349758b2036896f0
Certificate serial: 019527E659E988712EE7450F98B6E244E57E
Authority key identifier: AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/MXZm8WxYrgtXTMnngxDJj_bpIb0.roa
Signing time: Fri 21 Feb 2025 09:46:02 +0000
ROA not before: Fri 21 Feb 2025 09:46:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201776
IP address blocks: 2.59.51.0/24 maxlen: 24
31.40.208.0/22 maxlen: 22
31.40.252.0/22 maxlen: 22
37.44.252.0/22 maxlen: 22
77.83.8.0/22 maxlen: 22
77.83.16.0/22 maxlen: 22
78.136.196.0/22 maxlen: 22
78.136.200.0/21 maxlen: 21
78.153.137.0/24 maxlen: 24
78.153.138.0/24 maxlen: 24
78.153.147.0/24 maxlen: 24
83.171.252.0/22 maxlen: 22
83.172.60.0/22 maxlen: 22
85.115.200.0/22 maxlen: 22
89.107.136.0/22 maxlen: 22
91.103.110.0/23 maxlen: 23
94.126.24.0/21 maxlen: 24
94.126.30.0/24 maxlen: 24
109.94.220.0/22 maxlen: 22
109.236.52.0/22 maxlen: 22
109.237.104.0/24 maxlen: 24
178.34.152.0/21 maxlen: 21
178.34.176.0/20 maxlen: 20
178.173.124.0/22 maxlen: 22
185.64.44.0/22 maxlen: 22
188.119.76.0/22 maxlen: 22
188.124.224.0/21 maxlen: 21
188.124.248.0/21 maxlen: 21
193.47.44.0/22 maxlen: 22
193.56.64.0/22 maxlen: 22
193.56.72.0/22 maxlen: 22
193.148.52.0/22 maxlen: 22
217.197.172.0/22 maxlen: 22
2a04:f800::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 24 Mar 2025 09:51:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:27:e6:59:e9:88:71:2e:e7:45:0f:98:b6:e2:44:e5:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=addd2a815060aa7e621a2094349758b2036896f0
Validity
Not Before: Feb 21 09:46:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=317666f16c58ae0b574cc9e78310c98ff6e921bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:2d:1a:41:cd:bb:6a:e2:3d:e9:13:61:ba:4d:
ae:d0:2c:55:ad:6f:aa:de:b2:5d:c0:69:2c:0f:23:
06:9a:26:d1:48:9a:1a:ee:e5:12:64:46:1c:1f:ba:
80:e8:9b:25:8d:a2:20:48:7f:29:89:d7:c5:27:29:
20:91:78:62:5c:43:30:eb:74:bc:fe:40:02:46:97:
14:5b:ff:4e:42:f6:55:a1:ab:73:4c:f9:c0:b7:6a:
0e:b2:7f:f2:fc:b3:ed:fb:f3:56:81:c4:9b:3c:de:
c5:f4:ff:1b:47:8c:84:2f:cc:dc:04:d5:ea:36:f6:
d9:87:24:c6:b8:f9:b1:52:9d:50:fa:87:86:7d:21:
d3:5f:15:df:31:7e:3c:47:85:69:22:85:d2:3c:57:
3e:0d:71:12:89:0a:85:a9:28:8e:07:60:72:7c:36:
6b:76:5b:ad:6d:b5:a9:d8:fe:63:d2:58:8e:19:7c:
e5:19:b7:29:da:cb:3e:04:23:cd:6e:76:2b:c0:0a:
dd:d9:82:e7:2e:20:49:f8:e5:c8:e4:95:99:9f:85:
27:88:5e:f9:d8:df:92:60:f2:71:18:0e:ba:a3:10:
23:4d:65:65:2e:51:ec:ec:f2:71:05:41:f4:d2:2d:
33:05:7a:e9:8c:5c:1e:23:a7:d9:d1:6b:59:d5:2c:
32:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:76:66:F1:6C:58:AE:0B:57:4C:C9:E7:83:10:C9:8F:F6:E9:21:BD
X509v3 Authority Key Identifier:
keyid:AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/MXZm8WxYrgtXTMnngxDJj_bpIb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.51.0/24
31.40.208.0/22
31.40.252.0/22
37.44.252.0/22
77.83.8.0/22
77.83.16.0/22
78.136.196.0-78.136.207.255
78.153.137.0-78.153.138.255
78.153.147.0/24
83.171.252.0/22
83.172.60.0/22
85.115.200.0/22
89.107.136.0/22
91.103.110.0/23
94.126.24.0/21
109.94.220.0/22
109.236.52.0/22
109.237.104.0/24
178.34.152.0/21
178.34.176.0/20
178.173.124.0/22
185.64.44.0/22
188.119.76.0/22
188.124.224.0/21
188.124.248.0/21
193.47.44.0/22
193.56.64.0/22
193.56.72.0/22
193.148.52.0/22
217.197.172.0/22
IPv6:
2a04:f800::/29
Signature Algorithm: sha256WithRSAEncryption
48:38:57:58:91:6f:41:8e:11:1e:c8:30:e7:a8:f2:50:2e:89:
de:0d:5c:03:3d:b9:9a:18:a6:35:64:99:32:2e:dd:07:f2:42:
a5:f5:dc:0f:31:e9:7e:dc:c0:26:a3:8f:27:bb:7d:69:41:8d:
b6:7b:1d:05:65:58:32:00:85:2b:10:1a:80:19:f0:25:b6:98:
5a:af:9c:81:72:66:af:d0:57:ad:32:fe:a8:17:96:50:88:be:
84:ad:80:93:f3:c5:df:5a:ee:6b:d9:f5:74:7f:c1:22:d6:48:
0b:e8:21:56:2e:01:6e:74:97:04:b8:7f:8b:0f:5a:e6:88:48:
58:2f:33:b8:bb:57:ad:1f:1f:81:10:ca:80:02:b6:6a:d9:7e:
59:f5:82:8d:6a:9e:84:17:e8:4c:33:81:3e:9a:9b:71:2b:28:
1d:32:62:77:ea:61:9d:c6:d9:39:36:d0:05:84:3d:24:19:1c:
e8:1f:7e:58:93:e1:26:ca:84:71:84:f7:fe:e7:09:c8:78:d9:
6d:78:86:7b:d7:d8:2c:90:be:85:fb:3a:09:37:75:c3:4d:c5:
7e:cf:c8:fc:5e:78:86:b1:8c:b9:5b:c8:91:71:d8:e1:a7:15:
07:c1:ae:ac:76:5c:92:f7:46:0d:39:df:88:75:05:00:bc:47:
3a:82:08:7a
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgISAZUn5lnpiHEu50UPmLbiROV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZGQyYTgxNTA2MGFhN2U2MjFhMjA5NDM0OTc1OGIyMDM2
ODk2ZjAwHhcNMjUwMjIxMDk0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc2NjZmMTZjNThhZTBiNTc0Y2M5ZTc4MzEwYzk4ZmY2ZTkyMWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjS0aQc27auI96RNhuk2u0CxVrW+q
3rJdwGksDyMGmibRSJoa7uUSZEYcH7qA6JsljaIgSH8pidfFJykgkXhiXEMw63S8
/kACRpcUW/9OQvZVoatzTPnAt2oOsn/y/LPt+/NWgcSbPN7F9P8bR4yEL8zcBNXq
NvbZhyTGuPmxUp1Q+oeGfSHTXxXfMX48R4VpIoXSPFc+DXESiQqFqSiOB2ByfDZr
dlutbbWp2P5j0liOGXzlGbcp2ss+BCPNbnYrwArd2YLnLiBJ+OXI5JWZn4UniF75
2N+SYPJxGA66oxAjTWVlLlHs7PJxBUH00i0zBXrpjFweI6fZ0WtZ1SwycwIDAQAB
o4IC2zCCAtcwHQYDVR0OBBYEFDF2ZvFsWK4LV0zJ54MQyY/26SG9MB8GA1UdIwQY
MBaAFK3dKoFQYKp+YhoglDSXWLIDaJbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYt
OGEwZDBiZjBiNTc3LzEvTVhabThXeFlyZ3RYVE1ubmd4REpqX2JwSWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYtOGEwZDBiZjBiNTc3
LzEvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHwBggrBgEFBQcBBwEB/wSB4DCB3TCBywQCAAEwgcQDBAAC
OzMDBAIfKNADBAIfKPwDBAIlLPwDBAJNUwgDBAJNUxAwDAMEAk6IxAMEBE6IwDAM
AwQATpmJAwQATpmKAwQATpmTAwQCU6v8AwQCU6w8AwQCVXPIAwQCWWuIAwQBW2du
AwQDXn4YAwQCbV7cAwQCbew0AwQAbe1oAwQDsiKYAwQEsiKwAwQCsq18AwQCuUAs
AwQCvHdMAwQDvHzgAwQDvHz4AwQCwS8sAwQCwThAAwQCwThIAwQCwZQ0AwQC2cWs
MA0EAgACMAcDBQMqBPgAMA0GCSqGSIb3DQEBCwUAA4IBAQBIOFdYkW9BjhEeyDDn
qPJQLoneDVwDPbmaGKY1ZJkyLt0H8kKl9dwPMel+3MAmo48nu31pQY22ex0FZVgy
AIUrEBqAGfAltphar5yBcmav0FetMv6oF5ZQiL6ErYCT88XfWu5r2fV0f8Ei1kgL
6CFWLgFudJcEuH+LD1rmiEhYLzO4u1etHx+BEMqAArZq2X5Z9YKNap6EF+hMM4E+
mptxKygdMmJ36mGdxtk5NtAFhD0kGRzoH35Yk+EmyoRxhPf+5wnIeNlteIZ719gs
kL6F+zoJN3XDTcV+z8j8XniGsYy5W8iRcdjhpxUHwa6sdlyS90YNOd+IdQUAvEc6
ggh6
-----END CERTIFICATE-----
Generated at Tue Apr 29 09:36:41 2025 by rpki-client