Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/3LA3tQ6ONYpg5ZrE5e3R7O2HPpk.roa
File: 3LA3tQ6ONYpg5ZrE5e3R7O2HPpk.roa (raw, json)
Hash identifier: R2kNcnQkHsXk23CQmsYuIoZNNdqxJSQ1LsZka5gS/L8=
Subject key identifier: DC:B0:37:B5:0E:8E:35:8A:60:E5:9A:C4:E5:ED:D1:EC:ED:87:3E:99
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01965C5361DB37D048C8AE8F13B981C9A78B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/3LA3tQ6ONYpg5ZrE5e3R7O2HPpk.roa
Signing time: Tue 22 Apr 2025 07:08:10 +0000
ROA not before: Tue 22 Apr 2025 07:08:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 83.137.154.0/24 maxlen: 24
88.151.56.0/23 maxlen: 24
88.209.201.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
Validation: Failed, certificate revoked on Fri 25 Apr 2025 06:05:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5c:53:61:db:37:d0:48:c8:ae:8f:13:b9:81:c9:a7:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Apr 22 07:08:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dcb037b50e8e358a60e59ac4e5edd1eced873e99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:10:2e:0a:f6:7c:47:42:62:29:1b:75:32:4d:
f9:4e:11:cc:6c:67:24:d7:41:34:a5:40:ce:0a:51:
0a:6a:75:a8:29:82:9f:3a:b0:03:d0:a5:f9:fb:79:
fc:91:c3:de:87:3e:22:4c:ad:b7:82:47:86:ba:5d:
b7:97:f8:76:94:2d:32:61:20:07:72:d6:02:42:00:
3a:96:09:da:e7:2c:cb:25:2e:d9:65:cc:bd:40:f1:
a0:4f:25:93:9f:06:84:ed:b3:dd:2f:6e:3a:f0:27:
69:3b:d7:ae:df:62:2c:6c:bb:f7:d1:b8:24:a4:68:
87:ed:98:50:88:1a:f2:ec:9c:19:ed:50:07:d7:78:
b0:b4:bd:80:42:5d:10:4c:5b:c3:a0:c9:5f:d9:1a:
b8:02:f6:8a:7f:03:3e:1a:08:02:fd:bd:15:03:c5:
40:13:a7:51:15:8f:34:12:a4:57:d3:a1:e4:ee:d2:
77:89:04:ec:1b:90:18:67:6a:72:bc:b9:3f:ad:e8:
3a:14:d5:81:81:62:56:c6:b3:59:ca:1f:d7:34:71:
35:b2:c1:5e:c0:70:cb:6a:91:7d:ef:bc:fb:af:c4:
2a:d0:f4:24:b0:a1:30:a8:a6:ac:7d:7b:21:31:64:
b3:0d:54:85:bb:c6:59:b3:bb:38:e2:14:30:0f:c0:
bf:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:B0:37:B5:0E:8E:35:8A:60:E5:9A:C4:E5:ED:D1:EC:ED:87:3E:99
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/3LA3tQ6ONYpg5ZrE5e3R7O2HPpk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.154.0/24
88.151.56.0/23
88.209.201.0/24
88.209.232.0/22
Signature Algorithm: sha256WithRSAEncryption
a3:fd:f4:5d:84:bc:85:a9:76:55:90:0c:30:8a:4f:c1:d9:c2:
b2:f0:5e:ab:fd:b5:ab:3d:36:bf:c6:6b:ab:18:78:7e:ab:2b:
3d:7c:db:0d:39:11:0d:c2:da:08:59:a9:36:63:4b:61:a9:aa:
52:57:8a:47:0e:51:41:69:44:86:82:16:be:58:0b:a7:0b:1c:
3d:b9:44:6c:77:d1:38:12:95:d5:cd:75:f2:5b:c5:35:04:1d:
e6:d3:20:15:9d:72:42:f7:c2:8c:d3:84:19:ec:b1:33:bc:88:
bd:f5:bc:3a:82:cf:e0:a0:45:99:4a:5c:04:3f:8a:88:ef:c1:
71:8a:b4:98:f3:d7:56:b4:bb:b1:3d:ef:a5:da:8b:ea:a4:a9:
32:ee:e0:a3:97:f8:c1:ce:53:b6:cc:1f:8d:69:6c:ba:3d:59:
8b:70:69:db:9f:51:8b:89:18:9c:97:99:5a:a6:52:bc:b4:db:
b7:01:ef:b0:9b:8f:08:e6:80:14:25:d1:c7:b9:a4:7b:31:e1:
68:a4:78:d4:19:9e:63:dd:12:30:bf:13:23:cd:39:ec:e3:91:
db:67:ca:7e:ee:bf:4c:01:3a:cf:40:3e:ac:4e:fb:40:69:6e:
e0:20:fa:09:74:3e:dc:93:17:e0:a4:90:33:33:35:9d:48:a9:
fe:a2:d5:74
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZZcU2HbN9BIyK6PE7mByaeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNDIyMDcwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IwMzdiNTBlOGUzNThhNjBlNTlhYzRlNWVkZDFlY2VkODczZTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRAuCvZ8R0JiKRt1Mk35ThHMbGck
10E0pUDOClEKanWoKYKfOrAD0KX5+3n8kcPehz4iTK23gkeGul23l/h2lC0yYSAH
ctYCQgA6lgna5yzLJS7ZZcy9QPGgTyWTnwaE7bPdL2468CdpO9eu32IsbLv30bgk
pGiH7ZhQiBry7JwZ7VAH13iwtL2AQl0QTFvDoMlf2Rq4AvaKfwM+GggC/b0VA8VA
E6dRFY80EqRX06Hk7tJ3iQTsG5AYZ2pyvLk/reg6FNWBgWJWxrNZyh/XNHE1ssFe
wHDLapF977z7r8Qq0PQksKEwqKasfXshMWSzDVSFu8ZZs7s44hQwD8C/bwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNywN7UOjjWKYOWaxOXt0ezthz6ZMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvM0xBM3RRNk9OWXBnNVpyRTVlM1I3TzJIUHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAU4maAwQB
WJc4AwQAWNHJAwQCWNHoMA0GCSqGSIb3DQEBCwUAA4IBAQCj/fRdhLyFqXZVkAww
ik/B2cKy8F6r/bWrPTa/xmurGHh+qys9fNsNORENwtoIWak2Y0thqapSV4pHDlFB
aUSGgha+WAunCxw9uURsd9E4EpXVzXXyW8U1BB3m0yAVnXJC98KM04QZ7LEzvIi9
9bw6gs/goEWZSlwEP4qI78FxirSY89dWtLuxPe+l2ovqpKky7uCjl/jBzlO2zB+N
aWy6PVmLcGnbn1GLiRicl5laplK8tNu3Ae+wm48I5oAUJdHHuaR7MeFopHjUGZ5j
3RIwvxMjzTns45HbZ8p+7r9MATrPQD6sTvtAaW7gIPoJdD7ckxfgpJAzMzWdSKn+
otV0
-----END CERTIFICATE-----
Generated at Sat May 3 12:37:52 2025 by rpki-client