Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/MKBVu2pCivj1mQHtWcMiBwPYJdE.roa
File: MKBVu2pCivj1mQHtWcMiBwPYJdE.roa (raw, json)
Hash identifier: f/m/H35i91O331KWBkE4u+3LshQobWYiBGdA6MeOSGg=
Subject key identifier: 30:A0:55:BB:6A:42:8A:F8:F5:99:01:ED:59:C3:22:07:03:D8:25:D1
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 0196883A64A436AE2C6452B19F19087A3F66
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/MKBVu2pCivj1mQHtWcMiBwPYJdE.roa
Signing time: Wed 30 Apr 2025 19:44:10 +0000
ROA not before: Wed 30 Apr 2025 19:44:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5398
IP address blocks: 31.44.32.0/20 maxlen: 20
31.44.46.0/23 maxlen: 23
45.143.158.0/23 maxlen: 24
46.21.29.0/24 maxlen: 24
185.155.184.0/23 maxlen: 24
193.221.216.0/23 maxlen: 23
193.222.104.0/23 maxlen: 24
193.222.105.0/24 maxlen: 24
2a0f:e880::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 01 May 2025 15:45:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:88:3a:64:a4:36:ae:2c:64:52:b1:9f:19:08:7a:3f:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Apr 30 19:44:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30a055bb6a428af8f59901ed59c3220703d825d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:a9:f2:c9:14:6c:30:cf:90:d7:09:a8:de:9e:
04:d4:bd:2c:76:84:3b:c8:a2:89:99:d8:93:24:f0:
7d:d1:c5:09:cc:b4:92:20:d9:c5:82:ee:7b:f8:b4:
74:b3:88:5b:4e:64:6b:3c:ab:21:1b:a9:34:c6:ae:
84:a2:f6:50:b7:66:8e:1a:7f:40:78:fc:9d:29:d9:
d7:26:7b:e0:b0:b6:91:f3:77:c4:01:f8:cb:24:e8:
df:9d:08:23:a7:09:ed:a8:99:13:f2:82:8d:82:14:
06:d0:94:5e:ca:f0:5f:0b:a3:0f:19:2c:ec:af:84:
8b:0f:55:ec:91:5a:85:ab:39:f8:b0:c8:68:e9:af:
e4:9e:08:a2:ac:d4:8a:6a:25:a5:b5:61:f5:e9:67:
88:69:98:2f:44:f4:40:5d:c7:36:51:50:93:15:b7:
47:0c:42:83:f7:64:88:bb:7d:e5:36:43:65:d2:fd:
6a:24:09:39:6a:1f:2a:af:34:d8:a0:23:4d:c4:a2:
a2:34:e3:86:33:0f:3d:52:e3:1c:ac:bd:d7:ee:43:
27:38:51:8d:e3:88:05:8e:2e:b6:25:1b:0c:2b:0d:
6f:e7:d5:1d:1b:97:a2:5f:b5:2a:b2:07:e9:28:2f:
fb:b9:9c:97:8d:b1:fb:b6:a0:d3:8d:87:da:88:7e:
78:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:A0:55:BB:6A:42:8A:F8:F5:99:01:ED:59:C3:22:07:03:D8:25:D1
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/MKBVu2pCivj1mQHtWcMiBwPYJdE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
45.143.158.0/23
46.21.29.0/24
185.155.184.0/23
193.221.216.0/23
193.222.104.0/23
IPv6:
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
a2:3a:34:8c:c3:2c:56:38:70:b6:f7:6b:89:a5:f3:1d:d3:36:
43:26:96:98:c5:b1:68:43:f9:fe:0b:0c:d1:b4:df:ce:65:c6:
44:d9:83:8e:9f:d9:f2:51:1e:33:c4:e7:03:e8:da:c7:e8:8e:
77:6a:42:f4:39:c5:35:99:f8:9b:d0:79:7e:2a:2a:a5:88:95:
9f:93:2d:82:39:c6:b5:ec:46:95:9f:9a:8d:d6:6c:47:44:ca:
4d:05:16:9b:a8:f0:66:aa:f4:89:aa:28:72:95:ec:cd:b0:a4:
b8:4c:fc:08:cd:b1:18:f7:d9:3a:f4:73:d2:e1:a3:cd:d7:40:
c0:88:9c:65:23:95:e7:34:0e:d6:a3:4d:46:ec:8a:81:de:04:
ae:56:16:d9:80:9e:08:4e:c3:f5:d9:7c:3d:05:0f:9f:27:8f:
5c:50:70:93:2b:44:f7:1a:92:a3:16:da:c0:87:eb:2a:09:4d:
57:14:ce:96:d5:43:8a:53:fc:54:62:b7:44:66:3e:38:02:87:
6c:1e:fa:61:eb:d5:e4:74:5b:02:b1:21:4f:7a:79:08:ef:e0:
d7:e2:55:a3:9e:e4:fe:01:16:2d:8a:df:b9:9e:1c:fa:2d:98:
0e:52:fe:0a:a2:d4:d5:50:67:73:39:e9:f0:ad:a0:4c:10:a0:
92:60:cd:1d
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZaIOmSkNq4sZFKxnxkIej9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjUwNDMwMTk0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGEwNTViYjZhNDI4YWY4ZjU5OTAxZWQ1OWMzMjIwNzAzZDgyNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAranyyRRsMM+Q1wmo3p4E1L0sdoQ7
yKKJmdiTJPB90cUJzLSSINnFgu57+LR0s4hbTmRrPKshG6k0xq6EovZQt2aOGn9A
ePydKdnXJnvgsLaR83fEAfjLJOjfnQgjpwntqJkT8oKNghQG0JReyvBfC6MPGSzs
r4SLD1XskVqFqzn4sMho6a/kngiirNSKaiWltWH16WeIaZgvRPRAXcc2UVCTFbdH
DEKD92SIu33lNkNl0v1qJAk5ah8qrzTYoCNNxKKiNOOGMw89UuMcrL3X7kMnOFGN
44gFji62JRsMKw1v59UdG5eiX7UqsgfpKC/7uZyXjbH7tqDTjYfaiH54pwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDCgVbtqQor49ZkB7VnDIgcD2CXRMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvTUtCVnUycENpdmoxbVFIdFdjTWlCd1BZSmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEHywgAwQB
LY+eAwQALhUdAwQBuZu4AwQBwd3YAwQBwd5oMA0EAgACMAcDBQMqD+iAMA0GCSqG
SIb3DQEBCwUAA4IBAQCiOjSMwyxWOHC292uJpfMd0zZDJpaYxbFoQ/n+CwzRtN/O
ZcZE2YOOn9nyUR4zxOcD6NrH6I53akL0OcU1mfib0Hl+KiqliJWfky2COca17EaV
n5qN1mxHRMpNBRabqPBmqvSJqihylezNsKS4TPwIzbEY99k69HPS4aPN10DAiJxl
I5XnNA7Wo01G7IqB3gSuVhbZgJ4ITsP12Xw9BQ+fJ49cUHCTK0T3GpKjFtrAh+sq
CU1XFM6W1UOKU/xUYrdEZj44AodsHvph69XkdFsCsSFPenkI7+DX4lWjnuT+ARYt
it+5nhz6LZgOUv4KotTVUGdzOenwraBMEKCSYM0d
-----END CERTIFICATE-----
Generated at Sun May 11 08:49:00 2025 by rpki-client