Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/tM0qJVGbPf8j2KObCoSlqju8uPY.roa
File: tM0qJVGbPf8j2KObCoSlqju8uPY.roa (raw, json)
Hash identifier: H/IscFuXV9HGdZRczNAW1OUdJTGO2nd1iJBF7HN9ZPk=
Subject key identifier: B4:CD:2A:25:51:9B:3D:FF:23:D8:A3:9B:0A:84:A5:AA:3B:BC:B8:F6
Certificate issuer: /CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Certificate serial: 0195B80E2610A73841029797C575DA273AF2
Authority key identifier: 34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/tM0qJVGbPf8j2KObCoSlqju8uPY.roa
Signing time: Fri 21 Mar 2025 09:34:49 +0000
ROA not before: Fri 21 Mar 2025 09:34:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25540
IP address blocks: 45.81.212.0/22 maxlen: 22
77.81.49.0/24 maxlen: 24
83.172.137.0/24 maxlen: 24
83.172.142.0/23 maxlen: 23
83.172.149.0/24 maxlen: 24
83.172.152.0/24 maxlen: 24
83.172.154.0/23 maxlen: 23
83.172.156.0/23 maxlen: 23
83.172.158.0/24 maxlen: 24
83.172.166.0/23 maxlen: 23
83.172.168.0/24 maxlen: 24
83.172.170.0/23 maxlen: 23
83.172.184.0/23 maxlen: 23
83.172.187.0/24 maxlen: 24
83.172.190.0/24 maxlen: 24
83.172.191.0/24 maxlen: 24
89.37.107.0/24 maxlen: 24
93.114.176.0/22 maxlen: 22
94.177.28.0/24 maxlen: 24
94.177.144.0/24 maxlen: 24
130.93.0.0/17 maxlen: 24
130.93.0.0/24 maxlen: 24
130.93.128.0/18 maxlen: 22
130.93.128.0/19 maxlen: 19
130.93.160.0/20 maxlen: 20
130.93.176.0/22 maxlen: 22
185.9.248.0/22 maxlen: 22
185.12.0.0/22 maxlen: 22
185.120.176.0/22 maxlen: 22
185.122.160.0/22 maxlen: 22
185.133.128.0/22 maxlen: 22
185.137.72.0/22 maxlen: 22
185.153.172.0/22 maxlen: 22
193.84.89.0/24 maxlen: 24
195.68.224.0/22 maxlen: 22
2a02:ec00::/29 maxlen: 29
2a0e:4180::/29 maxlen: 29
Validation: Failed, certificate revoked on Fri 21 Mar 2025 15:40:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b8:0e:26:10:a7:38:41:02:97:97:c5:75:da:27:3a:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=345fb3feb15c03c4d34d9ff444d9ad7e30067208
Validity
Not Before: Mar 21 09:34:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b4cd2a25519b3dff23d8a39b0a84a5aa3bbcb8f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:5d:19:4e:54:aa:b7:a7:0c:12:c0:b8:07:55:
33:59:c0:64:be:ac:d1:08:fe:47:d5:dd:9a:4f:28:
a2:1b:81:36:3a:81:21:55:6a:37:10:11:81:b1:8c:
86:e9:2b:aa:57:cc:10:8c:73:58:c2:e4:aa:05:9b:
ce:65:71:c7:d2:bc:5d:0c:d7:ca:dd:f4:b6:91:c0:
8d:10:7a:2f:36:89:d5:c6:91:e8:66:61:4f:e6:48:
66:d2:3f:ab:42:93:e7:75:5f:43:0b:ca:00:4c:d3:
cd:53:85:3f:b5:31:71:3e:8f:b0:0c:a6:d3:16:2f:
20:3d:a5:de:f5:dd:7a:92:0c:92:cf:ac:c6:dd:02:
a3:88:5f:5d:c9:95:5b:1c:b2:a0:0a:64:b7:75:56:
26:70:87:ad:eb:80:cc:e9:fc:37:ee:09:ba:72:6d:
6b:70:92:c5:d5:a6:b6:73:f6:71:8f:00:ac:7d:f0:
e4:9f:2e:d9:f3:e0:10:5f:af:b7:9e:93:07:e5:de:
53:7b:cb:fc:02:0b:86:89:4c:47:16:fa:9f:a6:74:
15:9b:2f:37:44:47:ec:57:d8:39:6e:c4:21:30:dd:
e0:8b:34:79:2d:cd:77:c6:6e:b3:b1:f8:83:44:9d:
08:1a:05:47:08:9b:c4:9a:60:43:2c:d5:54:34:57:
20:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:CD:2A:25:51:9B:3D:FF:23:D8:A3:9B:0A:84:A5:AA:3B:BC:B8:F6
X509v3 Authority Key Identifier:
keyid:34:5F:B3:FE:B1:5C:03:C4:D3:4D:9F:F4:44:D9:AD:7E:30:06:72:08
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/tM0qJVGbPf8j2KObCoSlqju8uPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a442c5-d14f-429f-a515-bc54b1211b60/1/NF-z_rFcA8TTTZ_0RNmtfjAGcgg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.212.0/22
77.81.49.0/24
83.172.137.0/24
83.172.142.0/23
83.172.149.0/24
83.172.152.0/24
83.172.154.0-83.172.158.255
83.172.166.0-83.172.168.255
83.172.170.0/23
83.172.184.0/23
83.172.187.0/24
83.172.190.0/23
89.37.107.0/24
93.114.176.0/22
94.177.28.0/24
94.177.144.0/24
130.93.0.0-130.93.191.255
185.9.248.0/22
185.12.0.0/22
185.120.176.0/22
185.122.160.0/22
185.133.128.0/22
185.137.72.0/22
185.153.172.0/22
193.84.89.0/24
195.68.224.0/22
IPv6:
2a02:ec00::/29
2a0e:4180::/29
Signature Algorithm: sha256WithRSAEncryption
60:cc:a8:74:ac:58:00:1d:49:db:8f:16:5d:c8:88:0b:49:34:
08:b0:db:60:05:9b:4d:43:53:ad:62:68:51:12:bc:5a:8b:07:
dc:39:46:e1:c3:16:8d:0c:29:80:05:6f:2f:d5:40:24:30:fe:
3a:5e:1e:f8:d9:f9:4a:51:23:de:9b:0e:81:2d:b7:c6:b8:7f:
b2:1d:d2:da:d3:14:6b:e7:2c:f5:c6:f2:6c:3a:1d:f9:0c:19:
db:6d:a7:4e:b3:63:81:64:03:cb:98:c6:c5:49:3b:d9:25:a1:
2d:77:1c:68:87:39:6d:0c:a5:8e:63:01:58:57:31:94:5c:e3:
78:08:74:ab:ac:92:fe:e4:41:c7:67:ee:76:2d:c4:7d:da:f8:
1b:de:b5:99:17:f2:68:6f:60:d5:37:a5:06:67:7f:ae:cd:4f:
00:f2:d1:b3:f4:8c:9c:eb:4f:e6:0f:df:f4:19:84:cf:cc:31:
e5:ba:df:91:fc:18:9c:fe:76:7f:13:52:bf:12:c2:52:72:25:
15:58:6b:7c:63:52:25:4a:c6:f8:cd:c0:ce:0e:29:e7:32:8c:
ac:52:a0:98:bd:80:02:52:32:d6:eb:af:58:0a:ef:f0:45:d3:
2c:bb:e9:32:c2:70:7b:c1:46:95:a4:a4:4f:aa:ad:01:15:2a:
ff:dd:7f:20
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgISAZW4DiYQpzhBApeXxXXaJzryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NWZiM2ZlYjE1YzAzYzRkMzRkOWZmNDQ0ZDlhZDdlMzAw
NjcyMDgwHhcNMjUwMzIxMDkzNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGNkMmEyNTUxOWIzZGZmMjNkOGEzOWIwYTg0YTVhYTNiYmNiOGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV0ZTlSqt6cMEsC4B1UzWcBkvqzR
CP5H1d2aTyiiG4E2OoEhVWo3EBGBsYyG6SuqV8wQjHNYwuSqBZvOZXHH0rxdDNfK
3fS2kcCNEHovNonVxpHoZmFP5khm0j+rQpPndV9DC8oATNPNU4U/tTFxPo+wDKbT
Fi8gPaXe9d16kgySz6zG3QKjiF9dyZVbHLKgCmS3dVYmcIet64DM6fw37gm6cm1r
cJLF1aa2c/ZxjwCsffDkny7Z8+AQX6+3npMH5d5Te8v8AguGiUxHFvqfpnQVmy83
REfsV9g5bsQhMN3gizR5Lc13xm6zsfiDRJ0IGgVHCJvEmmBDLNVUNFcg7QIDAQAB
o4IC0TCCAs0wHQYDVR0OBBYEFLTNKiVRmz3/I9ijmwqEpao7vLj2MB8GA1UdIwQY
MBaAFDRfs/6xXAPE002f9ETZrX4wBnIIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUt
YmM1NGIxMjExYjYwLzEvdE0wcUpWR2JQZjhqMktPYkNvU2xxanU4dVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hNDQyYzUtZDE0Zi00MjlmLWE1MTUtYmM1NGIxMjExYjYw
LzEvTkYtel9yRmNBOFRUVFpfMFJObXRmakFHY2dnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHmBggrBgEFBQcBBwEB/wSB1jCB0zCBugQCAAEwgbMDBAIt
UdQDBABNUTEDBABTrIkDBAFTrI4DBABTrJUDBABTrJgwDAMEAVOsmgMEAFOsnjAM
AwQBU6ymAwQAU6yoAwQBU6yqAwQBU6y4AwQAU6y7AwQBU6y+AwQAWSVrAwQCXXKw
AwQAXrEcAwQAXrGQMAsDAwCCXQMEBoJdgAMEArkJ+AMEArkMAAMEArl4sAMEArl6
oAMEArmFgAMEArmJSAMEArmZrAMEAMFUWQMEAsNE4DAUBAIAAjAOAwUDKgLsAAMF
AyoOQYAwDQYJKoZIhvcNAQELBQADggEBAGDMqHSsWAAdSduPFl3IiAtJNAiw22AF
m01DU61iaFESvFqLB9w5RuHDFo0MKYAFby/VQCQw/jpeHvjZ+UpRI96bDoEtt8a4
f7Id0trTFGvnLPXG8mw6HfkMGdttp06zY4FkA8uYxsVJO9kloS13HGiHOW0MpY5j
AVhXMZRc43gIdKuskv7kQcdn7nYtxH3a+BvetZkX8mhvYNU3pQZnf67NTwDy0bP0
jJzrT+YP3/QZhM/MMeW635H8GJz+dn8TUr8SwlJyJRVYa3xjUiVKxvjNwM4OKecy
jKxSoJi9gAJSMtbrr1gK7/BF0yy76TLCcHvBRpWkpE+qrQEVKv/dfyA=
-----END CERTIFICATE-----
Generated at Tue May 6 17:23:23 2025 by rpki-client