Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/i-Oun8nz25m0GfglXafg8QGhPP4.roa
File: i-Oun8nz25m0GfglXafg8QGhPP4.roa (raw, json)
Hash identifier: PYvRd0QK7rTFWtQaeBftimUSWpK2R2tRXTVYxZ6SuzM=
Subject key identifier: 8B:E3:AE:9F:C9:F3:DB:99:B4:19:F8:25:5D:A7:E0:F1:01:A1:3C:FE
Certificate issuer: /CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
Certificate serial: 019692C9F29CA000AA7C54C0BA0E784323A9
Authority key identifier: 8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/i-Oun8nz25m0GfglXafg8QGhPP4.roa
Signing time: Fri 02 May 2025 20:57:10 +0000
ROA not before: Fri 02 May 2025 20:57:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206119
IP address blocks: 185.213.169.0/24 maxlen: 24
185.213.171.0/24 maxlen: 24
194.0.207.0/24 maxlen: 24
2a0b:8b41::/32 maxlen: 32
2a0b:8b42::/32 maxlen: 32
2a0b:8b43::/32 maxlen: 32
2a0b:8b44::/32 maxlen: 32
2a0b:8b45::/32 maxlen: 32
2a0b:8b46::/32 maxlen: 32
2a0b:8b47::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 02 May 2025 23:04:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:92:c9:f2:9c:a0:00:aa:7c:54:c0:ba:0e:78:43:23:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
Validity
Not Before: May 2 20:57:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8be3ae9fc9f3db99b419f8255da7e0f101a13cfe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:db:49:f8:2f:5a:5f:b6:69:2d:c5:d0:72:13:
5e:1c:e3:ba:05:f6:e6:eb:ba:8b:19:5c:47:4c:f1:
7a:60:d0:ca:24:8f:48:ba:33:ae:b4:e4:01:47:03:
84:d4:b1:94:43:16:a3:71:85:dc:8b:14:c9:d4:ee:
ff:7d:c4:34:95:b0:65:e9:9d:54:42:4e:bb:f5:e2:
14:6c:31:30:80:b5:07:0f:ff:b6:01:cb:65:0a:6e:
5c:f5:99:7b:74:6b:75:98:1f:42:cf:44:87:47:bf:
92:6f:a7:f2:05:75:8f:50:91:af:f9:fe:5b:a6:09:
c6:8e:9b:35:f8:ed:b3:e4:ec:77:56:bf:fb:94:20:
e7:f8:5e:32:84:d6:b6:d4:8b:e3:86:22:eb:38:68:
21:25:cc:25:a6:e6:59:c9:b5:02:fb:f7:7d:0a:01:
a2:6d:69:17:59:ca:1b:4f:43:6b:83:ed:2d:7d:3d:
7b:bf:88:84:f0:94:42:ac:de:d5:5e:3c:3c:86:7b:
5d:1c:6a:6e:96:f9:1b:5c:11:0a:b9:71:c8:90:2a:
66:8b:4a:93:9f:5a:88:73:30:eb:95:ac:78:59:df:
88:41:a6:e3:8d:18:77:fe:57:7f:95:4c:89:95:cc:
25:9d:4d:3a:c3:51:36:2a:d7:e8:25:37:9b:2d:16:
b9:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:E3:AE:9F:C9:F3:DB:99:B4:19:F8:25:5D:A7:E0:F1:01:A1:3C:FE
X509v3 Authority Key Identifier:
keyid:8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/i-Oun8nz25m0GfglXafg8QGhPP4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.213.169.0/24
185.213.171.0/24
194.0.207.0/24
IPv6:
2a0b:8b41::-2a0b:8b47:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
7a:b7:7b:09:00:e4:e0:3b:5e:5b:db:32:b4:71:dc:14:ce:4d:
00:7b:17:5f:13:be:e9:27:b5:46:51:bb:e3:cc:2e:81:59:19:
df:e9:e6:ec:8a:7c:d6:9e:3f:20:da:f9:6d:cc:4a:76:5d:36:
fc:49:cc:14:28:65:4e:78:d1:56:34:ac:1c:74:99:38:fd:ef:
b1:36:4f:7d:2c:00:30:d5:0a:d1:fa:6b:aa:1d:5a:a5:07:38:
8d:35:d3:68:dc:5a:95:cd:cf:be:0d:49:dd:92:2b:80:e2:8c:
03:e7:1f:cd:42:7d:d9:a2:1e:19:07:0b:05:b6:35:f9:a8:c7:
6d:7a:31:a4:39:dd:b4:e4:aa:12:5c:fe:24:be:41:a4:1f:11:
6a:7a:fe:b0:5a:c9:ac:8c:14:ae:25:93:5b:51:ab:f6:de:51:
32:5e:1c:e5:6e:9c:44:23:de:37:50:48:2b:09:b1:2e:66:9c:
65:04:86:58:42:40:4a:20:eb:02:67:37:39:cf:68:98:d3:2e:
38:54:7a:11:f8:6b:3c:1d:33:a4:07:19:24:3a:0e:4c:38:c1:
5a:68:ef:c5:6f:ee:0a:20:54:ee:d4:8f:a2:3d:32:38:40:f1:
a1:19:ee:59:6c:01:02:bf:d3:65:a5:00:7e:18:0d:cb:6a:ec:
82:d5:77:bb
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZaSyfKcoACqfFTAug54QyOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyMjNjMWYzMzVjMGNjNTY5MzU5ZmEyZGRhMzQ5YTIy
MzZjY2IwHhcNMjUwNTAyMjA1NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmUzYWU5ZmM5ZjNkYjk5YjQxOWY4MjU1ZGE3ZTBmMTAxYTEzY2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9tJ+C9aX7ZpLcXQchNeHOO6Bfbm
67qLGVxHTPF6YNDKJI9IujOutOQBRwOE1LGUQxajcYXcixTJ1O7/fcQ0lbBl6Z1U
Qk679eIUbDEwgLUHD/+2ActlCm5c9Zl7dGt1mB9Cz0SHR7+Sb6fyBXWPUJGv+f5b
pgnGjps1+O2z5Ox3Vr/7lCDn+F4yhNa21IvjhiLrOGghJcwlpuZZybUC+/d9CgGi
bWkXWcobT0Nrg+0tfT17v4iE8JRCrN7VXjw8hntdHGpulvkbXBEKuXHIkCpmi0qT
n1qIczDrlax4Wd+IQabjjRh3/ld/lUyJlcwlnU06w1E2KtfoJTebLRa54wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIvjrp/J89uZtBn4JV2n4PEBoTz+MB8GA1UdIwQY
MBaAFI2JIjwfM1wMxWk1n6Ldo0miI2zLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAt
YTEwMjhlZGE2MzgzLzEvaS1PdW44bnoyNW0wR2ZnbFhhZmc4UUdoUFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAtYTEwMjhlZGE2Mzgz
LzEvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQAudWpAwQA
udWrAwQAwgDPMBYEAgACMBAwDgMFACoLi0EDBQMqC4tAMA0GCSqGSIb3DQEBCwUA
A4IBAQB6t3sJAOTgO15b2zK0cdwUzk0AexdfE77pJ7VGUbvjzC6BWRnf6ebsinzW
nj8g2vltzEp2XTb8ScwUKGVOeNFWNKwcdJk4/e+xNk99LAAw1QrR+muqHVqlBziN
NdNo3FqVzc++DUndkiuA4owD5x/NQn3Zoh4ZBwsFtjX5qMdtejGkOd205KoSXP4k
vkGkHxFqev6wWsmsjBSuJZNbUav23lEyXhzlbpxEI943UEgrCbEuZpxlBIZYQkBK
IOsCZzc5z2iY0y44VHoR+Gs8HTOkBxkkOg5MOMFaaO/Fb+4KIFTu1I+iPTI4QPGh
Ge5ZbAECv9NlpQB+GA3LauyC1Xe7
-----END CERTIFICATE-----
Generated at Tue May 13 04:47:57 2025 by rpki-client