Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XRX-CE07LnHPGeFmSrxeY-FYGrY.roa
File: XRX-CE07LnHPGeFmSrxeY-FYGrY.roa (raw, json)
Hash identifier: 3uO9SCVQmPqSe9UwQVDxbDwI6RkqcG5eZ8i8XvfX50o=
Subject key identifier: 5D:15:FE:08:4D:3B:2E:71:CF:19:E1:66:4A:BC:5E:63:E1:58:1A:B6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0198744B0482D9C517B6E5992FE21CEB9239
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XRX-CE07LnHPGeFmSrxeY-FYGrY.roa
Signing time: Mon 04 Aug 2025 08:55:30 +0000
ROA not before: Mon 04 Aug 2025 08:55:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
82.115.211.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.20.0/23 maxlen: 23
87.121.22.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.88.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.96.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 04 Aug 2025 11:30:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:74:4b:04:82:d9:c5:17:b6:e5:99:2f:e2:1c:eb:92:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 4 08:55:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d15fe084d3b2e71cf19e1664abc5e63e1581ab6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:d5:0d:e8:ac:3b:bb:dc:37:8b:60:45:59:02:
06:92:2c:c6:4e:30:96:fb:3a:d8:26:b2:f9:a7:3d:
31:32:b8:0e:5a:e1:67:ba:94:51:29:6d:62:6e:f1:
c0:01:7d:58:73:2a:5b:3e:98:63:e9:83:79:ad:53:
97:47:be:66:85:66:cf:75:b5:c9:f9:29:eb:9f:1f:
a5:1e:ec:1f:69:3d:56:87:56:11:90:e3:89:ff:e6:
b7:7c:03:3c:ad:d5:1b:33:9a:1a:81:1d:06:f9:be:
d5:d2:f8:f9:83:36:c6:18:39:46:47:95:63:44:83:
1d:8c:9e:e4:e0:43:52:3e:ad:bb:ef:de:eb:e2:c0:
73:46:7e:b3:3f:04:e0:67:54:14:b4:b0:e9:64:3e:
da:89:fd:38:48:94:00:44:11:88:33:4c:16:1c:a4:
a6:a6:f4:aa:e1:f3:d8:06:57:8b:57:6f:54:5c:ac:
38:be:ed:ba:f6:56:52:8c:7f:ae:64:58:ab:83:58:
f7:9f:57:77:ec:49:79:03:ff:e5:5a:f3:26:f4:c8:
a3:d0:dc:a1:02:d4:a9:ab:67:57:4c:46:16:ee:03:
74:eb:41:4e:25:1c:c6:bc:94:48:ac:2f:5a:1c:16:
2d:5d:17:4b:cb:ab:89:13:57:59:37:c3:a4:c4:d3:
07:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:15:FE:08:4D:3B:2E:71:CF:19:E1:66:4A:BC:5E:63:E1:58:1A:B6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XRX-CE07LnHPGeFmSrxeY-FYGrY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
81.161.238.0/24
82.115.211.0/24
83.219.97.0/24
84.54.48.0/24
85.217.128.0/24
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.121.20.0-87.121.22.255
87.121.45.0/24
87.121.87.0-87.121.88.255
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.47.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.162.0/23
94.156.64.0/22
94.156.239.0/24
141.98.6.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
193.222.96.0/24
193.222.98.0/24
194.55.186.0/24
194.169.175.0/24
195.178.111.0/24
Signature Algorithm: sha256WithRSAEncryption
39:89:36:8c:82:b1:c5:c9:de:a8:6d:48:36:20:77:10:6d:cc:
4b:57:b5:15:36:bd:d5:03:bd:c3:65:c4:96:15:ab:73:5b:1a:
4f:fe:7d:5a:21:bd:86:88:96:ed:31:b6:ae:d1:dd:8c:b1:f1:
65:1e:9e:d3:0b:88:48:3b:8a:1e:6a:02:3d:dd:b9:7d:d4:7b:
1e:ff:a3:ea:17:f7:06:15:10:32:09:2a:2c:4f:d4:ed:c5:d0:
d7:e1:a2:d9:9b:63:81:22:6f:f5:c1:1e:90:63:22:f7:7c:30:
dc:77:1e:ab:5a:1c:21:70:ca:d7:d0:89:6d:85:12:5a:d4:6c:
a1:bc:85:ba:0b:56:02:40:6d:9b:ff:4c:97:15:b7:74:c2:61:
bd:b0:f7:30:7f:f5:9f:5d:fe:67:39:32:8a:96:59:c2:8a:0c:
e0:c9:29:ab:17:8c:e1:7a:5e:65:b0:d1:43:46:ac:94:c8:ef:
29:2d:16:2c:64:1a:b5:95:61:5f:17:0e:bb:37:b4:20:be:ca:
1c:9a:24:20:7c:80:db:82:7c:84:0f:7e:42:67:6f:a4:60:95:
4e:16:b2:0a:8d:aa:80:34:3d:19:3c:bf:6a:c9:1d:13:33:ac:
2d:9b:d1:1b:f3:4b:84:c8:c0:77:b1:55:a8:7f:e6:f7:2a:7c:
7f:b2:7d:0f
-----BEGIN CERTIFICATE-----
MIIGJzCCBQ+gAwIBAgISAZh0SwSC2cUXtuWZL+Ic65I5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwODA0MDg1NTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDE1ZmUwODRkM2IyZTcxY2YxOWUxNjY0YWJjNWU2M2UxNTgxYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NUN6Kw7u9w3i2BFWQIGkizGTjCW
+zrYJrL5pz0xMrgOWuFnupRRKW1ibvHAAX1YcypbPphj6YN5rVOXR75mhWbPdbXJ
+Snrnx+lHuwfaT1Wh1YRkOOJ/+a3fAM8rdUbM5oagR0G+b7V0vj5gzbGGDlGR5Vj
RIMdjJ7k4ENSPq27797r4sBzRn6zPwTgZ1QUtLDpZD7aif04SJQARBGIM0wWHKSm
pvSq4fPYBleLV29UXKw4vu269lZSjH+uZFirg1j3n1d37El5A//lWvMm9Mij0Nyh
AtSpq2dXTEYW7gN060FOJRzGvJRIrC9aHBYtXRdLy6uJE1dZN8OkxNMH0QIDAQAB
o4IDMzCCAy8wHQYDVR0OBBYEFF0V/ghNOy5xzxnhZkq8XmPhWBq2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWFJYLUNFMDdMbkhQR2VGbVNyeGVZLUZZR3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRwYIKwYBBQUHAQcBAf8EggE2MIIBMjCCAS4EAgABMIIB
JgMEAgX8hAMEAB8N0wMEAC0JnQMEAC1C5AMEAC1C5wMEAC1RJwMEAC1YQAMEAC1Z
9wMEAC1aWQMEAC2LagMEAS2NngMEAFGh7gMEAFJz0wMEAFPbYQMEAFQ2MAMEAFXZ
gAMEAFd4VwMEAFd4fgMEAFd4pjAMAwQCV3kUAwQAV3kWAwQAV3ktMAwDBABXeVcD
BABXeVgDBABXeaUDBARbXPADBAFcd8QDBABc+TIDBABdey8DBABde20DBABde3UD
BABde3cDBABeZ30DBAFemqIDBAJenEADBABenO8DBACNYgYwDAMEAKsWSQMEAqsW
SAMEALLX4wMEArnYVAMEAMEZ2AMEAMEjEgMEAMHeYAMEAMHeYgMEAMI3ugMEAMKp
rwMEAMOybzANBgkqhkiG9w0BAQsFAAOCAQEAOYk2jIKxxcneqG1INiB3EG3MS1e1
FTa91QO9w2XElhWrc1saT/59WiG9hoiW7TG2rtHdjLHxZR6e0wuISDuKHmoCPd25
fdR7Hv+j6hf3BhUQMgkqLE/U7cXQ1+Gi2ZtjgSJv9cEekGMi93ww3Hceq1ocIXDK
19CJbYUSWtRsobyFugtWAkBtm/9MlxW3dMJhvbD3MH/1n13+ZzkyipZZwooM4Mkp
qxeM4XpeZbDRQ0aslMjvKS0WLGQatZVhXxcOuze0IL7KHJokIHyA24J8hA9+Qmdv
pGCVThayCo2qgDQ9GTy/askdEzOsLZvRG/NLhMjAd7FVqH/m9yp8f7J9Dw==
-----END CERTIFICATE-----
Generated at Fri Aug 8 00:41:48 2025 by rpki-client