Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fQcAifEULbTr-qENjNe2YtuLrFo.roa
File: fQcAifEULbTr-qENjNe2YtuLrFo.roa (raw, json)
Hash identifier: ubv5NUtYZwerhMbTJfEapH8cV0NlXLTk1fA0uiI7eYg=
Subject key identifier: 7D:07:00:89:F1:14:2D:B4:EB:FA:A1:0D:8C:D7:B6:62:DB:8B:AC:5A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195F12B209C39C5BBF6FF1A7851AC0C641B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fQcAifEULbTr-qENjNe2YtuLrFo.roa
Signing time: Tue 01 Apr 2025 11:44:50 +0000
ROA not before: Tue 01 Apr 2025 11:44:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 87.120.68.0/23 maxlen: 24
87.121.60.0/24 maxlen: 24
87.121.61.0/24 maxlen: 24
93.123.74.0/23 maxlen: 24
93.123.118.0/24 maxlen: 24
185.252.160.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Apr 2025 20:02:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f1:2b:20:9c:39:c5:bb:f6:ff:1a:78:51:ac:0c:64:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 1 11:44:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7d070089f1142db4ebfaa10d8cd7b662db8bac5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:34:79:6f:b9:5b:a7:5c:21:fe:42:d9:37:c4:
38:e3:52:9b:50:fc:5a:d8:19:8e:bc:7d:ad:68:8f:
04:7c:1b:42:a3:88:d8:05:04:6d:8c:60:0c:6c:88:
d5:15:7b:fe:1b:2f:7c:f4:c4:3b:13:ff:49:fb:23:
8b:2b:98:e6:97:a6:10:e5:93:74:26:39:80:ea:cf:
07:de:29:75:ae:06:5a:0c:37:6e:58:b2:72:10:a6:
ea:03:00:80:16:98:e4:31:e9:46:76:23:d1:3c:d7:
a0:e1:d5:30:dc:ce:b7:7b:93:90:4b:86:19:57:22:
63:7a:a1:b7:d5:45:64:65:63:75:4d:5f:31:55:a3:
b0:4f:2b:2a:97:77:2b:48:d3:e5:63:d4:c5:80:f9:
2a:f1:b9:be:c2:79:b6:8b:6a:d6:68:1c:f7:cc:62:
b3:44:7a:7b:cd:38:51:9b:3b:55:97:a1:ad:c8:82:
a3:ad:e2:c3:4a:85:76:99:e4:db:6f:99:2a:e7:79:
03:c0:2a:f3:b5:e9:7d:1b:28:b6:99:eb:a6:e5:d8:
7e:7e:af:bc:c3:ea:b8:2c:db:80:dc:ca:94:61:10:
44:58:3f:9e:5b:80:22:fd:62:04:0f:74:90:f9:0c:
dc:d5:46:c6:cc:68:31:ae:ad:fe:a4:70:d5:2f:e3:
65:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:07:00:89:F1:14:2D:B4:EB:FA:A1:0D:8C:D7:B6:62:DB:8B:AC:5A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fQcAifEULbTr-qENjNe2YtuLrFo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.68.0/23
87.121.60.0/23
93.123.74.0/23
93.123.118.0/24
185.252.160.0/23
Signature Algorithm: sha256WithRSAEncryption
1f:cf:87:e1:fc:08:ef:38:ea:16:5c:40:2a:d0:70:be:38:f0:
d1:db:bf:89:e9:8c:4e:95:81:3d:cc:8d:68:f8:35:61:55:a6:
93:ff:fd:dd:ab:ba:89:05:c8:37:85:81:82:01:1c:fc:40:28:
e9:b1:2d:55:de:e9:ea:2c:53:21:e6:74:08:60:41:00:b7:01:
d8:7c:1d:90:0e:be:d6:15:9c:d7:b2:96:13:ad:84:45:c7:f1:
53:93:16:fb:b0:d8:c5:78:8a:d5:e4:93:27:2b:21:de:5c:ac:
8b:e1:88:99:8b:14:92:b5:65:e3:c5:41:1a:8f:df:3f:3d:10:
6d:e8:26:d7:df:14:0a:45:ad:4a:97:3d:d5:f8:9b:30:28:ca:
5a:1b:69:3b:53:26:12:28:96:21:f6:bf:b9:aa:b0:f5:57:ca:
34:bb:9b:02:a9:72:6c:52:3a:ab:a7:7d:17:6e:b3:93:ea:60:
83:43:24:11:16:e5:81:c0:44:51:79:22:05:ef:f3:af:60:3b:
8c:ee:d8:35:5e:fe:3e:fa:17:1d:bc:ed:a6:25:cd:18:42:cb:
3f:63:8a:92:8c:fb:78:3a:e3:ba:6d:a1:49:c6:3a:8d:3b:25:
cc:bd:79:ba:58:fd:23:cf:e8:e9:1b:fa:a0:3d:13:3b:7f:e7:
8f:05:87:6f
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZXxKyCcOcW79v8aeFGsDGQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDAxMTE0NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA3MDA4OWYxMTQyZGI0ZWJmYWExMGQ4Y2Q3YjY2MmRiOGJhYzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTR5b7lbp1wh/kLZN8Q441KbUPxa
2BmOvH2taI8EfBtCo4jYBQRtjGAMbIjVFXv+Gy989MQ7E/9J+yOLK5jml6YQ5ZN0
JjmA6s8H3il1rgZaDDduWLJyEKbqAwCAFpjkMelGdiPRPNeg4dUw3M63e5OQS4YZ
VyJjeqG31UVkZWN1TV8xVaOwTysql3crSNPlY9TFgPkq8bm+wnm2i2rWaBz3zGKz
RHp7zThRmztVl6GtyIKjreLDSoV2meTbb5kq53kDwCrztel9Gyi2meum5dh+fq+8
w+q4LNuA3MqUYRBEWD+eW4Ai/WIED3SQ+Qzc1UbGzGgxrq3+pHDVL+NlvQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFH0HAInxFC206/qhDYzXtmLbi6xaMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZlFjQWlmRVVMYlRyLXFFTmpOZTJZdHVMckZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBV3hEAwQB
V3k8AwQBXXtKAwQAXXt2AwQBufygMA0GCSqGSIb3DQEBCwUAA4IBAQAfz4fh/Ajv
OOoWXEAq0HC+OPDR27+J6YxOlYE9zI1o+DVhVaaT//3dq7qJBcg3hYGCARz8QCjp
sS1V3unqLFMh5nQIYEEAtwHYfB2QDr7WFZzXspYTrYRFx/FTkxb7sNjFeIrV5JMn
KyHeXKyL4YiZixSStWXjxUEaj98/PRBt6CbX3xQKRa1Klz3V+JswKMpaG2k7UyYS
KJYh9r+5qrD1V8o0u5sCqXJsUjqrp30XbrOT6mCDQyQRFuWBwERReSIF7/OvYDuM
7tg1Xv4++hcdvO2mJc0YQss/Y4qSjPt4OuO6baFJxjqNOyXMvXm6WP0jz+jpG/qg
PRM7f+ePBYdv
-----END CERTIFICATE-----
Generated at Sun Apr 27 16:52:29 2025 by rpki-client