Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Q2NIeUkYs8qfW_d2UmYrOaIieYQ.roa
File: Q2NIeUkYs8qfW_d2UmYrOaIieYQ.roa (raw, json)
Hash identifier: LKzbUHdwU7I+Sde7lf3HUeKemCqpsIk5Ot3rvt+Bdbg=
Subject key identifier: 43:63:48:79:49:18:B3:CA:9F:5B:F7:76:52:66:2B:39:A2:22:79:84
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 0195F165B75BF7883FB72DC5A128254BC98C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Q2NIeUkYs8qfW_d2UmYrOaIieYQ.roa
Signing time: Tue 01 Apr 2025 12:48:49 +0000
ROA not before: Tue 01 Apr 2025 12:48:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35277
IP address blocks: 5.189.252.0/24 maxlen: 24
5.189.253.0/24 maxlen: 24
5.189.255.0/24 maxlen: 24
91.243.40.0/24 maxlen: 24
91.243.43.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 11 Apr 2025 17:35:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f1:65:b7:5b:f7:88:3f:b7:2d:c5:a1:28:25:4b:c9:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Apr 1 12:48:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=436348794918b3ca9f5bf77652662b39a2227984
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:6d:12:90:9c:7f:91:da:f0:ab:b9:6f:e2:a5:
dc:fb:aa:52:8d:ff:62:8e:da:c2:dd:cb:42:44:7e:
fd:d9:d8:57:97:09:ab:40:bf:06:cb:c7:d3:e1:0b:
90:22:32:9c:b9:ae:d4:0a:ca:d4:a9:d3:ed:de:12:
18:ff:67:df:73:ce:d2:4b:3c:3b:57:da:65:42:b0:
b4:a6:72:9a:40:42:1b:0f:a5:3d:24:f0:f7:99:7a:
f0:5c:93:22:29:4a:fe:68:1f:eb:86:05:99:e5:c4:
12:06:cb:6c:e8:be:1d:d4:5b:09:86:b7:3f:dd:56:
8d:19:91:7e:e0:8a:62:1f:71:59:3e:ea:17:78:f5:
42:4d:90:bd:31:27:1c:00:7c:61:0b:94:85:75:a7:
dd:0d:49:67:3e:f3:6f:44:e8:12:fc:8e:3b:80:34:
72:92:cc:2a:9d:c5:4d:14:04:c1:c7:62:d0:7b:e5:
08:41:8a:79:9a:60:d9:22:d9:1d:87:86:db:89:43:
87:b8:7c:25:8e:ff:7d:9a:f1:dd:e1:85:ba:f2:dc:
28:0e:37:d3:3d:c0:cb:ea:2c:62:f7:e0:97:17:9d:
9c:ac:46:ae:b4:c9:cd:c7:4f:71:76:a8:02:b1:23:
f2:c2:87:5f:7d:a8:f1:f6:24:22:4f:69:8c:fc:7b:
cd:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:63:48:79:49:18:B3:CA:9F:5B:F7:76:52:66:2B:39:A2:22:79:84
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Q2NIeUkYs8qfW_d2UmYrOaIieYQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.189.252.0/23
5.189.255.0/24
91.243.40.0/24
91.243.43.0/24
Signature Algorithm: sha256WithRSAEncryption
29:85:91:dd:c4:98:34:54:5d:c0:b6:09:7f:d3:8b:85:7f:aa:
a8:04:8a:f4:43:c5:48:53:63:bb:6d:ce:3d:0b:66:c0:a1:5b:
26:69:f7:1f:39:24:22:cb:dd:43:50:6b:20:e0:1f:8b:fa:c0:
a3:d9:f4:ed:61:a5:91:09:44:b3:41:dc:de:6a:72:c8:f3:25:
b5:9a:c3:cb:bc:fc:5a:71:a5:4a:89:61:93:43:f0:04:d5:75:
7e:51:94:96:8a:ac:7b:a8:bc:b3:8e:26:3b:d1:ff:a9:3c:67:
49:9d:51:59:eb:fd:ff:7c:05:7f:be:a2:48:6d:76:63:68:bb:
de:99:2e:31:50:f7:46:76:95:1a:6a:74:01:00:5a:1c:dc:76:
f0:ba:60:9f:29:51:3e:07:09:a3:d7:66:05:cc:fc:43:6b:38:
df:09:d0:55:b7:ca:63:e4:49:4b:3c:3c:3e:9b:fe:9a:ac:99:
e3:42:6a:5c:b0:8c:ca:19:50:7f:3d:17:4b:30:e9:74:4f:e4:
19:19:50:f6:87:b2:69:ba:e3:16:19:a6:99:b5:09:d4:c4:a4:
2b:5b:65:6a:b7:6c:6b:7c:52:85:0e:b2:d4:69:fa:db:d5:85:
18:dc:62:e6:b2:82:f3:ca:2e:80:26:c0:28:b2:79:4c:0b:7b:
80:20:18:ba
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZXxZbdb94g/ty3FoSglS8mMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNDAxMTI0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzYzNDg3OTQ5MThiM2NhOWY1YmY3NzY1MjY2MmIzOWEyMjI3OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0SkJx/kdrwq7lv4qXc+6pSjf9i
jtrC3ctCRH792dhXlwmrQL8Gy8fT4QuQIjKcua7UCsrUqdPt3hIY/2ffc87SSzw7
V9plQrC0pnKaQEIbD6U9JPD3mXrwXJMiKUr+aB/rhgWZ5cQSBsts6L4d1FsJhrc/
3VaNGZF+4IpiH3FZPuoXePVCTZC9MSccAHxhC5SFdafdDUlnPvNvROgS/I47gDRy
kswqncVNFATBx2LQe+UIQYp5mmDZItkdh4bbiUOHuHwljv99mvHd4YW68twoDjfT
PcDL6ixi9+CXF52crEautMnNx09xdqgCsSPywodffajx9iQiT2mM/HvNzwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFENjSHlJGLPKn1v3dlJmKzmiInmEMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUTJOSWVVa1lzOHFmV19kMlVtWXJPYUlpZVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBBb38AwQA
Bb3/AwQAW/MoAwQAW/MrMA0GCSqGSIb3DQEBCwUAA4IBAQAphZHdxJg0VF3Atgl/
04uFf6qoBIr0Q8VIU2O7bc49C2bAoVsmafcfOSQiy91DUGsg4B+L+sCj2fTtYaWR
CUSzQdzeanLI8yW1msPLvPxacaVKiWGTQ/AE1XV+UZSWiqx7qLyzjiY70f+pPGdJ
nVFZ6/3/fAV/vqJIbXZjaLvemS4xUPdGdpUaanQBAFoc3HbwumCfKVE+Bwmj12YF
zPxDazjfCdBVt8pj5ElLPDw+m/6arJnjQmpcsIzKGVB/PRdLMOl0T+QZGVD2h7Jp
uuMWGaaZtQnUxKQrW2Vqt2xrfFKFDrLUafrb1YUY3GLmsoLzyi6AJsAosnlMC3uA
IBi6
-----END CERTIFICATE-----
Generated at Wed Apr 30 09:56:49 2025 by rpki-client