Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/O03_MJx3av_m-fmUtJ8Gh1_P5cw.roa
File: O03_MJx3av_m-fmUtJ8Gh1_P5cw.roa (raw, json)
Hash identifier: hdtIlVCALPBhwe6aZPxgAUA17tIuVrDh4whP2vC7WeM=
Subject key identifier: 3B:4D:FF:30:9C:77:6A:FF:E6:F9:F9:94:B4:9F:06:87:5F:CF:E5:CC
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 01974F2B76B4AE900EFE7930FFEE7D5EED75
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/O03_MJx3av_m-fmUtJ8Gh1_P5cw.roa
Signing time: Sun 08 Jun 2025 10:52:17 +0000
ROA not before: Sun 08 Jun 2025 10:52:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 91.200.221.0/24 maxlen: 24
109.122.42.0/24 maxlen: 24
194.61.72.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 15 Jun 2025 08:17:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:4f:2b:76:b4:ae:90:0e:fe:79:30:ff:ee:7d:5e:ed:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Jun 8 10:52:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b4dff309c776affe6f9f994b49f06875fcfe5cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:bb:b7:f0:97:fc:56:a8:c1:12:a2:a1:21:c8:
6f:96:0b:ff:bf:4f:f2:e1:c0:71:af:f5:c4:65:bd:
43:a3:3c:13:49:b4:23:3d:08:8f:01:df:93:5f:33:
e7:88:19:25:0f:6e:fc:e4:e2:1d:53:1b:58:9a:f9:
b0:06:7f:a8:05:c0:79:53:88:ba:1a:28:77:41:67:
4c:fd:9f:9a:7d:58:f7:ce:b2:e1:e2:f0:51:a8:cb:
6d:e7:94:da:1b:6e:6b:92:1c:63:e0:21:3a:29:a9:
32:b0:24:5c:36:f9:fc:7e:93:7c:4b:ea:a6:ba:45:
14:dc:8d:1e:0c:1f:c9:b4:24:d1:1a:78:af:9d:48:
20:ae:61:c1:98:24:03:2e:79:16:e2:fe:1c:f3:48:
1e:f9:54:97:ee:ad:73:9e:7f:5c:0b:d7:4a:bf:7b:
e6:70:9b:c7:48:d1:52:e4:09:4e:e4:0f:f8:79:09:
55:32:c6:06:a0:3c:03:f3:92:5b:32:c1:e9:9d:47:
6a:2f:7f:05:90:a6:f2:0f:99:94:e0:6a:1f:40:02:
5c:51:1d:37:c4:7d:a3:4d:b6:e4:75:89:6d:bd:72:
a0:1a:ea:f6:36:83:24:c0:e7:5b:4a:5a:14:e2:aa:
81:c1:03:b1:b4:cc:92:60:98:6c:a1:b2:a1:02:cc:
c3:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:4D:FF:30:9C:77:6A:FF:E6:F9:F9:94:B4:9F:06:87:5F:CF:E5:CC
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/O03_MJx3av_m-fmUtJ8Gh1_P5cw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.221.0/24
109.122.42.0/24
194.61.72.0/24
Signature Algorithm: sha256WithRSAEncryption
91:2a:e4:75:6a:9c:41:ef:0c:76:24:88:a4:27:ff:0e:d5:fe:
d2:e0:6b:b6:84:8c:54:1b:ed:e0:19:ea:2c:53:24:f7:60:90:
77:e9:10:eb:20:a6:50:eb:19:7e:cb:80:66:92:2f:0a:7c:9c:
eb:69:e4:0f:25:a6:2a:f0:0b:fa:16:b2:98:ad:24:ab:e4:40:
ed:27:2b:6d:99:5e:fb:de:b5:5b:e6:5e:67:ce:ee:75:07:b1:
b4:c1:91:80:5b:83:95:82:2e:ff:fe:67:d1:50:f0:05:fb:8d:
c9:c9:6b:8e:6f:62:78:10:0c:72:49:36:f9:6c:34:56:f7:88:
bf:0f:7b:95:8f:0b:74:82:ae:21:b5:42:0e:cb:db:54:4a:38:
82:9f:20:22:d5:62:91:c8:0d:57:80:36:55:a3:c6:af:77:43:
d8:38:4a:a1:41:14:36:36:4f:06:d1:86:a3:3c:40:79:a5:45:
f8:ab:8d:1a:44:a7:8f:9a:91:6d:5c:68:fa:c7:45:67:3d:95:
51:2b:27:43:10:b3:ef:70:24:7e:40:71:44:85:c6:dd:fd:69:
23:d9:27:11:ba:25:51:84:c7:f9:83:27:b3:19:06:2e:d3:20:
22:bb:1c:47:ac:88:47:3f:74:31:68:95:c4:08:5d:ec:ec:fb:
99:6a:f9:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdPK3a0rpAO/nkw/+59Xu11MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNjA4MTA1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjRkZmYzMDljNzc2YWZmZTZmOWY5OTRiNDlmMDY4NzVmY2ZlNWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxru38Jf8VqjBEqKhIchvlgv/v0/y
4cBxr/XEZb1DozwTSbQjPQiPAd+TXzPniBklD2785OIdUxtYmvmwBn+oBcB5U4i6
Gih3QWdM/Z+afVj3zrLh4vBRqMtt55TaG25rkhxj4CE6KakysCRcNvn8fpN8S+qm
ukUU3I0eDB/JtCTRGnivnUggrmHBmCQDLnkW4v4c80ge+VSX7q1znn9cC9dKv3vm
cJvHSNFS5AlO5A/4eQlVMsYGoDwD85JbMsHpnUdqL38FkKbyD5mU4GofQAJcUR03
xH2jTbbkdYltvXKgGur2NoMkwOdbSloU4qqBwQOxtMySYJhsobKhAszDLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDtN/zCcd2r/5vn5lLSfBodfz+XMMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvTzAzX01KeDNhdl9tLWZtVXRKOEdoMV9QNWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8jdAwQA
bXoqAwQAwj1IMA0GCSqGSIb3DQEBCwUAA4IBAQCRKuR1apxB7wx2JIikJ/8O1f7S
4Gu2hIxUG+3gGeosUyT3YJB36RDrIKZQ6xl+y4Bmki8KfJzraeQPJaYq8Av6FrKY
rSSr5EDtJyttmV773rVb5l5nzu51B7G0wZGAW4OVgi7//mfRUPAF+43JyWuOb2J4
EAxySTb5bDRW94i/D3uVjwt0gq4htUIOy9tUSjiCnyAi1WKRyA1XgDZVo8avd0PY
OEqhQRQ2Nk8G0YajPEB5pUX4q40aRKePmpFtXGj6x0VnPZVRKydDELPvcCR+QHFE
hcbd/Wkj2ScRuiVRhMf5gyezGQYu0yAiuxxHrIhHP3QxaJXECF3s7PuZavkN
-----END CERTIFICATE-----
Generated at Sun Jun 15 20:02:32 2025 by rpki-client