Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/vfrfnXjwuO2Ljtk3BmqnSY1CSYM.roa
File: vfrfnXjwuO2Ljtk3BmqnSY1CSYM.roa (raw, json)
Hash identifier: PaapxA4jz7Vq2ccTghK9n2VTqgozDnJPDGFKN2bry58=
Subject key identifier: BD:FA:DF:9D:78:F0:B8:ED:8B:8E:D9:37:06:6A:A7:49:8D:42:49:83
Certificate issuer: /CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Certificate serial: 019A4C38820D8AE82D71A00154A0C73C1989
Authority key identifier: 20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/vfrfnXjwuO2Ljtk3BmqnSY1CSYM.roa
Signing time: Tue 04 Nov 2025 00:16:03 +0000
ROA not before: Tue 04 Nov 2025 00:16:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 95.170.12.0/24 maxlen: 24
95.170.18.0/24 maxlen: 24
95.170.19.0/24 maxlen: 24
95.170.22.0/24 maxlen: 24
95.170.23.0/24 maxlen: 24
95.170.28.0/24 maxlen: 24
95.170.29.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 05 Nov 2025 06:15:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4c:38:82:0d:8a:e8:2d:71:a0:01:54:a0:c7:3c:19:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20e425a32b62d39818c4cbb0081075686fc4c8e8
Validity
Not Before: Nov 4 00:16:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bdfadf9d78f0b8ed8b8ed937066aa7498d424983
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:ad:2f:31:c4:bc:be:93:0b:84:00:61:22:da:
03:10:b0:7b:af:69:6f:c1:79:d6:b5:a3:ef:82:76:
6f:5e:96:ab:0d:79:a4:68:f1:c7:9f:22:61:70:30:
39:4b:5a:0b:32:dd:c8:a0:0e:93:9e:14:bf:40:7b:
cb:d8:2f:3e:b7:42:45:7b:71:9b:34:ee:ab:31:d9:
91:d2:54:0b:e6:3a:a1:f5:e5:77:cd:25:5c:f1:ce:
68:c5:64:67:93:3e:b2:4e:ea:bd:29:0c:e2:8a:6e:
93:d7:97:39:4d:38:9c:5f:3e:d9:f0:39:5b:b5:e6:
5d:5b:49:e1:8a:cb:54:c9:b7:24:d8:c0:38:15:41:
de:c2:86:35:39:0c:02:80:c6:7a:f5:69:d0:13:1d:
2f:d9:a8:b4:c0:1c:96:fe:62:01:24:61:e4:ab:b7:
f0:e0:fa:28:e3:4b:bc:f8:88:8a:1d:e5:e3:14:fe:
50:1d:6d:1d:01:0f:59:ef:8f:45:7e:f8:bb:77:13:
71:7a:a2:e6:9b:74:52:ee:38:7f:e4:86:31:27:31:
b8:b4:43:43:75:06:3a:ab:62:e1:20:a0:70:68:f3:
a5:14:57:5a:d0:32:5c:79:a8:cb:9a:37:cd:7d:af:
9c:2a:2d:30:c5:02:f0:0b:f2:33:e0:e1:1c:3e:03:
d6:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:FA:DF:9D:78:F0:B8:ED:8B:8E:D9:37:06:6A:A7:49:8D:42:49:83
X509v3 Authority Key Identifier:
keyid:20:E4:25:A3:2B:62:D3:98:18:C4:CB:B0:08:10:75:68:6F:C4:C8:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOQloyti05gYxMuwCBB1aG_EyOg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/vfrfnXjwuO2Ljtk3BmqnSY1CSYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/fd8c01-7b71-442c-9adb-ecd2965cb7e7/1/IOQloyti05gYxMuwCBB1aG_EyOg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.170.12.0/24
95.170.18.0/23
95.170.22.0/23
95.170.28.0/23
Signature Algorithm: sha256WithRSAEncryption
07:74:a5:65:40:df:66:0a:fb:02:ff:7e:70:a6:44:d6:68:d5:
46:2f:96:3e:85:d8:cd:25:4a:25:76:b2:cd:b6:3a:f8:6e:5d:
e5:31:5b:eb:5a:52:82:31:30:dc:73:85:d2:6f:61:43:48:9b:
0a:9a:ed:a6:da:2e:fa:5f:6d:38:a1:50:01:6f:a0:f8:dd:43:
4a:96:cc:b8:a0:a6:7b:1b:93:41:63:66:13:1d:25:f1:ba:da:
05:e7:fd:b6:81:6d:8c:23:0f:d9:8d:1d:be:32:40:bb:31:e0:
10:e6:8e:d2:77:6b:ac:cb:03:b7:e3:86:fc:41:52:aa:2c:90:
d3:0b:ce:bb:f0:2f:8f:65:fb:ec:d0:9f:72:6a:93:23:19:9f:
69:d6:77:a9:ff:45:e6:a2:5d:22:ca:d9:71:20:bf:6e:7d:e3:
8f:86:87:3e:6b:be:9a:56:78:49:69:5c:7b:58:ec:c4:2c:50:
38:37:29:8c:8d:5c:57:1c:fa:cd:74:03:4f:ae:27:9c:2d:fd:
b9:49:fe:0a:b4:33:6c:d2:b5:b5:b7:42:65:af:74:5d:7d:a1:
8a:3e:e7:de:31:a1:d6:b1:32:16:74:fe:5f:a2:7f:5f:04:75:
d8:51:ca:b4:f1:07:f2:c2:1e:bd:81:51:6a:fd:43:23:be:fd:
ac:1b:f7:1d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZpMOIINiugtcaABVKDHPBmJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTQyNWEzMmI2MmQzOTgxOGM0Y2JiMDA4MTA3NTY4NmZj
NGM4ZTgwHhcNMjUxMTA0MDAxNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGZhZGY5ZDc4ZjBiOGVkOGI4ZWQ5MzcwNjZhYTc0OThkNDI0OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK0vMcS8vpMLhABhItoDELB7r2lv
wXnWtaPvgnZvXparDXmkaPHHnyJhcDA5S1oLMt3IoA6TnhS/QHvL2C8+t0JFe3Gb
NO6rMdmR0lQL5jqh9eV3zSVc8c5oxWRnkz6yTuq9KQziim6T15c5TTicXz7Z8Dlb
teZdW0nhistUybck2MA4FUHewoY1OQwCgMZ69WnQEx0v2ai0wByW/mIBJGHkq7fw
4Poo40u8+IiKHeXjFP5QHW0dAQ9Z749Ffvi7dxNxeqLmm3RS7jh/5IYxJzG4tEND
dQY6q2LhIKBwaPOlFFda0DJceajLmjfNfa+cKi0wxQLwC/Iz4OEcPgPWhwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFL3635148Ljti47ZNwZqp0mNQkmDMB8GA1UdIwQY
MBaAFCDkJaMrYtOYGMTLsAgQdWhvxMjoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGIt
ZWNkMjk2NWNiN2U3LzEvdmZyZm5Yand1TzJManRrM0JtcW5TWTFDU1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9mZDhjMDEtN2I3MS00NDJjLTlhZGItZWNkMjk2NWNiN2U3
LzEvSU9RbG95dGkwNWdZeE11d0NCQjFhR19FeU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAX6oMAwQB
X6oSAwQBX6oWAwQBX6ocMA0GCSqGSIb3DQEBCwUAA4IBAQAHdKVlQN9mCvsC/35w
pkTWaNVGL5Y+hdjNJUoldrLNtjr4bl3lMVvrWlKCMTDcc4XSb2FDSJsKmu2m2i76
X204oVABb6D43UNKlsy4oKZ7G5NBY2YTHSXxutoF5/22gW2MIw/ZjR2+MkC7MeAQ
5o7Sd2usywO344b8QVKqLJDTC8678C+PZfvs0J9yapMjGZ9p1nep/0Xmol0iytlx
IL9ufeOPhoc+a76aVnhJaVx7WOzELFA4NymMjVxXHPrNdANPriecLf25Sf4KtDNs
0rW1t0Jlr3RdfaGKPufeMaHWsTIWdP5fon9fBHXYUcq08Qfywh69gVFq/UMjvv2s
G/cd
-----END CERTIFICATE-----
Generated at Wed Nov 5 21:21:03 2025 by rpki-client