Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/cxGYeN7EBHwWvgCh7fqBG0rpDKU.roa
File: cxGYeN7EBHwWvgCh7fqBG0rpDKU.roa (raw, json)
Hash identifier: GSyA+jggoH/TFELBAF4lustQVpG8a14rZX0apF9IW4Y=
Subject key identifier: 73:11:98:78:DE:C4:04:7C:16:BE:00:A1:ED:FA:81:1B:4A:E9:0C:A5
Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Certificate serial: 019A4C57A380AFC1F35DF4FDF8C3E76F91CB
Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/cxGYeN7EBHwWvgCh7fqBG0rpDKU.roa
Signing time: Tue 04 Nov 2025 00:50:02 +0000
ROA not before: Tue 04 Nov 2025 00:50:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 396982
IP address blocks: 159.254.52.0/24 maxlen: 24
159.254.53.0/24 maxlen: 24
159.254.104.0/21 maxlen: 24
159.254.112.0/21 maxlen: 24
159.254.120.0/21 maxlen: 24
2a03:eec0:3701::/48 maxlen: 48
2a03:eec0:3702::/48 maxlen: 48
2a03:eec0:3703::/48 maxlen: 48
2a03:eec0:3704::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 04 Nov 2025 01:07:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:4c:57:a3:80:af:c1:f3:5d:f4:fd:f8:c3:e7:6f:91:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20
Validity
Not Before: Nov 4 00:50:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=73119878dec4047c16be00a1edfa811b4ae90ca5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:0a:77:2e:44:63:8a:92:97:63:e1:d6:08:ff:
8d:b0:55:5c:73:08:c6:28:82:a3:4b:53:33:f4:0b:
fd:45:86:81:06:09:c2:ac:17:f2:2b:a9:de:12:b5:
50:4d:41:fc:3e:5f:93:b7:5b:35:94:1d:0c:4c:7c:
6d:bd:19:a6:4f:13:03:4e:da:44:aa:65:d4:9d:1a:
71:e6:e8:82:e2:4f:46:f8:47:f0:92:90:07:43:1d:
b2:d9:42:21:37:c5:de:dc:c4:30:5e:8c:99:00:5c:
d9:d7:18:a4:d4:28:8c:b7:ad:fc:ef:79:56:00:5f:
7c:3b:9a:82:41:2a:d5:90:c5:ec:99:43:6c:32:30:
64:c4:93:7f:62:cd:5e:26:4c:d4:23:64:cf:83:e1:
ac:ff:05:87:b8:3e:c3:3e:75:20:39:02:cd:67:94:
81:85:2e:30:d5:6c:f9:76:c1:45:2c:74:ce:49:70:
17:74:3b:17:9a:f2:00:db:38:6d:15:2f:f8:9a:c9:
21:84:a9:81:ff:e3:77:71:12:45:37:cd:65:96:4a:
d4:81:fb:9a:b9:25:2c:95:60:0b:8c:94:dc:65:44:
c6:8b:c6:fc:44:3b:9d:41:dc:db:d5:7f:ad:b8:e7:
09:9c:c2:90:06:dc:9e:18:1d:0e:db:aa:a9:d3:be:
76:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:11:98:78:DE:C4:04:7C:16:BE:00:A1:ED:FA:81:1B:4A:E9:0C:A5
X509v3 Authority Key Identifier:
keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/cxGYeN7EBHwWvgCh7fqBG0rpDKU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.254.52.0/23
159.254.104.0-159.254.127.255
IPv6:
2a03:eec0:3701::-2a03:eec0:3704:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5e:a1:c8:03:29:b5:4c:79:56:16:9c:f6:b3:09:4a:ea:47:5c:
c8:3e:cb:46:ec:26:cf:26:da:70:04:f3:d1:09:bf:96:30:fe:
52:bf:88:de:55:7c:8d:f7:8c:4d:6e:82:5e:8e:69:55:8b:c3:
29:9b:bd:15:05:f2:03:4e:83:ce:07:a8:a7:5b:ef:3c:50:72:
c3:d6:84:dd:50:92:78:76:eb:dd:f5:dd:3e:82:ec:69:51:bf:
56:16:0a:0f:e0:37:7b:4e:b6:fd:b0:7b:77:f6:13:bb:ce:4f:
a1:25:1f:36:22:12:95:f1:0e:28:bb:f9:9e:ff:02:e8:dc:a8:
1d:a5:5f:76:7d:b1:e3:ca:8c:8e:81:5e:37:4a:da:f7:46:cd:
82:16:fa:a2:7d:ff:e2:d1:a1:d6:3e:4b:c1:6c:de:4a:3d:d8:
e9:56:65:01:a2:f6:8c:0a:61:5e:c2:f7:f1:3c:81:e8:77:ac:
95:d3:89:9e:17:8c:fb:45:00:7a:50:41:d1:ca:37:16:eb:4b:
d7:3e:43:ef:83:47:cb:46:08:62:5c:ac:80:76:bc:3b:ce:84:
76:04:1b:74:0d:44:ac:43:38:f9:ee:51:e5:55:76:16:37:1e:
29:89:42:87:5c:b6:41:1e:7e:da:6d:f9:7b:92:47:84:ea:72:
5d:90:22:ae
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZpMV6OAr8HzXfT9+MPnb5HLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi
OGFhMjAwHhcNMjUxMTA0MDA1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzExOTg3OGRlYzQwNDdjMTZiZTAwYTFlZGZhODExYjRhZTkwY2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAp3LkRjipKXY+HWCP+NsFVccwjG
KIKjS1Mz9Av9RYaBBgnCrBfyK6neErVQTUH8Pl+Tt1s1lB0MTHxtvRmmTxMDTtpE
qmXUnRpx5uiC4k9G+EfwkpAHQx2y2UIhN8Xe3MQwXoyZAFzZ1xik1CiMt63873lW
AF98O5qCQSrVkMXsmUNsMjBkxJN/Ys1eJkzUI2TPg+Gs/wWHuD7DPnUgOQLNZ5SB
hS4w1Wz5dsFFLHTOSXAXdDsXmvIA2zhtFS/4mskhhKmB/+N3cRJFN81llkrUgfua
uSUslWALjJTcZUTGi8b8RDudQdzb1X+tuOcJnMKQBtyeGB0O26qp0752vwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHMRmHjexAR8Fr4Aoe36gRtK6QylMB8GA1UdIwQY
MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt
YjliNjU0MDJiOTI4LzEvY3hHWWVON0VCSHdXdmdDaDdmcUJHMHJwREtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4
LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAaBAIAATAUAwQBn/40MAwD
BAOf/mgDBAef/gAwGgQCAAIwFDASAwcAKgPuwDcBAwcAKgPuwDcEMA0GCSqGSIb3
DQEBCwUAA4IBAQBeocgDKbVMeVYWnPazCUrqR1zIPstG7CbPJtpwBPPRCb+WMP5S
v4jeVXyN94xNboJejmlVi8Mpm70VBfIDToPOB6inW+88UHLD1oTdUJJ4duvd9d0+
guxpUb9WFgoP4Dd7Trb9sHt39hO7zk+hJR82IhKV8Q4ou/me/wLo3KgdpV92fbHj
yoyOgV43Str3Rs2CFvqiff/i0aHWPkvBbN5KPdjpVmUBovaMCmFewvfxPIHod6yV
04meF4z7RQB6UEHRyjcW60vXPkPvg0fLRghiXKyAdrw7zoR2BBt0DUSsQzj57lHl
VXYWNx4piUKHXLZBHn7abfl7kkeE6nJdkCKu
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:41:20 2025 by rpki-client