Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/1-KNGhlBr_fw--n-4kaDfzLHm3gA.roa
File: 1-KNGhlBr_fw--n-4kaDfzLHm3gA.roa (raw, json)
Hash identifier: tWeHVj6balE6C2U6wr5E6sqLpLQvREzX1HWqeivN8O8=
Subject key identifier: F8:A3:46:86:50:6B:FD:FC:3E:FA:7F:B8:91:A0:DF:CC:B1:E6:DE:00
Certificate issuer: /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial: 0194BED521CABB21D71FF9949FB40BD274B1
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/1-KNGhlBr_fw--n-4kaDfzLHm3gA.roa
Signing time: Sat 01 Feb 2025 00:07:06 +0000
ROA not before: Sat 01 Feb 2025 00:07:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62206
IP address blocks: 91.228.12.0/24 maxlen: 24
91.228.13.0/24 maxlen: 24
91.228.14.0/24 maxlen: 24
91.228.15.0/24 maxlen: 24
94.154.32.0/24 maxlen: 24
94.154.33.0/24 maxlen: 24
94.154.35.0/24 maxlen: 24
94.154.36.0/24 maxlen: 24
94.154.37.0/24 maxlen: 24
94.154.38.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 24 Mar 2025 17:17:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:be:d5:21:ca:bb:21:d7:1f:f9:94:9f:b4:0b:d2:74:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Validity
Not Before: Feb 1 00:07:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f8a34686506bfdfc3efa7fb891a0dfccb1e6de00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:d6:76:8e:6d:a8:34:8f:14:3d:5b:25:46:bc:
2e:5e:32:63:98:2d:95:fb:88:d7:67:84:df:35:62:
95:82:d1:62:74:5f:95:aa:51:db:db:12:0b:14:16:
b4:83:97:62:48:cb:fd:d6:35:dd:ce:ac:71:52:94:
87:ee:2b:f0:0e:5f:37:15:ba:fc:59:dc:eb:72:8d:
87:86:8f:4c:ec:62:d6:94:39:30:1a:96:ae:b3:b0:
15:02:5d:e9:c7:00:df:c9:36:96:b6:4e:4f:da:d1:
d9:e4:cd:c3:6d:29:ac:bf:ae:b6:0c:d4:c0:7e:6d:
47:e6:a9:aa:d2:02:31:ce:75:75:3b:26:62:e3:e2:
22:01:93:a8:48:86:95:13:2e:16:c0:a0:c2:3c:08:
41:b9:65:21:97:eb:e6:e8:2e:c5:5d:a8:e1:78:59:
22:c4:12:67:35:a1:a8:24:e4:4b:37:2e:77:12:b7:
b4:b4:b8:5c:d3:66:a3:30:13:bb:3b:c4:52:de:d5:
94:63:2e:b4:b6:c1:10:91:c9:58:3a:c8:bd:c5:48:
56:fa:c2:12:a1:5c:8a:20:fd:c7:5f:d5:05:ae:56:
54:ae:de:c0:16:36:50:dc:59:eb:78:48:ee:b3:7f:
ec:07:19:7b:7b:02:13:99:17:8c:1b:65:18:36:6d:
14:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:A3:46:86:50:6B:FD:FC:3E:FA:7F:B8:91:A0:DF:CC:B1:E6:DE:00
X509v3 Authority Key Identifier:
keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/1-KNGhlBr_fw--n-4kaDfzLHm3gA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.12.0/22
94.154.32.0/23
94.154.35.0-94.154.38.255
Signature Algorithm: sha256WithRSAEncryption
3e:c8:59:f8:73:ef:22:6b:79:68:fe:05:63:80:0d:84:96:1e:
5d:62:bf:db:c9:79:71:3f:b6:eb:9e:94:91:8e:0c:88:d0:c7:
da:d4:64:8e:92:be:d8:0a:15:8d:a0:d2:7f:5a:de:19:d6:b3:
2e:af:3e:19:6f:d0:e7:37:ac:48:4a:58:3e:8b:aa:c1:bc:1c:
12:f8:95:60:f1:24:ab:7b:3b:fc:e8:53:89:48:11:cb:aa:8b:
b3:34:96:5e:a8:ff:f7:0b:e5:ce:61:9e:6d:b0:3f:36:94:0e:
b5:3b:07:1f:f5:f4:a7:e1:3a:67:e7:dc:4b:36:fd:e7:90:33:
b5:7f:c1:13:23:b5:83:a3:c4:43:2f:0e:24:88:01:1e:3f:61:
8f:82:ea:87:94:c4:1b:b2:93:a9:f8:e7:2a:e3:8b:6e:fb:7d:
b6:ee:70:9e:0c:c6:dd:3a:a4:9b:94:93:95:87:78:16:49:b6:
88:df:33:21:f4:30:a8:2c:4a:e7:d9:2e:d7:63:70:1b:78:b9:
3e:4b:6f:17:67:e7:06:20:61:02:68:06:d2:49:a8:1d:63:18:
b7:a9:a2:21:1f:7e:3d:47:e8:ea:cb:d5:c5:39:d4:29:04:1c:
84:35:a2:f1:79:a4:fa:dc:d8:01:79:97:0d:ba:dc:e5:9f:51:
72:7c:d3:0d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZS+1SHKuyHXH/mUn7QL0nSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwMjAxMDAwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGEzNDY4NjUwNmJmZGZjM2VmYTdmYjg5MWEwZGZjY2IxZTZkZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttZ2jm2oNI8UPVslRrwuXjJjmC2V
+4jXZ4TfNWKVgtFidF+VqlHb2xILFBa0g5diSMv91jXdzqxxUpSH7ivwDl83Fbr8
Wdzrco2Hho9M7GLWlDkwGpaus7AVAl3pxwDfyTaWtk5P2tHZ5M3DbSmsv662DNTA
fm1H5qmq0gIxznV1OyZi4+IiAZOoSIaVEy4WwKDCPAhBuWUhl+vm6C7FXajheFki
xBJnNaGoJORLNy53Ere0tLhc02ajMBO7O8RS3tWUYy60tsEQkclYOsi9xUhW+sIS
oVyKIP3HX9UFrlZUrt7AFjZQ3FnreEjus3/sBxl7ewITmReMG2UYNm0UKwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPijRoZQa/38Pvp/uJGg38yx5t4AMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvMS1LTkdobEJyX2Z3LS1uLTRrYURmekxIbTNnQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzAvNGU3YmM3LTI2MGUtNDdlNi04Mzg4LWExODRmMzU1NmU0
My8xLzU4ODRoTGVBQjZKZHZpNHM3d3pITzJtU0g0Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAzBggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGgMEAlvkDAME
AV6aIDAMAwQAXpojAwQAXpomMA0GCSqGSIb3DQEBCwUAA4IBAQA+yFn4c+8ia3lo
/gVjgA2Elh5dYr/byXlxP7brnpSRjgyI0Mfa1GSOkr7YChWNoNJ/Wt4Z1rMurz4Z
b9DnN6xISlg+i6rBvBwS+JVg8SSrezv86FOJSBHLqouzNJZeqP/3C+XOYZ5tsD82
lA61Owcf9fSn4Tpn59xLNv3nkDO1f8ETI7WDo8RDLw4kiAEeP2GPguqHlMQbspOp
+Ocq44tu+3227nCeDMbdOqSblJOVh3gWSbaI3zMh9DCoLErn2S7XY3AbeLk+S28X
Z+cGIGECaAbSSagdYxi3qaIhH349R+jqy9XFOdQpBByENaLxeaT63NgBeZcNutzl
n1FyfNMN
-----END CERTIFICATE-----
Generated at Wed Apr 30 10:25:59 2025 by rpki-client