Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/fca81d-38a5-4c32-b163-b7fa393db1d1/1/X43Lckwu7Jh_T3KquSBiq6Bt6N4.roa
File: X43Lckwu7Jh_T3KquSBiq6Bt6N4.roa (raw, json)
Hash identifier: VUjqoThejRVg2cv+wIBHQ5/bo3gA2kyiLt2Imacunh8=
Subject key identifier: 5F:8D:CB:72:4C:2E:EC:98:7F:4F:72:AA:B9:20:62:AB:A0:6D:E8:DE
Certificate issuer: /CN=9a7004fdbc1d9e3a3c1e7e06591aca4b94b6c2f8
Certificate serial: 0195F1553B9AFCC54A7EB10D1411FE91B172
Authority key identifier: 9A:70:04:FD:BC:1D:9E:3A:3C:1E:7E:06:59:1A:CA:4B:94:B6:C2:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mnAE_bwdnjo8Hn4GWRrKS5S2wvg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/fca81d-38a5-4c32-b163-b7fa393db1d1/1/X43Lckwu7Jh_T3KquSBiq6Bt6N4.roa
Signing time: Tue 01 Apr 2025 12:30:49 +0000
ROA not before: Tue 01 Apr 2025 12:30:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8745
IP address blocks: 85.209.188.0/22 maxlen: 22
195.96.224.0/19 maxlen: 19
213.191.192.0/19 maxlen: 19
213.191.221.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Apr 2025 12:38:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f1:55:3b:9a:fc:c5:4a:7e:b1:0d:14:11:fe:91:b1:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a7004fdbc1d9e3a3c1e7e06591aca4b94b6c2f8
Validity
Not Before: Apr 1 12:30:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f8dcb724c2eec987f4f72aab92062aba06de8de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:3f:f5:67:5a:96:67:61:58:62:95:9e:e9:45:
30:2d:fc:30:46:95:f2:53:bd:5f:64:da:b9:04:dc:
cf:81:79:cc:17:df:90:89:8c:12:99:3b:39:f2:08:
f9:21:7f:6b:d0:f9:fa:2f:a7:8a:5c:cb:4d:8c:6e:
23:93:0b:8e:f0:e7:69:e0:67:53:e9:1f:96:85:6a:
fa:75:bf:3e:1a:00:7b:76:75:73:ce:ec:29:bc:81:
48:4b:72:80:57:cd:65:b7:07:f3:8b:a3:4a:ba:94:
02:e5:29:98:d3:a7:2e:41:0f:af:58:d5:99:f1:ff:
19:09:c7:86:f6:2c:b7:86:0b:c8:36:bb:5e:97:26:
b2:34:d5:07:58:bc:fd:53:9a:04:91:0b:e4:1c:52:
71:7a:52:41:57:5d:94:ac:04:8f:d7:d4:03:06:5d:
52:57:b1:3b:1e:21:63:14:b5:6c:5a:15:c9:76:d7:
2a:e5:d0:58:df:d1:5e:82:70:f5:ab:19:b2:09:91:
9b:29:2c:88:14:1c:02:78:60:44:47:b0:66:2c:e6:
3b:41:3e:82:cb:ea:c0:52:21:fe:5a:42:99:f4:6a:
79:18:b6:60:88:b9:2f:96:1e:7d:4f:8a:ca:a2:24:
86:67:97:26:7c:70:41:10:52:84:8f:b2:8d:a8:67:
1d:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:8D:CB:72:4C:2E:EC:98:7F:4F:72:AA:B9:20:62:AB:A0:6D:E8:DE
X509v3 Authority Key Identifier:
keyid:9A:70:04:FD:BC:1D:9E:3A:3C:1E:7E:06:59:1A:CA:4B:94:B6:C2:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mnAE_bwdnjo8Hn4GWRrKS5S2wvg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/fca81d-38a5-4c32-b163-b7fa393db1d1/1/X43Lckwu7Jh_T3KquSBiq6Bt6N4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/fca81d-38a5-4c32-b163-b7fa393db1d1/1/mnAE_bwdnjo8Hn4GWRrKS5S2wvg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.188.0/22
195.96.224.0/19
213.191.192.0/19
Signature Algorithm: sha256WithRSAEncryption
38:9f:ff:ab:69:df:7d:7d:6a:c8:d5:9a:fb:b6:3f:ca:96:97:
b6:7e:e9:12:63:8d:91:9f:68:dd:1c:e9:ac:20:22:a0:da:19:
05:6c:d9:d0:d8:8a:6b:d1:3f:f5:81:02:16:4a:81:ce:fc:7f:
56:2f:c4:57:95:97:9c:9a:82:cd:41:22:de:ef:18:34:3a:75:
cb:a0:77:e5:56:b1:3f:71:42:12:92:f1:ec:64:38:bf:58:29:
ee:0f:ac:b5:ad:1c:8b:b4:e5:69:a9:30:de:8d:3e:70:de:f7:
41:7b:ce:04:11:93:93:df:ef:d1:9d:50:46:0d:17:4e:7b:cd:
87:b5:f3:33:08:2c:f9:1b:80:8c:96:23:ab:b0:64:32:69:6d:
bd:32:2e:25:0e:0c:aa:5c:7c:33:6a:f0:18:c7:c2:ab:af:bb:
df:d0:0f:c6:ef:53:22:af:3c:41:25:38:5c:7a:38:44:30:aa:
91:32:ad:a5:ac:f4:21:e7:28:e7:c8:6e:a5:b4:cf:b3:a5:c3:
fc:94:f8:85:d0:12:d9:79:0a:e9:39:10:74:c7:b4:88:9e:50:
b4:7e:ad:67:cf:f6:c7:d3:64:c3:06:af:3b:d9:55:66:60:90:
9b:29:64:0c:72:e2:d8:2b:84:5e:f6:3c:a6:4a:a0:5c:08:25:
22:ea:89:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZXxVTua/MVKfrENFBH+kbFyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNzAwNGZkYmMxZDllM2EzYzFlN2UwNjU5MWFjYTRiOTRi
NmMyZjgwHhcNMjUwNDAxMTIzMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjhkY2I3MjRjMmVlYzk4N2Y0ZjcyYWFiOTIwNjJhYmEwNmRlOGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnT/1Z1qWZ2FYYpWe6UUwLfwwRpXy
U71fZNq5BNzPgXnMF9+QiYwSmTs58gj5IX9r0Pn6L6eKXMtNjG4jkwuO8Odp4GdT
6R+WhWr6db8+GgB7dnVzzuwpvIFIS3KAV81ltwfzi6NKupQC5SmY06cuQQ+vWNWZ
8f8ZCceG9iy3hgvINrtelyayNNUHWLz9U5oEkQvkHFJxelJBV12UrASP19QDBl1S
V7E7HiFjFLVsWhXJdtcq5dBY39FegnD1qxmyCZGbKSyIFBwCeGBER7BmLOY7QT6C
y+rAUiH+WkKZ9Gp5GLZgiLkvlh59T4rKoiSGZ5cmfHBBEFKEj7KNqGcdCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF+Ny3JMLuyYf09yqrkgYqugbejeMB8GA1UdIwQY
MBaAFJpwBP28HZ46PB5+BlkaykuUtsL4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW5BRV9id2Ruam84SG40R1dScktTNVMyd3ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mY2E4MWQtMzhhNS00YzMyLWIxNjMt
YjdmYTM5M2RiMWQxLzEvWDQzTGNrd3U3SmhfVDNLcXVTQmlxNkJ0Nk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mY2E4MWQtMzhhNS00YzMyLWIxNjMtYjdmYTM5M2RiMWQx
LzEvbW5BRV9id2Ruam84SG40R1dScktTNVMyd3ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCVdG8AwQF
w2DgAwQF1b/AMA0GCSqGSIb3DQEBCwUAA4IBAQA4n/+rad99fWrI1Zr7tj/Klpe2
fukSY42Rn2jdHOmsICKg2hkFbNnQ2Ipr0T/1gQIWSoHO/H9WL8RXlZecmoLNQSLe
7xg0OnXLoHflVrE/cUISkvHsZDi/WCnuD6y1rRyLtOVpqTDejT5w3vdBe84EEZOT
3+/RnVBGDRdOe82HtfMzCCz5G4CMliOrsGQyaW29Mi4lDgyqXHwzavAYx8Krr7vf
0A/G71MirzxBJThcejhEMKqRMq2lrPQh5yjnyG6ltM+zpcP8lPiF0BLZeQrpORB0
x7SInlC0fq1nz/bH02TDBq872VVmYJCbKWQMcuLYK4Re9jymSqBcCCUi6onH
-----END CERTIFICATE-----
Generated at Fri May 2 09:51:18 2025 by rpki-client