Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/wU7StJW-DDMO2IfUhbKwRq03LH4.roa
File: wU7StJW-DDMO2IfUhbKwRq03LH4.roa (raw, json)
Hash identifier: agiiz9TYWVr1jFEi+ZSl3zujSY0tUFTBNcUwTs1U3zQ=
Subject key identifier: C1:4E:D2:B4:95:BE:0C:33:0E:D8:87:D4:85:B2:B0:46:AD:37:2C:7E
Certificate issuer: /CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Certificate serial: 01961196610534DE47FC1F57E5B03B1C20E0
Authority key identifier: CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/wU7StJW-DDMO2IfUhbKwRq03LH4.roa
Signing time: Mon 07 Apr 2025 18:49:49 +0000
ROA not before: Mon 07 Apr 2025 18:49:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a0a:c382::/32 maxlen: 32
2a11:2080::/32 maxlen: 32
2a11:2085::/32 maxlen: 32
2a11:6504::/32 maxlen: 32
2a11:8f85::/32 maxlen: 32
2a11:f186::/32 maxlen: 32
2a11:fb45::/32 maxlen: 32
2a12:1804::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 08 Apr 2025 18:16:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:11:96:61:05:34:de:47:fc:1f:57:e5:b0:3b:1c:20:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca9ccd830b7e03308bf5cf25e67a7fc2bde0957c
Validity
Not Before: Apr 7 18:49:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c14ed2b495be0c330ed887d485b2b046ad372c7e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:9f:9f:cd:82:d0:7a:ae:73:fe:63:24:93:1f:
9b:22:71:e5:93:ee:6e:c3:70:a5:4c:f2:c5:0a:a6:
19:03:1d:4e:08:21:30:bd:16:07:7f:d6:4d:88:31:
62:dd:04:91:57:25:24:53:73:fe:5e:48:09:f4:3a:
d5:73:07:47:9e:5b:db:92:ce:d3:43:03:35:7a:18:
02:12:64:51:ee:f9:1d:f0:e8:53:1a:f0:8c:95:5e:
59:e7:57:65:c2:08:79:4b:5c:df:f7:4d:62:a9:9f:
c4:9f:50:91:87:d3:1c:07:10:19:6f:8f:9e:f3:05:
1b:99:b2:9c:db:8f:d6:31:9d:d5:ba:e2:cd:15:1b:
a5:56:87:c2:94:50:63:d0:69:41:c6:eb:dc:8b:54:
12:f4:02:45:d0:c2:1d:90:46:3b:8a:71:19:c1:d1:
e5:2b:77:31:7e:e7:fd:3a:28:2e:c8:48:19:ce:22:
1d:f2:e1:eb:12:c9:a1:0e:00:03:9f:33:6e:64:b9:
73:24:b6:f3:31:63:16:23:32:6d:42:db:b9:11:5f:
ae:ae:55:d7:8c:54:39:b3:0e:ca:3c:e8:5d:27:aa:
24:9d:9c:4d:21:b5:61:9c:94:fd:71:69:8b:aa:63:
cc:24:14:c9:a4:9a:92:d3:50:a4:7c:74:db:1e:04:
d0:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:4E:D2:B4:95:BE:0C:33:0E:D8:87:D4:85:B2:B0:46:AD:37:2C:7E
X509v3 Authority Key Identifier:
keyid:CA:9C:CD:83:0B:7E:03:30:8B:F5:CF:25:E6:7A:7F:C2:BD:E0:95:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypzNgwt-AzCL9c8l5np_wr3glXw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/wU7StJW-DDMO2IfUhbKwRq03LH4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a68f21-9ff8-4a44-a36d-d1cde2465f89/1/ypzNgwt-AzCL9c8l5np_wr3glXw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:c382::/32
2a11:2080::/32
2a11:2085::/32
2a11:6504::/32
2a11:8f85::/32
2a11:f186::/32
2a11:fb45::/32
2a12:1804::/32
Signature Algorithm: sha256WithRSAEncryption
17:5e:04:15:86:99:a0:21:7a:a0:2f:ee:96:a0:5d:cb:b8:8d:
0d:48:51:59:c9:d5:a8:7c:7e:26:1f:bb:f9:e4:1e:15:ef:6b:
d1:58:26:a0:5a:c7:39:8a:dd:04:06:22:5f:84:32:25:cc:ff:
4b:76:c4:c8:be:2f:d0:50:6a:80:62:67:c3:f7:98:19:10:81:
ca:3a:31:3f:93:c7:d5:c1:25:c7:69:23:32:a8:00:5f:00:fd:
16:f8:bd:21:25:40:15:e6:55:92:5f:4c:48:ac:9f:85:2f:e0:
5c:0e:34:8d:bf:22:be:be:62:1f:11:e9:95:53:a8:a1:6b:58:
20:a0:ea:fa:9d:2d:7c:2a:81:8e:c5:28:3b:ff:db:41:30:94:
82:64:4f:18:80:09:10:4a:0e:9d:92:d5:fb:1e:b1:d1:03:11:
f4:67:01:45:79:17:f7:4f:75:53:ff:4d:85:d1:10:c6:18:0b:
41:d7:36:96:87:00:93:db:d6:5f:74:4d:96:21:30:2e:4f:73:
b2:7f:c9:c7:4f:aa:05:21:94:02:15:95:2c:18:66:8b:4a:f3:
c8:dc:d4:8f:c4:b0:93:44:12:66:51:71:7e:1c:00:44:e1:35:
40:55:b2:30:85:07:3d:79:c0:c9:cc:16:05:de:b9:26:99:03:
a8:b5:cf:e5
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZYRlmEFNN5H/B9X5bA7HCDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWNjZDgzMGI3ZTAzMzA4YmY1Y2YyNWU2N2E3ZmMyYmRl
MDk1N2MwHhcNMjUwNDA3MTg0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTRlZDJiNDk1YmUwYzMzMGVkODg3ZDQ4NWIyYjA0NmFkMzcyYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZ+fzYLQeq5z/mMkkx+bInHlk+5u
w3ClTPLFCqYZAx1OCCEwvRYHf9ZNiDFi3QSRVyUkU3P+XkgJ9DrVcwdHnlvbks7T
QwM1ehgCEmRR7vkd8OhTGvCMlV5Z51dlwgh5S1zf901iqZ/En1CRh9McBxAZb4+e
8wUbmbKc24/WMZ3VuuLNFRulVofClFBj0GlBxuvci1QS9AJF0MIdkEY7inEZwdHl
K3cxfuf9OiguyEgZziId8uHrEsmhDgADnzNuZLlzJLbzMWMWIzJtQtu5EV+urlXX
jFQ5sw7KPOhdJ6oknZxNIbVhnJT9cWmLqmPMJBTJpJqS01CkfHTbHgTQLwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFMFO0rSVvgwzDtiH1IWysEatNyx+MB8GA1UdIwQY
MBaAFMqczYMLfgMwi/XPJeZ6f8K94JV8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQt
ZDFjZGUyNDY1Zjg5LzEvd1U3U3RKVy1ERE1PMklmVWhiS3dScTAzTEg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hNjhmMjEtOWZmOC00YTQ0LWEzNmQtZDFjZGUyNDY1Zjg5
LzEveXB6Tmd3dC1BekNMOWM4bDVucF93cjNnbFh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKgrDggMF
ACoRIIADBQAqESCFAwUAKhFlBAMFACoRj4UDBQAqEfGGAwUAKhH7RQMFACoSGAQw
DQYJKoZIhvcNAQELBQADggEBABdeBBWGmaAheqAv7pagXcu4jQ1IUVnJ1ah8fiYf
u/nkHhXva9FYJqBaxzmK3QQGIl+EMiXM/0t2xMi+L9BQaoBiZ8P3mBkQgco6MT+T
x9XBJcdpIzKoAF8A/Rb4vSElQBXmVZJfTEisn4Uv4FwONI2/Ir6+Yh8R6ZVTqKFr
WCCg6vqdLXwqgY7FKDv/20EwlIJkTxiACRBKDp2S1fsesdEDEfRnAUV5F/dPdVP/
TYXREMYYC0HXNpaHAJPb1l90TZYhMC5Pc7J/ycdPqgUhlAIVlSwYZotK88jc1I/E
sJNEEmZRcX4cAEThNUBVsjCFBz15wMnMFgXeuSaZA6i1z+U=
-----END CERTIFICATE-----
Generated at Tue Apr 29 20:55:49 2025 by rpki-client