Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/Xi6UXg4f0S7tNhREKdtixT3Dt4k.roa
File: Xi6UXg4f0S7tNhREKdtixT3Dt4k.roa (raw, json)
Hash identifier: lU360KD3KDj4va/hrVd8eXqbqa99vTv2OzXTPfD8Df0=
Subject key identifier: 5E:2E:94:5E:0E:1F:D1:2E:ED:36:14:44:29:DB:62:C5:3D:C3:B7:89
Certificate issuer: /CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Certificate serial: 019D48738F6147CE451D8B53182F0B57D506
Authority key identifier: BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/Xi6UXg4f0S7tNhREKdtixT3Dt4k.roa
Signing time: Wed 01 Apr 2026 09:50:26 +0000
ROA not before: Wed 01 Apr 2026 09:50:26 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214143
IP address blocks: 209.131.66.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 17 Apr 2026 09:47:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:48:73:8f:61:47:ce:45:1d:8b:53:18:2f:0b:57:d5:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba67bff7bad1eb8384b585df7bef1206f7f19f7e
Validity
Not Before: Apr 1 09:50:26 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=5e2e945e0e1fd12eed36144429db62c53dc3b789
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:48:43:33:08:c0:dd:a4:15:83:66:d7:9d:1f:
9a:57:53:07:61:31:84:b4:3f:cd:5d:01:eb:67:cd:
64:3f:f6:45:90:29:1f:16:ce:d1:a7:02:e0:b5:19:
32:de:1c:d6:06:9a:e0:de:9b:35:81:35:d0:df:86:
30:ab:b1:4c:6d:d0:5c:69:2d:63:8e:bc:10:cd:70:
1e:52:97:fb:67:11:f0:b7:e0:9a:78:9e:e0:b7:cb:
ca:6f:25:53:c5:17:9a:0b:b0:76:81:99:4e:14:6f:
4b:96:b6:d6:41:f1:0f:ca:39:be:97:e4:46:b9:7c:
80:6f:c2:bb:3e:70:8d:aa:00:6d:36:56:4a:ed:e8:
7a:04:75:a1:47:8d:a4:f3:a6:b2:28:12:e8:96:f8:
ac:a0:d6:d4:6d:b6:b0:c5:79:ef:d5:30:b3:6a:d1:
52:f8:52:f9:0e:de:7a:72:32:96:88:ac:93:95:20:
b4:cf:01:0f:28:8d:6f:59:ab:53:a1:3d:9b:63:78:
e2:53:b6:ac:8b:33:28:e5:df:30:09:5d:61:f1:cd:
6a:50:ed:a5:81:79:01:47:41:1f:1e:e8:9e:ff:a9:
9d:b3:2c:79:27:19:73:8c:94:9f:9a:89:46:88:fa:
f4:57:8a:d4:0c:84:b7:9c:89:51:4d:8c:83:6c:c2:
27:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:2E:94:5E:0E:1F:D1:2E:ED:36:14:44:29:DB:62:C5:3D:C3:B7:89
X509v3 Authority Key Identifier:
keyid:BA:67:BF:F7:BA:D1:EB:83:84:B5:85:DF:7B:EF:12:06:F7:F1:9F:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ume_97rR64OEtYXfe-8SBvfxn34.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/Xi6UXg4f0S7tNhREKdtixT3Dt4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a244d-51d1-4143-b6af-da4538022ac7/1/ume_97rR64OEtYXfe-8SBvfxn34.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
209.131.66.0/24
Signature Algorithm: sha256WithRSAEncryption
02:96:f1:10:bf:dd:46:08:47:13:0e:4c:d6:55:98:5d:6d:a9:
32:db:e8:e0:d2:1b:7c:fd:3a:52:2c:8b:0e:0b:db:f2:9b:2c:
22:14:de:aa:78:1b:5e:e5:a8:4e:c1:52:68:fc:26:37:54:64:
9a:5e:78:1a:ff:05:10:44:e8:a0:7a:1a:89:2c:ac:1f:86:a1:
26:18:e8:e0:6f:e9:0c:b2:d4:d4:56:eb:5e:ab:74:64:92:76:
fc:73:97:71:4d:b6:b4:34:65:ae:b9:92:99:53:5a:71:59:b0:
e0:d3:01:85:ee:97:37:cf:f4:95:09:a9:7b:44:ef:6a:1c:e1:
68:6e:e2:45:46:7a:e1:e9:d7:e3:b9:b6:0b:59:62:e7:0e:2f:
da:60:93:e2:fe:79:a8:9c:4a:0d:c8:d3:97:de:e0:15:c3:4c:
99:56:6d:9d:55:7d:e2:19:f2:b2:fc:8a:2c:d8:3c:dd:e1:22:
ec:f7:41:27:90:9f:5f:85:ba:c8:ed:f2:8d:08:41:dd:9a:fb:
9d:34:39:9e:c9:3a:bd:39:27:52:b2:23:f4:cb:35:11:7f:32:
8d:8a:0c:0c:24:95:db:d0:51:8d:b9:8d:1f:50:02:bf:1c:db:
84:55:33:92:51:7c:d2:c7:61:11:8d:1b:c7:45:0b:20:3e:18:
c8:0d:bb:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1Ic49hR85FHYtTGC8LV9UGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjdiZmY3YmFkMWViODM4NGI1ODVkZjdiZWYxMjA2Zjdm
MTlmN2UwHhcNMjYwNDAxMDk1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJlOTQ1ZTBlMWZkMTJlZWQzNjE0NDQyOWRiNjJjNTNkYzNiNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0hDMwjA3aQVg2bXnR+aV1MHYTGE
tD/NXQHrZ81kP/ZFkCkfFs7RpwLgtRky3hzWBprg3ps1gTXQ34Ywq7FMbdBcaS1j
jrwQzXAeUpf7ZxHwt+CaeJ7gt8vKbyVTxReaC7B2gZlOFG9LlrbWQfEPyjm+l+RG
uXyAb8K7PnCNqgBtNlZK7eh6BHWhR42k86ayKBLolvisoNbUbbawxXnv1TCzatFS
+FL5Dt56cjKWiKyTlSC0zwEPKI1vWatToT2bY3jiU7asizMo5d8wCV1h8c1qUO2l
gXkBR0EfHuie/6mdsyx5JxlzjJSfmolGiPr0V4rUDIS3nIlRTYyDbMInWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4ulF4OH9Eu7TYURCnbYsU9w7eJMB8GA1UdIwQY
MBaAFLpnv/e60euDhLWF33vvEgb38Z9+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYt
ZGE0NTM4MDIyYWM3LzEvWGk2VVhnNGYwUzd0TmhSRUtkdGl4VDNEdDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTI0NGQtNTFkMS00MTQzLWI2YWYtZGE0NTM4MDIyYWM3
LzEvdW1lXzk3clI2NE9FdFlYZmUtOFNCdmZ4bjM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YNCMA0G
CSqGSIb3DQEBCwUAA4IBAQAClvEQv91GCEcTDkzWVZhdbaky2+jg0ht8/TpSLIsO
C9vymywiFN6qeBte5ahOwVJo/CY3VGSaXnga/wUQROigehqJLKwfhqEmGOjgb+kM
stTUVuteq3Rkknb8c5dxTba0NGWuuZKZU1pxWbDg0wGF7pc3z/SVCal7RO9qHOFo
buJFRnrh6dfjubYLWWLnDi/aYJPi/nmonEoNyNOX3uAVw0yZVm2dVX3iGfKy/Ios
2Dzd4SLs90EnkJ9fhbrI7fKNCEHdmvudNDmeyTq9OSdSsiP0yzURfzKNigwMJJXb
0FGNuY0fUAK/HNuEVTOSUXzSx2ERjRvHRQsgPhjIDbtQ
-----END CERTIFICATE-----
Generated at Fri Apr 17 13:31:36 2026 by rpki-client