Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KOsNjbPqSXBi0bFhnSdKwadypkk.roa
File: KOsNjbPqSXBi0bFhnSdKwadypkk.roa (raw, json)
Hash identifier: yClJ4ogdYX6/DjiWv/lLFFqvCxgGnKPpH6kDb4z0Nmc=
Subject key identifier: 28:EB:0D:8D:B3:EA:49:70:62:D1:B1:61:9D:27:4A:C1:A7:72:A6:49
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01976B2026B8CA245FF780A7E4661DC28F50
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KOsNjbPqSXBi0bFhnSdKwadypkk.roa
Signing time: Fri 13 Jun 2025 21:09:18 +0000
ROA not before: Fri 13 Jun 2025 21:09:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214537
IP address blocks: 2a0e:b107:2798::/46 maxlen: 48
2a0e:b107:279c::/46 maxlen: 48
2a10:ccc1:1339::/48 maxlen: 48
Validation: Failed, certificate revoked on Sun 15 Jun 2025 10:11:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:6b:20:26:b8:ca:24:5f:f7:80:a7:e4:66:1d:c2:8f:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jun 13 21:09:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28eb0d8db3ea497062d1b1619d274ac1a772a649
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:f5:cf:3f:c8:2d:ec:b4:19:c1:c1:57:ef:a6:
f9:2f:8e:fc:9c:57:55:d4:af:cf:20:16:e1:b8:69:
a0:20:f5:11:f5:d9:6e:52:d1:b8:70:e6:d9:77:d1:
ac:a8:e0:f7:d3:78:20:7b:25:b1:82:19:93:12:11:
fa:2f:01:ea:70:82:8a:64:69:02:c8:85:00:00:25:
cb:d2:f9:d7:d3:4f:e0:ea:c7:fb:e4:62:fc:e7:04:
76:71:46:2b:39:eb:dd:a3:c7:4c:10:7b:07:9c:62:
8f:d2:0b:90:8f:30:37:24:f7:1d:21:c8:02:68:c5:
5b:7d:68:dc:ea:39:55:de:b2:85:7a:01:4c:0f:45:
5a:d3:16:6b:1c:b5:a6:5d:e8:1d:9e:d0:ca:44:30:
12:6b:e2:62:43:19:4a:d7:7c:88:0e:ea:4e:03:6b:
b8:d3:f1:c7:57:a0:ed:af:50:74:5d:3d:d5:00:36:
b0:ed:6d:d9:73:ce:b9:55:88:b8:89:7e:04:33:c1:
08:a3:6d:70:f8:0b:80:f2:b0:ae:15:e4:67:3c:1b:
99:21:70:6b:60:8a:1a:52:e5:98:7b:36:8f:65:67:
cd:1d:ee:a8:62:11:22:69:da:5b:9e:72:bf:75:1d:
ed:21:95:59:0d:82:38:99:d5:53:94:70:fb:b4:47:
76:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:EB:0D:8D:B3:EA:49:70:62:D1:B1:61:9D:27:4A:C1:A7:72:A6:49
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KOsNjbPqSXBi0bFhnSdKwadypkk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:b107:2798::/45
2a10:ccc1:1339::/48
Signature Algorithm: sha256WithRSAEncryption
3f:a6:f5:ba:4e:4a:0d:89:41:a6:78:9b:3d:6a:b8:e8:d6:0f:
66:fd:7f:3d:cf:65:62:36:92:cd:4c:c5:f0:04:f9:09:8f:0e:
e3:3b:94:37:08:01:c9:70:d0:20:61:d2:3e:59:75:06:63:66:
46:db:38:97:7b:bd:d8:38:b5:7f:21:71:8a:29:85:38:0c:46:
3a:72:c2:6f:c1:8d:cf:92:2c:6d:1e:c7:ce:c0:b6:1b:7f:6a:
55:ac:0a:ce:90:67:43:02:23:2e:2a:60:01:15:a5:6f:97:af:
05:ad:1d:3d:17:96:d3:a7:0e:e5:38:19:81:63:f5:1c:87:f3:
51:f9:c5:51:d7:9f:d1:5d:25:aa:9f:92:b3:b3:e5:f9:20:27:
e2:b9:d2:02:4c:4e:0f:1d:23:24:81:70:e7:35:76:8c:ba:c4:
e7:66:31:e1:2e:dc:fb:3b:5a:f5:0d:3e:f3:2c:26:82:bc:de:
53:02:6d:53:b7:84:d7:a3:03:e0:d9:e8:26:19:05:0f:dd:f3:
c5:d8:be:cf:39:91:65:c7:f4:26:b5:19:3e:02:b9:ff:4b:ae:
4f:9e:d5:e3:6c:c3:cc:d7:10:6a:99:bc:77:e6:99:ef:ac:d6:
b5:1d:9e:19:9d:ae:e6:50:b0:c4:b3:35:54:dc:c8:97:77:e6:
9d:47:d3:61
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdrICa4yiRf94Cn5GYdwo9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjEzMjEwOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGViMGQ4ZGIzZWE0OTcwNjJkMWIxNjE5ZDI3NGFjMWE3NzJhNjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/XPP8gt7LQZwcFX76b5L478nFdV
1K/PIBbhuGmgIPUR9dluUtG4cObZd9GsqOD303ggeyWxghmTEhH6LwHqcIKKZGkC
yIUAACXL0vnX00/g6sf75GL85wR2cUYrOevdo8dMEHsHnGKP0guQjzA3JPcdIcgC
aMVbfWjc6jlV3rKFegFMD0Va0xZrHLWmXegdntDKRDASa+JiQxlK13yIDupOA2u4
0/HHV6Dtr1B0XT3VADaw7W3Zc865VYi4iX4EM8EIo21w+AuA8rCuFeRnPBuZIXBr
YIoaUuWYezaPZWfNHe6oYhEiadpbnnK/dR3tIZVZDYI4mdVTlHD7tEd2XwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCjrDY2z6klwYtGxYZ0nSsGncqZJMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS09zTmpiUHFTWEJpMGJGaG5TZEt3YWR5cGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcDKg6xByeY
AwcAKhDMwRM5MA0GCSqGSIb3DQEBCwUAA4IBAQA/pvW6TkoNiUGmeJs9arjo1g9m
/X89z2ViNpLNTMXwBPkJjw7jO5Q3CAHJcNAgYdI+WXUGY2ZG2ziXe73YOLV/IXGK
KYU4DEY6csJvwY3PkixtHsfOwLYbf2pVrArOkGdDAiMuKmABFaVvl68FrR09F5bT
pw7lOBmBY/Uch/NR+cVR15/RXSWqn5Kzs+X5ICfiudICTE4PHSMkgXDnNXaMusTn
ZjHhLtz7O1r1DT7zLCaCvN5TAm1Tt4TXowPg2egmGQUP3fPF2L7POZFlx/QmtRk+
Arn/S65PntXjbMPM1xBqmbx35pnvrNa1HZ4Zna7mULDEszVU3MiXd+adR9Nh
-----END CERTIFICATE-----
Generated at Thu Jun 19 04:28:06 2025 by rpki-client