Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9hQqe9FfpQyFafURMfBgMfx_MSY.roa
File: 9hQqe9FfpQyFafURMfBgMfx_MSY.roa (raw, json)
Hash identifier: gPal/8DkkSnLmoMC7r8Km2j/8BHfulEBWlcWoTklglk=
Subject key identifier: F6:14:2A:7B:D1:5F:A5:0C:85:69:F5:11:31:F0:60:31:FC:7F:31:26
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019A49218080818449DEB846162AA57529BC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9hQqe9FfpQyFafURMfBgMfx_MSY.roa
Signing time: Mon 03 Nov 2025 09:52:03 +0000
ROA not before: Mon 03 Nov 2025 09:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 82.152.174.0/23 maxlen: 23
82.153.208.0/22 maxlen: 22
89.213.58.0/24 maxlen: 24
89.213.60.0/23 maxlen: 24
89.213.198.0/23 maxlen: 24
89.213.200.0/23 maxlen: 24
89.213.202.0/23 maxlen: 24
89.213.204.0/23 maxlen: 24
89.213.249.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 04 Nov 2025 09:27:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:49:21:80:80:81:84:49:de:b8:46:16:2a:a5:75:29:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 3 09:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f6142a7bd15fa50c8569f51131f06031fc7f3126
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:f9:88:0a:78:0a:2d:7a:c5:8d:84:d4:e8:95:
63:0d:fc:b0:bd:5e:91:2a:8f:25:32:05:e4:b4:b2:
c3:60:9e:80:9b:c6:9c:1c:2f:11:40:d2:84:80:c8:
c9:15:6f:86:df:ad:05:d9:84:d4:04:b1:0a:b3:3c:
dd:b8:2d:c4:44:dc:57:25:df:67:32:5f:a5:64:ff:
c8:6a:4e:1e:6e:1c:8b:e9:db:21:e8:1a:d4:10:c3:
83:ed:1c:00:59:bb:c9:2c:44:03:3e:2a:de:48:37:
84:43:80:43:44:7c:05:9d:04:1b:a2:ba:b9:df:bf:
f4:fb:7b:27:bc:2f:51:5b:c4:14:1e:b5:71:89:0c:
92:4f:b8:37:87:33:5b:37:45:bb:9c:8f:9f:fe:3a:
5a:b8:b8:03:f1:bf:93:af:7b:99:1f:ef:d8:cc:0b:
4a:eb:ad:44:f2:a3:d4:ba:36:b9:40:a8:1e:10:a0:
bc:e6:3e:2c:47:a8:4d:6a:b8:73:3a:b5:85:b4:15:
ea:7d:2b:f2:f1:e3:eb:d2:f6:ea:a2:07:8e:7f:46:
3c:99:e3:d0:b9:9f:e1:84:aa:14:cc:cd:ba:90:9e:
6c:c0:ac:cb:da:de:9e:3e:a3:10:b5:76:2d:27:8a:
a3:ec:50:dc:84:c4:71:0a:f0:66:ae:7a:74:3f:33:
ef:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:14:2A:7B:D1:5F:A5:0C:85:69:F5:11:31:F0:60:31:FC:7F:31:26
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/9hQqe9FfpQyFafURMfBgMfx_MSY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.174.0/23
82.153.208.0/22
89.213.58.0/24
89.213.60.0/23
89.213.198.0-89.213.205.255
89.213.249.0/24
Signature Algorithm: sha256WithRSAEncryption
a4:74:fe:31:a2:c0:7c:8a:ac:dd:6d:9f:8c:62:7d:0f:c1:c8:
ca:51:3d:54:c5:8c:bd:19:87:04:ad:72:14:b5:4a:2a:f8:1c:
99:2f:12:e7:78:a4:ba:b5:cb:54:bc:cf:12:be:b9:65:12:27:
cd:67:2a:fc:3d:de:21:57:05:c3:55:60:78:a2:0b:61:41:4c:
fe:a5:3c:aa:db:e6:4e:40:c1:d7:30:13:c4:43:23:ba:89:69:
a7:7c:7b:68:e4:f6:20:ff:e0:3e:51:5a:ec:98:b6:6d:1a:39:
73:8c:e7:63:c4:83:ac:25:49:00:41:44:2e:40:e8:83:fd:c7:
5b:9e:69:7c:1a:08:79:9d:12:27:64:06:b4:6d:65:9c:f6:91:
2d:40:56:d6:1f:9f:f5:04:ec:aa:c5:b8:07:78:c3:81:25:d6:
65:cc:86:8a:eb:37:73:ad:46:c8:36:ed:0f:c8:62:6a:ac:7f:
b1:07:ea:71:a5:79:08:a9:95:0a:d4:0a:5c:44:c6:a3:3a:a6:
b6:02:44:90:7e:e8:f5:58:3b:08:8f:71:9a:3e:04:e0:5d:8c:
bb:d8:aa:05:82:0c:5e:95:ce:f1:9c:1d:e4:1b:2f:6d:c1:d2:
61:4c:45:f8:62:38:92:8a:72:e9:08:e8:7f:72:10:1d:f2:9d:
7d:62:db:09
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZpJIYCAgYRJ3rhGFiqldSm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUxMTAzMDk1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE0MmE3YmQxNWZhNTBjODU2OWY1MTEzMWYwNjAzMWZjN2YzMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPmICngKLXrFjYTU6JVjDfywvV6R
Ko8lMgXktLLDYJ6Am8acHC8RQNKEgMjJFW+G360F2YTUBLEKszzduC3ERNxXJd9n
Ml+lZP/Iak4ebhyL6dsh6BrUEMOD7RwAWbvJLEQDPireSDeEQ4BDRHwFnQQborq5
37/0+3snvC9RW8QUHrVxiQyST7g3hzNbN0W7nI+f/jpauLgD8b+Tr3uZH+/YzAtK
661E8qPUuja5QKgeEKC85j4sR6hNarhzOrWFtBXqfSvy8ePr0vbqogeOf0Y8mePQ
uZ/hhKoUzM26kJ5swKzL2t6ePqMQtXYtJ4qj7FDchMRxCvBmrnp0PzPvVwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFPYUKnvRX6UMhWn1ETHwYDH8fzEmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvOWhRcWU5RmZwUXlGYWZVUk1mQmdNZnhfTVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBUpiuAwQC
UpnQAwQAWdU6AwQBWdU8MAwDBAFZ1cYDBAFZ1cwDBABZ1fkwDQYJKoZIhvcNAQEL
BQADggEBAKR0/jGiwHyKrN1tn4xifQ/ByMpRPVTFjL0ZhwStchS1Sir4HJkvEud4
pLq1y1S8zxK+uWUSJ81nKvw93iFXBcNVYHiiC2FBTP6lPKrb5k5AwdcwE8RDI7qJ
aad8e2jk9iD/4D5RWuyYtm0aOXOM52PEg6wlSQBBRC5A6IP9x1ueaXwaCHmdEidk
BrRtZZz2kS1AVtYfn/UE7KrFuAd4w4El1mXMhorrN3OtRsg27Q/IYmqsf7EH6nGl
eQiplQrUClxExqM6prYCRJB+6PVYOwiPcZo+BOBdjLvYqgWCDF6VzvGcHeQbL23B
0mFMRfhiOJKKcukI6H9yEB3ynX1i2wk=
-----END CERTIFICATE-----
Generated at Wed Nov 5 10:32:19 2025 by rpki-client