Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pOTdBNfEjpvOfjrCBUIvsSbfHQQ.roa
File: pOTdBNfEjpvOfjrCBUIvsSbfHQQ.roa (raw, json)
Hash identifier: HG5AySN/QYlssnNV01K8iihKu/fy+Ra1+QbRqYdSUdA=
Subject key identifier: A4:E4:DD:04:D7:C4:8E:9B:CE:7E:3A:C2:05:42:2F:B1:26:DF:1D:04
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 01969A2AAFEB9AF4713C1B22D19AF3A0DFB8
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pOTdBNfEjpvOfjrCBUIvsSbfHQQ.roa
Signing time: Sun 04 May 2025 07:20:10 +0000
ROA not before: Sun 04 May 2025 07:20:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 18811
IP address blocks: 217.60.0.0/21 maxlen: 24
217.60.12.0/22 maxlen: 24
217.60.24.0/22 maxlen: 24
217.60.36.0/22 maxlen: 24
217.60.44.0/22 maxlen: 24
217.60.56.0/21 maxlen: 24
217.60.188.0/22 maxlen: 24
217.60.192.0/22 maxlen: 24
Validation: Failed, certificate revoked on Sun 04 May 2025 07:31:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:9a:2a:af:eb:9a:f4:71:3c:1b:22:d1:9a:f3:a0:df:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: May 4 07:20:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a4e4dd04d7c48e9bce7e3ac205422fb126df1d04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ad:28:27:79:6e:05:bf:58:51:02:37:7a:fa:
85:3c:72:ee:7f:f0:e6:0c:e9:31:dc:99:01:28:81:
bc:30:e1:4c:b3:ce:6a:02:68:9b:84:68:35:e3:5a:
ea:79:eb:64:4f:b1:d8:c9:bd:62:ec:cf:18:36:13:
ed:13:2a:77:8b:d0:11:e8:6e:32:40:66:67:0c:9d:
1d:fc:f5:82:1c:83:2c:9e:2e:37:7c:d4:51:ef:7e:
b1:40:1c:1d:79:62:6b:0f:56:48:e4:44:17:64:90:
bb:67:74:4d:e4:79:12:c8:76:7d:9f:ef:f5:a0:00:
45:0f:15:bb:54:72:4f:51:16:0c:f3:19:e9:db:57:
78:4c:ce:c0:20:88:29:05:ac:19:bd:ca:53:aa:54:
de:e4:4f:49:22:12:ca:98:61:24:cc:15:64:e5:b6:
ad:f7:c0:91:c5:51:fb:ec:56:b5:cd:a0:4a:d4:2e:
d7:05:29:bb:e8:3e:be:af:ed:6c:12:3f:98:63:fe:
35:7f:f5:6e:02:de:0e:5d:c5:92:12:33:94:31:d7:
c9:85:d4:e8:16:3e:2a:d3:92:58:d4:48:78:02:83:
98:18:08:3f:9b:b5:be:8e:fc:57:e3:ab:ee:46:bd:
5f:35:76:86:66:26:43:5a:52:d9:a6:04:7e:b6:93:
ae:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:E4:DD:04:D7:C4:8E:9B:CE:7E:3A:C2:05:42:2F:B1:26:DF:1D:04
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/pOTdBNfEjpvOfjrCBUIvsSbfHQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.60.0.0/21
217.60.12.0/22
217.60.24.0/22
217.60.36.0/22
217.60.44.0/22
217.60.56.0/21
217.60.188.0-217.60.195.255
Signature Algorithm: sha256WithRSAEncryption
3f:f6:0e:93:68:45:2d:bc:7e:d6:ad:46:3b:96:92:ad:0a:bb:
52:1d:10:42:d8:71:e7:47:d7:ea:eb:c3:10:c3:f4:eb:a4:81:
6b:0a:00:6e:9c:b4:01:f6:30:4e:45:d4:54:e9:56:68:d0:90:
98:11:8b:30:ad:93:cd:bf:f5:c8:77:52:02:4d:28:13:b4:1a:
63:b4:23:d1:84:6e:39:ae:e2:bf:63:82:cd:64:4a:21:5f:3c:
aa:a5:0b:9d:00:7f:f0:92:3c:5a:d4:ee:d7:45:42:ce:57:1c:
ff:4a:e4:74:50:9b:63:e8:b0:e9:54:2c:93:8d:4a:85:73:fe:
db:c2:f0:e4:02:1b:93:4d:d7:7b:9d:a2:b2:7b:b9:24:96:62:
c1:1b:24:dd:8b:05:a5:3b:09:ac:d5:8a:0c:8b:48:ea:37:29:
f6:19:f0:68:d4:9c:72:e6:be:91:3c:98:d3:e7:e4:2c:f5:4d:
8b:a0:3a:a9:80:9e:29:c3:21:27:fa:18:8c:7f:45:ab:13:2c:
47:1a:85:f6:47:53:1f:04:45:98:4a:69:2f:44:40:b8:88:4f:
64:1e:11:93:16:e3:6e:6d:34:3b:19:e5:92:9e:cc:17:36:e4:
cf:94:ca:40:0c:6f:09:13:d0:00:4f:21:89:3b:e1:60:95:32:
7e:85:cd:d4
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZaaKq/rmvRxPBsi0ZrzoN+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNTA0MDcyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGU0ZGQwNGQ3YzQ4ZTliY2U3ZTNhYzIwNTQyMmZiMTI2ZGYxZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApa0oJ3luBb9YUQI3evqFPHLuf/Dm
DOkx3JkBKIG8MOFMs85qAmibhGg141rqeetkT7HYyb1i7M8YNhPtEyp3i9AR6G4y
QGZnDJ0d/PWCHIMsni43fNRR736xQBwdeWJrD1ZI5EQXZJC7Z3RN5HkSyHZ9n+/1
oABFDxW7VHJPURYM8xnp21d4TM7AIIgpBawZvcpTqlTe5E9JIhLKmGEkzBVk5bat
98CRxVH77Fa1zaBK1C7XBSm76D6+r+1sEj+YY/41f/VuAt4OXcWSEjOUMdfJhdTo
Fj4q05JY1Eh4AoOYGAg/m7W+jvxX46vuRr1fNXaGZiZDWlLZpgR+tpOuRQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKTk3QTXxI6bzn46wgVCL7Em3x0EMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcE9UZEJOZkVqcHZPZmpyQ0JVSXZzU2JmSFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQD2TwAAwQC
2TwMAwQC2TwYAwQC2TwkAwQC2TwsAwQD2Tw4MAwDBALZPLwDBALZPMAwDQYJKoZI
hvcNAQELBQADggEBAD/2DpNoRS28ftatRjuWkq0Ku1IdEELYcedH1+rrwxDD9Ouk
gWsKAG6ctAH2ME5F1FTpVmjQkJgRizCtk82/9ch3UgJNKBO0GmO0I9GEbjmu4r9j
gs1kSiFfPKqlC50Af/CSPFrU7tdFQs5XHP9K5HRQm2PosOlULJONSoVz/tvC8OQC
G5NN13udorJ7uSSWYsEbJN2LBaU7CazVigyLSOo3KfYZ8GjUnHLmvpE8mNPn5Cz1
TYugOqmAninDISf6GIx/RasTLEcahfZHUx8ERZhKaS9EQLiIT2QeEZMW425tNDsZ
5ZKezBc25M+UykAMbwkT0ABPIYk74WCVMn6FzdQ=
-----END CERTIFICATE-----
Generated at Sat Jun 14 11:42:59 2025 by rpki-client