Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa
File: bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa (raw, json)
Hash identifier: 8hDjqTZcpLp/vaexL4Qer1wdIuo57wRv8RT8FKNfPBg=
Subject key identifier: 6E:A6:3C:64:E6:FB:EB:E7:7F:4B:A6:8E:5B:EB:99:42:78:DA:40:CD
Certificate issuer: /CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
Certificate serial: 0194279E14C29EC9D89790328649224CB556
Authority key identifier: 70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa
Signing time: Thu 02 Jan 2025 15:24:18 +0000
ROA not before: Thu 02 Jan 2025 15:24:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60785
IP address blocks: 185.25.224.0/22 maxlen: 22
185.25.224.0/24 maxlen: 24
185.25.227.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 07 Jan 2025 16:59:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:9e:14:c2:9e:c9:d8:97:90:32:86:49:22:4c:b5:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70a76929cbe21cedd94c012ba58bb0b6f129722e
Validity
Not Before: Jan 2 15:24:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6ea63c64e6fbebe77f4ba68e5beb994278da40cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:8e:c6:55:60:f5:a3:ea:0e:45:84:cf:cc:4c:
f1:10:de:2d:1e:e2:21:f5:cb:d2:11:50:9b:ab:12:
a6:b4:fe:d6:00:b0:dc:9e:0c:92:ad:1c:34:c1:07:
4c:4d:d7:06:35:c2:3f:8a:bf:e0:61:e1:51:07:8f:
02:18:47:36:83:7d:bc:a9:a6:59:e4:f1:6f:32:46:
53:9f:63:43:92:a3:ba:e4:d8:af:ff:d6:97:e0:10:
d6:28:91:53:e7:f8:f9:17:34:7f:cc:33:51:d1:fc:
a8:f4:77:9c:70:51:3b:d5:49:b4:9f:5a:1b:94:b5:
10:52:af:2d:e7:20:73:8a:66:d4:84:9e:e4:3d:69:
21:24:e1:0e:81:76:92:de:d2:d7:bc:39:6a:97:ea:
c8:7b:a3:a0:80:fc:7e:ce:42:d2:30:f1:ac:98:c9:
ed:f0:58:23:bf:2d:57:0f:d9:9b:68:9e:a5:ef:6c:
0a:9c:fe:35:e0:62:4f:6a:09:2d:9e:a5:7e:15:ae:
d6:4a:25:5e:ce:dd:39:25:3e:f6:91:f9:f2:16:af:
51:84:4e:7d:3d:81:c4:db:cb:26:32:7d:64:aa:9c:
ee:c4:87:70:a3:4e:3b:a0:bb:b4:0c:fa:85:17:d0:
ea:49:9e:9f:3f:a1:53:16:50:fa:db:35:01:43:79:
44:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:A6:3C:64:E6:FB:EB:E7:7F:4B:A6:8E:5B:EB:99:42:78:DA:40:CD
X509v3 Authority Key Identifier:
keyid:70:A7:69:29:CB:E2:1C:ED:D9:4C:01:2B:A5:8B:B0:B6:F1:29:72:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cKdpKcviHO3ZTAErpYuwtvEpci4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/bqY8ZOb76-d_S6aOW-uZQnjaQM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/014f47-628b-4fb8-b344-a409e22a243e/1/cKdpKcviHO3ZTAErpYuwtvEpci4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.25.224.0/22
Signature Algorithm: sha256WithRSAEncryption
44:44:f8:bf:26:c1:52:6a:e2:fe:06:d4:d9:e2:eb:9f:b0:b0:
e0:4b:3c:19:77:0d:d0:ef:5c:e8:f8:26:a8:d2:c3:24:59:d1:
ed:08:3d:5b:7b:c0:68:c2:52:00:d0:59:29:3e:9b:c1:85:d8:
a9:bd:28:71:bd:12:e4:8b:08:d3:23:8c:4d:62:77:ea:bf:92:
db:1e:97:9f:06:75:b4:4d:20:57:fc:20:6c:f8:33:1e:e6:69:
f5:7a:eb:89:c3:d7:a1:b6:48:e6:e7:45:a1:33:6d:fc:70:f9:
35:91:29:99:e0:87:2c:c0:e7:7a:9e:eb:c0:ba:22:79:62:5e:
c8:c3:b5:82:68:24:27:17:cd:88:c3:bb:d1:bf:65:38:93:c4:
0b:e4:a9:1e:8c:49:76:82:b4:3b:29:69:dd:b6:50:1b:86:a5:
7a:b1:3a:fd:9e:e8:8b:a9:48:b3:fa:33:8e:56:fe:b3:47:55:
7e:cd:2c:a8:90:36:db:a5:bf:15:06:f5:44:7d:38:b2:47:7d:
4b:9e:bc:2a:75:ea:99:10:c4:63:8f:7d:85:7c:f7:f6:55:60:
ae:ff:2f:3a:d0:0f:84:d3:a0:0a:1c:eb:54:10:4d:47:ba:af:
6f:55:a8:2f:46:3b:5e:72:ba:84:5c:9b:97:67:a3:1f:dc:a6:
c2:bf:2a:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnnhTCnsnYl5AyhkkiTLVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYTc2OTI5Y2JlMjFjZWRkOTRjMDEyYmE1OGJiMGI2ZjEy
OTcyMmUwHhcNMjUwMTAyMTUyNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWE2M2M2NGU2ZmJlYmU3N2Y0YmE2OGU1YmViOTk0Mjc4ZGE0MGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY7GVWD1o+oORYTPzEzxEN4tHuIh
9cvSEVCbqxKmtP7WALDcngySrRw0wQdMTdcGNcI/ir/gYeFRB48CGEc2g328qaZZ
5PFvMkZTn2NDkqO65Niv/9aX4BDWKJFT5/j5FzR/zDNR0fyo9HeccFE71Um0n1ob
lLUQUq8t5yBzimbUhJ7kPWkhJOEOgXaS3tLXvDlql+rIe6OggPx+zkLSMPGsmMnt
8Fgjvy1XD9mbaJ6l72wKnP414GJPagktnqV+Fa7WSiVezt05JT72kfnyFq9RhE59
PYHE28smMn1kqpzuxIdwo047oLu0DPqFF9DqSZ6fP6FTFlD62zUBQ3lEsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6mPGTm++vnf0umjlvrmUJ42kDNMB8GA1UdIwQY
MBaAFHCnaSnL4hzt2UwBK6WLsLbxKXIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQt
YTQwOWUyMmEyNDNlLzEvYnFZOFpPYjc2LWRfUzZhT1ctdVpRbmphUU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8wMTRmNDctNjI4Yi00ZmI4LWIzNDQtYTQwOWUyMmEyNDNl
LzEvY0tkcEtjdmlITzNaVEFFcnBZdXd0dkVwY2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRngMA0G
CSqGSIb3DQEBCwUAA4IBAQBERPi/JsFSauL+BtTZ4uufsLDgSzwZdw3Q71zo+Cao
0sMkWdHtCD1be8BowlIA0FkpPpvBhdipvShxvRLkiwjTI4xNYnfqv5LbHpefBnW0
TSBX/CBs+DMe5mn1euuJw9ehtkjm50WhM238cPk1kSmZ4IcswOd6nuvAuiJ5Yl7I
w7WCaCQnF82Iw7vRv2U4k8QL5KkejEl2grQ7KWndtlAbhqV6sTr9nuiLqUiz+jOO
Vv6zR1V+zSyokDbbpb8VBvVEfTiyR31LnrwqdeqZEMRjj32FfPf2VWCu/y860A+E
06AKHOtUEE1Huq9vVagvRjtecrqEXJuXZ6Mf3KbCvyom
-----END CERTIFICATE-----
Generated at Wed Apr 30 15:06:59 2025 by rpki-client