Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0rtz-t9uXwX-PZMIlFxyZGG1VFQ.roa
File: 0rtz-t9uXwX-PZMIlFxyZGG1VFQ.roa (raw, json)
Hash identifier: OS35PDWC0asTlMAckdOU2ysOXXdIO0bGdsMi8MKvm/8=
Subject key identifier: D2:BB:73:FA:DF:6E:5F:05:FE:3D:93:08:94:5C:72:64:61:B5:54:54
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019D8CD0B2BAC4599E188194CFE876E3992F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0rtz-t9uXwX-PZMIlFxyZGG1VFQ.roa
Signing time: Tue 14 Apr 2026 16:26:20 +0000
ROA not before: Tue 14 Apr 2026 16:26:20 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 199529
IP address blocks: 2.26.78.0/24 maxlen: 24
2.26.79.0/24 maxlen: 24
2.26.94.0/24 maxlen: 24
2.26.127.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 17 Apr 2026 17:01:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:8c:d0:b2:ba:c4:59:9e:18:81:94:cf:e8:76:e3:99:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 14 16:26:20 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=d2bb73fadf6e5f05fe3d9308945c726461b55454
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:03:d4:9a:46:cc:9d:10:cc:4e:97:68:4f:51:
57:9c:b1:d8:21:93:36:27:6b:68:3e:b3:cb:0a:78:
ed:c9:2d:a1:cf:3a:28:72:5e:b4:63:fc:ed:12:8a:
9b:37:5c:f3:3d:f8:7f:fa:09:79:22:fa:b7:c2:c4:
8f:3b:f6:3c:0d:05:7a:80:91:99:10:bf:09:32:68:
04:46:47:e6:45:44:09:55:fe:a8:3e:c6:2a:05:38:
6c:9c:a9:bb:92:61:13:a8:35:b8:e4:6e:01:e7:e6:
6b:11:de:7a:4f:27:e8:50:aa:f4:ce:aa:90:52:a2:
97:ff:53:5e:2e:32:24:e1:98:f5:27:56:5b:4b:ea:
be:01:20:96:ec:a9:aa:8a:a2:21:50:78:8a:41:fb:
8c:ed:31:dc:4a:f6:f2:ac:a0:d2:f4:27:43:76:e6:
59:3c:88:90:a7:cc:c8:8b:15:f0:6e:e4:d2:2d:27:
c2:be:2e:45:a0:d3:ac:4e:67:3b:62:d1:8e:26:9e:
7b:01:33:b4:f2:ab:74:75:6e:fb:ae:00:e7:fa:5c:
57:6d:64:89:fe:cd:61:dd:24:09:f9:da:b9:1e:52:
64:77:7f:58:eb:75:3d:47:85:bd:a7:24:a8:16:62:
d3:b9:ca:78:c9:fe:d2:92:c1:6a:8f:fd:3d:a4:f9:
14:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:BB:73:FA:DF:6E:5F:05:FE:3D:93:08:94:5C:72:64:61:B5:54:54
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/0rtz-t9uXwX-PZMIlFxyZGG1VFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.26.78.0/23
2.26.94.0/24
2.26.127.0/24
Signature Algorithm: sha256WithRSAEncryption
94:ff:21:cf:3b:a7:c8:89:84:b0:e2:2a:d2:72:a3:9e:31:3d:
fa:74:98:31:e5:a3:6b:53:fd:de:4f:2e:86:11:69:f9:cf:8b:
c1:32:79:5d:98:db:e5:2f:06:9c:fb:46:06:f1:83:cd:fb:10:
2d:88:a4:98:97:d9:0b:09:2c:fb:36:4c:b4:9a:e3:08:46:b9:
a6:cc:e0:7d:07:22:79:b4:e3:11:78:1c:16:de:00:db:3d:e7:
a1:e4:13:3c:cb:b4:02:3f:de:c3:b6:24:f7:de:ff:ae:a8:f0:
5a:36:36:4f:d8:1c:9a:be:04:ca:66:61:e2:85:80:be:1a:b8:
4d:e4:63:94:a5:30:b2:3e:b9:f2:f7:53:50:51:03:99:a1:15:
c3:2c:3a:a1:64:08:61:a4:db:10:ca:5d:ae:65:ea:6f:f7:ea:
3b:81:25:ac:e2:9e:89:cf:a7:57:e2:25:1c:1b:88:2a:78:58:
0b:e2:eb:be:92:b4:ca:3b:e0:5b:58:24:1e:9f:3d:4d:f3:8d:
43:e5:64:f7:2e:bd:06:ac:cb:f8:c4:44:27:f2:b9:a0:b7:41:
a3:7f:91:78:fe:51:5b:c9:8e:6e:3c:63:4a:22:83:90:52:a3:
9a:b5:06:2f:84:e4:e4:ab:f2:09:d7:c2:61:49:2e:7d:bf:be:
1e:96:d3:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2M0LK6xFmeGIGUz+h245kvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE0MTYyNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmJiNzNmYWRmNmU1ZjA1ZmUzZDkzMDg5NDVjNzI2NDYxYjU1NDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQPUmkbMnRDMTpdoT1FXnLHYIZM2
J2toPrPLCnjtyS2hzzoocl60Y/ztEoqbN1zzPfh/+gl5Ivq3wsSPO/Y8DQV6gJGZ
EL8JMmgERkfmRUQJVf6oPsYqBThsnKm7kmETqDW45G4B5+ZrEd56TyfoUKr0zqqQ
UqKX/1NeLjIk4Zj1J1ZbS+q+ASCW7KmqiqIhUHiKQfuM7THcSvbyrKDS9CdDduZZ
PIiQp8zIixXwbuTSLSfCvi5FoNOsTmc7YtGOJp57ATO08qt0dW77rgDn+lxXbWSJ
/s1h3SQJ+dq5HlJkd39Y63U9R4W9pySoFmLTucp4yf7SksFqj/09pPkUnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNK7c/rfbl8F/j2TCJRccmRhtVRUMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMHJ0ei10OXVYd1gtUFpNSWxGeHlaR0cxVkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBAhpOAwQA
AhpeAwQAAhp/MA0GCSqGSIb3DQEBCwUAA4IBAQCU/yHPO6fIiYSw4irScqOeMT36
dJgx5aNrU/3eTy6GEWn5z4vBMnldmNvlLwac+0YG8YPN+xAtiKSYl9kLCSz7Nky0
muMIRrmmzOB9ByJ5tOMReBwW3gDbPeeh5BM8y7QCP97DtiT33v+uqPBaNjZP2Bya
vgTKZmHihYC+GrhN5GOUpTCyPrny91NQUQOZoRXDLDqhZAhhpNsQyl2uZepv9+o7
gSWs4p6Jz6dX4iUcG4gqeFgL4uu+krTKO+BbWCQenz1N841D5WT3Lr0GrMv4xEQn
8rmgt0Gjf5F4/lFbyY5uPGNKIoOQUqOatQYvhOTkq/IJ18JhSS59v74eltM7
-----END CERTIFICATE-----
Generated at Fri Apr 17 20:23:53 2026 by rpki-client