Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Tf2RoVf4L4cj1xHcF__XHz2uySA.roa
File: Tf2RoVf4L4cj1xHcF__XHz2uySA.roa (raw, json)
Hash identifier: Qht4TcsIqJU+/iGwF0PcEy250nK8BnUi9cX6nCi9f9I=
Subject key identifier: 4D:FD:91:A1:57:F8:2F:87:23:D7:11:DC:17:FF:D7:1F:3D:AE:C9:20
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019876079D12CF1B9E393D1DA6C69BB72016
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Tf2RoVf4L4cj1xHcF__XHz2uySA.roa
Signing time: Mon 04 Aug 2025 17:01:07 +0000
ROA not before: Mon 04 Aug 2025 17:01:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207957
IP address blocks: 64.188.98.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
77.239.107.0/24 maxlen: 24
185.170.153.0/24 maxlen: 24
185.170.154.0/24 maxlen: 24
193.23.200.0/24 maxlen: 24
193.23.201.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 05 Aug 2025 17:31:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:76:07:9d:12:cf:1b:9e:39:3d:1d:a6:c6:9b:b7:20:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Aug 4 17:01:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4dfd91a157f82f8723d711dc17ffd71f3daec920
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:8d:73:72:1c:65:dc:20:59:e4:c6:e1:72:19:
33:53:7a:28:8e:b1:e3:d7:42:0d:5b:12:48:be:86:
81:89:d9:06:0d:3d:74:15:a5:1d:51:eb:2f:ba:6e:
a9:ca:31:36:7d:98:b0:32:9a:d3:da:92:3b:42:12:
af:bd:8a:47:22:90:19:b2:ae:39:83:09:a1:1e:3e:
dc:98:0d:9a:c5:74:e2:42:19:13:d5:7f:7e:c3:f8:
47:9f:9a:b7:30:64:81:59:33:dd:dc:e6:3a:93:5b:
06:ee:fc:63:25:7d:04:ad:e4:b0:c4:4c:62:0c:74:
29:83:d3:20:e6:8e:05:b2:71:c9:cc:61:8e:f4:e9:
44:2e:27:b7:ec:1b:24:6f:cb:39:c6:9c:ea:d3:68:
a7:df:51:b9:3b:37:6f:d6:a5:90:26:bf:aa:a0:c4:
f1:0c:76:e7:dd:72:67:62:28:47:47:c2:32:ad:18:
e6:2f:d9:02:e4:6b:d5:46:5e:d9:b5:71:82:1d:73:
ff:78:f9:36:a3:6a:28:36:a4:f6:da:48:fd:95:28:
97:f8:08:86:ec:72:1f:9a:3b:21:14:1e:4f:be:03:
de:f3:93:78:ce:20:45:e7:21:d1:1e:4e:39:9e:12:
61:ae:28:79:d7:22:e5:e9:3a:f5:3d:c5:f6:9a:0f:
14:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:FD:91:A1:57:F8:2F:87:23:D7:11:DC:17:FF:D7:1F:3D:AE:C9:20
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Tf2RoVf4L4cj1xHcF__XHz2uySA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.98.0/24
64.188.127.0/24
77.239.107.0/24
185.170.153.0-185.170.154.255
193.23.200.0/23
Signature Algorithm: sha256WithRSAEncryption
56:d6:9d:7d:ec:53:f0:28:b6:14:f9:f8:49:7d:01:6b:4d:6c:
81:3c:1d:7f:80:b7:6e:a1:51:d1:01:4b:eb:75:cc:46:93:ad:
5c:48:90:b5:19:50:cc:22:c3:88:aa:b7:7c:e9:07:00:f9:9f:
cc:55:66:c2:ee:20:40:b2:62:2a:f8:69:02:e6:c2:96:38:24:
8b:dc:89:44:32:b7:13:9f:ed:00:ab:59:fd:b9:18:f1:81:b3:
01:fc:f2:cc:fb:1a:01:5e:fc:56:af:92:0e:86:2a:4b:42:7b:
d3:2c:b5:f1:82:33:bc:95:b3:e4:0a:1e:34:e3:c6:55:9b:92:
25:4a:bf:93:04:9d:a6:c7:3b:bb:08:a4:65:b6:04:1e:2f:89:
85:73:92:39:f4:ae:e2:94:4e:30:91:42:ae:26:22:17:33:80:
de:42:9d:80:ab:62:57:f1:0c:d2:5d:21:72:c6:9f:94:15:f2:
72:98:5b:76:44:e0:c3:94:9b:33:39:92:fc:8a:6f:8e:5b:e5:
bb:cf:44:74:c5:4e:2b:50:fa:58:db:8c:59:c9:55:1c:46:dd:
ba:92:38:e0:69:ad:27:09:1f:21:9f:46:51:39:99:28:70:cf:
16:03:b4:fc:8b:fa:f1:ca:b8:6c:33:f8:37:47:65:be:f7:05:
c9:7b:08:6b
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZh2B50SzxueOT0dpsabtyAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwODA0MTcwMTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGZkOTFhMTU3ZjgyZjg3MjNkNzExZGMxN2ZmZDcxZjNkYWVjOTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoI1zchxl3CBZ5MbhchkzU3oojrHj
10INWxJIvoaBidkGDT10FaUdUesvum6pyjE2fZiwMprT2pI7QhKvvYpHIpAZsq45
gwmhHj7cmA2axXTiQhkT1X9+w/hHn5q3MGSBWTPd3OY6k1sG7vxjJX0EreSwxExi
DHQpg9Mg5o4FsnHJzGGO9OlELie37Bskb8s5xpzq02in31G5Ozdv1qWQJr+qoMTx
DHbn3XJnYihHR8IyrRjmL9kC5GvVRl7ZtXGCHXP/ePk2o2ooNqT22kj9lSiX+AiG
7HIfmjshFB5PvgPe85N4ziBF5yHRHk45nhJhrih51yLl6Tr1PcX2mg8UnQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFE39kaFX+C+HI9cR3Bf/1x89rskgMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVGYyUm9WZjRMNGNqMXhIY0ZfX1hIejJ1eVNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAQLxiAwQA
QLx/AwQATe9rMAwDBAC5qpkDBAC5qpoDBAHBF8gwDQYJKoZIhvcNAQELBQADggEB
AFbWnX3sU/AothT5+El9AWtNbIE8HX+At26hUdEBS+t1zEaTrVxIkLUZUMwiw4iq
t3zpBwD5n8xVZsLuIECyYir4aQLmwpY4JIvciUQytxOf7QCrWf25GPGBswH88sz7
GgFe/Favkg6GKktCe9MstfGCM7yVs+QKHjTjxlWbkiVKv5MEnabHO7sIpGW2BB4v
iYVzkjn0ruKUTjCRQq4mIhczgN5CnYCrYlfxDNJdIXLGn5QV8nKYW3ZE4MOUmzM5
kvyKb45b5bvPRHTFTitQ+ljbjFnJVRxG3bqSOOBprScJHyGfRlE5mShwzxYDtPyL
+vHKuGwz+DdHZb73Bcl7CGs=
-----END CERTIFICATE-----
Generated at Tue Aug 5 23:11:35 2025 by rpki-client