Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pQguQq6l7_B82CBiHC3BxFWt308.roa
File: pQguQq6l7_B82CBiHC3BxFWt308.roa (raw, json)
Hash identifier: sWL/eRzPWnNHrJ2ZTyJMFJeEfMfrASjp+ftcBQ1uwLE=
Subject key identifier: A5:08:2E:42:AE:A5:EF:F0:7C:D8:20:62:1C:2D:C1:C4:55:AD:DF:4F
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 019659E21414AF75B1508B75B14BC32DC5EA
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pQguQq6l7_B82CBiHC3BxFWt308.roa
Signing time: Mon 21 Apr 2025 19:45:10 +0000
ROA not before: Mon 21 Apr 2025 19:45:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
Validation: Failed, certificate revoked on Tue 22 Apr 2025 18:18:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:59:e2:14:14:af:75:b1:50:8b:75:b1:4b:c3:2d:c5:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 21 19:45:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5082e42aea5eff07cd820621c2dc1c455addf4f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:aa:c5:fe:00:89:87:ce:d3:1c:16:55:be:13:
a1:84:6b:c6:dd:50:c6:9b:9b:b2:90:a6:73:15:6e:
3a:9b:8d:09:45:63:c8:22:f0:96:71:e8:fc:d4:4a:
fc:41:4b:87:92:e7:d5:52:b4:22:c9:9d:5a:28:fc:
09:b9:33:20:37:62:8b:b1:52:ca:37:15:45:51:02:
67:70:f3:64:fe:45:2b:d4:9e:80:3e:a8:61:8d:d6:
f4:2d:bd:40:76:f6:31:39:42:f6:41:05:73:98:15:
53:20:dd:85:44:35:9b:61:7c:1e:cb:8f:3f:23:87:
ed:d8:40:08:56:35:9a:95:b3:df:e6:7c:4b:35:c7:
34:79:65:9d:cc:54:21:03:68:fe:e0:87:11:03:24:
50:4f:fe:ea:7b:cc:cb:0a:a2:25:27:3b:66:4a:fd:
44:8c:15:17:59:5e:53:c9:61:14:9d:94:60:82:b1:
13:51:b1:07:90:64:16:50:0a:f7:47:96:d6:e3:fb:
eb:8e:22:de:df:2c:33:3c:82:2f:59:f9:dd:9d:dc:
b1:9a:02:8a:98:e8:92:10:73:64:04:02:51:e8:ce:
92:91:93:83:4d:c0:63:8e:ab:a8:c0:0a:9f:ac:f7:
1f:a6:25:ea:b8:81:59:fe:e1:9c:ed:51:65:2b:fe:
97:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:08:2E:42:AE:A5:EF:F0:7C:D8:20:62:1C:2D:C1:C4:55:AD:DF:4F
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pQguQq6l7_B82CBiHC3BxFWt308.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.124.0/22
185.216.104.0/22
Signature Algorithm: sha256WithRSAEncryption
72:56:05:fb:67:a9:8b:c5:48:31:53:7c:09:ec:48:0a:d7:9b:
ed:3f:d6:9a:a3:62:68:6d:ef:4a:06:b1:a6:02:8c:b0:26:db:
52:07:c0:93:6b:04:5e:23:db:8e:9f:15:10:d1:fd:07:f2:0e:
e9:df:33:a9:3b:d7:2d:7d:85:e7:25:b4:9a:6f:dd:a4:a1:9a:
36:a9:cb:08:3d:1a:13:45:09:3a:63:df:61:ec:c5:5a:72:19:
82:0c:3d:66:05:87:26:19:d8:f2:a8:81:7d:a9:40:2c:ef:ea:
cb:38:49:b9:21:54:55:13:bd:35:dd:08:49:8b:af:73:25:f3:
65:2c:b2:c1:1f:1e:0b:36:64:1f:e8:b5:60:40:f9:cb:fb:a5:
51:65:63:b7:01:0e:ff:7a:bf:47:50:91:2b:29:42:eb:46:49:
0c:9e:8a:bb:d6:43:fa:65:18:b2:f5:f5:67:1c:60:19:46:65:
88:07:07:4a:d0:1c:d9:55:c3:24:5a:c9:f6:a6:84:e3:85:ab:
5a:ed:87:17:2b:16:09:76:9c:87:60:8b:01:c9:56:76:48:d2:
80:a7:06:f5:3d:32:c4:f3:e5:80:31:72:80:62:c7:5d:19:b5:
be:9b:60:68:7f:bc:ab:50:96:ec:c4:e9:87:c9:53:cc:3f:10:
a4:ad:4c:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZZ4hQUr3WxUIt1sUvDLcXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDIxMTk0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTA4MmU0MmFlYTVlZmYwN2NkODIwNjIxYzJkYzFjNDU1YWRkZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqrF/gCJh87THBZVvhOhhGvG3VDG
m5uykKZzFW46m40JRWPIIvCWcej81Er8QUuHkufVUrQiyZ1aKPwJuTMgN2KLsVLK
NxVFUQJncPNk/kUr1J6APqhhjdb0Lb1AdvYxOUL2QQVzmBVTIN2FRDWbYXwey48/
I4ft2EAIVjWalbPf5nxLNcc0eWWdzFQhA2j+4IcRAyRQT/7qe8zLCqIlJztmSv1E
jBUXWV5TyWEUnZRggrETUbEHkGQWUAr3R5bW4/vrjiLe3ywzPIIvWfndndyxmgKK
mOiSEHNkBAJR6M6SkZODTcBjjquowAqfrPcfpiXquIFZ/uGc7VFlK/6XlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKUILkKupe/wfNggYhwtwcRVrd9PMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcFFndVFxNmw3X0I4MkNCaUhDM0J4Rld0MzA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCQLx8AwQC
udhoMA0GCSqGSIb3DQEBCwUAA4IBAQByVgX7Z6mLxUgxU3wJ7EgK15vtP9aao2Jo
be9KBrGmAoywJttSB8CTawReI9uOnxUQ0f0H8g7p3zOpO9ctfYXnJbSab92koZo2
qcsIPRoTRQk6Y99h7MVachmCDD1mBYcmGdjyqIF9qUAs7+rLOEm5IVRVE7013QhJ
i69zJfNlLLLBHx4LNmQf6LVgQPnL+6VRZWO3AQ7/er9HUJErKULrRkkMnoq71kP6
ZRiy9fVnHGAZRmWIBwdK0BzZVcMkWsn2poTjhata7YcXKxYJdpyHYIsByVZ2SNKA
pwb1PTLE8+WAMXKAYsddGbW+m2Bof7yrUJbsxOmHyVPMPxCkrUyx
-----END CERTIFICATE-----
Generated at Fri Jun 20 17:01:48 2025 by rpki-client