Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/t2prWlQ8WGoG10iAzX6dbnfZuLg.roa
File: t2prWlQ8WGoG10iAzX6dbnfZuLg.roa (raw, json)
Hash identifier: OO2yS0AJ8hO3TJKgE0v7niQ3Y4OPHCkGXEEng2FJRLs=
Subject key identifier: B7:6A:6B:5A:54:3C:58:6A:06:D7:48:80:CD:7E:9D:6E:77:D9:B8:B8
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0195AF5F410CD469B9DF1768C501396D7C5B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/t2prWlQ8WGoG10iAzX6dbnfZuLg.roa
Signing time: Wed 19 Mar 2025 17:06:50 +0000
ROA not before: Wed 19 Mar 2025 17:06:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.100.0/22 maxlen: 24
64.188.120.0/22 maxlen: 24
64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
193.23.192.0/21 maxlen: 24
Validation: Failed, certificate revoked on Wed 19 Mar 2025 17:35:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:af:5f:41:0c:d4:69:b9:df:17:68:c5:01:39:6d:7c:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 19 17:06:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b76a6b5a543c586a06d74880cd7e9d6e77d9b8b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:35:4e:03:4c:4f:e7:39:a7:80:f1:9c:2b:a4:
b2:8c:18:46:db:6f:fb:20:cd:e0:b7:50:10:9d:db:
ed:97:1e:61:c1:4c:6a:c7:37:53:f7:fa:a7:ff:d5:
50:8e:59:18:97:7c:ff:fa:92:d0:11:f8:8c:ac:7c:
1a:9d:c9:52:50:a9:4a:6e:e5:36:05:28:1d:1d:d5:
19:4c:d0:b3:0d:2d:6e:2f:10:95:c3:00:35:60:9e:
aa:d1:d1:d7:82:d5:d3:a1:b4:02:96:83:10:2a:e4:
d6:8a:6b:17:18:52:3f:d4:6d:13:92:75:1a:28:46:
31:37:91:36:3a:0a:02:68:38:50:6a:b8:cb:36:15:
7c:7b:66:7e:c2:36:fe:6b:95:84:0a:dc:85:a7:e3:
9e:23:31:2e:14:aa:35:9e:11:f5:e6:74:2b:03:6d:
18:3d:6d:ad:5b:92:4f:3f:e9:8f:c7:59:e2:32:60:
05:71:da:31:f4:74:3f:11:28:70:bf:c9:f2:19:84:
5f:c9:33:5d:78:11:29:d2:c5:4e:ec:10:6d:43:00:
73:49:23:a0:24:e6:34:28:77:dc:f4:e1:02:d8:fc:
ea:5a:57:94:78:c4:09:f5:bd:0e:b2:3b:a1:b3:2e:
13:ef:da:7c:9e:11:b2:68:eb:53:48:db:c0:1f:8c:
4b:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:6A:6B:5A:54:3C:58:6A:06:D7:48:80:CD:7E:9D:6E:77:D9:B8:B8
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/t2prWlQ8WGoG10iAzX6dbnfZuLg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.100.0/22
64.188.120.0/21
185.216.104.0/22
193.23.192.0/21
Signature Algorithm: sha256WithRSAEncryption
30:2d:f2:80:b5:f3:38:80:c0:b5:55:01:9b:a2:1b:72:2b:e1:
c3:ee:d0:5a:d7:2b:5e:3c:0a:11:8f:9c:ca:74:52:68:2d:bb:
e1:77:1a:8a:d9:7a:04:16:9c:48:71:48:a4:f3:10:58:ab:db:
34:3a:6d:9f:70:9f:ef:47:0b:b8:fd:4e:04:90:65:fa:6f:6b:
be:89:34:08:51:29:da:5f:92:ff:43:93:af:f1:49:95:79:3c:
06:69:3a:26:3f:9d:1d:a3:c5:44:63:04:cd:8d:a0:c0:c8:00:
d4:43:b9:db:a2:7b:12:2e:8c:5a:fd:c4:98:3e:f7:64:ab:28:
f0:95:73:53:e2:f1:fb:d2:dd:15:96:cc:10:05:49:af:73:91:
f0:cd:18:40:27:cd:57:9c:82:94:ff:79:77:76:30:42:dd:4b:
4d:7e:4d:b9:c3:65:ff:58:ce:4d:9f:c5:bf:57:c8:51:c2:b7:
d6:f4:88:6b:31:8b:af:b9:eb:c4:8c:fd:b5:87:04:68:28:c9:
53:1a:1f:fa:c2:66:ca:53:91:0d:ce:5e:50:45:65:80:ce:96:
e8:45:39:dc:a9:f1:b6:64:53:52:cc:e8:c5:43:9d:f4:af:08:
53:41:e2:7f:98:7c:cb:cb:49:2e:03:67:71:01:c2:f2:8a:22:
42:ee:a3:6d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZWvX0EM1Gm53xdoxQE5bXxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzE5MTcwNjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZhNmI1YTU0M2M1ODZhMDZkNzQ4ODBjZDdlOWQ2ZTc3ZDliOGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzVOA0xP5zmngPGcK6SyjBhG22/7
IM3gt1AQndvtlx5hwUxqxzdT9/qn/9VQjlkYl3z/+pLQEfiMrHwanclSUKlKbuU2
BSgdHdUZTNCzDS1uLxCVwwA1YJ6q0dHXgtXTobQCloMQKuTWimsXGFI/1G0TknUa
KEYxN5E2OgoCaDhQarjLNhV8e2Z+wjb+a5WECtyFp+OeIzEuFKo1nhH15nQrA20Y
PW2tW5JPP+mPx1niMmAFcdox9HQ/EShwv8nyGYRfyTNdeBEp0sVO7BBtQwBzSSOg
JOY0KHfc9OEC2PzqWleUeMQJ9b0Osjuhsy4T79p8nhGyaOtTSNvAH4xLiwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLdqa1pUPFhqBtdIgM1+nW532bi4MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdDJwcldsUThXR29HMTBpQXpYNmRibmZadUxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCQLxkAwQD
QLx4AwQCudhoAwQDwRfAMA0GCSqGSIb3DQEBCwUAA4IBAQAwLfKAtfM4gMC1VQGb
ohtyK+HD7tBa1ytePAoRj5zKdFJoLbvhdxqK2XoEFpxIcUik8xBYq9s0Om2fcJ/v
Rwu4/U4EkGX6b2u+iTQIUSnaX5L/Q5Ov8UmVeTwGaTomP50do8VEYwTNjaDAyADU
Q7nbonsSLoxa/cSYPvdkqyjwlXNT4vH70t0VlswQBUmvc5HwzRhAJ81XnIKU/3l3
djBC3UtNfk25w2X/WM5Nn8W/V8hRwrfW9IhrMYuvuevEjP21hwRoKMlTGh/6wmbK
U5ENzl5QRWWAzpboRTncqfG2ZFNSzOjFQ530rwhTQeJ/mHzLy0kuA2dxAcLyiiJC
7qNt
-----END CERTIFICATE-----
Generated at Mon May 5 02:56:22 2025 by rpki-client