Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/3ly1OrgNx5yXKLARsHpFKMdLylE.roa
File: 3ly1OrgNx5yXKLARsHpFKMdLylE.roa (raw, json)
Hash identifier: lrJB1ksW6ZQebwMY8hshv3A6lgluLFpm4K0P5jWA7No=
Subject key identifier: DE:5C:B5:3A:B8:0D:C7:9C:97:28:B0:11:B0:7A:45:28:C7:4B:CA:51
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 019840C3B89694FF9FB355C1F00021C7B04B
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/3ly1OrgNx5yXKLARsHpFKMdLylE.roa
Signing time: Fri 25 Jul 2025 08:47:05 +0000
ROA not before: Fri 25 Jul 2025 08:47:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202309
IP address blocks: 62.68.70.0/24 maxlen: 24
78.128.123.0/24 maxlen: 24
79.124.42.0/23 maxlen: 24
80.72.78.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 05 Aug 2025 12:29:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:40:c3:b8:96:94:ff:9f:b3:55:c1:f0:00:21:c7:b0:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Jul 25 08:47:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de5cb53ab80dc79c9728b011b07a4528c74bca51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:12:39:b8:4f:a1:1a:36:4f:77:5e:06:15:07:
7b:f0:08:7a:e9:c5:e9:f4:1d:9d:65:92:76:ef:36:
48:97:ba:e8:50:3e:4f:53:21:0e:97:9e:36:71:43:
72:30:9d:62:4d:cd:82:d3:88:8e:3c:cd:c7:c4:ac:
78:2f:1c:3c:e7:2b:ba:26:ce:36:d4:cd:85:53:6a:
da:17:fc:85:60:55:76:ea:d3:2b:e3:75:18:ee:9e:
53:48:cf:bb:54:7c:76:c0:60:14:59:ad:03:ff:0e:
d9:f1:39:0b:87:44:75:3d:00:68:47:ca:f5:d5:43:
47:ff:e2:b2:25:bd:bb:18:f3:d3:4d:e9:bd:83:51:
4c:d1:8a:c3:eb:6d:25:7c:0a:de:ca:98:23:66:63:
a1:f6:e3:ed:0b:ca:bf:26:82:45:f3:fd:55:7a:08:
e5:8c:4e:aa:18:fb:3b:07:71:88:14:4f:fa:fa:42:
87:69:0a:d4:6c:be:b9:41:c6:3c:85:1f:d7:66:f4:
32:ff:77:c3:fd:fb:ba:0d:d2:22:08:3d:52:62:14:
97:58:ec:3d:b5:c8:bd:a8:0b:45:e5:0a:16:06:f6:
0f:85:e5:a1:25:13:56:a1:bf:8d:79:de:2a:a8:3c:
2d:ed:f2:57:95:1b:d7:1f:12:b3:5c:30:dd:95:25:
78:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:5C:B5:3A:B8:0D:C7:9C:97:28:B0:11:B0:7A:45:28:C7:4B:CA:51
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/3ly1OrgNx5yXKLARsHpFKMdLylE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.68.70.0/24
78.128.123.0/24
79.124.42.0/23
80.72.78.0/24
Signature Algorithm: sha256WithRSAEncryption
23:a8:ae:99:91:44:8e:fa:31:36:40:9c:12:d2:75:38:ef:97:
df:79:a8:97:50:82:b7:eb:9c:e4:19:fd:42:bf:f2:e6:fa:fa:
64:d4:7e:67:06:70:88:ac:fc:d5:43:c1:e9:7d:3f:e8:f8:44:
6e:10:5c:ae:92:ac:1d:d0:7c:17:56:7d:e3:8e:2b:90:36:c5:
f9:a4:cd:f0:6a:42:2d:da:b7:9f:7b:27:cd:b3:83:c3:4f:90:
29:a7:ca:0e:77:c7:5e:7f:be:51:a3:ed:0f:24:7c:f0:2c:01:
04:0f:78:82:a4:98:42:ce:89:f7:d9:4d:46:93:79:9e:06:4b:
15:01:b5:5c:5e:3d:c4:18:2b:ce:9f:76:27:39:10:05:5e:39:
58:9f:27:24:6d:c5:80:4f:e6:e6:76:cb:55:6d:8d:33:2b:7b:
b7:a2:08:c9:69:3c:06:6f:ce:3c:be:16:7e:00:30:2b:5c:10:
c3:a5:c5:ba:92:33:9d:3e:63:e5:3f:cf:74:54:9d:f9:22:73:
c1:3b:15:6b:9d:c4:b2:db:55:e1:e6:e9:35:81:1b:95:76:cc:
48:62:b6:27:ca:57:3c:3a:72:8a:fe:4b:79:86:5b:85:87:b9:
5c:99:76:2e:b6:e6:65:e1:b0:6f:8d:6d:49:0d:19:10:50:0f:
22:e9:05:02
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZhAw7iWlP+fs1XB8AAhx7BLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwNzI1MDg0NzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTVjYjUzYWI4MGRjNzljOTcyOGIwMTFiMDdhNDUyOGM3NGJjYTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBI5uE+hGjZPd14GFQd78Ah66cXp
9B2dZZJ27zZIl7roUD5PUyEOl542cUNyMJ1iTc2C04iOPM3HxKx4Lxw85yu6Js42
1M2FU2raF/yFYFV26tMr43UY7p5TSM+7VHx2wGAUWa0D/w7Z8TkLh0R1PQBoR8r1
1UNH/+KyJb27GPPTTem9g1FM0YrD620lfAreypgjZmOh9uPtC8q/JoJF8/1Vegjl
jE6qGPs7B3GIFE/6+kKHaQrUbL65QcY8hR/XZvQy/3fD/fu6DdIiCD1SYhSXWOw9
tci9qAtF5QoWBvYPheWhJRNWob+Ned4qqDwt7fJXlRvXHxKzXDDdlSV4owIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN5ctTq4DceclyiwEbB6RSjHS8pRMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvM2x5MU9yZ054NXlYS0xBUnNIcEZLTWRMeWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAPkRGAwQA
ToB7AwQBT3wqAwQAUEhOMA0GCSqGSIb3DQEBCwUAA4IBAQAjqK6ZkUSO+jE2QJwS
0nU475ffeaiXUIK365zkGf1Cv/Lm+vpk1H5nBnCIrPzVQ8HpfT/o+ERuEFyukqwd
0HwXVn3jjiuQNsX5pM3wakIt2refeyfNs4PDT5App8oOd8def75Ro+0PJHzwLAEE
D3iCpJhCzon32U1Gk3meBksVAbVcXj3EGCvOn3YnORAFXjlYnyckbcWAT+bmdstV
bY0zK3u3ogjJaTwGb848vhZ+ADArXBDDpcW6kjOdPmPlP890VJ35InPBOxVrncSy
21Xh5uk1gRuVdsxIYrYnylc8OnKK/kt5hluFh7lcmXYutuZl4bBvjW1JDRkQUA8i
6QUC
-----END CERTIFICATE-----
Generated at Wed Aug 6 10:07:07 2025 by rpki-client