Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/KZ3CmtVOx7735ckEjjuRb3dzEDM.roa
File: KZ3CmtVOx7735ckEjjuRb3dzEDM.roa (raw, json)
Hash identifier: PNNWiWuoxL3EaUHmEDB0VUGr8CAIy6hODWl/QwNsLFQ=
Subject key identifier: 29:9D:C2:9A:D5:4E:C7:BE:F7:E5:C9:04:8E:3B:91:6F:77:73:10:33
Certificate issuer: /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial: 0195896BAB7928C979D57A8164900E96C165
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/KZ3CmtVOx7735ckEjjuRb3dzEDM.roa
Signing time: Wed 12 Mar 2025 08:14:49 +0000
ROA not before: Wed 12 Mar 2025 08:14:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5511
IP address blocks: 86.109.90.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 20 Mar 2025 10:47:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:89:6b:ab:79:28:c9:79:d5:7a:81:64:90:0e:96:c1:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Validity
Not Before: Mar 12 08:14:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=299dc29ad54ec7bef7e5c9048e3b916f77731033
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:5e:dc:99:05:4b:cc:67:ed:98:43:4e:bb:f4:
c4:3e:37:44:5c:69:75:e6:d6:43:58:19:f4:01:fe:
76:4c:03:a7:b9:3b:ef:bf:60:cd:9f:05:47:c6:af:
d5:7d:5a:59:2c:98:1d:e7:7b:ed:10:4f:b1:f5:72:
7b:f2:a9:52:6b:49:fc:78:33:35:61:15:18:9e:2e:
76:b0:fc:38:92:66:8f:45:8e:04:96:8e:b1:c4:f9:
98:8c:77:fe:65:2d:89:d6:ca:02:d0:cf:f8:6b:e2:
86:40:90:76:59:ae:28:7e:86:aa:77:ab:d4:aa:13:
4a:75:bc:b2:d4:26:35:28:5c:ab:f5:ad:b0:16:2c:
76:d0:a0:4b:f0:15:23:dc:82:7b:7d:3b:4c:0b:73:
94:43:7d:d1:64:20:45:47:e5:42:6c:73:d4:43:e3:
bf:b1:fc:8b:be:9a:07:4b:db:91:a0:31:de:ac:50:
4b:0f:8e:3e:a5:78:77:07:bb:13:84:6b:6f:05:8a:
59:a1:43:cb:bb:b1:17:20:54:8a:7e:5f:5b:1c:3a:
3c:16:fe:15:10:14:ab:95:71:17:24:69:cc:2a:74:
85:b2:85:8c:eb:e7:42:3a:89:22:04:61:a6:f5:49:
39:29:83:de:47:78:9e:bf:57:c8:08:9a:30:a8:b4:
0a:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:9D:C2:9A:D5:4E:C7:BE:F7:E5:C9:04:8E:3B:91:6F:77:73:10:33
X509v3 Authority Key Identifier:
keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/KZ3CmtVOx7735ckEjjuRb3dzEDM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.109.90.0/23
Signature Algorithm: sha256WithRSAEncryption
a9:7e:4e:14:72:d9:72:dd:f5:2a:bf:36:a8:c8:09:52:38:12:
91:38:8c:34:7d:89:7a:19:41:28:51:05:e0:98:43:45:de:c6:
c2:56:eb:6a:77:d8:60:21:76:02:cd:0f:2e:85:ae:5b:d2:14:
37:a3:a9:8a:f3:e0:55:2d:0d:52:3d:8f:ec:fc:d9:0b:e1:1d:
79:f1:4a:97:e0:b3:e0:21:85:6d:04:3d:ff:0e:66:60:44:29:
71:04:21:44:83:47:0f:18:c9:6d:ba:99:b0:7a:13:b3:57:be:
0f:aa:8a:50:b6:3e:bd:5a:81:60:da:69:b1:2a:d3:7c:68:47:
e2:02:42:b0:39:c2:ea:05:c7:e0:0a:b8:83:5e:77:a5:d9:9c:
5f:f2:1c:35:ad:80:7b:16:b0:82:09:79:ba:18:c3:82:a0:24:
fa:34:c1:15:f7:cf:e4:68:a0:2a:ee:ba:fe:ea:8c:d4:da:3a:
7a:ac:30:55:1d:13:c3:dd:41:21:04:c3:20:6b:7a:7d:fa:e3:
62:6e:a0:e2:d3:26:4f:ec:dc:f3:09:0b:32:18:2d:11:1d:55:
40:d0:39:0e:d1:db:a3:17:46:8a:e9:97:45:32:6e:97:a8:be:
94:c8:1b:03:31:cc:35:f0:d2:71:9e:d7:93:d1:e0:2a:c5:b7:
a1:bb:c5:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWJa6t5KMl51XqBZJAOlsFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwMzEyMDgxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlkYzI5YWQ1NGVjN2JlZjdlNWM5MDQ4ZTNiOTE2Zjc3NzMxMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjl7cmQVLzGftmENOu/TEPjdEXGl1
5tZDWBn0Af52TAOnuTvvv2DNnwVHxq/VfVpZLJgd53vtEE+x9XJ78qlSa0n8eDM1
YRUYni52sPw4kmaPRY4Elo6xxPmYjHf+ZS2J1soC0M/4a+KGQJB2Wa4ofoaqd6vU
qhNKdbyy1CY1KFyr9a2wFix20KBL8BUj3IJ7fTtMC3OUQ33RZCBFR+VCbHPUQ+O/
sfyLvpoHS9uRoDHerFBLD44+pXh3B7sThGtvBYpZoUPLu7EXIFSKfl9bHDo8Fv4V
EBSrlXEXJGnMKnSFsoWM6+dCOokiBGGm9Uk5KYPeR3iev1fICJowqLQKFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmdwprVTse+9+XJBI47kW93cxAzMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvS1ozQ210Vk94NzczNWNrRWpqdVJiM2R6RURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVm1aMA0G
CSqGSIb3DQEBCwUAA4IBAQCpfk4Uctly3fUqvzaoyAlSOBKROIw0fYl6GUEoUQXg
mENF3sbCVutqd9hgIXYCzQ8uha5b0hQ3o6mK8+BVLQ1SPY/s/NkL4R158UqX4LPg
IYVtBD3/DmZgRClxBCFEg0cPGMltupmwehOzV74PqopQtj69WoFg2mmxKtN8aEfi
AkKwOcLqBcfgCriDXnel2Zxf8hw1rYB7FrCCCXm6GMOCoCT6NMEV98/kaKAq7rr+
6ozU2jp6rDBVHRPD3UEhBMMga3p9+uNibqDi0yZP7NzzCQsyGC0RHVVA0DkO0duj
F0aK6ZdFMm6XqL6UyBsDMcw18NJxnteT0eAqxbehu8VO
-----END CERTIFICATE-----
Generated at Thu May 1 13:00:49 2025 by rpki-client