Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/le-lNsSTV6Pn_juCJA6Bi1asP3o.roa
File: le-lNsSTV6Pn_juCJA6Bi1asP3o.roa (raw, json)
Hash identifier: TOoDZYz7pL01+uH906eZpTNsKIPHqi0aWUwZD27Rpu0=
Subject key identifier: 95:EF:A5:36:C4:93:57:A3:E7:FE:3B:82:24:0E:81:8B:56:AC:3F:7A
Certificate issuer: /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial: 019585AB3B0D5A8030162C38B35EB2C35BE8
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/le-lNsSTV6Pn_juCJA6Bi1asP3o.roa
Signing time: Tue 11 Mar 2025 14:45:46 +0000
ROA not before: Tue 11 Mar 2025 14:45:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 86.109.88.0/22 maxlen: 24
Validation: Failed, certificate revoked on Wed 12 Mar 2025 08:14:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:85:ab:3b:0d:5a:80:30:16:2c:38:b3:5e:b2:c3:5b:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Validity
Not Before: Mar 11 14:45:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95efa536c49357a3e7fe3b82240e818b56ac3f7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:32:60:d0:2d:3b:67:45:f7:2b:7a:fd:3d:0f:
f4:8d:c2:68:98:00:d7:1e:14:00:d0:f4:10:15:95:
a9:b3:d3:37:d6:4d:0e:b1:1b:a3:87:74:07:d8:70:
ba:54:27:56:a4:fd:6c:f5:7d:08:8b:ce:12:09:26:
a3:7e:db:b3:34:06:09:19:41:0e:32:34:a5:cf:f3:
32:0e:48:f9:45:3b:77:5e:6a:6e:ef:5e:29:9c:e4:
32:75:d0:ee:5e:df:a7:32:4b:59:97:bb:99:89:f9:
27:6e:ea:2b:af:71:86:29:4f:6e:76:48:34:9b:e4:
51:95:e2:9e:d0:1b:f7:aa:d0:8e:88:c8:96:7f:e2:
b1:be:df:aa:c0:3d:8b:29:17:41:89:5f:66:f9:1f:
06:89:ea:cc:67:ad:05:20:45:0c:c8:80:f2:e5:c9:
cf:b7:be:a5:bb:41:87:7a:c4:10:aa:f1:b7:d8:37:
e9:78:fd:ae:1a:20:df:1e:b3:78:72:0b:26:ae:51:
bb:f8:c9:aa:2b:d9:d7:50:39:34:be:9f:fe:81:b1:
80:ec:1f:68:d2:50:30:c8:9d:e3:4a:d0:7f:2e:c4:
56:e0:df:46:d9:51:f5:9e:8a:f5:6a:8c:6f:9e:37:
ef:e6:77:d3:16:54:26:84:35:15:9c:03:86:bd:6f:
30:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:EF:A5:36:C4:93:57:A3:E7:FE:3B:82:24:0E:81:8B:56:AC:3F:7A
X509v3 Authority Key Identifier:
keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/le-lNsSTV6Pn_juCJA6Bi1asP3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.109.88.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:a1:89:c8:32:76:01:de:c5:16:cb:10:55:9e:ae:cc:6c:8e:
c8:c3:28:c5:ee:68:0a:0b:e0:f4:5a:04:6a:a2:00:b3:3b:3a:
bf:c3:91:b3:b1:e2:fa:e4:35:72:69:a1:00:a5:fb:2b:16:4f:
07:59:ca:cd:4d:a5:8b:59:74:02:ba:8b:64:c8:f6:80:fc:6c:
3d:12:a1:97:2d:11:c6:ea:05:13:0e:2c:d2:71:d7:ed:32:78:
78:01:c4:1a:d1:f7:02:a1:09:7c:78:ec:8e:ab:d1:4d:fa:00:
a0:d6:dd:e7:97:84:b6:9e:69:43:e2:79:b4:73:fc:1d:ee:c4:
97:92:0d:21:08:a7:4f:24:ab:d7:51:be:59:f0:32:39:b2:3b:
f1:85:00:ea:44:81:39:71:55:d8:cd:b2:d9:c5:41:36:98:d3:
31:f4:a7:10:e3:d0:35:71:85:76:3a:56:a5:a0:12:88:71:3f:
bf:3f:9a:0b:46:97:10:71:a7:2d:69:b3:0d:3d:1b:41:59:eb:
86:c5:f6:12:d5:73:8e:e2:14:0c:be:ab:15:f5:15:19:b3:c0:
16:7e:ec:f3:5f:9f:0e:27:a8:66:75:83:3f:13:56:12:c9:c5:
bb:b7:2f:3f:d1:8a:8a:87:6e:6a:ec:1b:5f:59:34:66:a5:99:
1b:d8:a4:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWFqzsNWoAwFiw4s16yw1voMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwMzExMTQ0NTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWVmYTUzNmM0OTM1N2EzZTdmZTNiODIyNDBlODE4YjU2YWMzZjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jJg0C07Z0X3K3r9PQ/0jcJomADX
HhQA0PQQFZWps9M31k0OsRujh3QH2HC6VCdWpP1s9X0Ii84SCSajftuzNAYJGUEO
MjSlz/MyDkj5RTt3Xmpu714pnOQyddDuXt+nMktZl7uZifknbuorr3GGKU9udkg0
m+RRleKe0Bv3qtCOiMiWf+Kxvt+qwD2LKRdBiV9m+R8GierMZ60FIEUMyIDy5cnP
t76lu0GHesQQqvG32DfpeP2uGiDfHrN4cgsmrlG7+MmqK9nXUDk0vp/+gbGA7B9o
0lAwyJ3jStB/LsRW4N9G2VH1nor1aoxvnjfv5nfTFlQmhDUVnAOGvW8wuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXvpTbEk1ej5/47giQOgYtWrD96MB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvbGUtbE5zU1RWNlBuX2p1Q0pBNkJpMWFzUDNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVm1YMA0G
CSqGSIb3DQEBCwUAA4IBAQAMoYnIMnYB3sUWyxBVnq7MbI7IwyjF7mgKC+D0WgRq
ogCzOzq/w5GzseL65DVyaaEApfsrFk8HWcrNTaWLWXQCuotkyPaA/Gw9EqGXLRHG
6gUTDizScdftMnh4AcQa0fcCoQl8eOyOq9FN+gCg1t3nl4S2nmlD4nm0c/wd7sSX
kg0hCKdPJKvXUb5Z8DI5sjvxhQDqRIE5cVXYzbLZxUE2mNMx9KcQ49A1cYV2Olal
oBKIcT+/P5oLRpcQcactabMNPRtBWeuGxfYS1XOO4hQMvqsV9RUZs8AWfuzzX58O
J6hmdYM/E1YSycW7ty8/0YqKh25q7BtfWTRmpZkb2KRP
-----END CERTIFICATE-----
Generated at Wed Apr 30 04:37:38 2025 by rpki-client