Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/XXE_3SQ1ApmU1Y53owOJlzHB8PI.roa
File: XXE_3SQ1ApmU1Y53owOJlzHB8PI.roa (raw, json)
Hash identifier: IkKbo2zjOvZ/OkY/xRnxlxh4WJYVXTFoGaoEkPItdrY=
Subject key identifier: 5D:71:3F:DD:24:35:02:99:94:D5:8E:77:A3:03:89:97:31:C1:F0:F2
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 01978296E9DCD51734122A18ED0B2288BAD9
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/XXE_3SQ1ApmU1Y53owOJlzHB8PI.roa
Signing time: Wed 18 Jun 2025 10:30:17 +0000
ROA not before: Wed 18 Jun 2025 10:30:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197706
IP address blocks: 31.171.152.0/24 maxlen: 24
31.171.153.0/24 maxlen: 24
31.171.154.0/24 maxlen: 24
31.171.155.0/24 maxlen: 24
31.171.159.0/24 maxlen: 24
45.142.25.0/24 maxlen: 24
45.142.26.0/24 maxlen: 24
45.142.27.0/24 maxlen: 24
103.69.32.0/24 maxlen: 24
103.69.33.0/24 maxlen: 24
103.69.34.0/24 maxlen: 24
103.69.35.0/24 maxlen: 24
103.93.40.0/24 maxlen: 24
103.93.41.0/24 maxlen: 24
103.93.42.0/24 maxlen: 24
103.124.164.0/24 maxlen: 24
103.124.165.0/24 maxlen: 24
103.124.166.0/24 maxlen: 24
103.124.167.0/24 maxlen: 24
103.204.120.0/24 maxlen: 24
103.204.121.0/24 maxlen: 24
103.204.122.0/24 maxlen: 24
103.254.240.0/24 maxlen: 24
103.254.241.0/24 maxlen: 24
103.254.242.0/24 maxlen: 24
103.254.243.0/24 maxlen: 24
109.104.132.0/24 maxlen: 24
109.104.135.0/24 maxlen: 24
109.104.138.0/24 maxlen: 24
109.104.139.0/24 maxlen: 24
109.104.140.0/22 maxlen: 22
109.104.140.0/24 maxlen: 24
109.104.141.0/24 maxlen: 24
109.104.142.0/24 maxlen: 24
109.104.143.0/24 maxlen: 24
109.104.156.0/24 maxlen: 24
109.104.157.0/24 maxlen: 24
109.104.159.0/24 maxlen: 24
144.48.52.0/24 maxlen: 24
144.48.53.0/24 maxlen: 24
144.48.54.0/24 maxlen: 24
144.48.55.0/24 maxlen: 24
185.53.100.0/22 maxlen: 24
185.153.125.0/24 maxlen: 24
185.153.126.0/24 maxlen: 24
185.153.127.0/24 maxlen: 24
199.168.120.0/24 maxlen: 24
199.168.121.0/24 maxlen: 24
199.168.122.0/24 maxlen: 24
199.168.123.0/24 maxlen: 24
2a04:27c0::/29 maxlen: 48
2a04:27c0:fffd::/48 maxlen: 48
2a04:27c0:fffe::/48 maxlen: 48
2a09:6e40::/29 maxlen: 48
2a09:6e47::/48 maxlen: 48
2a09:6ec0::/29 maxlen: 48
2a0d:27c0::/29 maxlen: 48
2a0d:27c4::/32 maxlen: 32
2a0d:42c0::/29 maxlen: 48
2a0d:4a40::/29 maxlen: 48
2a0d:4a46::/32 maxlen: 32
2a0e:3f00::/29 maxlen: 48
2a0e:3f01::/48 maxlen: 48
2a0e:4f00::/29 maxlen: 48
2a0e:4f05::/32 maxlen: 32
2a0e:d4c0::/29 maxlen: 48
2a0f:42c0::/29 maxlen: 48
2a0f:a880::/29 maxlen: 48
Validation: Failed, certificate revoked on Wed 18 Jun 2025 12:50:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:82:96:e9:dc:d5:17:34:12:2a:18:ed:0b:22:88:ba:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Jun 18 10:30:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d713fdd2435029994d58e77a303899731c1f0f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:2e:5f:e3:8a:c6:61:07:89:0a:60:b3:2d:6f:
0c:f3:a1:0d:bf:f3:04:7e:51:bb:fb:da:d2:bf:0f:
76:10:48:3f:d5:6c:98:29:35:41:99:b6:32:51:0b:
a5:33:91:7b:6c:83:c1:b0:72:be:1f:7a:2c:71:85:
f7:d0:d3:b0:31:16:60:01:87:4f:e6:97:90:64:b2:
58:2d:2e:ed:10:9d:81:6b:74:e7:36:fa:f6:0f:15:
ed:ec:fb:c8:8b:f6:98:09:5a:13:45:78:a5:1e:8e:
c6:ef:04:11:a3:f3:b4:e7:21:78:db:f5:25:98:20:
09:71:d5:b8:48:6d:a5:20:16:b7:44:52:15:d7:ac:
f1:a8:7e:eb:82:4d:bf:90:b2:89:ed:a5:2d:25:19:
d1:06:3a:b7:19:1f:e7:df:9f:cd:2a:ff:60:87:1b:
50:77:aa:12:f2:12:bc:26:5c:b4:7c:71:3e:97:0f:
7a:37:39:94:35:23:6e:ff:29:ff:e9:77:56:fa:9a:
67:46:55:73:46:9e:87:bb:d5:39:15:9f:be:8a:c3:
74:cf:b7:8c:9f:fb:1b:b7:2a:39:90:78:19:1f:27:
bb:2a:ef:21:04:51:c5:3f:94:1c:ee:5c:8f:62:9e:
ac:ef:9e:ea:3d:ef:13:fd:db:59:05:cf:0a:8e:28:
be:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:71:3F:DD:24:35:02:99:94:D5:8E:77:A3:03:89:97:31:C1:F0:F2
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/XXE_3SQ1ApmU1Y53owOJlzHB8PI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.152.0/22
31.171.159.0/24
45.142.25.0-45.142.27.255
103.69.32.0/22
103.93.40.0-103.93.42.255
103.124.164.0/22
103.204.120.0-103.204.122.255
103.254.240.0/22
109.104.132.0/24
109.104.135.0/24
109.104.138.0-109.104.143.255
109.104.156.0/23
109.104.159.0/24
144.48.52.0/22
185.53.100.0/22
185.153.125.0-185.153.127.255
199.168.120.0/22
IPv6:
2a04:27c0::/29
2a09:6e40::/29
2a09:6ec0::/29
2a0d:27c0::/29
2a0d:42c0::/29
2a0d:4a40::/29
2a0e:3f00::/29
2a0e:4f00::/29
2a0e:d4c0::/29
2a0f:42c0::/29
2a0f:a880::/29
Signature Algorithm: sha256WithRSAEncryption
9e:36:51:26:76:c2:03:4c:dc:fa:d7:1e:c5:d0:cd:55:4c:d8:
71:47:5c:e1:eb:51:ab:72:0b:27:18:13:50:a4:74:65:e7:53:
df:b9:df:2c:c3:b8:c5:65:90:81:5e:ad:c7:04:1e:6e:71:17:
98:22:57:61:35:64:e1:31:7d:0c:de:43:c3:90:db:24:16:65:
1e:0d:f2:e2:11:ed:7f:e6:29:3d:9c:0c:c2:d5:1b:68:e0:1b:
f7:84:e9:3a:8c:2a:69:fe:7c:ce:66:e9:98:62:9c:86:ab:93:
d4:c8:48:de:73:12:67:bf:3c:ca:f1:d9:7f:50:5a:0d:24:c7:
38:d0:c6:cf:11:3d:1e:23:e2:ab:df:42:6c:9c:30:f5:7a:0b:
3e:d1:cf:b8:ba:a9:9a:14:f4:01:4c:53:fa:7f:19:5b:1c:c3:
31:4a:c3:dc:79:10:0c:56:7a:b3:50:c3:be:b0:76:eb:bc:76:
08:42:1e:3a:65:78:31:f0:99:55:4b:06:a6:fa:5e:7d:1c:76:
66:ed:95:fb:83:1e:8e:e1:c0:1f:64:30:60:70:96:78:50:a7:
f5:65:88:36:87:e0:89:b0:af:cf:f4:42:1d:75:a1:a9:29:09:
3d:29:cd:d6:d1:09:f7:45:cd:13:b0:22:b2:f1:7a:d8:9c:cb:
d0:e1:9e:cd
-----BEGIN CERTIFICATE-----
MIIF4DCCBMigAwIBAgISAZeClunc1Rc0EioY7QsiiLrZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwNjE4MTAzMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDcxM2ZkZDI0MzUwMjk5OTRkNThlNzdhMzAzODk5NzMxYzFmMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqS5f44rGYQeJCmCzLW8M86ENv/ME
flG7+9rSvw92EEg/1WyYKTVBmbYyUQulM5F7bIPBsHK+H3oscYX30NOwMRZgAYdP
5peQZLJYLS7tEJ2Ba3TnNvr2DxXt7PvIi/aYCVoTRXilHo7G7wQRo/O05yF42/Ul
mCAJcdW4SG2lIBa3RFIV16zxqH7rgk2/kLKJ7aUtJRnRBjq3GR/n35/NKv9ghxtQ
d6oS8hK8Jly0fHE+lw96NzmUNSNu/yn/6XdW+ppnRlVzRp6Hu9U5FZ++isN0z7eM
n/sbtyo5kHgZHye7Ku8hBFHFP5Qc7lyPYp6s757qPe8T/dtZBc8Kjii++wIDAQAB
o4IC7DCCAugwHQYDVR0OBBYEFF1xP90kNQKZlNWOd6MDiZcxwfDyMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvWFhFXzNTUTFBcG1VMVk1M293T0psekhCOFBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAAYIKwYBBQUHAQcBAf8EgfAwge0wgZUEAgABMIGOAwQC
H6uYAwQAH6ufMAwDBAAtjhkDBAItjhgDBAJnRSAwDAMEA2ddKAMEAGddKgMEAmd8
pDAMAwQDZ8x4AwQAZ8x6AwQCZ/7wAwQAbWiEAwQAbWiHMAwDBAFtaIoDBARtaIAD
BAFtaJwDBABtaJ8DBAKQMDQDBAK5NWQwDAMEALmZfQMEB7mZAAMEAseoeDBTBAIA
AjBNAwUDKgQnwAMFAyoJbkADBQMqCW7AAwUDKg0nwAMFAyoNQsADBQMqDUpAAwUD
Kg4/AAMFAyoOTwADBQMqDtTAAwUDKg9CwAMFAyoPqIAwDQYJKoZIhvcNAQELBQAD
ggEBAJ42USZ2wgNM3PrXHsXQzVVM2HFHXOHrUatyCycYE1CkdGXnU9+53yzDuMVl
kIFerccEHm5xF5giV2E1ZOExfQzeQ8OQ2yQWZR4N8uIR7X/mKT2cDMLVG2jgG/eE
6TqMKmn+fM5m6ZhinIark9TISN5zEme/PMrx2X9QWg0kxzjQxs8RPR4j4qvfQmyc
MPV6Cz7Rz7i6qZoU9AFMU/p/GVscwzFKw9x5EAxWerNQw76wduu8dghCHjpleDHw
mVVLBqb6Xn0cdmbtlfuDHo7hwB9kMGBwlnhQp/VliDaH4Imwr8/0Qh11oakpCT0p
zdbRCfdFzROwIrLxeticy9Dhns0=
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:26:55 2025 by rpki-client