Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/o4CdHoA6udJTvLRkMW5TvxLuUgk.roa
File: o4CdHoA6udJTvLRkMW5TvxLuUgk.roa (raw, json)
Hash identifier: SDwqRUVH6rSXjP3IhSQLmFXEuEd9SlmMnB3R9J/WTSA=
Subject key identifier: A3:80:9D:1E:80:3A:B9:D2:53:BC:B4:64:31:6E:53:BF:12:EE:52:09
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 01976073736344F69BDA31697965BD38CBF4
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/o4CdHoA6udJTvLRkMW5TvxLuUgk.roa
Signing time: Wed 11 Jun 2025 19:24:28 +0000
ROA not before: Wed 11 Jun 2025 19:24:28 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 185.95.158.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 13 Jun 2025 04:39:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:60:73:73:63:44:f6:9b:da:31:69:79:65:bd:38:cb:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Jun 11 19:24:28 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3809d1e803ab9d253bcb464316e53bf12ee5209
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:db:2c:69:74:d7:12:17:08:cd:50:92:f7:ee:
c2:29:29:21:bf:65:cf:6c:fa:fe:c0:f2:7a:8b:49:
84:37:bc:c9:70:ac:63:d7:dd:b5:c9:b4:7c:0e:2f:
d6:e0:50:a1:e5:fa:e1:b9:d5:cc:4e:72:5c:d8:21:
89:3c:84:ca:78:63:65:97:ed:d1:d3:c2:80:2c:5e:
6f:c5:91:ab:61:a4:02:a7:bf:90:18:a7:86:3c:9d:
85:8c:21:82:45:c5:fa:bb:f4:1b:78:77:b2:79:63:
c7:de:f5:1d:9e:17:32:da:25:01:33:54:fe:8b:b0:
72:2f:44:02:28:98:cd:b1:ac:02:f8:eb:f5:28:4d:
1c:c3:02:06:0c:37:1a:1b:f5:1c:ae:fe:53:39:47:
df:9f:71:ca:6c:c4:33:df:4a:7c:2e:d1:7b:dd:a9:
09:e6:36:1e:90:80:43:1d:5f:3f:b6:8e:a0:12:bd:
b0:ef:0e:d6:bd:a9:00:08:89:6b:37:b9:ad:62:da:
de:92:21:6f:14:dc:73:c8:06:a9:55:d3:88:0a:80:
ef:e8:be:14:79:a9:40:8c:9f:7e:e9:4d:2f:ec:d8:
eb:c0:df:45:0b:eb:fc:76:c7:16:63:4c:05:b7:3f:
5b:21:d4:e4:39:c9:a4:30:b2:92:34:6d:9b:ce:eb:
0d:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:80:9D:1E:80:3A:B9:D2:53:BC:B4:64:31:6E:53:BF:12:EE:52:09
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/o4CdHoA6udJTvLRkMW5TvxLuUgk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.95.158.0/24
Signature Algorithm: sha256WithRSAEncryption
57:57:ca:5e:c7:be:76:5b:d5:02:eb:1c:8a:c4:25:de:ef:a4:
9d:90:99:62:5d:81:9d:d9:05:24:90:b4:be:f1:5c:41:21:c2:
25:3e:6e:59:b6:ba:b5:68:f8:21:0c:a0:82:99:42:56:a2:e1:
3b:4d:dc:a2:cf:d4:4b:6f:fe:4a:75:57:85:04:f7:82:82:55:
2e:f6:6d:ac:12:68:bd:a0:00:75:73:bb:38:67:5e:f3:62:a0:
c9:8a:15:83:68:12:57:51:38:26:9a:dc:5c:cd:2f:6a:a2:29:
7d:c6:0f:b9:68:a4:fc:dc:bd:79:a7:e4:3e:f5:2e:27:26:33:
f3:c8:44:a5:c2:8b:da:30:da:d1:a6:ed:11:7f:3f:3f:a3:0e:
7a:f2:75:d2:76:ab:f6:14:9b:b0:f2:2d:f0:07:59:ce:31:20:
84:8c:53:ae:e0:85:70:1b:e8:8b:0e:5c:50:12:e7:23:be:60:
27:ee:f2:a5:74:ac:f3:76:55:02:98:09:50:bf:1b:fd:0f:f2:
8e:7c:ab:0f:b4:77:04:6d:15:03:f1:1c:e5:8c:a9:dc:8e:a3:
e2:87:e7:43:86:be:08:f4:c8:37:b6:1e:72:3f:42:2f:38:15:
ab:69:77:67:32:68:4c:90:07:51:64:2b:0c:6a:f5:eb:05:3e:
d2:58:13:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdgc3NjRPab2jFpeWW9OMv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNjExMTkyNDI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzgwOWQxZTgwM2FiOWQyNTNiY2I0NjQzMTZlNTNiZjEyZWU1MjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstssaXTXEhcIzVCS9+7CKSkhv2XP
bPr+wPJ6i0mEN7zJcKxj1921ybR8Di/W4FCh5frhudXMTnJc2CGJPITKeGNll+3R
08KALF5vxZGrYaQCp7+QGKeGPJ2FjCGCRcX6u/QbeHeyeWPH3vUdnhcy2iUBM1T+
i7ByL0QCKJjNsawC+Ov1KE0cwwIGDDcaG/Ucrv5TOUffn3HKbMQz30p8LtF73akJ
5jYekIBDHV8/to6gEr2w7w7WvakACIlrN7mtYtrekiFvFNxzyAapVdOICoDv6L4U
ealAjJ9+6U0v7NjrwN9FC+v8dscWY0wFtz9bIdTkOcmkMLKSNG2bzusNQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOAnR6AOrnSU7y0ZDFuU78S7lIJMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvbzRDZEhvQTZ1ZEpUdkxSa01XNVR2eEx1VWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+eMA0G
CSqGSIb3DQEBCwUAA4IBAQBXV8pex752W9UC6xyKxCXe76SdkJliXYGd2QUkkLS+
8VxBIcIlPm5Ztrq1aPghDKCCmUJWouE7Tdyiz9RLb/5KdVeFBPeCglUu9m2sEmi9
oAB1c7s4Z17zYqDJihWDaBJXUTgmmtxczS9qoil9xg+5aKT83L15p+Q+9S4nJjPz
yESlwovaMNrRpu0Rfz8/ow568nXSdqv2FJuw8i3wB1nOMSCEjFOu4IVwG+iLDlxQ
EucjvmAn7vKldKzzdlUCmAlQvxv9D/KOfKsPtHcEbRUD8RzljKncjqPih+dDhr4I
9Mg3th5yP0IvOBWraXdnMmhMkAdRZCsMavXrBT7SWBNO
-----END CERTIFICATE-----
Generated at Sat Jul 26 00:25:04 2025 by rpki-client