Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/K1xbX-SL2SCqPy14ODe_bLtBNUc.roa
File: K1xbX-SL2SCqPy14ODe_bLtBNUc.roa (raw, json)
Hash identifier: nkw9/0+GcDJrenwIFgca1LWGwgg4t70s7xGXVi2V6Zc=
Subject key identifier: 2B:5C:5B:5F:E4:8B:D9:20:AA:3F:2D:78:38:37:BF:6C:BB:41:35:47
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 019840E1EDB32C1B42F2D4182EE0772210B1
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/K1xbX-SL2SCqPy14ODe_bLtBNUc.roa
Signing time: Fri 25 Jul 2025 09:20:04 +0000
ROA not before: Fri 25 Jul 2025 09:20:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202870
IP address blocks: 5.152.128.0/22 maxlen: 24
45.3.56.0/22 maxlen: 24
45.3.56.0/24 maxlen: 24
45.133.154.0/23 maxlen: 24
103.129.61.0/24 maxlen: 24
104.167.28.0/22 maxlen: 24
185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 32
Validation: Failed, certificate revoked on Fri 25 Jul 2025 13:27:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:40:e1:ed:b3:2c:1b:42:f2:d4:18:2e:e0:77:22:10:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: Jul 25 09:20:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b5c5b5fe48bd920aa3f2d783837bf6cbb413547
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:3f:ec:32:d1:fc:4d:65:4c:39:b9:53:6d:a2:
a0:a2:a7:10:ac:19:d4:e9:04:28:fb:33:f4:a1:5f:
92:75:46:44:27:6c:cd:6e:92:ab:89:a3:4a:4b:6b:
aa:7f:f9:13:eb:e4:53:93:68:d8:2a:ed:ca:95:44:
a9:70:9c:16:e2:08:07:72:59:23:63:92:0e:c7:07:
66:b0:d9:92:e0:cc:13:da:d8:f7:d1:01:28:c9:f4:
c3:3c:ec:bf:c8:a1:63:49:b8:45:86:b5:f1:de:56:
17:f5:6e:03:ce:52:df:0a:69:b2:42:cf:80:d3:49:
ba:d0:6c:c3:52:df:d3:81:4d:34:c1:9f:11:d6:90:
d5:ae:7f:0b:96:5d:ed:6f:37:68:3e:3d:fa:ed:ea:
6a:03:31:00:e9:49:b0:74:ec:f2:48:5c:9a:8b:9f:
99:25:ca:ba:e2:3f:da:62:3b:83:99:dc:11:e6:e8:
25:08:c9:18:16:79:d8:1b:43:5e:d2:d2:35:29:35:
65:1a:de:dc:95:0a:5a:60:0b:98:1a:08:ec:15:4c:
e2:a5:e3:87:76:f5:68:fa:66:93:c2:42:53:3a:98:
d2:af:dc:51:e0:a1:07:1a:24:df:02:7d:92:7a:01:
fd:d2:f1:ad:8d:25:d3:6e:84:1c:25:75:5a:6b:a4:
10:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:5C:5B:5F:E4:8B:D9:20:AA:3F:2D:78:38:37:BF:6C:BB:41:35:47
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/K1xbX-SL2SCqPy14ODe_bLtBNUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.152.128.0/22
45.3.56.0/22
45.133.154.0/23
103.129.61.0/24
104.167.28.0/22
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
81:11:5d:f3:b4:68:a8:ac:cd:b1:32:13:ff:7e:70:0d:43:62:
87:95:be:57:7c:50:c1:ea:29:ad:c7:cb:90:1f:d2:b6:62:48:
89:64:1a:b5:b4:32:97:54:1c:47:18:16:0f:49:9f:e7:8f:df:
97:a7:4f:c7:43:07:67:b3:67:97:4e:2d:c6:7f:7d:6e:56:44:
11:75:1b:94:a9:03:cc:93:bd:df:3b:b4:be:dc:d5:f7:3b:8a:
fe:d9:f1:ae:c5:12:e1:dd:c6:c5:70:3c:f1:fe:ee:b5:d2:c2:
57:89:8a:34:05:cc:a0:86:ed:63:fc:da:95:64:f3:4e:ff:d1:
9e:9d:9f:a8:7d:de:47:b2:8e:45:8b:af:ab:f7:87:86:68:e8:
85:a6:1c:c2:27:85:da:6a:fd:5e:b5:9f:4e:6f:7b:cd:0a:83:
31:19:00:87:96:20:a5:07:ae:7d:ce:88:0d:09:d1:86:80:4a:
37:4f:4a:4a:60:be:41:6f:10:4d:56:4e:07:87:5f:fb:4e:59:
31:26:43:6a:97:47:a6:cf:3f:92:78:df:91:e0:ae:7c:f8:1b:
1e:9b:8b:f8:46:8a:ef:8f:94:8a:a8:c6:46:f1:70:ca:e6:3b:
db:4d:c1:3f:78:12:a7:bc:c1:fc:38:43:c3:f0:5b:0a:da:ef:
a9:26:d4:98
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZhA4e2zLBtC8tQYLuB3IhCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjUwNzI1MDkyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjVjNWI1ZmU0OGJkOTIwYWEzZjJkNzgzODM3YmY2Y2JiNDEzNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgz/sMtH8TWVMOblTbaKgoqcQrBnU
6QQo+zP0oV+SdUZEJ2zNbpKriaNKS2uqf/kT6+RTk2jYKu3KlUSpcJwW4ggHclkj
Y5IOxwdmsNmS4MwT2tj30QEoyfTDPOy/yKFjSbhFhrXx3lYX9W4DzlLfCmmyQs+A
00m60GzDUt/TgU00wZ8R1pDVrn8Lll3tbzdoPj367epqAzEA6UmwdOzySFyai5+Z
Jcq64j/aYjuDmdwR5uglCMkYFnnYG0Ne0tI1KTVlGt7clQpaYAuYGgjsFUzipeOH
dvVo+maTwkJTOpjSr9xR4KEHGiTfAn2SegH90vGtjSXTboQcJXVaa6QQjwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFCtcW1/ki9kgqj8teDg3v2y7QTVHMB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvSzF4YlgtU0wyU0NxUHkxNE9EZV9iTHRCTlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQCBZiAAwQC
LQM4AwQBLYWaAwQAZ4E9AwQCaKccAwQCuZgsMA0EAgACMAcDBQMqB36AMA0GCSqG
SIb3DQEBCwUAA4IBAQCBEV3ztGiorM2xMhP/fnANQ2KHlb5XfFDB6imtx8uQH9K2
YkiJZBq1tDKXVBxHGBYPSZ/nj9+Xp0/HQwdns2eXTi3Gf31uVkQRdRuUqQPMk73f
O7S+3NX3O4r+2fGuxRLh3cbFcDzx/u610sJXiYo0Bcyghu1j/NqVZPNO/9GenZ+o
fd5Hso5Fi6+r94eGaOiFphzCJ4Xaav1etZ9Ob3vNCoMxGQCHliClB659zogNCdGG
gEo3T0pKYL5BbxBNVk4Hh1/7TlkxJkNql0emzz+SeN+R4K58+Bsem4v4Rorvj5SK
qMZG8XDK5jvbTcE/eBKnvMH8OEPD8FsK2u+pJtSY
-----END CERTIFICATE-----
Generated at Sun Jul 27 10:23:12 2025 by rpki-client