Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/3XKCBzoB5mUr4Np69mLeDCEF__Y.roa
File: 3XKCBzoB5mUr4Np69mLeDCEF__Y.roa (raw, json)
Hash identifier: LJnXNqrYTZ4+nMcomWnmZe3lbFt9j4fRjyeisd2+AQ0=
Subject key identifier: DD:72:82:07:3A:01:E6:65:2B:E0:DA:7A:F6:62:DE:0C:21:05:FF:F6
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 0197E3C893D61669E5579407E7A775114F03
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/3XKCBzoB5mUr4Np69mLeDCEF__Y.roa
Signing time: Mon 07 Jul 2025 07:27:42 +0000
ROA not before: Mon 07 Jul 2025 07:27:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.200.0/24 maxlen: 24
89.249.205.0/24 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
212.42.208.0/20 maxlen: 24
Validation: Failed, certificate revoked on Mon 14 Jul 2025 07:04:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e3:c8:93:d6:16:69:e5:57:94:07:e7:a7:75:11:4f:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Jul 7 07:27:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd7282073a01e6652be0da7af662de0c2105fff6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:69:d4:e5:5e:b4:af:ab:21:0b:eb:28:ae:20:
69:29:11:f8:62:f2:9c:35:c1:d5:e9:80:de:be:00:
06:b6:83:2f:2e:b8:84:0c:40:ba:ad:f1:89:2e:e9:
7e:72:f9:83:bb:2f:05:17:b9:8a:8f:21:7c:20:ca:
be:97:79:14:53:f3:66:94:48:72:cb:ee:e0:fc:78:
d2:ca:46:d5:55:ad:c0:77:18:5f:7f:9c:f2:4a:21:
bc:9f:37:89:94:2e:4d:55:24:a5:2e:8c:9c:9f:f9:
d7:5e:95:5d:8d:50:e2:59:0f:b7:ad:d9:81:f4:fa:
1a:7b:d5:48:fb:f4:ef:da:f0:e5:ec:63:46:42:af:
69:dd:e2:a4:66:0c:83:f3:79:90:ae:1c:67:68:57:
6e:ab:c4:3e:27:97:cb:36:d5:64:65:46:76:30:c3:
f4:09:ef:29:15:df:6c:13:0d:15:12:d7:98:e3:69:
32:0f:ee:9f:c3:e3:a0:29:5b:eb:1a:ac:3a:95:9b:
1e:ff:d4:cb:65:d6:d9:49:33:6d:5d:7c:c0:b5:e0:
20:55:3b:4c:ce:5c:5a:e4:13:b8:73:4c:ae:0e:c0:
4e:ff:e5:d8:41:1f:fd:58:ab:ff:cb:2e:26:e1:2b:
3a:2f:5f:d9:c4:fa:05:48:3d:22:e0:5c:d0:f5:9e:
1e:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:72:82:07:3A:01:E6:65:2B:E0:DA:7A:F6:62:DE:0C:21:05:FF:F6
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/3XKCBzoB5mUr4Np69mLeDCEF__Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0-89.249.200.255
89.249.205.0-89.249.207.255
212.42.192.0/19
Signature Algorithm: sha256WithRSAEncryption
0e:0d:50:f7:45:84:3b:17:83:03:52:a5:1a:71:75:0f:bc:4d:
7a:56:64:91:16:fc:6b:c0:9f:b2:3a:59:01:b6:da:19:0c:6c:
1b:2a:ee:b3:12:49:56:c9:2a:02:5a:d0:70:3b:33:d2:47:30:
be:b3:f9:cd:99:e0:f2:e0:ac:d8:c3:2b:46:a1:04:a7:a7:a8:
7d:b6:7c:49:05:20:65:66:4f:44:e9:05:fc:bd:86:8f:69:04:
99:6a:bf:8a:6b:e1:a4:23:a9:0c:56:8e:e4:cc:46:d6:3d:ef:
7a:e1:13:30:89:2a:d5:05:43:a7:94:01:4b:3f:09:8f:d8:eb:
4e:c4:48:47:21:ab:86:0b:08:a4:c3:a0:7e:71:f9:0b:59:f3:
61:bd:78:b3:53:91:09:2c:81:84:46:e2:59:fa:35:ba:1c:56:
77:06:b9:97:37:54:37:d4:e5:18:d5:47:96:8b:69:80:83:42:
01:4d:e2:d6:1b:a4:43:0c:e7:e9:da:79:7c:d6:2e:9f:e1:f9:
24:55:95:af:c0:00:8e:de:2f:38:65:84:e3:09:ae:8d:ed:11:
43:a4:05:e7:b9:02:2f:33:1a:b4:24:26:b7:80:d8:2d:af:69:
47:4c:ff:64:67:79:c7:a8:51:5c:4a:e7:c2:b3:c4:a7:36:95:
7b:e8:1e:8b
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZfjyJPWFmnlV5QH56d1EU8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwNzA3MDcyNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDcyODIwNzNhMDFlNjY1MmJlMGRhN2FmNjYyZGUwYzIxMDVmZmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5GnU5V60r6shC+soriBpKRH4YvKc
NcHV6YDevgAGtoMvLriEDEC6rfGJLul+cvmDuy8FF7mKjyF8IMq+l3kUU/NmlEhy
y+7g/HjSykbVVa3Adxhff5zySiG8nzeJlC5NVSSlLoycn/nXXpVdjVDiWQ+3rdmB
9Poae9VI+/Tv2vDl7GNGQq9p3eKkZgyD83mQrhxnaFduq8Q+J5fLNtVkZUZ2MMP0
Ce8pFd9sEw0VEteY42kyD+6fw+OgKVvrGqw6lZse/9TLZdbZSTNtXXzAteAgVTtM
zlxa5BO4c0yuDsBO/+XYQR/9WKv/yy4m4Ss6L1/ZxPoFSD0i4FzQ9Z4euQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFN1yggc6AeZlK+DaevZi3gwhBf/2MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvM1hLQ0J6b0I1bVVyNE5wNjltTGVEQ0VGX19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAZZ+cAD
BABZ+cgwDAMEAFn5zQMEBFn5wAMEBdQqwDANBgkqhkiG9w0BAQsFAAOCAQEADg1Q
90WEOxeDA1KlGnF1D7xNelZkkRb8a8CfsjpZAbbaGQxsGyrusxJJVskqAlrQcDsz
0kcwvrP5zZng8uCs2MMrRqEEp6eofbZ8SQUgZWZPROkF/L2Gj2kEmWq/imvhpCOp
DFaO5MxG1j3veuETMIkq1QVDp5QBSz8Jj9jrTsRIRyGrhgsIpMOgfnH5C1nzYb14
s1ORCSyBhEbiWfo1uhxWdwa5lzdUN9TlGNVHlotpgINCAU3i1hukQwzn6dp5fNYu
n+H5JFWVr8AAjt4vOGWE4wmuje0RQ6QF57kCLzMatCQmt4DYLa9pR0z/ZGd5x6hR
XErnwrPEpzaVe+geiw==
-----END CERTIFICATE-----
Generated at Fri Jul 25 18:15:08 2025 by rpki-client