Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/XIft3JbXUA-A7MgCFUg1ebtbRnE.roa
File: XIft3JbXUA-A7MgCFUg1ebtbRnE.roa (raw, json)
Hash identifier: 0sisO5c5+ZvmlpnWtpQd1vZLj3Y5r5gfJILbLzd9rhk=
Subject key identifier: 5C:87:ED:DC:96:D7:50:0F:80:EC:C8:02:15:48:35:79:BB:5B:46:71
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 01975A74DE5E35AC10DAC9B9C26C6498C231
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/XIft3JbXUA-A7MgCFUg1ebtbRnE.roa
Signing time: Tue 10 Jun 2025 15:28:17 +0000
ROA not before: Tue 10 Jun 2025 15:28:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
185.254.31.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 16 Jun 2025 10:15:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5a:74:de:5e:35:ac:10:da:c9:b9:c2:6c:64:98:c2:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jun 10 15:28:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c87eddc96d7500f80ecc80215483579bb5b4671
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:0b:f8:34:87:eb:08:8a:6d:48:a3:76:ca:3c:
fd:b5:94:38:29:5b:d1:36:08:88:7a:50:0e:20:29:
f8:27:76:6d:f5:32:2c:ab:7e:6b:c6:59:11:86:76:
1c:da:1a:c4:fe:4e:f7:6e:83:f6:b6:d1:3c:53:8c:
00:4e:68:a2:9b:d0:d6:8b:86:c5:fd:e2:49:e4:3e:
8a:e5:68:42:2c:b0:f4:94:a7:55:32:da:1b:c3:45:
91:47:eb:c4:53:cb:e5:a4:ca:82:69:ad:66:03:71:
c0:41:b4:e7:ed:7f:c7:b9:56:61:b6:f9:c7:45:61:
2c:35:f6:d2:70:e6:6e:d9:64:bb:f7:c6:9e:b8:a4:
1e:9d:ec:4e:2d:f3:c0:8c:41:8e:3f:c1:72:d9:2c:
fe:b7:21:e8:16:d8:56:df:8d:84:7b:f4:e4:b2:12:
df:c8:f3:ae:67:f4:8b:20:5d:59:97:e6:53:f9:d3:
67:4c:08:a7:82:0f:b9:8e:07:26:cd:dd:fe:cd:39:
27:ed:6f:d8:28:dc:87:01:57:b8:cb:f0:a8:23:5c:
4c:ed:19:c0:92:96:42:10:ba:bc:5b:8b:c8:1f:06:
da:5a:38:4f:f0:bd:fb:f5:ac:9c:66:82:0a:3f:06:
94:42:fe:94:7d:5b:9b:d5:69:db:f3:58:9d:92:05:
c1:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:87:ED:DC:96:D7:50:0F:80:EC:C8:02:15:48:35:79:BB:5B:46:71
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/XIft3JbXUA-A7MgCFUg1ebtbRnE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/23
185.254.31.0/24
193.35.152.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:59:bb:67:f6:7b:07:6a:86:c9:4c:a5:56:a2:98:2d:f5:bb:
2e:e5:71:c6:8b:63:2a:a1:3b:dc:d0:ad:03:e1:56:60:03:10:
74:b4:e9:1d:3d:d5:39:ce:c7:fa:eb:af:dd:83:ba:26:79:ac:
18:cd:a4:74:cc:65:0b:ec:b3:5d:fb:1e:94:aa:00:b7:24:c6:
80:7e:4b:56:2f:86:5f:e1:d4:3f:ca:d4:04:ee:60:cc:e7:a3:
8b:48:0e:a9:da:c1:ac:c0:62:8e:44:1f:cf:b5:f3:af:8d:0f:
94:51:8c:69:c5:7f:61:66:13:d4:c8:02:1c:3e:bb:3b:0d:96:
91:50:ca:1a:07:54:bc:6c:33:25:f4:56:ce:5a:e5:e3:4a:38:
e1:6b:5f:a7:bd:03:75:3f:f3:f8:74:57:29:93:5f:38:07:95:
a9:f1:30:8b:af:78:d6:6b:6c:69:fb:4c:0e:60:bc:a8:1e:78:
f2:77:9b:97:13:eb:7d:27:23:dd:e1:ff:a5:59:f2:73:cd:12:
55:46:26:ca:0d:ee:b2:15:e3:ea:27:fa:e0:04:b9:e5:c9:eb:
b2:61:9c:6e:20:74:bb:0b:b7:66:25:38:9b:3f:c3:5e:a3:a2:
6c:92:b4:4c:2b:e3:58:47:c5:02:bc:50:cc:42:b1:9d:09:37:
57:c9:d3:06
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZdadN5eNawQ2sm5wmxkmMIxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNjEwMTUyODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yzg3ZWRkYzk2ZDc1MDBmODBlY2M4MDIxNTQ4MzU3OWJiNWI0NjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgv4NIfrCIptSKN2yjz9tZQ4KVvR
NgiIelAOICn4J3Zt9TIsq35rxlkRhnYc2hrE/k73boP2ttE8U4wATmiim9DWi4bF
/eJJ5D6K5WhCLLD0lKdVMtobw0WRR+vEU8vlpMqCaa1mA3HAQbTn7X/HuVZhtvnH
RWEsNfbScOZu2WS798aeuKQenexOLfPAjEGOP8Fy2Sz+tyHoFthW342Ee/TkshLf
yPOuZ/SLIF1Zl+ZT+dNnTAingg+5jgcmzd3+zTkn7W/YKNyHAVe4y/CoI1xM7RnA
kpZCELq8W4vIHwbaWjhP8L379aycZoIKPwaUQv6UfVub1Wnb81idkgXBZQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFFyH7dyW11APgOzIAhVINXm7W0ZxMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvWElmdDNKYlhVQS1BN01nQ0ZVZzFlYnRiUm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABt7DED
BAJt7DADBAC5VgYDBAG5/hwDBAC5/h8DBAHBI5gwDQYJKoZIhvcNAQELBQADggEB
ADxZu2f2ewdqhslMpVaimC31uy7lccaLYyqhO9zQrQPhVmADEHS06R091TnOx/rr
r92DuiZ5rBjNpHTMZQvss137HpSqALckxoB+S1Yvhl/h1D/K1ATuYMzno4tIDqna
wazAYo5EH8+186+ND5RRjGnFf2FmE9TIAhw+uzsNlpFQyhoHVLxsMyX0Vs5a5eNK
OOFrX6e9A3U/8/h0VymTXzgHlanxMIuveNZrbGn7TA5gvKgeePJ3m5cT630nI93h
/6VZ8nPNElVGJsoN7rIV4+on+uAEueXJ67JhnG4gdLsLt2YlOJs/w16jomyStEwr
41hHxQK8UMxCsZ0JN1fJ0wY=
-----END CERTIFICATE-----
Generated at Fri Jul 25 18:56:07 2025 by rpki-client