Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/rOPnsg27TddKm-WkMzqRrrxCmZY.roa
File: rOPnsg27TddKm-WkMzqRrrxCmZY.roa (raw, json)
Hash identifier: w8Phl05uwEUlfL/RFBCSZMKieN0hMe4+RnQvil2Rr9o=
Subject key identifier: AC:E3:E7:B2:0D:BB:4D:D7:4A:9B:E5:A4:33:3A:91:AE:BC:42:99:96
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019818B536EF6714EB1BD194A9B6EBF8381C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/rOPnsg27TddKm-WkMzqRrrxCmZY.roa
Signing time: Thu 17 Jul 2025 14:06:25 +0000
ROA not before: Thu 17 Jul 2025 14:06:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48678
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
185.254.31.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 21 Jul 2025 16:39:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:18:b5:36:ef:67:14:eb:1b:d1:94:a9:b6:eb:f8:38:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jul 17 14:06:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ace3e7b20dbb4dd74a9be5a4333a91aebc429996
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:c2:00:13:4a:bb:9f:78:6e:70:7f:97:f3:77:
aa:13:77:6c:c7:00:ea:3e:20:30:8d:04:09:74:be:
26:40:3b:d1:89:c2:03:b8:2c:cf:4a:b3:c6:6a:76:
59:39:bb:df:bd:f3:4f:7a:e7:84:0e:50:82:0b:2a:
d0:b4:87:b4:e5:fe:38:94:2d:33:41:f8:2f:4b:a4:
cd:2f:96:a7:c3:9b:98:fc:29:76:58:96:a5:c0:f3:
42:a4:ef:2f:08:f5:3b:04:44:e1:38:c5:e5:b9:7f:
f2:8f:59:06:2c:00:93:83:21:0e:ef:8d:8a:50:b5:
dc:3f:2e:75:9c:15:73:16:f0:3e:46:9f:43:20:71:
e3:e5:6e:6c:87:fe:32:22:10:99:0b:72:c7:ec:33:
c0:6a:b3:d3:e9:03:2a:12:53:67:f4:ed:74:78:11:
9c:63:70:d6:7b:a8:b4:a5:5a:36:e9:05:bb:c6:88:
1f:81:96:40:33:e1:62:a6:4e:89:25:d5:79:31:9c:
db:98:c4:a3:47:26:22:d3:64:bd:27:00:17:63:ac:
8d:80:24:50:bc:f6:99:49:f9:e6:89:89:70:23:56:
38:82:c0:87:26:f1:cf:c4:31:31:1f:e4:39:ac:42:
5d:9d:cb:27:70:ea:b3:c4:93:f2:a7:47:12:8b:32:
24:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:E3:E7:B2:0D:BB:4D:D7:4A:9B:E5:A4:33:3A:91:AE:BC:42:99:96
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/rOPnsg27TddKm-WkMzqRrrxCmZY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.254.28.0/23
185.254.31.0/24
193.35.152.0/23
Signature Algorithm: sha256WithRSAEncryption
0d:34:df:9a:69:30:49:c1:e6:eb:79:ea:4b:4d:8c:bd:59:19:
24:e2:fe:3f:d8:e6:5c:ac:f7:4c:0a:a0:2f:aa:ff:65:29:f8:
19:05:c3:2a:34:ff:61:b2:80:aa:2b:37:5b:fe:d6:d7:30:cd:
ce:72:d7:d2:21:9a:5b:6e:85:60:c2:70:2f:5d:49:77:79:bb:
76:38:73:f9:41:14:ef:2c:c8:35:bb:34:a9:6f:a6:32:43:5d:
bd:ec:94:4c:03:78:98:93:28:5c:53:c2:7f:85:ec:aa:df:48:
c7:32:bc:1d:31:8f:f3:b8:db:00:1d:3a:39:8a:c3:bc:3f:4b:
b8:d8:c0:34:2f:5e:09:87:64:7a:9a:ac:e0:06:f1:7a:b3:8c:
29:cf:db:97:40:00:f6:29:a6:aa:79:63:29:54:23:a8:c2:e3:
70:44:a9:16:e5:e8:b6:97:1a:23:26:b4:53:3c:07:55:ca:f1:
7d:30:e7:d4:03:c6:10:4d:70:ae:de:2f:af:9b:3f:2e:d6:dc:
53:a6:eb:e6:3e:b1:11:3d:81:42:db:17:22:17:9d:b6:f6:7b:
40:17:b8:c0:c3:a1:d4:c1:20:6e:20:b3:46:92:41:06:5d:e9:
85:04:8d:31:a8:64:25:62:90:20:df:b2:fe:cf:67:9c:b8:9e:
10:7b:fd:be
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZgYtTbvZxTrG9GUqbbr+DgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNzE3MTQwNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2UzZTdiMjBkYmI0ZGQ3NGE5YmU1YTQzMzNhOTFhZWJjNDI5OTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMIAE0q7n3hucH+X83eqE3dsxwDq
PiAwjQQJdL4mQDvRicIDuCzPSrPGanZZObvfvfNPeueEDlCCCyrQtIe05f44lC0z
QfgvS6TNL5anw5uY/Cl2WJalwPNCpO8vCPU7BEThOMXluX/yj1kGLACTgyEO742K
ULXcPy51nBVzFvA+Rp9DIHHj5W5sh/4yIhCZC3LH7DPAarPT6QMqElNn9O10eBGc
Y3DWe6i0pVo26QW7xogfgZZAM+Fipk6JJdV5MZzbmMSjRyYi02S9JwAXY6yNgCRQ
vPaZSfnmiYlwI1Y4gsCHJvHPxDExH+Q5rEJdncsncOqzxJPyp0cSizIk2wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKzj57INu03XSpvlpDM6ka68QpmWMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvck9QbnNnMjdUZGRLbS1Xa016cVJycnhDbVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBABt7DED
BAJt7DADBAG5/hwDBAC5/h8DBAHBI5gwDQYJKoZIhvcNAQELBQADggEBAA0035pp
MEnB5ut56ktNjL1ZGSTi/j/Y5lys90wKoC+q/2Up+BkFwyo0/2GygKorN1v+1tcw
zc5y19IhmltuhWDCcC9dSXd5u3Y4c/lBFO8syDW7NKlvpjJDXb3slEwDeJiTKFxT
wn+F7KrfSMcyvB0xj/O42wAdOjmKw7w/S7jYwDQvXgmHZHqarOAG8XqzjCnP25dA
APYppqp5YylUI6jC43BEqRbl6LaXGiMmtFM8B1XK8X0w59QDxhBNcK7eL6+bPy7W
3FOm6+Y+sRE9gULbFyIXnbb2e0AXuMDDodTBIG4gs0aSQQZd6YUEjTGoZCVikCDf
sv7PZ5y4nhB7/b4=
-----END CERTIFICATE-----
Generated at Mon Jul 21 19:26:49 2025 by rpki-client