Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hqeedY43S-bUB1FIkOd5M13U_FE.roa
File: hqeedY43S-bUB1FIkOd5M13U_FE.roa (raw, json)
Hash identifier: om44j4vhwxe1q9w0mme5MBM31Xh/TX+azuP1G66dOY0=
Subject key identifier: 86:A7:9E:75:8E:37:4B:E6:D4:07:51:48:90:E7:79:33:5D:D4:FC:51
Certificate issuer: /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial: 01982C3100E8A58D3BF03DFEA6B099DFEC83
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hqeedY43S-bUB1FIkOd5M13U_FE.roa
Signing time: Mon 21 Jul 2025 08:54:25 +0000
ROA not before: Mon 21 Jul 2025 08:54:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 79.172.200.0/23 maxlen: 24
79.172.208.0/24 maxlen: 24
79.172.219.0/24 maxlen: 24
79.172.228.0/24 maxlen: 24
79.172.250.0/23 maxlen: 24
87.229.8.0/22 maxlen: 22
87.229.23.0/24 maxlen: 24
87.229.97.0/24 maxlen: 24
87.229.108.0/24 maxlen: 24
87.229.112.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 24 Jul 2025 06:41:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:2c:31:00:e8:a5:8d:3b:f0:3d:fe:a6:b0:99:df:ec:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Validity
Not Before: Jul 21 08:54:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=86a79e758e374be6d407514890e779335dd4fc51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:03:c5:42:1c:cf:26:16:29:83:eb:e6:ac:1c:
bb:bd:7a:2a:b9:84:78:c0:a2:cf:5e:81:34:59:be:
ab:43:72:2b:00:b9:5f:7d:d4:b1:28:08:d4:a3:4b:
8f:67:e4:62:9b:9b:e4:34:57:21:9f:e0:82:5c:d5:
2c:3e:30:3a:d4:bc:2f:16:2c:ed:24:f9:13:f5:cc:
39:0e:e0:20:01:91:d9:58:a8:50:69:7d:2c:8c:06:
4f:ae:68:89:0e:ca:80:36:ba:54:51:0f:b2:5e:db:
14:0a:38:b6:99:d0:94:0a:49:93:13:b4:f1:32:e1:
ce:30:a9:e4:45:d4:5f:ff:1d:8b:97:3c:0d:c0:59:
70:3e:0f:fe:8c:e4:37:52:c2:7f:70:4a:e7:d7:00:
23:36:49:47:51:63:f2:51:0b:1c:24:4c:a1:5d:e0:
7f:56:38:5e:bb:99:12:a8:23:0c:41:3a:91:ee:29:
b5:be:c0:5f:53:d4:38:02:54:13:5e:c6:7a:29:55:
c0:51:62:81:94:2a:18:89:95:b1:0a:4b:9f:ba:13:
cc:af:39:4d:bb:8f:96:5c:3c:27:fb:60:7c:25:df:
ef:e8:0c:ab:c2:ec:b6:6f:2c:ed:97:44:2f:72:39:
15:ed:41:56:b6:0c:49:f1:00:c4:2f:93:8a:e0:8b:
11:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:A7:9E:75:8E:37:4B:E6:D4:07:51:48:90:E7:79:33:5D:D4:FC:51
X509v3 Authority Key Identifier:
keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/hqeedY43S-bUB1FIkOd5M13U_FE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.172.200.0/23
79.172.208.0/24
79.172.219.0/24
79.172.228.0/24
79.172.250.0/23
87.229.8.0/22
87.229.23.0/24
87.229.97.0/24
87.229.108.0/24
87.229.112.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:c2:69:f7:f7:4d:11:b8:f1:6d:33:6c:ae:b9:3c:9b:ed:94:
3a:fd:6f:3a:02:a5:90:db:15:b1:35:7c:13:2c:3e:be:8f:17:
40:24:fa:8a:2c:fe:70:14:88:81:6c:0a:d9:3f:d0:c0:d6:02:
0a:bd:58:59:83:70:07:a4:47:e0:55:4c:f7:0d:2c:b9:76:3b:
78:2e:24:8b:a2:38:02:ee:07:93:50:4c:ce:29:2c:20:7e:bd:
63:5a:c3:2f:ca:ac:1a:db:5c:89:d3:8f:87:4c:32:c3:e5:c1:
a1:65:1a:2e:d6:2a:a9:5c:48:f5:c0:eb:7c:6c:79:5e:9e:a0:
d1:47:5c:9f:26:ba:a1:00:87:e4:cf:27:22:71:2c:6c:c5:43:
b4:9b:2f:0a:e6:1f:9e:6f:0d:20:80:98:91:1e:54:ce:5c:ef:
39:8b:8a:b0:2c:6d:99:9e:08:be:ff:70:07:70:e9:27:d5:45:
73:47:d6:ad:c8:22:33:37:ba:dd:54:a9:14:1c:3d:00:ea:44:
25:0b:97:7b:d6:ae:c0:1d:2e:b1:f2:4b:d2:23:15:05:65:ee:
39:0c:80:07:c0:54:e2:88:f5:84:a5:66:45:38:c4:ea:8d:22:
24:82:54:43:64:be:ab:ad:fc:94:35:3b:4f:fa:95:8d:08:68:
78:46:a3:be
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZgsMQDopY078D3+prCZ3+yDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwNzIxMDg1NDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmE3OWU3NThlMzc0YmU2ZDQwNzUxNDg5MGU3NzkzMzVkZDRmYzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgPFQhzPJhYpg+vmrBy7vXoquYR4
wKLPXoE0Wb6rQ3IrALlffdSxKAjUo0uPZ+Rim5vkNFchn+CCXNUsPjA61LwvFizt
JPkT9cw5DuAgAZHZWKhQaX0sjAZPrmiJDsqANrpUUQ+yXtsUCji2mdCUCkmTE7Tx
MuHOMKnkRdRf/x2LlzwNwFlwPg/+jOQ3UsJ/cErn1wAjNklHUWPyUQscJEyhXeB/
Vjheu5kSqCMMQTqR7im1vsBfU9Q4AlQTXsZ6KVXAUWKBlCoYiZWxCkufuhPMrzlN
u4+WXDwn+2B8Jd/v6Ayrwuy2byztl0QvcjkV7UFWtgxJ8QDEL5OK4IsRewIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIannnWON0vm1AdRSJDneTNd1PxRMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvaHFlZWRZNDNTLWJVQjFGSWtPZDVNMTNVX0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBT6zIAwQA
T6zQAwQAT6zbAwQAT6zkAwQBT6z6AwQCV+UIAwQAV+UXAwQAV+VhAwQAV+VsAwQA
V+VwMA0GCSqGSIb3DQEBCwUAA4IBAQB9wmn3900RuPFtM2yuuTyb7ZQ6/W86AqWQ
2xWxNXwTLD6+jxdAJPqKLP5wFIiBbArZP9DA1gIKvVhZg3AHpEfgVUz3DSy5djt4
LiSLojgC7geTUEzOKSwgfr1jWsMvyqwa21yJ04+HTDLD5cGhZRou1iqpXEj1wOt8
bHlenqDRR1yfJrqhAIfkzycicSxsxUO0my8K5h+ebw0ggJiRHlTOXO85i4qwLG2Z
ngi+/3AHcOkn1UVzR9atyCIzN7rdVKkUHD0A6kQlC5d71q7AHS6x8kvSIxUFZe45
DIAHwFTiiPWEpWZFOMTqjSIkglRDZL6rrfyUNTtP+pWNCGh4RqO+
-----END CERTIFICATE-----
Generated at Sat Jul 26 19:32:47 2025 by rpki-client