Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/98xbP6Ak8f0EqqMNPiLbH8EJIdM.roa
File: 98xbP6Ak8f0EqqMNPiLbH8EJIdM.roa (raw, json)
Hash identifier: Z1OzsFOT/JBrjnd7Vv+XmFRpAp3HIgNiFALg8nDzRNw=
Subject key identifier: F7:CC:5B:3F:A0:24:F1:FD:04:AA:A3:0D:3E:22:DB:1F:C1:09:21:D3
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0197280B3E01A1A089A924C62296E2C20D03
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/98xbP6Ak8f0EqqMNPiLbH8EJIdM.roa
Signing time: Sat 31 May 2025 20:31:54 +0000
ROA not before: Sat 31 May 2025 20:31:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209439
IP address blocks: 95.111.128.0/19 maxlen: 24
149.232.189.0/24 maxlen: 24
2a00:8b80::/32 maxlen: 32
2a09:3dc0::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 02 Jun 2025 10:56:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:28:0b:3e:01:a1:a0:89:a9:24:c6:22:96:e2:c2:0d:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: May 31 20:31:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f7cc5b3fa024f1fd04aaa30d3e22db1fc10921d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:fa:1b:fd:4c:99:a7:eb:ee:09:c8:44:0b:94:
7c:a3:0a:6e:77:f3:9e:6b:88:9c:2e:9a:64:72:a5:
de:3b:09:d2:29:bf:37:80:8f:bd:b7:ab:a0:50:76:
50:9a:29:3d:aa:90:bd:c7:e4:bb:7b:63:5c:c1:6c:
29:9a:6a:29:96:4b:61:b6:a3:08:e8:b4:85:c3:ea:
ad:70:7d:97:c7:60:24:c3:d0:5c:a4:b5:34:9a:bf:
76:fe:52:33:de:c0:26:89:99:ab:2e:d0:ef:7d:3b:
bb:61:04:dd:0b:fd:94:42:ba:70:ee:e9:12:6b:4b:
08:30:65:4c:67:61:cb:35:fe:4e:63:b3:f9:52:1e:
5f:c3:3b:af:2e:49:37:f2:b8:57:28:93:f7:63:16:
44:ba:4d:50:0e:0d:e0:e8:cf:a8:81:a2:39:e5:9b:
55:8d:86:e5:07:6c:33:50:bc:02:26:6e:bc:5a:92:
9c:72:a2:7d:22:fa:36:57:e5:8a:ee:10:2a:a1:b8:
28:36:c1:08:16:3f:27:c8:93:7a:52:88:87:7d:60:
a4:57:1b:fd:37:05:eb:72:b0:2b:59:0b:52:6b:3d:
02:c3:3c:f3:e9:22:1d:fd:8b:57:a1:b8:01:e4:a4:
89:a6:51:3e:07:c4:e8:54:69:1a:00:81:5e:ec:47:
2c:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:CC:5B:3F:A0:24:F1:FD:04:AA:A3:0D:3E:22:DB:1F:C1:09:21:D3
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/98xbP6Ak8f0EqqMNPiLbH8EJIdM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.111.128.0/19
149.232.189.0/24
IPv6:
2a00:8b80::/32
2a09:3dc0::/29
Signature Algorithm: sha256WithRSAEncryption
14:2e:e7:be:2e:e2:aa:14:79:36:72:7b:fe:e7:50:ca:0a:92:
64:e5:1f:b1:2f:c9:ed:22:60:62:75:07:64:be:42:14:51:bb:
a1:9f:c1:49:6c:ab:67:16:d6:3a:01:3f:d5:5c:e8:0d:c5:a4:
e7:67:5d:fc:7c:f5:63:e4:8f:3c:49:d5:df:d7:d8:2f:a6:29:
52:73:92:64:31:0c:22:0a:0e:3e:fa:03:64:b7:a1:99:bd:ea:
a5:fa:c0:9f:24:a0:8a:0c:42:88:50:a7:d2:c5:9c:54:8a:33:
85:51:65:16:be:a9:70:64:2e:0c:cb:ad:77:7a:6f:1a:15:3a:
4c:4c:3b:a4:76:e7:cc:2b:2b:31:d6:ef:08:c7:5e:0e:64:58:
97:3a:4a:06:32:21:00:b1:e6:0c:d2:03:e0:c4:4c:f4:aa:2d:
c4:55:5f:da:68:09:6f:03:ea:04:9b:87:cb:02:11:7d:de:62:
57:3b:81:f1:02:90:b3:dc:ca:62:b5:d5:b5:40:65:16:f3:c2:
c7:d6:7f:eb:a7:73:0f:21:09:55:41:e8:7b:41:5c:d7:dd:74:
1c:d5:20:de:cf:e1:ae:5c:fe:ac:11:91:de:e3:24:5a:35:a3:
da:24:14:c5:be:38:97:99:ba:ee:45:ae:79:d0:07:0b:19:ec:
7a:f0:70:72
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZcoCz4BoaCJqSTGIpbiwg0DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjUwNTMxMjAzMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2NjNWIzZmEwMjRmMWZkMDRhYWEzMGQzZTIyZGIxZmMxMDkyMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPob/UyZp+vuCchEC5R8owpud/Oe
a4icLppkcqXeOwnSKb83gI+9t6ugUHZQmik9qpC9x+S7e2NcwWwpmmoplkthtqMI
6LSFw+qtcH2Xx2Akw9BcpLU0mr92/lIz3sAmiZmrLtDvfTu7YQTdC/2UQrpw7ukS
a0sIMGVMZ2HLNf5OY7P5Uh5fwzuvLkk38rhXKJP3YxZEuk1QDg3g6M+ogaI55ZtV
jYblB2wzULwCJm68WpKccqJ9Ivo2V+WK7hAqobgoNsEIFj8nyJN6UoiHfWCkVxv9
NwXrcrArWQtSaz0Cwzzz6SId/YtXobgB5KSJplE+B8ToVGkaAIFe7EcsGQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFPfMWz+gJPH9BKqjDT4i2x/BCSHTMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvOTh4YlA2QWs4ZjBFcXFNTlBpTGJIOEVKSWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQFX2+AAwQA
lei9MBQEAgACMA4DBQAqAIuAAwUDKgk9wDANBgkqhkiG9w0BAQsFAAOCAQEAFC7n
vi7iqhR5NnJ7/udQygqSZOUfsS/J7SJgYnUHZL5CFFG7oZ/BSWyrZxbWOgE/1Vzo
DcWk52dd/Hz1Y+SPPEnV39fYL6YpUnOSZDEMIgoOPvoDZLehmb3qpfrAnySgigxC
iFCn0sWcVIozhVFlFr6pcGQuDMutd3pvGhU6TEw7pHbnzCsrMdbvCMdeDmRYlzpK
BjIhALHmDNID4MRM9KotxFVf2mgJbwPqBJuHywIRfd5iVzuB8QKQs9zKYrXVtUBl
FvPCx9Z/66dzDyEJVUHoe0Fc1910HNUg3s/hrlz+rBGR3uMkWjWj2iQUxb44l5m6
7kWuedAHCxnsevBwcg==
-----END CERTIFICATE-----
Generated at Tue Jul 29 04:33:21 2025 by rpki-client