Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/CCmb2DYb6EUMXjwAMq4WkzmcnSA.roa
File: CCmb2DYb6EUMXjwAMq4WkzmcnSA.roa (raw, json)
Hash identifier: XpKkr+ANMgigCMKNIFGJ0Y3mPwMdVVERyfPPN9N3oHg=
Subject key identifier: 08:29:9B:D8:36:1B:E8:45:0C:5E:3C:00:32:AE:16:93:39:9C:9D:20
Certificate issuer: /CN=ed64691c31892cc991ad4e9a9671147759e417ab
Certificate serial: 0197686EBF39FCD421AA03C47F7C09A97AC0
Authority key identifier: ED:64:69:1C:31:89:2C:C9:91:AD:4E:9A:96:71:14:77:59:E4:17:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/CCmb2DYb6EUMXjwAMq4WkzmcnSA.roa
Signing time: Fri 13 Jun 2025 08:36:17 +0000
ROA not before: Fri 13 Jun 2025 08:36:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34689
IP address blocks: 95.131.202.0/24 maxlen: 24
185.75.242.0/24 maxlen: 24
185.75.243.0/24 maxlen: 24
2a05:5502::/32 maxlen: 32
2a13:9401::/32 maxlen: 32
2a13:9402::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 16 Jun 2025 10:01:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:68:6e:bf:39:fc:d4:21:aa:03:c4:7f:7c:09:a9:7a:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ed64691c31892cc991ad4e9a9671147759e417ab
Validity
Not Before: Jun 13 08:36:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08299bd8361be8450c5e3c0032ae1693399c9d20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:b6:18:3f:1e:0d:e0:3c:2b:f1:2a:27:f4:fc:
a4:d7:a0:f8:1b:6f:d9:91:ec:49:6d:3c:de:51:48:
09:eb:5a:b2:17:cb:f4:14:6a:e7:d0:a0:7d:b2:5b:
9e:7c:51:1e:81:49:5c:5c:fe:55:0e:31:91:93:77:
60:73:19:70:f0:48:bb:68:cc:01:8d:d3:a0:3f:3b:
b5:51:01:e7:66:12:49:cd:fa:2b:c8:b3:4f:ec:ec:
14:76:db:2e:2c:7c:7b:49:5a:41:da:ef:92:41:58:
ce:7b:80:b9:ce:9c:50:71:8b:52:ab:90:3d:f5:8b:
9e:d1:93:9e:aa:cd:2d:5f:ad:5e:f0:2e:c3:fa:c7:
d3:71:1b:04:9c:1a:fa:56:43:0b:5d:49:60:39:19:
07:30:9e:1d:cf:1b:56:2f:07:fc:60:d2:69:0e:8a:
1c:dd:73:f9:07:eb:f7:47:59:75:d1:df:ce:b2:7c:
d9:1c:82:1d:a3:eb:bd:06:25:48:23:63:db:1e:cd:
3f:c7:4e:9d:47:e8:56:a1:c0:b7:a1:66:ef:d6:70:
99:48:10:5f:de:70:c2:5a:6c:ec:62:39:57:a1:fd:
2c:86:5d:45:d2:af:97:5c:f7:17:f9:f7:25:a9:7c:
0d:a6:2c:93:bf:f6:5b:93:8f:2f:fa:c6:8b:8c:6d:
98:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:29:9B:D8:36:1B:E8:45:0C:5E:3C:00:32:AE:16:93:39:9C:9D:20
X509v3 Authority Key Identifier:
keyid:ED:64:69:1C:31:89:2C:C9:91:AD:4E:9A:96:71:14:77:59:E4:17:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7WRpHDGJLMmRrU6alnEUd1nkF6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/CCmb2DYb6EUMXjwAMq4WkzmcnSA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/f67d09-8923-4152-95f2-7c7db21230a3/1/7WRpHDGJLMmRrU6alnEUd1nkF6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.131.202.0/24
185.75.242.0/23
IPv6:
2a05:5502::/32
2a13:9401::-2a13:9402:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
31:e3:f2:94:c4:89:a7:03:bf:c1:70:f2:cc:47:8e:0a:97:99:
b4:45:a1:6f:89:44:ba:2a:3d:61:14:50:d7:95:00:7d:b6:bd:
bd:17:bd:ce:df:63:e3:8b:a5:b4:d7:32:dc:72:8d:c3:6d:ef:
ac:c3:b1:68:bb:73:a6:88:b1:54:55:39:41:99:6f:d9:a6:0e:
fd:18:0e:60:db:8c:21:9c:87:08:da:64:b2:a6:a7:fe:88:ee:
1d:f0:e8:8f:91:cc:cc:23:49:f9:6c:3f:00:0b:87:a8:48:64:
72:86:5a:67:db:4d:42:56:c2:c2:db:19:3d:2d:d5:aa:fa:b2:
01:72:f0:e1:79:c0:44:9b:24:25:ef:88:78:d3:2d:d2:d7:54:
1b:b2:dc:7f:2a:2a:19:d0:69:b0:22:d2:54:8e:b1:c0:e5:43:
37:3c:4b:32:6c:cc:ea:0a:b5:11:b4:aa:e0:65:18:8a:20:59:
c5:86:77:87:04:e9:7d:fb:6e:21:87:e7:e1:c6:0e:1c:02:05:
d4:aa:81:14:73:07:1a:a3:5c:8f:6e:92:36:0d:29:6f:55:87:
06:7c:80:7d:aa:e4:4f:1d:1a:f4:a3:d5:25:f1:d2:46:0e:f4:
78:24:d6:7d:14:ab:60:9a:63:61:fb:31:28:99:1b:9d:a5:10:
df:59:9c:b5
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZdobr85/NQhqgPEf3wJqXrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNjQ2OTFjMzE4OTJjYzk5MWFkNGU5YTk2NzExNDc3NTll
NDE3YWIwHhcNMjUwNjEzMDgzNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODI5OWJkODM2MWJlODQ1MGM1ZTNjMDAzMmFlMTY5MzM5OWM5ZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LYYPx4N4Dwr8Son9Pyk16D4G2/Z
kexJbTzeUUgJ61qyF8v0FGrn0KB9sluefFEegUlcXP5VDjGRk3dgcxlw8Ei7aMwB
jdOgPzu1UQHnZhJJzforyLNP7OwUdtsuLHx7SVpB2u+SQVjOe4C5zpxQcYtSq5A9
9Yue0ZOeqs0tX61e8C7D+sfTcRsEnBr6VkMLXUlgORkHMJ4dzxtWLwf8YNJpDooc
3XP5B+v3R1l10d/OsnzZHIIdo+u9BiVII2PbHs0/x06dR+hWocC3oWbv1nCZSBBf
3nDCWmzsYjlXof0shl1F0q+XXPcX+fclqXwNpiyTv/Zbk48v+saLjG2YSwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFAgpm9g2G+hFDF48ADKuFpM5nJ0gMB8GA1UdIwQY
MBaAFO1kaRwxiSzJka1OmpZxFHdZ5BerMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1dScEhER0pMTW1SclU2YWxuRVVkMW5rRjZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9mNjdkMDktODkyMy00MTUyLTk1ZjIt
N2M3ZGIyMTIzMGEzLzEvQ0NtYjJEWWI2RVVNWGp3QU1xNFdrem1jblNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9mNjdkMDktODkyMy00MTUyLTk1ZjItN2M3ZGIyMTIzMGEz
LzEvN1dScEhER0pMTW1SclU2YWxuRVVkMW5rRjZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzASBAIAATAMAwQAX4PKAwQB
uUvyMB0EAgACMBcDBQAqBVUCMA4DBQAqE5QBAwUAKhOUAjANBgkqhkiG9w0BAQsF
AAOCAQEAMePylMSJpwO/wXDyzEeOCpeZtEWhb4lEuio9YRRQ15UAfba9vRe9zt9j
44ultNcy3HKNw23vrMOxaLtzpoixVFU5QZlv2aYO/RgOYNuMIZyHCNpksqan/oju
HfDoj5HMzCNJ+Ww/AAuHqEhkcoZaZ9tNQlbCwtsZPS3VqvqyAXLw4XnARJskJe+I
eNMt0tdUG7LcfyoqGdBpsCLSVI6xwOVDNzxLMmzM6gq1EbSq4GUYiiBZxYZ3hwTp
fftuIYfn4cYOHAIF1KqBFHMHGqNcj26SNg0pb1WHBnyAfarkTx0a9KPVJfHSRg70
eCTWfRSrYJpjYfsxKJkbnaUQ31mctQ==
-----END CERTIFICATE-----
Generated at Tue Jul 29 04:18:26 2025 by rpki-client