Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/I0wb8CbTdFFFEVIhU1Pk2wCvCEI.roa
File: I0wb8CbTdFFFEVIhU1Pk2wCvCEI.roa (raw, json)
Hash identifier: BZwHm/V/iIvG9LR9O+OOJIghOSgZmmPgf5JNOckOx88=
Subject key identifier: 23:4C:1B:F0:26:D3:74:51:45:11:52:21:53:53:E4:DB:00:AF:08:42
Certificate issuer: /CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Certificate serial: 0197E41AFA17AC820EE918065A38560E73A1
Authority key identifier: 4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/I0wb8CbTdFFFEVIhU1Pk2wCvCEI.roa
Signing time: Mon 07 Jul 2025 08:57:42 +0000
ROA not before: Mon 07 Jul 2025 08:57:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21859
IP address blocks: 140.150.8.0/24 maxlen: 24
140.150.13.0/24 maxlen: 24
140.150.17.0/24 maxlen: 24
146.103.69.0/24 maxlen: 24
146.103.70.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 09 Jul 2025 11:08:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e4:1a:fa:17:ac:82:0e:e9:18:06:5a:38:56:0e:73:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b9331fa7be470dc179e16c306e98c6c731a575c
Validity
Not Before: Jul 7 08:57:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=234c1bf026d37451451152215353e4db00af0842
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:06:f5:ca:a2:f9:9e:5a:bc:54:1f:30:d3:b9:
e5:33:f8:fd:fe:56:0d:fd:93:ff:7a:be:d4:49:57:
8a:25:e0:ce:ca:29:4e:76:92:a1:1b:48:d0:03:47:
bf:8d:cf:07:d1:86:58:79:04:09:59:9d:54:61:f8:
48:97:8f:86:d0:82:1d:c7:59:64:d7:97:ea:79:3b:
3b:54:56:3d:75:fe:71:e6:c9:33:d6:19:06:91:97:
e8:32:a8:df:21:3c:9a:c8:0d:60:02:d3:ad:ba:27:
40:15:89:72:11:33:1a:6d:a5:85:bd:35:61:5e:43:
de:79:dd:c5:96:42:ac:ca:fd:b2:fb:0c:1a:07:c7:
42:85:82:8a:d7:c4:7c:f4:cc:a8:72:53:e0:e9:19:
d6:8f:60:db:59:65:0c:84:1f:fc:43:fb:ed:0e:eb:
cb:86:b4:52:08:fd:1c:7c:00:58:c2:a8:3b:1e:45:
8f:b0:0d:4d:a9:51:81:82:d3:6b:43:56:36:00:4a:
e0:a4:dd:6f:c7:d0:96:37:d1:65:6b:fe:a8:dd:e2:
1a:42:ae:ac:fc:28:d7:d6:4a:89:e3:2b:c6:ab:f5:
69:95:eb:91:ac:c5:bd:75:6c:97:9f:8e:e0:3b:4d:
16:1c:d9:7f:23:0b:3d:29:f0:b5:c2:d6:94:1f:72:
08:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:4C:1B:F0:26:D3:74:51:45:11:52:21:53:53:E4:DB:00:AF:08:42
X509v3 Authority Key Identifier:
keyid:4B:93:31:FA:7B:E4:70:DC:17:9E:16:C3:06:E9:8C:6C:73:1A:57:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S5Mx-nvkcNwXnhbDBumMbHMaV1w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/I0wb8CbTdFFFEVIhU1Pk2wCvCEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5b48a7-a0d7-43f2-a362-8b2b4738b1cc/1/S5Mx-nvkcNwXnhbDBumMbHMaV1w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
140.150.8.0/24
140.150.13.0/24
140.150.17.0/24
146.103.69.0-146.103.70.255
Signature Algorithm: sha256WithRSAEncryption
84:a6:93:43:43:39:cb:4e:c8:d2:ca:3b:b6:53:b2:18:c9:cf:
d3:8e:98:66:83:ad:43:1a:a6:61:97:1a:d7:e8:2e:65:59:7e:
47:90:97:d7:81:88:fe:29:50:41:29:e2:36:dd:89:e7:14:1c:
26:53:04:07:f7:14:6d:74:e6:ce:3b:7c:aa:e3:db:51:7b:fd:
43:b9:02:b1:8c:d8:e6:72:87:f6:72:09:58:4a:45:5d:54:59:
b5:2d:8b:17:d9:e0:ad:d9:5f:80:a7:c0:15:fc:2b:8c:3b:b0:
ce:18:1c:65:1c:d0:e4:92:75:3a:11:38:e8:fc:85:b0:9c:87:
09:7a:82:2f:2c:82:5c:a4:b4:f0:7a:1c:a8:25:a4:23:2c:e9:
ce:90:b4:ca:10:9d:d2:79:1b:a0:2e:f7:5c:71:9b:01:54:e5:
b4:06:dc:3b:4d:43:52:ce:d8:d8:e5:db:ac:40:6f:b4:74:84:
e9:92:dc:35:2f:90:80:6e:64:a0:b1:c0:5d:8f:50:02:97:55:
7f:ae:4f:10:dc:52:cd:82:96:3e:95:f2:32:64:d2:80:2b:1e:
8a:52:7e:21:86:13:50:bb:c5:a1:42:9b:f2:06:74:83:0c:60:
9e:4b:80:30:9a:ce:ef:92:90:1c:08:b3:21:b4:22:a9:e6:67:
b3:e7:33:82
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZfkGvoXrIIO6RgGWjhWDnOhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOTMzMWZhN2JlNDcwZGMxNzllMTZjMzA2ZTk4YzZjNzMx
YTU3NWMwHhcNMjUwNzA3MDg1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRjMWJmMDI2ZDM3NDUxNDUxMTUyMjE1MzUzZTRkYjAwYWYwODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzAb1yqL5nlq8VB8w07nlM/j9/lYN
/ZP/er7USVeKJeDOyilOdpKhG0jQA0e/jc8H0YZYeQQJWZ1UYfhIl4+G0IIdx1lk
15fqeTs7VFY9df5x5skz1hkGkZfoMqjfITyayA1gAtOtuidAFYlyETMabaWFvTVh
XkPeed3FlkKsyv2y+wwaB8dChYKK18R89MyoclPg6RnWj2DbWWUMhB/8Q/vtDuvL
hrRSCP0cfABYwqg7HkWPsA1NqVGBgtNrQ1Y2AErgpN1vx9CWN9Fla/6o3eIaQq6s
/CjX1kqJ4yvGq/VpleuRrMW9dWyXn47gO00WHNl/Iws9KfC1wtaUH3IIeQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFCNMG/Am03RRRRFSIVNT5NsArwhCMB8GA1UdIwQY
MBaAFEuTMfp75HDcF54WwwbpjGxzGldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjIt
OGIyYjQ3MzhiMWNjLzEvSTB3YjhDYlRkRkZGRVZJaFUxUGsyd0N2Q0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YjQ4YTctYTBkNy00M2YyLWEzNjItOGIyYjQ3MzhiMWNj
LzEvUzVNeC1udmtjTndYbmhiREJ1bU1iSE1hVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAjJYIAwQA
jJYNAwQAjJYRMAwDBACSZ0UDBACSZ0YwDQYJKoZIhvcNAQELBQADggEBAISmk0ND
OctOyNLKO7ZTshjJz9OOmGaDrUMapmGXGtfoLmVZfkeQl9eBiP4pUEEp4jbdiecU
HCZTBAf3FG105s47fKrj21F7/UO5ArGM2OZyh/ZyCVhKRV1UWbUtixfZ4K3ZX4Cn
wBX8K4w7sM4YHGUc0OSSdToROOj8hbCchwl6gi8sglyktPB6HKglpCMs6c6QtMoQ
ndJ5G6Au91xxmwFU5bQG3DtNQ1LO2Njl26xAb7R0hOmS3DUvkIBuZKCxwF2PUAKX
VX+uTxDcUs2Clj6V8jJk0oArHopSfiGGE1C7xaFCm/IGdIMMYJ5LgDCazu+SkBwI
syG0IqnmZ7PnM4I=
-----END CERTIFICATE-----
Generated at Mon Jul 28 01:10:08 2025 by rpki-client