Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rK9XlzaWRITRSUkeCFYqI7MYapQ.roa
File: rK9XlzaWRITRSUkeCFYqI7MYapQ.roa (raw, json)
Hash identifier: +hssJrtLVVP+57zxCB3vD5pXsfBFiUyhjnlq/b1C5ZA=
Subject key identifier: AC:AF:57:97:36:96:44:84:D1:49:49:1E:08:56:2A:23:B3:18:6A:94
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 0197E46B8DE710BE82EACF434BE5DE8E5044
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rK9XlzaWRITRSUkeCFYqI7MYapQ.roa
Signing time: Mon 07 Jul 2025 10:25:43 +0000
ROA not before: Mon 07 Jul 2025 10:25:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57043
IP address blocks: 31.56.42.0/23 maxlen: 23
31.56.220.0/24 maxlen: 24
31.57.52.0/24 maxlen: 24
31.57.238.0/24 maxlen: 24
31.58.87.0/24 maxlen: 24
31.59.168.0/23 maxlen: 23
31.59.172.0/24 maxlen: 24
31.59.173.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 09 Jul 2025 13:53:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e4:6b:8d:e7:10:be:82:ea:cf:43:4b:e5:de:8e:50:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Jul 7 10:25:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=acaf579736964484d149491e08562a23b3186a94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:51:bd:8e:e3:e5:d8:a1:91:a3:4a:d1:cb:fe:
a2:b2:e4:5b:50:fc:23:33:fa:5e:34:d0:2d:27:12:
ae:ea:c2:b9:27:ad:8b:86:a8:43:6a:f7:d9:92:4e:
e3:49:09:b9:08:cb:d3:66:11:96:e3:67:34:76:20:
20:b8:ac:07:db:75:7b:42:e8:e9:f8:28:37:47:d7:
37:10:c7:ff:94:fd:d4:6b:ee:bb:bd:00:08:aa:d0:
eb:2e:55:46:b7:96:80:43:d7:a0:ab:b6:c7:a4:58:
66:a1:15:67:9a:95:6e:2b:a9:ce:b0:9e:77:44:2d:
0e:b0:e1:f4:b1:53:c4:29:80:84:7f:24:d7:58:cc:
b7:6b:b9:c2:26:bf:46:4c:9c:cd:7c:05:be:18:7e:
4e:3b:8d:05:2e:a3:1c:4b:09:37:82:87:9e:be:cc:
8c:3d:c6:bf:ef:4a:33:80:f7:e9:45:a7:e9:e4:88:
4e:78:6d:d0:00:6b:26:ed:7c:ee:3e:01:37:1a:cc:
2a:83:3f:87:8c:7e:07:11:76:b8:6a:3b:4d:34:fe:
1c:03:12:be:da:4b:07:bb:00:37:7b:ad:63:7a:1e:
60:48:e6:b6:37:7b:0f:b5:0f:29:ce:58:12:1c:d2:
91:3c:d9:a0:fd:c8:ce:e8:1c:2b:bd:f6:4d:3d:34:
5f:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:AF:57:97:36:96:44:84:D1:49:49:1E:08:56:2A:23:B3:18:6A:94
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/rK9XlzaWRITRSUkeCFYqI7MYapQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.42.0/23
31.56.220.0/24
31.57.52.0/24
31.57.238.0/24
31.58.87.0/24
31.59.168.0/23
31.59.172.0/23
Signature Algorithm: sha256WithRSAEncryption
61:db:bd:99:c6:7f:68:98:e9:a1:89:f3:38:be:67:bf:c0:ad:
6b:cc:1f:1a:f5:9a:98:76:cf:1b:21:d5:6d:da:2e:60:46:25:
09:30:4f:71:32:af:40:69:c8:34:ff:27:57:e7:b8:c2:67:0e:
13:de:13:76:24:cc:20:54:23:fd:17:d9:e7:a5:6a:8d:83:f5:
39:6e:4f:2c:d9:b1:99:5a:11:fc:fb:ec:30:db:ad:da:61:bb:
28:54:f0:5b:07:ba:f6:45:33:0c:e9:c6:08:0e:20:54:31:42:
7f:8a:45:25:27:86:48:0d:4a:b0:3b:fb:a3:7f:7f:d9:36:eb:
b9:18:d2:80:9b:76:10:ed:49:9b:c1:ff:6d:34:f6:a4:07:c0:
a2:95:92:ff:97:4d:5f:18:05:08:14:cc:2b:18:33:4c:b9:b9:
25:ed:6c:95:ec:8e:b9:26:4f:a2:25:7f:68:6f:6c:e2:91:5e:
fc:88:38:b5:fc:ad:42:33:de:4b:41:3b:84:08:2c:17:df:e9:
cb:15:db:c9:60:96:fc:90:0c:ab:4b:6d:d9:b7:30:0c:71:4b:
59:86:0f:ec:6a:df:5a:43:52:e9:5a:a4:62:9f:a5:4c:2c:74:
99:33:c2:fc:48:eb:32:9a:f9:31:2b:af:88:8e:8c:1c:8d:32:
e9:b7:4b:f4
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZfka43nEL6C6s9DS+XejlBEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwNzA3MTAyNTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2FmNTc5NzM2OTY0NDg0ZDE0OTQ5MWUwODU2MmEyM2IzMTg2YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFG9juPl2KGRo0rRy/6isuRbUPwj
M/peNNAtJxKu6sK5J62LhqhDavfZkk7jSQm5CMvTZhGW42c0diAguKwH23V7Qujp
+Cg3R9c3EMf/lP3Ua+67vQAIqtDrLlVGt5aAQ9egq7bHpFhmoRVnmpVuK6nOsJ53
RC0OsOH0sVPEKYCEfyTXWMy3a7nCJr9GTJzNfAW+GH5OO40FLqMcSwk3goeevsyM
Pca/70ozgPfpRafp5IhOeG3QAGsm7XzuPgE3Gswqgz+HjH4HEXa4ajtNNP4cAxK+
2ksHuwA3e61jeh5gSOa2N3sPtQ8pzlgSHNKRPNmg/cjO6BwrvfZNPTRfAQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKyvV5c2lkSE0UlJHghWKiOzGGqUMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvcks5WGx6YVdSSVRSU1VrZUNGWXFJN01ZYXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBHzgqAwQA
HzjcAwQAHzk0AwQAHznuAwQAHzpXAwQBHzuoAwQBHzusMA0GCSqGSIb3DQEBCwUA
A4IBAQBh272Zxn9omOmhifM4vme/wK1rzB8a9ZqYds8bIdVt2i5gRiUJME9xMq9A
acg0/ydX57jCZw4T3hN2JMwgVCP9F9nnpWqNg/U5bk8s2bGZWhH8++ww263aYbso
VPBbB7r2RTMM6cYIDiBUMUJ/ikUlJ4ZIDUqwO/ujf3/ZNuu5GNKAm3YQ7Umbwf9t
NPakB8CilZL/l01fGAUIFMwrGDNMubkl7WyV7I65Jk+iJX9ob2zikV78iDi1/K1C
M95LQTuECCwX3+nLFdvJYJb8kAyrS23ZtzAMcUtZhg/sat9aQ1LpWqRin6VMLHSZ
M8L8SOsymvkxK6+IjowcjTLpt0v0
-----END CERTIFICATE-----
Generated at Tue Jul 29 07:40:55 2025 by rpki-client