Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/2elaEg5Jag-hMlgTiNw-PkZ-xD0.roa
File: 2elaEg5Jag-hMlgTiNw-PkZ-xD0.roa (raw, json)
Hash identifier: Q32/iZKZw/soVpK8fIw7t+0pApGE8ABF03Lzl+vSFZI=
Subject key identifier: D9:E9:5A:12:0E:49:6A:0F:A1:32:58:13:88:DC:3E:3E:46:7E:C4:3D
Certificate issuer: /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial: 019804D29F0AA9CDFC4F6992019C1423BEFE
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/2elaEg5Jag-hMlgTiNw-PkZ-xD0.roa
Signing time: Sun 13 Jul 2025 17:26:08 +0000
ROA not before: Sun 13 Jul 2025 17:26:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8849
IP address blocks: 5.42.206.0/24 maxlen: 24
5.44.249.0/24 maxlen: 24
31.222.226.0/24 maxlen: 24
62.122.187.0/24 maxlen: 24
88.210.36.0/23 maxlen: 24
89.36.162.0/24 maxlen: 24
89.36.163.0/24 maxlen: 24
89.40.226.0/24 maxlen: 24
91.192.81.0/24 maxlen: 24
95.81.107.0/24 maxlen: 24
95.174.68.0/24 maxlen: 24
95.174.69.0/24 maxlen: 24
95.174.70.0/24 maxlen: 24
95.174.71.0/24 maxlen: 24
103.97.91.0/24 maxlen: 24
103.111.112.0/22 maxlen: 22
103.253.36.0/24 maxlen: 24
109.122.200.0/23 maxlen: 23
109.122.207.0/24 maxlen: 24
146.19.196.0/24 maxlen: 24
158.255.76.0/24 maxlen: 24
176.97.192.0/24 maxlen: 24
185.140.210.0/24 maxlen: 24
185.140.211.0/24 maxlen: 24
185.147.53.0/24 maxlen: 24
185.224.249.0/24 maxlen: 24
185.230.245.0/24 maxlen: 24
193.35.224.0/24 maxlen: 24
213.111.130.0/24 maxlen: 24
213.111.131.0/24 maxlen: 24
213.111.142.0/24 maxlen: 24
2a06:f901:4000::/36 maxlen: 36
2a06:f901:8000::/36 maxlen: 36
2a06:f901:c000::/36 maxlen: 36
2a06:f902:4000::/36 maxlen: 36
2a06:f902:8000::/36 maxlen: 36
2a06:f903:4000::/36 maxlen: 36
Validation: Failed, certificate revoked on Mon 14 Jul 2025 09:52:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:04:d2:9f:0a:a9:cd:fc:4f:69:92:01:9c:14:23:be:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Validity
Not Before: Jul 13 17:26:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9e95a120e496a0fa132581388dc3e3e467ec43d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:79:6a:fa:d9:37:f5:a3:b0:bb:90:f0:83:f5:
67:64:4d:c0:6b:08:8c:cc:ac:65:d0:96:cb:cf:2d:
5c:b2:36:eb:3f:21:df:c1:33:ce:73:c4:2e:73:bc:
89:a5:8d:db:1b:e5:10:fb:ff:fd:e3:a8:3f:c7:60:
4a:ff:18:8d:0b:3b:75:c3:bf:b0:ef:0a:26:18:bf:
67:cd:36:dd:a8:b6:65:53:cb:b2:f3:80:48:59:ea:
3e:9b:7c:b9:ab:a2:0e:5b:1f:76:b7:e7:4c:51:76:
53:d2:79:dd:c2:1e:dc:6b:61:4e:b5:87:c4:11:db:
1a:d2:c2:d6:3b:5d:39:32:5b:5d:34:67:e0:76:ff:
ce:2d:20:15:11:c9:cc:5f:41:c4:12:0d:6d:ab:17:
09:5b:f0:06:63:40:d4:85:32:6b:5d:96:e5:04:c8:
8b:f5:e7:ca:c1:95:bb:50:2f:fb:5d:d0:ff:0a:2f:
1d:07:e1:bf:38:87:49:4a:7c:01:09:89:9c:ef:3c:
29:03:3b:25:99:5b:50:ac:89:49:b4:4c:b0:c4:0b:
1e:d7:e4:2b:22:6f:90:63:e2:b9:7e:dd:60:78:a2:
af:23:6b:70:f4:b2:47:f1:5f:60:10:45:70:ab:67:
55:3c:29:53:fb:42:c3:80:d7:95:4f:bd:67:cc:e8:
ed:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:E9:5A:12:0E:49:6A:0F:A1:32:58:13:88:DC:3E:3E:46:7E:C4:3D
X509v3 Authority Key Identifier:
keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/2elaEg5Jag-hMlgTiNw-PkZ-xD0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.206.0/24
5.44.249.0/24
31.222.226.0/24
62.122.187.0/24
88.210.36.0/23
89.36.162.0/23
89.40.226.0/24
91.192.81.0/24
95.81.107.0/24
95.174.68.0/22
103.97.91.0/24
103.111.112.0/22
103.253.36.0/24
109.122.200.0/23
109.122.207.0/24
146.19.196.0/24
158.255.76.0/24
176.97.192.0/24
185.140.210.0/23
185.147.53.0/24
185.224.249.0/24
185.230.245.0/24
193.35.224.0/24
213.111.130.0/23
213.111.142.0/24
IPv6:
2a06:f901:4000::/36
2a06:f901:8000::/36
2a06:f901:c000::/36
2a06:f902:4000::/36
2a06:f902:8000::/36
2a06:f903:4000::/36
Signature Algorithm: sha256WithRSAEncryption
92:80:a4:bd:52:ca:3f:c9:63:38:f3:61:c1:9b:46:8d:f1:0a:
b9:d2:2c:cb:c6:73:8a:7d:8f:fd:6d:d7:ed:fa:a8:51:f7:bd:
bb:eb:e9:67:7e:54:ce:cb:67:0f:f9:66:18:27:cf:53:d1:f7:
54:5a:d9:28:ca:e8:15:c3:6f:99:25:95:d8:41:c7:b7:aa:e9:
79:00:df:35:0e:e3:6a:62:11:38:2c:42:24:92:87:1a:bd:da:
56:67:a9:c9:45:04:ec:5c:5c:a4:e8:1b:c7:0d:33:6f:47:88:
e1:27:0a:30:0a:d7:f7:48:68:7d:0e:1e:7f:25:6b:18:28:89:
8b:2b:4c:b9:ae:f4:ca:aa:cc:fc:f2:53:e3:f7:19:85:8d:65:
31:ec:bd:76:4c:09:c0:41:29:d7:cc:45:73:16:44:9e:4e:da:
9f:6b:3c:f8:ae:ff:0f:53:b9:5e:f6:c7:39:6a:c7:5c:c4:b2:
e7:b7:c3:e3:ec:f2:01:57:0d:87:ee:6f:d6:9e:06:9e:89:eb:
a6:d1:fc:c3:fb:a1:05:60:74:ce:40:b3:b1:85:3d:59:d0:15:
5d:b8:3d:ac:de:0f:df:e5:bb:9c:5e:c1:b6:fc:49:b0:35:41:
c3:8a:b5:d8:8e:e1:d6:92:f0:1f:e0:98:ae:b8:2c:6f:b9:02:
59:0e:57:5f
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZgE0p8Kqc38T2mSAZwUI77+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjUwNzEzMTcyNjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWU5NWExMjBlNDk2YTBmYTEzMjU4MTM4OGRjM2UzZTQ2N2VjNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3lq+tk39aOwu5Dwg/VnZE3AawiM
zKxl0JbLzy1csjbrPyHfwTPOc8Quc7yJpY3bG+UQ+//946g/x2BK/xiNCzt1w7+w
7womGL9nzTbdqLZlU8uy84BIWeo+m3y5q6IOWx92t+dMUXZT0nndwh7ca2FOtYfE
Edsa0sLWO105MltdNGfgdv/OLSAVEcnMX0HEEg1tqxcJW/AGY0DUhTJrXZblBMiL
9efKwZW7UC/7XdD/Ci8dB+G/OIdJSnwBCYmc7zwpAzslmVtQrIlJtEywxAse1+Qr
Im+QY+K5ft1geKKvI2tw9LJH8V9gEEVwq2dVPClT+0LDgNeVT71nzOjteQIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFNnpWhIOSWoPoTJYE4jcPj5GfsQ9MB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvMmVsYUVnNUphZy1oTWxnVGlOdy1Qa1oteEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCBnQQCAAEwgZYDBAAF
Ks4DBAAFLPkDBAAf3uIDBAA+ersDBAFY0iQDBAFZJKIDBABZKOIDBABbwFEDBABf
UWsDBAJfrkQDBABnYVsDBAJnb3ADBABn/SQDBAFtesgDBABtes8DBACSE8QDBACe
/0wDBACwYcADBAG5jNIDBAC5kzUDBAC54PkDBAC55vUDBADBI+ADBAHVb4IDBADV
b44wNgQCAAIwMAMGBCoG+QFAAwYEKgb5AYADBgQqBvkBwAMGBCoG+QJAAwYEKgb5
AoADBgQqBvkDQDANBgkqhkiG9w0BAQsFAAOCAQEAkoCkvVLKP8ljOPNhwZtGjfEK
udIsy8Zzin2P/W3X7fqoUfe9u+vpZ35UzstnD/lmGCfPU9H3VFrZKMroFcNvmSWV
2EHHt6rpeQDfNQ7jamIROCxCJJKHGr3aVmepyUUE7FxcpOgbxw0zb0eI4ScKMArX
90hofQ4efyVrGCiJiytMua70yqrM/PJT4/cZhY1lMey9dkwJwEEp18xFcxZEnk7a
n2s8+K7/D1O5XvbHOWrHXMSy57fD4+zyAVcNh+5v1p4GnonrptH8w/uhBWB0zkCz
sYU9WdAVXbg9rN4P3+W7nF7BtvxJsDVBw4q12I7h1pLwH+CYrrgsb7kCWQ5XXw==
-----END CERTIFICATE-----
Generated at Wed Jul 23 23:44:11 2025 by rpki-client