Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8QZUIYRH73f4LQLujGPvLkPVbgE.roa
File: 8QZUIYRH73f4LQLujGPvLkPVbgE.roa (raw, json)
Hash identifier: MV2rGKUVjOasWfx05T1EddvvCyurVJY7AArNHPjNqig=
Subject key identifier: F1:06:54:21:84:47:EF:77:F8:2D:02:EE:8C:63:EF:2E:43:D5:6E:01
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0195C45F3A591EC1FAF0A5EAD990ABC249F3
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8QZUIYRH73f4LQLujGPvLkPVbgE.roa
Signing time: Sun 23 Mar 2025 18:58:49 +0000
ROA not before: Sun 23 Mar 2025 18:58:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.100.0/22 maxlen: 24
64.188.120.0/22 maxlen: 24
64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
193.23.192.0/22 maxlen: 24
193.23.196.0/23 maxlen: 24
193.23.199.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 26 Mar 2025 16:55:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:c4:5f:3a:59:1e:c1:fa:f0:a5:ea:d9:90:ab:c2:49:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 23 18:58:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f10654218447ef77f82d02ee8c63ef2e43d56e01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:5d:ed:e5:e9:e9:7e:cd:7c:ef:db:51:8e:28:
c3:7f:56:52:3a:bd:1b:d0:5b:72:95:fd:47:f6:35:
19:58:eb:e5:95:7d:f1:3e:e1:7c:40:ad:dd:57:89:
80:08:49:7c:37:51:0e:bd:56:98:5b:42:46:9c:dc:
26:e0:4a:01:88:0c:af:0b:29:13:fe:7f:38:7e:93:
8c:f6:6a:29:e9:f0:67:05:3b:6e:63:76:38:83:61:
a1:8c:4d:da:1e:13:2c:f4:cc:f9:7b:f4:a1:41:a9:
45:74:ae:08:7f:7d:c1:dc:2d:29:62:f5:79:40:c9:
0c:18:5f:f4:22:b5:b7:54:8f:82:af:c7:21:3f:cf:
b1:f2:a1:e9:33:8d:62:0e:ad:1a:b0:86:ac:75:5c:
6e:60:71:f5:5a:16:12:83:39:35:9c:f6:a3:17:10:
4c:ec:eb:b8:b6:9a:dc:4c:7e:48:cf:fb:e7:02:03:
6a:29:64:7c:33:45:84:6c:80:fd:4c:47:e3:dc:ad:
6f:fa:28:e6:1d:3c:fc:8b:ed:e5:71:14:07:3c:72:
90:3f:b4:21:7d:b8:9c:72:5f:52:5f:ef:9a:8a:ae:
ca:55:d8:31:31:15:89:61:87:b9:79:61:2d:79:3e:
ce:cc:5c:97:6e:b8:72:d4:70:57:f0:39:8a:1e:56:
cb:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:06:54:21:84:47:EF:77:F8:2D:02:EE:8C:63:EF:2E:43:D5:6E:01
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8QZUIYRH73f4LQLujGPvLkPVbgE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.100.0/22
64.188.120.0/21
185.216.104.0/22
193.23.192.0-193.23.197.255
193.23.199.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:d7:1c:f2:26:03:ac:2c:c2:9c:93:b4:94:d4:c6:74:08:95:
30:cd:55:95:e5:dd:17:98:e7:e7:1e:8e:fa:46:4f:57:0a:76:
9a:51:cf:ca:88:dd:99:3e:ac:c2:05:04:73:49:cb:59:53:3a:
52:4a:88:7b:7f:e6:fd:a4:f7:c1:07:6e:5a:08:60:18:3e:09:
b4:a9:90:ed:f9:4c:b4:e1:f4:4f:29:34:31:3a:e5:46:c6:53:
6f:9f:a4:b7:60:53:87:66:8d:db:42:74:9f:cc:71:f9:29:65:
c4:90:ae:0d:7f:ea:fe:5f:74:71:ee:3e:ce:13:fe:79:8c:51:
2b:b0:a3:bd:67:6d:b8:16:1d:11:99:c9:72:b1:f8:9d:40:86:
c0:2e:8e:cf:3d:8b:7e:25:89:5e:13:c4:37:18:f8:05:ea:29:
2f:15:13:a3:65:a0:44:5d:93:ab:3a:10:b6:df:96:51:e8:f9:
dc:d6:1a:b1:5f:89:0a:50:d4:35:b6:95:76:4b:1d:0b:9d:3e:
fc:81:e1:5b:d3:0b:07:67:d7:9b:31:31:29:33:c2:fd:ef:1b:
e6:55:2a:e1:67:e6:b2:83:dd:a3:cc:84:1c:01:40:0d:c2:09:
fe:c9:a7:48:2f:81:3d:fd:bf:e7:54:11:44:a2:ec:a0:ef:82:
75:20:80:de
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZXEXzpZHsH68KXq2ZCrwknzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzIzMTg1ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTA2NTQyMTg0NDdlZjc3ZjgyZDAyZWU4YzYzZWYyZTQzZDU2ZTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv13t5enpfs1879tRjijDf1ZSOr0b
0Ftylf1H9jUZWOvllX3xPuF8QK3dV4mACEl8N1EOvVaYW0JGnNwm4EoBiAyvCykT
/n84fpOM9mop6fBnBTtuY3Y4g2GhjE3aHhMs9Mz5e/ShQalFdK4If33B3C0pYvV5
QMkMGF/0IrW3VI+Cr8chP8+x8qHpM41iDq0asIasdVxuYHH1WhYSgzk1nPajFxBM
7Ou4tprcTH5Iz/vnAgNqKWR8M0WEbID9TEfj3K1v+ijmHTz8i+3lcRQHPHKQP7Qh
fbiccl9SX++aiq7KVdgxMRWJYYe5eWEteT7OzFyXbrhy1HBX8DmKHlbLBwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFPEGVCGER+93+C0C7oxj7y5D1W4BMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOFFaVUlZUkg3M2Y0TFFMdWpHUHZMa1BWYmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCQLxkAwQD
QLx4AwQCudhoMAwDBAbBF8ADBAHBF8QDBADBF8cwDQYJKoZIhvcNAQELBQADggEB
AEvXHPImA6wswpyTtJTUxnQIlTDNVZXl3ReY5+cejvpGT1cKdppRz8qI3Zk+rMIF
BHNJy1lTOlJKiHt/5v2k98EHbloIYBg+CbSpkO35TLTh9E8pNDE65UbGU2+fpLdg
U4dmjdtCdJ/McfkpZcSQrg1/6v5fdHHuPs4T/nmMUSuwo71nbbgWHRGZyXKx+J1A
hsAujs89i34liV4TxDcY+AXqKS8VE6NloERdk6s6ELbfllHo+dzWGrFfiQpQ1DW2
lXZLHQudPvyB4VvTCwdn15sxMSkzwv3vG+ZVKuFn5rKD3aPMhBwBQA3CCf7Jp0gv
gT39v+dUEUSi7KDvgnUggN4=
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:12:04 2025 by rpki-client