Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/sFlxUvekYLL93U6jhD0Vd9scy88.roa
File: sFlxUvekYLL93U6jhD0Vd9scy88.roa (raw, json)
Hash identifier: 3mJGKiS3RW1rla61oM7qbWbf/5xjnHufjNVTNfPwRgM=
Subject key identifier: B0:59:71:52:F7:A4:60:B2:FD:DD:4E:A3:84:3D:15:77:DB:1C:CB:CF
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0195D361B2B2C8EC5173633DBE4B6C4BA93A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/sFlxUvekYLL93U6jhD0Vd9scy88.roa
Signing time: Wed 26 Mar 2025 16:55:50 +0000
ROA not before: Wed 26 Mar 2025 16:55:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.100.0/22 maxlen: 24
64.188.120.0/22 maxlen: 24
64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
193.23.196.0/23 maxlen: 24
193.23.199.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 04 Apr 2025 16:31:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d3:61:b2:b2:c8:ec:51:73:63:3d:be:4b:6c:4b:a9:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Mar 26 16:55:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b0597152f7a460b2fddd4ea3843d1577db1ccbcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:a6:29:56:b2:85:8f:d6:ad:6a:49:29:c9:18:
ca:e8:70:cf:1a:94:94:2a:fb:63:ac:e5:14:fa:74:
e8:81:a8:0a:64:03:e5:21:8f:fa:46:b0:72:41:86:
7c:85:ae:19:10:b4:56:93:24:2f:4e:ce:ed:5d:d4:
59:c7:43:a4:5e:f9:c8:1b:56:48:e1:85:b6:aa:29:
56:8c:22:b1:a4:32:39:51:2f:66:67:1e:42:cf:9a:
83:1a:13:66:36:e8:32:b8:3b:b1:69:2c:ad:c1:cd:
c8:3a:43:cd:46:90:59:ac:d9:30:00:48:52:94:b5:
1d:1f:28:2e:00:ee:98:2e:7e:8e:b5:9e:b4:48:d7:
96:27:67:b1:10:f4:42:8c:2e:97:1e:ae:ab:11:0c:
66:d4:d6:15:3f:43:a0:04:13:39:6a:81:80:46:64:
9a:cb:b7:47:bf:06:89:d8:d7:b4:3b:65:2b:a4:98:
a1:f5:8c:ad:54:85:aa:44:ef:67:6a:10:58:1b:ca:
7c:df:5a:b6:91:08:21:30:80:f8:dd:94:d8:77:7d:
86:81:0d:c6:4a:70:bd:77:67:98:39:bd:49:84:0b:
e9:0f:4d:ad:d6:c5:79:ce:08:47:15:c2:d1:bb:14:
83:dd:f4:21:a4:6e:e3:43:95:3d:2d:43:f6:31:17:
23:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:59:71:52:F7:A4:60:B2:FD:DD:4E:A3:84:3D:15:77:DB:1C:CB:CF
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/sFlxUvekYLL93U6jhD0Vd9scy88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.100.0/22
64.188.120.0/21
185.216.104.0/22
193.23.196.0/23
193.23.199.0/24
Signature Algorithm: sha256WithRSAEncryption
b6:ed:61:d3:64:41:95:0b:ec:c8:67:3c:11:a5:a5:97:c8:71:
44:27:3b:33:05:7c:4a:22:ba:c0:1e:49:3e:2a:f7:8f:1c:05:
7c:4c:ae:6d:98:40:97:f0:1f:74:03:40:bc:ca:c8:c1:8d:d7:
2f:c2:55:54:fb:6d:d2:bf:24:7b:5c:dd:9c:47:e4:71:48:42:
67:1f:82:d6:4a:84:70:12:87:5d:43:db:dd:fe:55:ce:92:3a:
69:59:9a:77:b8:bd:64:19:fb:8c:15:2c:ae:ca:00:75:fe:f3:
3d:0a:9d:36:27:7f:28:ba:f7:85:72:29:ef:c0:b4:67:41:2c:
88:28:12:ad:4c:bf:1e:30:9d:7d:02:47:ec:81:11:dd:04:38:
48:86:af:8c:de:2d:d0:47:40:41:a3:6e:ee:21:4a:b0:ad:a6:
1e:0e:0d:c7:bf:2e:83:19:93:5b:b1:d2:8c:08:1d:5d:06:b3:
34:0e:ee:0f:ec:da:43:c8:cd:fd:87:7d:02:be:df:f7:36:82:
00:e6:56:9f:b4:d7:06:27:3b:53:07:d2:5a:38:c0:7d:01:b8:
8f:1b:f7:f7:70:84:db:e2:bc:c1:f5:52:9d:74:73:df:27:a4:
77:da:2b:f8:19:71:b2:9f:1a:3f:76:bb:2f:34:3a:03:1b:e6:
76:94:9b:44
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZXTYbKyyOxRc2M9vktsS6k6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwMzI2MTY1NTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDU5NzE1MmY3YTQ2MGIyZmRkZDRlYTM4NDNkMTU3N2RiMWNjYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56YpVrKFj9atakkpyRjK6HDPGpSU
KvtjrOUU+nTogagKZAPlIY/6RrByQYZ8ha4ZELRWkyQvTs7tXdRZx0OkXvnIG1ZI
4YW2qilWjCKxpDI5US9mZx5Cz5qDGhNmNugyuDuxaSytwc3IOkPNRpBZrNkwAEhS
lLUdHyguAO6YLn6OtZ60SNeWJ2exEPRCjC6XHq6rEQxm1NYVP0OgBBM5aoGARmSa
y7dHvwaJ2Ne0O2UrpJih9YytVIWqRO9nahBYG8p831q2kQghMID43ZTYd32GgQ3G
SnC9d2eYOb1JhAvpD02t1sV5zghHFcLRuxSD3fQhpG7jQ5U9LUP2MRcjPQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLBZcVL3pGCy/d1Oo4Q9FXfbHMvPMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvc0ZseFV2ZWtZTEw5M1U2amhEMFZkOXNjeTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCQLxkAwQD
QLx4AwQCudhoAwQBwRfEAwQAwRfHMA0GCSqGSIb3DQEBCwUAA4IBAQC27WHTZEGV
C+zIZzwRpaWXyHFEJzszBXxKIrrAHkk+KvePHAV8TK5tmECX8B90A0C8ysjBjdcv
wlVU+23SvyR7XN2cR+RxSEJnH4LWSoRwEoddQ9vd/lXOkjppWZp3uL1kGfuMFSyu
ygB1/vM9Cp02J38ouveFcinvwLRnQSyIKBKtTL8eMJ19AkfsgRHdBDhIhq+M3i3Q
R0BBo27uIUqwraYeDg3Hvy6DGZNbsdKMCB1dBrM0Du4P7NpDyM39h30Cvt/3NoIA
5laftNcGJztTB9JaOMB9AbiPG/f3cITb4rzB9VKddHPfJ6R32iv4GXGynxo/drsv
NDoDG+Z2lJtE
-----END CERTIFICATE-----
Generated at Sun Apr 20 20:51:30 2025 by rpki-client