Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/8KN7FLuhX0ghMYyoylsuo5uqgIg.roa
File: 8KN7FLuhX0ghMYyoylsuo5uqgIg.roa (raw, json)
Hash identifier: gq9lWHR/YyOwVGCr4IY3yZST6744SEKJbPqpI9wu+Tg=
Subject key identifier: F0:A3:7B:14:BB:A1:5F:48:21:31:8C:A8:CA:5B:2E:A3:9B:AA:80:88
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0197F50E0F7066A33B4612A980014117690E
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/8KN7FLuhX0ghMYyoylsuo5uqgIg.roa
Signing time: Thu 10 Jul 2025 15:57:08 +0000
ROA not before: Thu 10 Jul 2025 15:57:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a0a:c383::/32 maxlen: 32
2a11:5881::/32 maxlen: 32
2a11:5882::/32 maxlen: 32
2a11:b785::/32 maxlen: 32
2a11:be81::/32 maxlen: 32
2a11:be86::/32 maxlen: 32
2a11:c707::/32 maxlen: 32
2a12:1941::/32 maxlen: 32
2a12:2c40::/32 maxlen: 32
2a12:4c06::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 16 Jul 2025 19:44:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f5:0e:0f:70:66:a3:3b:46:12:a9:80:01:41:17:69:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Jul 10 15:57:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0a37b14bba15f4821318ca8ca5b2ea39baa8088
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:1f:af:ed:b6:61:19:71:59:81:7a:a8:24:07:
66:3b:de:60:2b:77:3c:dc:4f:34:32:38:3d:39:a3:
0f:05:e7:2d:11:68:16:88:c7:52:58:33:72:3b:cf:
0b:4a:f9:fa:c8:54:dc:e2:75:62:59:5a:2e:95:e4:
9e:86:66:b6:51:5a:8d:dd:10:70:8f:69:73:63:05:
d1:e5:81:a3:8e:26:db:69:ab:9b:6f:11:4e:ef:d3:
60:62:3d:d9:26:4d:bf:2e:e8:47:cb:4e:13:0a:58:
83:f7:5e:cb:be:92:43:d7:74:fc:ae:76:e9:63:c3:
10:16:03:d3:3b:b8:7c:40:0b:5b:9d:33:50:6d:6f:
d9:ba:f2:a9:e5:60:1a:1b:64:9d:f5:33:2a:36:52:
c4:ab:04:ef:82:1f:c9:ab:fe:7c:0e:59:bd:a7:c3:
68:5a:8a:3b:31:19:18:26:2c:f5:da:54:b6:69:52:
b8:02:b0:8e:26:93:eb:6f:09:89:24:a8:76:44:f5:
50:ad:dc:69:80:5a:22:bc:26:45:a4:86:01:33:55:
b0:68:07:5d:16:cc:37:01:e8:83:58:76:60:df:2d:
fc:f2:c2:bf:1f:18:b8:f6:b8:01:f4:04:c9:ea:a4:
24:58:90:1b:22:38:2c:54:e0:92:3e:9f:46:e0:91:
0f:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:A3:7B:14:BB:A1:5F:48:21:31:8C:A8:CA:5B:2E:A3:9B:AA:80:88
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/8KN7FLuhX0ghMYyoylsuo5uqgIg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:c383::/32
2a11:5881::-2a11:5882:ffff:ffff:ffff:ffff:ffff:ffff
2a11:b785::/32
2a11:be81::/32
2a11:be86::/32
2a11:c707::/32
2a12:1941::/32
2a12:2c40::/32
2a12:4c06::/32
Signature Algorithm: sha256WithRSAEncryption
8a:ce:25:5f:d8:60:e8:10:54:e6:5c:f6:69:92:e6:cf:55:6d:
cf:df:2c:f9:1f:0b:24:bd:70:c6:dc:e0:67:8f:81:68:f7:c2:
06:ce:c4:72:38:40:9d:26:46:bc:bf:0b:30:9e:24:1d:53:c0:
a5:9e:68:2f:8a:69:7a:be:5f:61:fd:70:4a:b4:32:a8:b3:cf:
01:c4:88:11:69:4d:19:bf:ab:5e:41:4f:3f:c4:65:bd:1b:0b:
6c:70:b0:03:c6:ed:ff:7f:dd:d8:af:db:eb:3e:c5:8d:5c:cf:
a0:39:d8:81:3f:3e:97:96:cd:f8:ee:08:b5:cd:4f:6c:a7:3c:
fd:13:d0:10:7b:f0:45:60:48:2a:6c:aa:bb:c4:05:97:1d:01:
07:6e:98:a9:62:b2:01:f4:ee:d0:a6:3c:56:89:54:a1:b6:3b:
6b:23:01:f7:fc:49:68:07:83:da:79:ef:58:f4:e7:44:e3:d4:
57:1f:ae:ba:ac:af:d2:7f:3b:1c:ec:31:a0:3b:ee:28:d6:1a:
fe:c7:05:59:53:25:e9:d9:6b:39:c4:b1:33:19:10:72:b8:74:
21:6d:a5:f5:cb:8c:f2:0f:ec:24:80:b7:fc:36:61:9a:41:66:
58:24:9a:2f:d0:e5:3f:25:c3:64:e9:69:60:df:fc:c2:45:17:
0c:16:2b:e4
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZf1Dg9wZqM7RhKpgAFBF2kOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzEwMTU1NzA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGEzN2IxNGJiYTE1ZjQ4MjEzMThjYThjYTViMmVhMzliYWE4MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx+v7bZhGXFZgXqoJAdmO95gK3c8
3E80Mjg9OaMPBectEWgWiMdSWDNyO88LSvn6yFTc4nViWVouleSehma2UVqN3RBw
j2lzYwXR5YGjjibbaaubbxFO79NgYj3ZJk2/LuhHy04TCliD917LvpJD13T8rnbp
Y8MQFgPTO7h8QAtbnTNQbW/ZuvKp5WAaG2Sd9TMqNlLEqwTvgh/Jq/58Dlm9p8No
Woo7MRkYJiz12lS2aVK4ArCOJpPrbwmJJKh2RPVQrdxpgFoivCZFpIYBM1WwaAdd
Fsw3AeiDWHZg3y388sK/Hxi49rgB9ATJ6qQkWJAbIjgsVOCSPp9G4JEPwwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPCjexS7oV9IITGMqMpbLqObqoCIMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvOEtON0ZMdWhYMGdoTVl5b3lsc3VvNXVxZ0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAAjBIAwUAKgrDgzAO
AwUAKhFYgQMFACoRWIIDBQAqEbeFAwUAKhG+gQMFACoRvoYDBQAqEccHAwUAKhIZ
QQMFACoSLEADBQAqEkwGMA0GCSqGSIb3DQEBCwUAA4IBAQCKziVf2GDoEFTmXPZp
kubPVW3P3yz5HwskvXDG3OBnj4Fo98IGzsRyOECdJka8vwswniQdU8Clnmgviml6
vl9h/XBKtDKos88BxIgRaU0Zv6teQU8/xGW9GwtscLADxu3/f93Yr9vrPsWNXM+g
OdiBPz6Xls347gi1zU9spzz9E9AQe/BFYEgqbKq7xAWXHQEHbpipYrIB9O7QpjxW
iVShtjtrIwH3/EloB4Paee9Y9OdE49RXH666rK/Sfzsc7DGgO+4o1hr+xwVZUyXp
2Ws5xLEzGRByuHQhbaX1y4zyD+wkgLf8NmGaQWZYJJov0OU/JcNk6Wlg3/zCRRcM
Fivk
-----END CERTIFICATE-----
Generated at Tue Jul 29 07:42:18 2025 by rpki-client