Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/ZW-49AkImbm9bP6UVRjkA6oB2hU.roa
File: ZW-49AkImbm9bP6UVRjkA6oB2hU.roa (raw, json)
Hash identifier: SjdJNoDj+4h3DP/cQaNgFktOGSMN5gL1nQ9+DjBcvi4=
Subject key identifier: 65:6F:B8:F4:09:08:99:B9:BD:6C:FE:94:55:18:E4:03:AA:01:DA:15
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0197CC583682E16DFF912C4D6A04DD78C9DC
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/ZW-49AkImbm9bP6UVRjkA6oB2hU.roa
Signing time: Wed 02 Jul 2025 18:13:42 +0000
ROA not before: Wed 02 Jul 2025 18:13:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200019
IP address blocks: 2a0a:c382::/32 maxlen: 32
2a11:5887::/32 maxlen: 32
2a11:be80::/32 maxlen: 32
2a11:c705::/32 maxlen: 32
2a12:1946::/32 maxlen: 32
2a12:2c44::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 07 Jul 2025 17:46:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:cc:58:36:82:e1:6d:ff:91:2c:4d:6a:04:dd:78:c9:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Jul 2 18:13:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=656fb8f4090899b9bd6cfe945518e403aa01da15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:ca:ad:f5:77:be:55:2f:f7:10:1c:0a:e8:19:
83:fb:83:bb:a4:fc:64:ba:1a:90:ce:c8:3f:67:2c:
4e:bf:8e:cc:67:70:d9:d3:03:a6:ca:90:d8:33:fa:
a5:21:41:0f:57:69:20:02:6e:db:0c:6b:dd:e5:f0:
e9:74:fa:24:49:b7:d6:2f:8a:65:b7:49:95:b8:e7:
f9:35:fe:df:5f:00:59:fd:78:ba:29:f4:99:19:aa:
ff:64:89:4b:ab:67:b0:fc:12:27:67:aa:69:e2:12:
6b:e2:0e:a6:8c:00:a4:7b:df:59:0c:bd:bb:0c:e2:
d4:88:13:d9:bc:18:73:89:6d:8e:5f:47:b6:f5:2e:
fe:93:1a:05:89:fe:58:42:57:56:c2:bf:34:e4:07:
b0:56:d0:d4:f7:a3:d0:10:fd:ac:38:f9:fc:20:f5:
14:8c:1f:01:31:69:a3:be:8f:9d:34:b9:c7:eb:95:
b5:c1:6c:e5:a6:99:a7:26:61:4d:5a:25:25:84:c2:
d6:06:a4:f1:cb:af:16:a7:02:fc:c8:c8:18:f4:93:
bf:b7:aa:98:81:9a:8b:43:fc:6a:19:cc:db:6e:ec:
27:b2:ba:5d:1a:7c:64:65:3d:f9:44:10:7b:fc:55:
7f:36:8d:8c:bc:a6:b6:e7:59:8f:8e:2b:1f:24:bb:
01:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:6F:B8:F4:09:08:99:B9:BD:6C:FE:94:55:18:E4:03:AA:01:DA:15
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/ZW-49AkImbm9bP6UVRjkA6oB2hU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:c382::/32
2a11:5887::/32
2a11:be80::/32
2a11:c705::/32
2a12:1946::/32
2a12:2c44::/32
Signature Algorithm: sha256WithRSAEncryption
ba:f8:64:1d:56:ca:47:6a:fd:74:bf:90:20:15:36:08:c9:19:
21:2d:2c:1b:c9:70:64:fb:44:81:cc:91:37:81:a1:22:3f:1d:
da:e4:fb:8b:5d:98:ed:48:6b:26:99:33:5b:ea:36:0f:35:be:
9b:31:fa:ab:8f:24:f6:9e:6c:ff:2c:3d:1b:9a:3e:17:c8:5c:
48:67:43:9d:4c:a0:ba:e7:1a:63:be:cc:87:e8:2f:ec:08:a1:
1f:73:f2:e2:7d:15:1e:ee:38:d2:72:2b:90:94:63:4c:8d:f2:
c2:2c:9e:aa:e0:bd:63:c5:aa:0a:d0:53:99:57:f5:75:50:fa:
52:7f:0b:2b:ec:78:ed:4c:cf:9e:49:74:63:98:09:a7:0e:7a:
f4:63:63:9d:e0:68:47:27:d4:8d:ee:48:74:bf:ac:77:ce:14:
f9:35:97:d3:a7:cc:bc:09:1b:fd:73:87:b5:d5:5e:dd:2c:15:
04:5c:37:0a:20:f4:40:30:f4:72:a5:36:21:13:f0:fc:90:90:
05:51:5b:88:2f:e9:11:80:f7:14:e3:ec:b1:b2:0d:8f:b7:11:
e5:3b:ce:c5:7a:b3:e6:f2:5d:e6:2d:96:c9:ea:c8:96:36:c8:
60:16:43:71:d1:0e:62:cb:d4:5e:2b:15:fe:da:49:09:86:49:
a1:3e:c7:10
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZfMWDaC4W3/kSxNagTdeMncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzAyMTgxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTZmYjhmNDA5MDg5OWI5YmQ2Y2ZlOTQ1NTE4ZTQwM2FhMDFkYTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMqt9Xe+VS/3EBwK6BmD+4O7pPxk
uhqQzsg/ZyxOv47MZ3DZ0wOmypDYM/qlIUEPV2kgAm7bDGvd5fDpdPokSbfWL4pl
t0mVuOf5Nf7fXwBZ/Xi6KfSZGar/ZIlLq2ew/BInZ6pp4hJr4g6mjACke99ZDL27
DOLUiBPZvBhziW2OX0e29S7+kxoFif5YQldWwr805AewVtDU96PQEP2sOPn8IPUU
jB8BMWmjvo+dNLnH65W1wWzlppmnJmFNWiUlhMLWBqTxy68WpwL8yMgY9JO/t6qY
gZqLQ/xqGczbbuwnsrpdGnxkZT35RBB7/FV/No2MvKa251mPjisfJLsBeQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGVvuPQJCJm5vWz+lFUY5AOqAdoVMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvWlctNDlBa0ltYm05YlA2VVZSamtBNm9CMmhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUAKgrDggMF
ACoRWIcDBQAqEb6AAwUAKhHHBQMFACoSGUYDBQAqEixEMA0GCSqGSIb3DQEBCwUA
A4IBAQC6+GQdVspHav10v5AgFTYIyRkhLSwbyXBk+0SBzJE3gaEiPx3a5PuLXZjt
SGsmmTNb6jYPNb6bMfqrjyT2nmz/LD0bmj4XyFxIZ0OdTKC65xpjvsyH6C/sCKEf
c/LifRUe7jjSciuQlGNMjfLCLJ6q4L1jxaoK0FOZV/V1UPpSfwsr7HjtTM+eSXRj
mAmnDnr0Y2Od4GhHJ9SN7kh0v6x3zhT5NZfTp8y8CRv9c4e11V7dLBUEXDcKIPRA
MPRypTYhE/D8kJAFUVuIL+kRgPcU4+yxsg2PtxHlO87FerPm8l3mLZbJ6siWNshg
FkNx0Q5iy9ReKxX+2kkJhkmhPscQ
-----END CERTIFICATE-----
Generated at Tue Jul 29 07:50:33 2025 by rpki-client