Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/rh-NKFwHTW9c0hQRmmI2wdYqQEc.roa
File: rh-NKFwHTW9c0hQRmmI2wdYqQEc.roa (raw, json)
Hash identifier: MU98si80aHjrVNBafeeHijSmgrP1brbVUVKV0mSc8u0=
Subject key identifier: AE:1F:8D:28:5C:07:4D:6F:5C:D2:14:11:9A:62:36:C1:D6:2A:40:47
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0197CC583750DB70632B0C3CCBF0FC030ECF
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/rh-NKFwHTW9c0hQRmmI2wdYqQEc.roa
Signing time: Wed 02 Jul 2025 18:13:42 +0000
ROA not before: Wed 02 Jul 2025 18:13:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206873
IP address blocks: 2a0a:c384::/32 maxlen: 32
2a11:5884::/32 maxlen: 32
2a11:be82::/32 maxlen: 32
2a11:c703::/32 maxlen: 32
2a12:1944::/32 maxlen: 32
2a12:1cc0::/32 maxlen: 32
2a12:2c42::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 07 Jul 2025 17:46:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:cc:58:37:50:db:70:63:2b:0c:3c:cb:f0:fc:03:0e:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Jul 2 18:13:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ae1f8d285c074d6f5cd214119a6236c1d62a4047
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:ad:f9:f9:75:4d:17:c7:5f:11:50:59:5e:83:
95:96:c5:a0:7e:c4:c5:7e:c8:a2:35:2c:00:08:42:
db:97:ec:4d:f0:a2:9c:ed:c4:e7:de:68:b3:94:82:
bb:a9:39:9f:f2:75:01:5b:77:45:55:f9:7a:a5:ff:
f4:0b:d4:8c:8a:c9:00:31:aa:11:75:0e:b8:4f:0e:
25:60:58:6a:64:9a:d6:47:b5:9b:8b:8b:7a:3a:af:
8b:53:d3:aa:33:52:7f:5a:85:d3:e2:af:25:e9:50:
16:a1:bd:57:2e:64:9a:83:39:42:be:11:a7:2b:2b:
43:b2:f3:66:9f:12:55:f9:0c:82:ce:89:6f:77:5c:
c6:91:af:d7:43:70:69:25:51:06:52:37:82:a6:6e:
ea:bd:37:93:0d:e5:44:5c:dd:7a:c1:99:40:ac:75:
dd:f7:9c:cd:91:a9:65:3c:47:5e:dd:3b:55:cd:58:
9d:14:29:db:c7:4b:54:3c:9b:74:f9:9e:6e:de:1b:
c7:27:3a:df:b3:d5:c6:3c:18:3a:58:d6:63:21:82:
55:27:b2:d2:4d:8a:de:b1:62:bf:ce:e9:61:cb:1a:
56:3a:3f:74:dc:ad:e6:ed:89:2f:53:cd:eb:be:db:
25:35:a0:c8:eb:99:15:43:4c:bb:61:74:8c:f6:43:
38:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:1F:8D:28:5C:07:4D:6F:5C:D2:14:11:9A:62:36:C1:D6:2A:40:47
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/rh-NKFwHTW9c0hQRmmI2wdYqQEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0a:c384::/32
2a11:5884::/32
2a11:be82::/32
2a11:c703::/32
2a12:1944::/32
2a12:1cc0::/32
2a12:2c42::/32
Signature Algorithm: sha256WithRSAEncryption
d4:9f:9a:24:ac:66:92:0f:02:45:31:f6:42:8f:7b:0c:c3:a3:
cc:c3:d3:4a:3b:b3:a6:d6:e6:1c:53:bf:19:16:83:36:c3:74:
79:a9:2d:22:7a:c5:2b:7c:f6:b5:93:2f:ae:df:ad:7e:37:33:
b1:24:b2:34:ed:19:c2:81:c3:f4:1a:f3:46:b3:1d:86:be:02:
9e:7a:1d:0e:d1:e8:3d:07:87:d6:96:60:95:9f:5c:3f:3c:1c:
90:69:db:34:cf:f5:cb:2c:1a:93:ed:eb:f4:30:1d:c9:a9:d9:
72:ec:29:77:e6:38:db:4b:cc:70:37:52:a3:12:c7:f2:c5:46:
ff:13:72:a8:08:52:5e:a8:5d:4d:10:7f:99:54:45:36:b8:4c:
92:82:37:a0:4d:e7:8f:08:01:ef:3e:a2:81:d1:1e:cd:a6:cf:
a4:7f:5e:2d:a0:6a:20:48:7d:a2:cb:a0:42:60:a0:e4:d6:c2:
5f:52:0e:89:d7:05:1e:30:14:7c:c3:51:30:81:20:81:3d:5d:
68:0f:2b:a9:5d:19:83:5a:35:9a:d4:97:a4:70:c2:1c:07:89:
40:2b:6e:19:3d:df:53:de:a2:33:70:69:88:f1:c3:28:5d:f2:
03:53:d8:8a:4b:94:4a:ed:70:da:0e:f4:0a:e0:37:dd:dc:d3:
3b:60:58:92
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZfMWDdQ23BjKww8y/D8Aw7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwNzAyMTgxMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFmOGQyODVjMDc0ZDZmNWNkMjE0MTE5YTYyMzZjMWQ2MmE0MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6K35+XVNF8dfEVBZXoOVlsWgfsTF
fsiiNSwACELbl+xN8KKc7cTn3mizlIK7qTmf8nUBW3dFVfl6pf/0C9SMiskAMaoR
dQ64Tw4lYFhqZJrWR7Wbi4t6Oq+LU9OqM1J/WoXT4q8l6VAWob1XLmSagzlCvhGn
KytDsvNmnxJV+QyCzolvd1zGka/XQ3BpJVEGUjeCpm7qvTeTDeVEXN16wZlArHXd
95zNkallPEde3TtVzVidFCnbx0tUPJt0+Z5u3hvHJzrfs9XGPBg6WNZjIYJVJ7LS
TYresWK/zulhyxpWOj903K3m7YkvU83rvtslNaDI65kVQ0y7YXSM9kM4SQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFK4fjShcB01vXNIUEZpiNsHWKkBHMB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvcmgtTktGd0hUVzljMGhRUm1tSTJ3ZFlxUUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTA3BAIAAjAxAwUAKgrDhAMF
ACoRWIQDBQAqEb6CAwUAKhHHAwMFACoSGUQDBQAqEhzAAwUAKhIsQjANBgkqhkiG
9w0BAQsFAAOCAQEA1J+aJKxmkg8CRTH2Qo97DMOjzMPTSjuzptbmHFO/GRaDNsN0
eaktInrFK3z2tZMvrt+tfjczsSSyNO0ZwoHD9BrzRrMdhr4CnnodDtHoPQeH1pZg
lZ9cPzwckGnbNM/1yywak+3r9DAdyanZcuwpd+Y420vMcDdSoxLH8sVG/xNyqAhS
XqhdTRB/mVRFNrhMkoI3oE3njwgB7z6igdEezabPpH9eLaBqIEh9osugQmCg5NbC
X1IOidcFHjAUfMNRMIEggT1daA8rqV0Zg1o1mtSXpHDCHAeJQCtuGT3fU96iM3Bp
iPHDKF3yA1PYikuUSu1w2g70CuA33dzTO2BYkg==
-----END CERTIFICATE-----
Generated at Tue Jul 29 07:38:08 2025 by rpki-client