Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/zikazhNMVzZY-VE5oZVZqe5rrBY.roa
File: zikazhNMVzZY-VE5oZVZqe5rrBY.roa (raw, json)
Hash identifier: yDulPDFBhcKVKC4M0ub4upG0mPBjP39tmzpf/FG3ikM=
Subject key identifier: CE:29:1A:CE:13:4C:57:36:58:F9:51:39:A1:95:59:A9:EE:6B:AC:16
Certificate issuer: /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial: 0197F4FBC16F2DAE43D9997B89075771DD40
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/zikazhNMVzZY-VE5oZVZqe5rrBY.roa
Signing time: Thu 10 Jul 2025 15:37:09 +0000
ROA not before: Thu 10 Jul 2025 15:37:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a11:3080::/32 maxlen: 32
2a11:3d05::/32 maxlen: 32
2a11:3d07::/32 maxlen: 32
2a11:7087::/32 maxlen: 32
2a11:d382::/32 maxlen: 32
2a11:d704::/32 maxlen: 32
2a12:24c0::/32 maxlen: 32
2a12:35c0::/32 maxlen: 32
2a12:35c1::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 10 Jul 2025 15:44:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f4:fb:c1:6f:2d:ae:43:d9:99:7b:89:07:57:71:dd:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Validity
Not Before: Jul 10 15:37:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ce291ace134c573658f95139a19559a9ee6bac16
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:c4:77:08:7e:81:21:dd:9c:96:f1:b6:9c:ee:
c6:48:76:a7:0c:93:a4:6d:43:da:b5:55:64:3b:93:
9f:86:58:96:8a:4e:09:4a:7d:64:9a:7e:3b:3f:4c:
7c:61:7e:98:56:cb:91:38:00:86:cf:80:20:dc:27:
00:ca:38:ed:94:d1:bc:17:a6:60:95:7e:86:c7:18:
b8:40:ef:8a:b2:7f:ef:bb:64:d0:af:48:1c:48:a0:
f2:c5:d0:47:9c:5e:b7:25:09:e1:09:21:e6:b9:4e:
77:78:84:f7:bc:6d:64:b2:5e:fa:e1:c2:1b:fc:7d:
74:a1:fe:e4:c8:4a:a1:68:73:bd:f1:1b:3a:7b:d1:
67:90:69:1a:b3:ea:c0:fa:78:be:dc:61:0b:60:cf:
1e:86:b0:c1:c3:3e:d7:aa:c1:40:c7:46:d0:51:59:
ad:91:ff:fc:f8:e4:56:fa:c9:ad:37:ba:50:a4:f6:
38:a5:40:b1:7f:a5:44:b3:fb:dd:44:f3:81:4e:3c:
ae:7c:65:3c:23:3c:b6:8f:35:57:26:80:13:9c:bd:
c5:00:75:0f:3a:b6:b6:24:2b:a7:2f:96:bd:50:65:
7b:1a:dc:8c:ef:dc:f1:a8:15:79:00:cf:a5:c8:08:
b6:8e:3a:d1:9e:f5:92:da:9d:55:69:7c:01:09:f8:
d8:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:29:1A:CE:13:4C:57:36:58:F9:51:39:A1:95:59:A9:EE:6B:AC:16
X509v3 Authority Key Identifier:
keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/zikazhNMVzZY-VE5oZVZqe5rrBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:3080::/32
2a11:3d05::/32
2a11:3d07::/32
2a11:7087::/32
2a11:d382::/32
2a11:d704::/32
2a12:24c0::/32
2a12:35c0::/31
Signature Algorithm: sha256WithRSAEncryption
11:ad:62:6b:ca:8f:01:c6:16:ef:1d:c1:f7:fe:db:32:9e:77:
3c:d9:e9:6b:7d:7a:f7:23:28:c6:22:81:ff:7b:1d:d1:5f:81:
e1:6d:99:e6:21:5c:39:31:be:dd:f5:7b:65:6f:05:c9:08:c6:
95:61:75:99:4e:01:61:f6:eb:b8:2a:5b:54:10:63:7f:6b:c0:
54:a7:ee:12:ac:2e:56:39:4b:b2:92:f2:2b:22:0f:6f:53:bf:
8c:75:50:94:90:4b:f3:d0:4e:dd:33:84:37:1d:49:a8:b1:77:
d0:c9:7f:34:0d:7c:08:f9:94:76:61:6d:f0:91:93:36:77:72:
db:e8:a4:cf:c1:ef:0b:cf:f0:6d:4f:b6:14:bf:65:3a:32:1f:
17:b4:8f:af:73:79:fe:a1:35:c8:ff:12:97:f2:59:67:84:24:
35:65:ed:59:bc:00:23:5f:56:99:8c:14:90:e0:62:a2:41:24:
ee:81:c4:84:b7:ee:f9:4a:27:c8:ef:83:eb:a7:8c:7a:18:a1:
cd:b0:46:6e:b4:7a:15:b1:cb:0c:0b:10:b5:cb:96:2a:50:02:
f4:99:da:1a:78:62:e0:e3:56:3e:4f:b6:68:ff:9b:26:5c:a7:
4f:34:13:80:ba:dc:41:b1:77:95:9f:bc:c3:7e:ad:ad:30:45:
59:21:82:4d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZf0+8FvLa5D2Zl7iQdXcd1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjUwNzEwMTUzNzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTI5MWFjZTEzNGM1NzM2NThmOTUxMzlhMTk1NTlhOWVlNmJhYzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8R3CH6BId2clvG2nO7GSHanDJOk
bUPatVVkO5OfhliWik4JSn1kmn47P0x8YX6YVsuROACGz4Ag3CcAyjjtlNG8F6Zg
lX6Gxxi4QO+Ksn/vu2TQr0gcSKDyxdBHnF63JQnhCSHmuU53eIT3vG1ksl764cIb
/H10of7kyEqhaHO98Rs6e9FnkGkas+rA+ni+3GELYM8ehrDBwz7XqsFAx0bQUVmt
kf/8+ORW+smtN7pQpPY4pUCxf6VEs/vdRPOBTjyufGU8Izy2jzVXJoATnL3FAHUP
Ora2JCunL5a9UGV7GtyM79zxqBV5AM+lyAi2jjrRnvWS2p1VaXwBCfjY2wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFM4pGs4TTFc2WPlROaGVWanua6wWMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvemlrYXpoTk1WelpZLVZFNW9aVlpxZTVyckJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKhEwgAMF
ACoRPQUDBQAqET0HAwUAKhFwhwMFACoR04IDBQAqEdcEAwUAKhIkwAMFASoSNcAw
DQYJKoZIhvcNAQELBQADggEBABGtYmvKjwHGFu8dwff+2zKedzzZ6Wt9evcjKMYi
gf97HdFfgeFtmeYhXDkxvt31e2VvBckIxpVhdZlOAWH267gqW1QQY39rwFSn7hKs
LlY5S7KS8isiD29Tv4x1UJSQS/PQTt0zhDcdSaixd9DJfzQNfAj5lHZhbfCRkzZ3
ctvopM/B7wvP8G1PthS/ZToyHxe0j69zef6hNcj/EpfyWWeEJDVl7Vm8ACNfVpmM
FJDgYqJBJO6BxIS37vlKJ8jvg+unjHoYoc2wRm60ehWxywwLELXLlipQAvSZ2hp4
YuDjVj5Ptmj/myZcp080E4C63EGxd5WfvMN+ra0wRVkhgk0=
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:30:19 2025 by rpki-client