Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lfLENC2otANuIcnWAPLZe8L5qzs.roa
File: lfLENC2otANuIcnWAPLZe8L5qzs.roa (raw, json)
Hash identifier: gi/d1K05rkR0Go3BNKHM4YVxW3xEAbzdzzK7CscgZUU=
Subject key identifier: 95:F2:C4:34:2D:A8:B4:03:6E:21:C9:D6:00:F2:D9:7B:C2:F9:AB:3B
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 0197E6009A770487CF69071F8036BD72D098
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lfLENC2otANuIcnWAPLZe8L5qzs.roa
Signing time: Mon 07 Jul 2025 17:48:08 +0000
ROA not before: Mon 07 Jul 2025 17:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200019
IP address blocks: 2a0c:2843::/32 maxlen: 32
2a11:15c3::/32 maxlen: 32
2a11:15c4::/32 maxlen: 32
2a12:4143::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 10 Jul 2025 15:57:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:e6:00:9a:77:04:87:cf:69:07:1f:80:36:bd:72:d0:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Jul 7 17:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95f2c4342da8b4036e21c9d600f2d97bc2f9ab3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:1b:f7:f0:49:52:98:5f:09:cb:29:34:27:37:
f3:80:b7:76:54:02:c7:0b:38:d8:41:50:1f:da:4b:
20:02:f7:d1:05:19:5d:cc:af:b7:61:c8:f9:3f:00:
a1:2c:37:f5:d2:90:1b:55:90:83:e4:b3:be:21:76:
ae:b4:31:f1:17:36:04:a5:aa:9f:29:49:a9:81:dc:
32:d8:e1:9c:b2:f7:1c:b2:80:22:e4:1d:bb:a5:00:
ff:a8:5e:68:dd:e7:2b:e5:d3:dc:bc:82:14:5e:97:
68:97:86:f2:07:a0:74:44:a4:5a:19:00:1a:53:3f:
4e:c6:7c:9c:64:ed:30:3c:c6:87:a6:85:83:fd:cb:
50:8f:f5:00:c2:a5:79:4a:eb:e7:9c:af:6c:93:28:
cc:7e:07:f5:03:9f:ef:86:5f:ba:69:92:fa:94:84:
e7:9b:50:fe:9a:e0:a9:58:82:96:90:84:50:72:b4:
1c:59:21:16:4a:fa:58:54:79:a0:71:36:ec:aa:20:
6f:9d:04:e1:d8:1f:8d:38:ed:50:e4:e0:1a:01:6a:
52:6d:72:bf:35:6a:f7:6a:0f:78:c0:c5:f6:98:ac:
3c:5e:c5:2a:2f:e8:e3:27:07:f7:7b:85:fc:e9:c5:
22:73:dd:ca:5e:00:08:36:22:96:2d:df:b3:57:2d:
db:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:F2:C4:34:2D:A8:B4:03:6E:21:C9:D6:00:F2:D9:7B:C2:F9:AB:3B
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/lfLENC2otANuIcnWAPLZe8L5qzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0c:2843::/32
2a11:15c3::-2a11:15c4:ffff:ffff:ffff:ffff:ffff:ffff
2a12:4143::/32
Signature Algorithm: sha256WithRSAEncryption
58:51:c5:ce:46:e2:6c:6d:5e:d4:ba:d7:07:98:38:77:d6:5a:
b0:66:6e:b4:68:82:89:ee:f7:28:e5:e9:73:81:55:02:c8:bd:
a7:02:8f:97:b3:6e:77:5e:45:64:0b:80:af:58:5d:fc:57:9a:
be:8e:af:d0:03:59:29:3e:5e:d2:3b:4d:ff:d0:71:42:4e:6c:
3c:54:12:88:d9:74:c8:7a:19:a2:53:70:e4:c5:c7:1d:ea:36:
b4:f7:4f:85:bc:ac:ba:4d:16:71:ce:06:d9:f1:34:06:d3:99:
a2:a5:ad:c6:45:2a:e4:54:2a:e3:87:af:1f:d9:72:5c:4d:33:
8e:e5:cb:29:7e:8c:41:e7:11:fa:2e:d9:16:e2:7c:92:f5:20:
55:8c:84:e1:08:a3:57:42:7f:56:3c:85:e5:d3:10:24:37:dc:
80:05:e6:1a:8c:1b:c2:ee:1c:ab:89:d2:96:24:3f:a5:ea:cd:
e0:70:d1:09:95:8f:16:76:94:e3:e1:5b:4f:9c:52:ab:ab:36:
c8:b6:a7:e0:0a:3a:7c:11:1d:56:63:49:c4:4f:08:d3:59:2a:
e6:0b:45:25:52:bf:09:8a:14:00:1c:d1:04:ae:f8:38:1a:75:
be:97:f6:29:72:b5:fb:af:45:82:9f:c0:f4:0a:1f:b9:ee:33:
25:a1:d4:5e
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZfmAJp3BIfPaQcfgDa9ctCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjUwNzA3MTc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWYyYzQzNDJkYThiNDAzNmUyMWM5ZDYwMGYyZDk3YmMyZjlhYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRv38ElSmF8Jyyk0JzfzgLd2VALH
CzjYQVAf2ksgAvfRBRldzK+3Ycj5PwChLDf10pAbVZCD5LO+IXautDHxFzYEpaqf
KUmpgdwy2OGcsvccsoAi5B27pQD/qF5o3ecr5dPcvIIUXpdol4byB6B0RKRaGQAa
Uz9OxnycZO0wPMaHpoWD/ctQj/UAwqV5SuvnnK9skyjMfgf1A5/vhl+6aZL6lITn
m1D+muCpWIKWkIRQcrQcWSEWSvpYVHmgcTbsqiBvnQTh2B+NOO1Q5OAaAWpSbXK/
NWr3ag94wMX2mKw8XsUqL+jjJwf3e4X86cUic93KXgAINiKWLd+zVy3bgQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJXyxDQtqLQDbiHJ1gDy2XvC+as7MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvbGZMRU5DMm90QU51SWNuV0FQTFplOEw1cXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAAjAeAwUAKgwoQzAO
AwUAKhEVwwMFACoRFcQDBQAqEkFDMA0GCSqGSIb3DQEBCwUAA4IBAQBYUcXORuJs
bV7UutcHmDh31lqwZm60aIKJ7vco5elzgVUCyL2nAo+Xs253XkVkC4CvWF38V5q+
jq/QA1kpPl7SO03/0HFCTmw8VBKI2XTIehmiU3Dkxccd6ja090+FvKy6TRZxzgbZ
8TQG05mipa3GRSrkVCrjh68f2XJcTTOO5cspfoxB5xH6LtkW4nyS9SBVjIThCKNX
Qn9WPIXl0xAkN9yABeYajBvC7hyridKWJD+l6s3gcNEJlY8WdpTj4VtPnFKrqzbI
tqfgCjp8ER1WY0nETwjTWSrmC0UlUr8JihQAHNEErvg4GnW+l/YpcrX7r0WCn8D0
Ch+57jMlodRe
-----END CERTIFICATE-----
Generated at Sun Jul 27 05:06:05 2025 by rpki-client