Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
File: AS21859.roa (raw, json)
Hash identifier: Mv5ifP2U19GP/zYhzeamQ2zt25AKUZTAjbS0Uq/6s5o=
Subject key identifier: 21:BE:67:54:AD:45:28:4E:27:0B:B9:58:FB:3D:AF:8C:CA:F3:FC:FC
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 66B0D0C42CB764BBB406B638D948F0C482513B39
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
Signing time: Sun 15 Jun 2025 12:58:13 +0000
ROA not before: Sun 15 Jun 2025 12:53:13 +0000
ROA not after: Sun 14 Jun 2026 12:58:13 +0000
asID: 21859
IP address blocks: 143.20.47.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 16 Jun 2025 11:03:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:b0:d0:c4:2c:b7:64:bb:b4:06:b6:38:d9:48:f0:c4:82:51:3b:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 15 12:53:13 2025 GMT
Not After : Jun 14 12:58:13 2026 GMT
Subject: CN=21BE6754AD45284E270BB958FB3DAF8CCAF3FCFC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:30:15:ee:a6:58:86:aa:7d:6a:c2:92:94:44:
2c:4b:a7:f9:11:63:04:c7:a1:95:be:bb:3d:6f:30:
0c:71:78:13:ee:98:57:de:a3:50:44:e9:72:9b:8c:
c9:c5:83:35:3c:3b:c0:6f:39:85:d5:f7:f8:bd:e7:
4a:01:a5:9b:27:61:d3:b9:15:5d:45:0e:3e:1d:d0:
59:95:34:86:32:4c:e1:52:96:88:6d:21:67:32:f3:
a2:78:cb:63:db:97:76:82:82:56:7c:b7:0a:d9:e2:
42:58:94:84:4a:1d:2e:e3:da:ed:97:63:ab:2d:99:
78:b8:de:01:3c:9b:d3:04:26:0f:31:63:21:1a:7a:
15:4b:9f:54:73:a3:d1:84:9d:4c:3a:e7:ec:59:00:
47:b8:f7:2f:72:62:a1:6b:6a:59:f5:4b:e0:b5:64:
2f:73:fc:e3:64:e0:12:a2:5b:b7:17:53:64:55:03:
d3:87:cd:c8:03:b1:98:8c:2e:7d:73:5d:8c:7e:b0:
e3:c8:09:67:33:de:77:36:a2:71:16:b3:c2:a6:ee:
66:97:07:79:69:f3:27:21:4e:46:51:b3:fe:47:06:
d7:df:67:78:f0:56:f2:34:84:13:0a:5c:8f:87:a9:
99:99:4e:28:b1:4a:1a:72:c9:9f:3f:50:be:b7:d4:
28:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:BE:67:54:AD:45:28:4E:27:0B:B9:58:FB:3D:AF:8C:CA:F3:FC:FC
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS21859.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.47.0/24
Signature Algorithm: sha256WithRSAEncryption
00:d5:bc:4b:15:02:e9:50:2b:9b:7d:6a:7c:96:e5:35:da:8c:
01:8d:8f:4b:d7:49:d6:37:fb:03:e9:a5:4c:78:43:4c:f0:b1:
ec:6f:ba:12:a3:dc:28:50:f7:15:16:11:4a:80:8d:af:42:7d:
e8:c3:98:f5:fc:39:0e:cd:6c:02:6e:a5:bd:04:0e:e7:51:df:
99:ca:e9:a8:b2:28:c8:53:07:69:d6:ac:96:3d:a3:60:90:9b:
0c:eb:7c:52:8f:50:ec:07:e9:a9:ae:6c:b4:2d:f6:96:b3:f9:
b3:84:b2:95:bc:fe:c3:36:b9:9e:52:1d:e2:9c:19:c8:c9:68:
86:78:e4:98:bd:58:2b:23:e2:9c:36:24:5f:12:43:df:03:db:
a1:1c:23:a0:d1:84:b2:70:39:e1:50:3e:bb:e0:d4:bf:da:ee:
87:80:4c:d9:bd:24:24:c9:73:5b:19:4e:bd:37:4b:c8:ab:db:
01:28:59:bd:3d:2b:ba:b8:5d:b2:f4:68:13:79:c5:0f:da:0d:
d3:28:29:54:cf:ea:63:3a:a3:fd:0e:0e:1a:03:3a:49:52:c7:
f0:66:53:36:31:4d:70:f0:57:94:ac:6c:f0:c9:d3:25:ce:df:
49:b8:bf:4a:b5:39:14:4f:f1:3a:a4:c5:2f:d1:3b:1e:38:ed:
d2:6c:31:58
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZrDQxCy3ZLu0BrY42UjwxIJROzkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MTUxMjUzMTNaFw0yNjA2MTQxMjU4MTNaMDMxMTAvBgNV
BAMTKDIxQkU2NzU0QUQ0NTI4NEUyNzBCQjk1OEZCM0RBRjhDQ0FGM0ZDRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAMBXupliGqn1qwpKURCxLp/kR
YwTHoZW+uz1vMAxxeBPumFfeo1BE6XKbjMnFgzU8O8BvOYXV9/i950oBpZsnYdO5
FV1FDj4d0FmVNIYyTOFSlohtIWcy86J4y2Pbl3aCglZ8twrZ4kJYlIRKHS7j2u2X
Y6stmXi43gE8m9MEJg8xYyEaehVLn1Rzo9GEnUw65+xZAEe49y9yYqFraln1S+C1
ZC9z/ONk4BKiW7cXU2RVA9OHzcgDsZiMLn1zXYx+sOPICWcz3nc2onEWs8Km7maX
B3lp8ychTkZRs/5HBtffZ3jwVvI0hBMKXI+HqZmZTiixShpyyZ8/UL631Cg7AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUIb5nVK1FKE4nC7lY+z2vjMrz/PwwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMjE4NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFC8w
DQYJKoZIhvcNAQELBQADggEBAADVvEsVAulQK5t9anyW5TXajAGNj0vXSdY3+wPp
pUx4Q0zwsexvuhKj3ChQ9xUWEUqAja9CfejDmPX8OQ7NbAJupb0EDudR35nK6aiy
KMhTB2nWrJY9o2CQmwzrfFKPUOwH6amubLQt9paz+bOEspW8/sM2uZ5SHeKcGcjJ
aIZ45Ji9WCsj4pw2JF8SQ98D26EcI6DRhLJwOeFQPrvg1L/a7oeATNm9JCTJc1sZ
Tr03S8ir2wEoWb09K7q4XbL0aBN5xQ/aDdMoKVTP6mM6o/0ODhoDOklSx/BmUzYx
TXDwV5SsbPDJ0yXO30m4v0q1ORRP8TqkxS/ROx447dJsMVg=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:28:13 2025 by rpki-client