Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HFZ3tbhX2mUhnBnh1Z4qx18bDdo.roa
File: HFZ3tbhX2mUhnBnh1Z4qx18bDdo.roa (raw, json)
Hash identifier: gK0y9TGgEJ4q/X8hYiWJ/0yaB8rT40/DSu09dfiVPAM=
Subject key identifier: 1C:56:77:B5:B8:57:DA:65:21:9C:19:E1:D5:9E:2A:C7:5F:1B:0D:DA
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428251565F7CE130F0752CD4F6B47B4FC
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HFZ3tbhX2mUhnBnh1Z4qx18bDdo.roa
Signing time: Thu 02 Jan 2025 17:51:46 +0000
ROA not before: Thu 02 Jan 2025 17:51:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215590
IP address blocks: 194.87.192.0/22 maxlen: 22
194.87.192.0/24 maxlen: 24
194.87.193.0/24 maxlen: 24
194.87.194.0/24 maxlen: 24
194.87.195.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 30 Jan 2025 15:51:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:15:65:f7:ce:13:0f:07:52:cd:4f:6b:47:b4:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c5677b5b857da65219c19e1d59e2ac75f1b0dda
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:c3:99:6e:20:85:69:fd:6b:38:43:33:c7:5e:
84:4a:0f:63:f7:9d:9e:d5:e9:62:6a:90:08:ba:39:
38:2d:53:8e:23:b1:93:6e:a3:92:a5:52:dc:ac:15:
36:84:d8:e8:bc:a3:b7:47:f7:b1:9e:68:cf:98:96:
38:46:73:88:f0:7b:4f:05:50:f6:3f:5a:fd:8c:e2:
38:76:a5:b7:2a:be:38:1b:6a:72:86:93:6a:1d:bb:
1b:89:7a:5b:16:f0:2b:e0:10:4f:92:0d:c7:60:51:
73:58:2a:fc:28:81:55:aa:e2:f6:8e:b2:d2:ce:c5:
f7:5e:03:5d:61:41:b8:80:32:86:f0:e8:3f:f1:7a:
36:c5:98:92:6d:09:e2:b6:49:0a:5f:d9:5b:11:aa:
c6:e6:57:b6:c9:f2:6a:35:19:5a:57:a1:7a:04:67:
fa:d1:94:15:dd:d8:3e:f3:7b:f1:6a:68:3f:e1:b9:
70:f9:38:13:b3:c3:c2:ad:c2:9d:e9:04:53:04:05:
56:2d:4d:0a:7d:48:d2:4e:f6:0f:a0:49:5f:d8:4b:
54:fd:20:69:37:b1:7e:56:f9:60:8a:33:6f:9e:f9:
b4:4b:10:a2:1a:c8:e0:bd:56:75:9a:e6:6c:d1:21:
6f:76:1f:a1:7b:02:07:fb:97:3b:8c:b5:43:02:dc:
55:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:56:77:B5:B8:57:DA:65:21:9C:19:E1:D5:9E:2A:C7:5F:1B:0D:DA
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/HFZ3tbhX2mUhnBnh1Z4qx18bDdo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.192.0/22
Signature Algorithm: sha256WithRSAEncryption
44:c4:3d:2b:bb:9b:90:50:34:8e:34:22:1d:4a:bd:10:4e:8d:
8b:07:58:00:3c:38:1a:a4:16:44:a2:77:54:c7:28:25:0a:f8:
b6:d1:01:ab:c5:4f:53:4d:43:a8:88:61:e8:7c:3d:ed:01:0a:
64:38:5e:ec:45:b4:14:3a:8c:ca:7a:81:c3:97:22:11:02:9b:
c9:66:62:8c:98:cf:e4:72:62:aa:5a:2d:89:39:86:bb:1c:b9:
34:d1:f0:9b:7d:72:8f:2f:9a:41:a5:b9:f7:5e:1b:38:f2:d2:
f5:f9:1b:32:2c:a4:46:93:dd:ed:ae:2c:79:a8:12:02:1c:ee:
8d:3f:0d:ed:ee:19:08:54:42:0c:64:a1:8a:c5:90:60:0a:e0:
a7:38:3d:da:57:52:c4:53:ed:56:89:d1:7c:d6:9f:6e:3a:92:
fe:61:ca:4e:15:80:9a:b3:a9:a6:56:dd:f2:18:38:31:1d:ec:
d3:71:60:64:44:b5:0f:5f:9d:e2:18:ec:51:5f:5a:6f:53:47:
b4:d6:51:b5:f4:f5:9a:8c:74:b0:64:1a:9c:ae:4c:ad:f9:9f:
46:0d:50:1d:30:c1:e5:da:49:94:e1:b9:6e:26:85:d4:6f:46:
a2:3b:0c:9d:1e:80:f2:5a:51:e9:ae:9e:f0:e2:2d:4c:93:08:
ed:e1:48:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJRVl984TDwdSzU9rR7T8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzU2NzdiNWI4NTdkYTY1MjE5YzE5ZTFkNTllMmFjNzVmMWIwZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkMOZbiCFaf1rOEMzx16ESg9j952e
1eliapAIujk4LVOOI7GTbqOSpVLcrBU2hNjovKO3R/exnmjPmJY4RnOI8HtPBVD2
P1r9jOI4dqW3Kr44G2pyhpNqHbsbiXpbFvAr4BBPkg3HYFFzWCr8KIFVquL2jrLS
zsX3XgNdYUG4gDKG8Og/8Xo2xZiSbQnitkkKX9lbEarG5le2yfJqNRlaV6F6BGf6
0ZQV3dg+83vxamg/4blw+TgTs8PCrcKd6QRTBAVWLU0KfUjSTvYPoElf2EtU/SBp
N7F+VvlgijNvnvm0SxCiGsjgvVZ1muZs0SFvdh+hewIH+5c7jLVDAtxVKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxWd7W4V9plIZwZ4dWeKsdfGw3aMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSEZaM3RiaFgybVVobkJuaDFaNHF4MThiRGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwlfAMA0G
CSqGSIb3DQEBCwUAA4IBAQBExD0ru5uQUDSONCIdSr0QTo2LB1gAPDgapBZEondU
xyglCvi20QGrxU9TTUOoiGHofD3tAQpkOF7sRbQUOozKeoHDlyIRApvJZmKMmM/k
cmKqWi2JOYa7HLk00fCbfXKPL5pBpbn3Xhs48tL1+RsyLKRGk93trix5qBICHO6N
Pw3t7hkIVEIMZKGKxZBgCuCnOD3aV1LEU+1WidF81p9uOpL+YcpOFYCas6mmVt3y
GDgxHezTcWBkRLUPX53iGOxRX1pvU0e01lG19PWajHSwZBqcrkyt+Z9GDVAdMMHl
2kmU4bluJoXUb0aiOwydHoDyWlHprp7w4i1Mkwjt4Ui5
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:05:15 2025 by rpki-client