Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/z5gVq9GDhEFBLXlTGXWUBPnrJfc.roa
File: z5gVq9GDhEFBLXlTGXWUBPnrJfc.roa (raw, json)
Hash identifier: miqqLck3cXUKaAY/+oS5jXOwAFE98NIPFSPgAobJ09s=
Subject key identifier: CF:98:15:AB:D1:83:84:41:41:2D:79:53:19:75:94:04:F9:EB:25:F7
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 0195F14FBDB7F8B42A9257788500336CE7E2
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/z5gVq9GDhEFBLXlTGXWUBPnrJfc.roa
Signing time: Tue 01 Apr 2025 12:24:49 +0000
ROA not before: Tue 01 Apr 2025 12:24:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35277
IP address blocks: 5.8.45.0/24 maxlen: 24
5.8.46.0/24 maxlen: 24
5.8.47.0/24 maxlen: 24
5.188.201.0/24 maxlen: 24
5.188.202.0/24 maxlen: 24
5.189.252.0/24 maxlen: 24
5.189.253.0/24 maxlen: 24
5.189.255.0/24 maxlen: 24
91.243.40.0/24 maxlen: 24
91.243.43.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Apr 2025 12:39:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f1:4f:bd:b7:f8:b4:2a:92:57:78:85:00:33:6c:e7:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Apr 1 12:24:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cf9815abd1838441412d795319759404f9eb25f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:17:8c:55:4d:35:ab:c7:e4:07:7e:fb:9b:f1:
6b:08:3c:55:2a:8c:b0:77:68:eb:c5:9e:78:cf:a7:
c0:eb:0a:83:85:dc:9d:56:c7:0a:54:da:2d:9d:7b:
27:74:ba:2d:8d:8d:c7:c2:2c:21:36:d7:f4:82:94:
b2:6f:9c:ac:e0:c3:3c:e3:5e:0a:fe:4b:31:8c:3e:
ae:a2:01:0b:96:42:93:89:82:30:e5:f8:a8:2a:d6:
38:52:2c:8c:9e:d3:17:9c:e2:52:7e:3f:1d:6a:76:
32:99:d4:bd:30:fa:af:d7:d2:79:6d:ea:97:14:19:
18:aa:30:be:17:df:0e:05:8d:09:c7:82:0b:92:2b:
5e:6a:9c:0c:f0:31:b3:f4:9d:67:65:9b:4a:67:8f:
46:24:dd:89:06:35:e0:03:5b:6f:fe:0c:1c:11:3e:
1d:24:b1:8d:ff:4f:58:d2:c4:ac:11:a9:08:a9:08:
2c:a1:50:c4:56:37:d2:c3:3a:36:07:c5:eb:3b:74:
a8:a4:88:fa:41:e8:ee:ee:ce:ca:2b:9a:27:8c:13:
7e:63:0e:d5:75:63:f7:36:36:40:3b:fd:eb:28:4d:
ae:57:2a:a4:ec:e9:9f:49:98:34:0e:4b:a6:88:4d:
be:c2:b4:d8:79:7b:da:43:80:d9:e4:d3:e6:58:61:
21:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:98:15:AB:D1:83:84:41:41:2D:79:53:19:75:94:04:F9:EB:25:F7
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/z5gVq9GDhEFBLXlTGXWUBPnrJfc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.45.0-5.8.47.255
5.188.201.0-5.188.202.255
5.189.252.0/23
5.189.255.0/24
91.243.40.0/24
91.243.43.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:76:81:ac:c7:7e:ac:43:61:bc:c4:11:05:4c:bc:27:66:4d:
38:c4:db:5b:11:41:54:a0:2a:c7:4b:6c:4a:65:ed:85:3c:ad:
d9:18:aa:99:d2:5c:b5:fb:65:68:d9:db:dd:e2:0b:82:bb:b1:
86:0f:38:e3:13:7e:77:6e:0d:fd:46:3e:3c:b8:4c:ad:ba:f4:
2a:f7:ee:0c:1c:ba:bb:8f:5d:ed:b4:00:e2:4f:c5:68:56:e9:
f7:79:4c:ea:ec:c2:f4:8c:5a:3e:61:b4:71:dd:42:4b:75:b3:
34:6f:5d:e2:9b:8a:3f:f3:c6:4a:79:67:df:d6:8d:80:08:04:
61:d6:3a:e6:68:ac:74:53:7d:e8:b0:53:0d:3c:6b:0f:c7:07:
65:39:6c:98:e4:a4:21:a8:54:07:9f:5d:d7:da:21:47:a4:ac:
2c:de:b7:5c:a0:96:a3:99:7b:92:74:3b:15:ed:ee:21:40:a5:
7e:5d:ee:26:26:5f:04:78:68:ad:da:30:b4:25:1a:b8:51:d3:
23:a6:c5:52:e4:d7:cd:14:21:48:d5:ea:39:84:3a:b7:84:25:
02:7d:3e:b4:03:d1:1b:80:06:4b:54:38:e8:98:85:ec:69:68:
26:11:6b:65:43:6b:74:3c:54:bd:e1:9c:0a:45:65:40:35:a3:
f0:63:16:80
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZXxT723+LQqkld4hQAzbOfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwNDAxMTIyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjk4MTVhYmQxODM4NDQxNDEyZDc5NTMxOTc1OTQwNGY5ZWIyNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArheMVU01q8fkB377m/FrCDxVKoyw
d2jrxZ54z6fA6wqDhdydVscKVNotnXsndLotjY3HwiwhNtf0gpSyb5ys4MM8414K
/ksxjD6uogELlkKTiYIw5fioKtY4UiyMntMXnOJSfj8danYymdS9MPqv19J5beqX
FBkYqjC+F98OBY0Jx4ILkiteapwM8DGz9J1nZZtKZ49GJN2JBjXgA1tv/gwcET4d
JLGN/09Y0sSsEakIqQgsoVDEVjfSwzo2B8XrO3SopIj6Qeju7s7KK5onjBN+Yw7V
dWP3NjZAO/3rKE2uVyqk7OmfSZg0DkumiE2+wrTYeXvaQ4DZ5NPmWGEhRQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFM+YFavRg4RBQS15Uxl1lAT56yX3MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvejVnVnE5R0RoRUZCTFhsVEdYV1VCUG5ySmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBAAFCC0D
BAQFCCAwDAMEAAW8yQMEAAW8ygMEAQW9/AMEAAW9/wMEAFvzKAMEAFvzKzANBgkq
hkiG9w0BAQsFAAOCAQEATnaBrMd+rENhvMQRBUy8J2ZNOMTbWxFBVKAqx0tsSmXt
hTyt2RiqmdJctftlaNnb3eILgruxhg844xN+d24N/UY+PLhMrbr0KvfuDBy6u49d
7bQA4k/FaFbp93lM6uzC9IxaPmG0cd1CS3WzNG9d4puKP/PGSnln39aNgAgEYdY6
5misdFN96LBTDTxrD8cHZTlsmOSkIahUB59d19ohR6SsLN63XKCWo5l7knQ7Fe3u
IUClfl3uJiZfBHhordowtCUauFHTI6bFUuTXzRQhSNXqOYQ6t4QlAn0+tAPRG4AG
S1Q46JiF7GloJhFrZUNrdDxUveGcCkVlQDWj8GMWgA==
-----END CERTIFICATE-----
Generated at Sun Jun 8 09:53:08 2025 by rpki-client