Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/kbfwOJK147R8Y-rgP6t3gU3hVZE.roa
File: kbfwOJK147R8Y-rgP6t3gU3hVZE.roa (raw, json)
Hash identifier: 3VQsRygN5TnNY6OFR9iHFNaKixx09sBV9xWPYShtqF4=
Subject key identifier: 91:B7:F0:38:92:B5:E3:B4:7C:63:EA:E0:3F:AB:77:81:4D:E1:55:91
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 0195AE6DDDFC0A6A0216033219A8EB797C96
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/kbfwOJK147R8Y-rgP6t3gU3hVZE.roa
Signing time: Wed 19 Mar 2025 12:43:10 +0000
ROA not before: Wed 19 Mar 2025 12:43:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 89.251.22.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 24 Mar 2025 06:48:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ae:6d:dd:fc:0a:6a:02:16:03:32:19:a8:eb:79:7c:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Mar 19 12:43:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91b7f03892b5e3b47c63eae03fab77814de15591
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:79:7a:fe:0e:ab:dd:9a:cd:28:05:1c:d8:ba:
19:96:e6:5f:36:2e:2e:06:7e:0b:39:9c:17:d1:d5:
bb:dd:56:51:c9:ab:01:f0:95:d9:aa:64:57:8e:2f:
c7:d5:0c:bb:5d:a6:7e:b6:48:72:4c:20:47:11:a5:
01:d9:0f:d6:3e:35:c6:4a:fb:80:dd:69:45:bb:44:
6f:48:e3:6d:a4:22:73:5d:a0:56:3f:e2:10:ab:e1:
26:08:df:c7:0b:d5:6b:28:d8:42:07:f5:52:a3:56:
4d:06:0d:17:64:9d:3b:fb:cf:6f:5a:f9:e0:44:a8:
c4:fc:1a:88:f5:f9:15:77:90:54:31:4a:f7:6d:70:
4c:46:ab:29:26:7c:7b:7a:31:30:ae:b2:33:6c:78:
ed:00:a5:76:4a:ec:57:f7:3c:9f:5b:41:de:ba:10:
93:17:6f:62:16:64:11:7b:c2:c0:22:6e:6b:f3:1c:
e0:7f:8e:79:bb:48:c7:6c:20:6b:dc:06:c5:bc:78:
89:89:bd:91:95:7c:56:d4:ec:44:17:89:1f:9c:2e:
6e:e4:52:9e:02:4f:6e:00:55:00:73:85:0a:63:0c:
70:ce:b6:3b:3f:cc:63:cf:34:5f:af:57:aa:38:76:
d7:a3:17:db:5e:16:6a:53:e6:df:b6:ea:25:7d:2f:
e2:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:B7:F0:38:92:B5:E3:B4:7C:63:EA:E0:3F:AB:77:81:4D:E1:55:91
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/kbfwOJK147R8Y-rgP6t3gU3hVZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.251.22.0/24
Signature Algorithm: sha256WithRSAEncryption
16:b7:16:a4:99:47:85:a9:06:89:40:87:e7:46:eb:a5:99:80:
9c:2e:ff:51:aa:c9:88:66:1b:3a:4f:a8:14:08:6c:72:a7:c7:
78:32:50:52:ec:cf:32:55:8f:fd:94:ce:71:e3:82:d1:2b:04:
fd:96:a5:ff:33:5d:ab:3e:99:aa:55:6e:6c:61:d0:ab:32:b0:
5d:97:af:0a:5c:ba:40:8f:2c:cb:ff:69:48:7d:a0:eb:6f:56:
2b:8a:e0:49:71:d4:bb:a5:d2:90:80:48:5b:dc:9f:62:28:69:
19:f3:49:9c:33:45:30:aa:45:c7:92:c7:33:89:77:3a:01:3e:
14:41:c2:eb:98:4a:2d:f5:4d:11:d0:35:a9:0a:58:c5:b9:58:
23:36:83:91:fd:91:db:b2:e7:28:83:e9:4b:b4:b3:35:c9:a9:
b9:71:66:62:ce:9c:65:29:09:13:f0:d8:42:55:a8:3f:12:e9:
8d:f2:43:7c:23:fd:d2:d2:5c:db:17:6d:dd:d7:19:4b:3d:49:
d2:d2:cd:cd:d0:64:c7:78:83:f2:49:69:d3:9d:aa:c8:51:59:
36:d0:be:e7:e5:c8:86:5b:c8:51:f1:f4:f5:3b:4f:36:ba:ed:
fc:50:1e:68:36:b1:dd:fb:1f:69:52:66:27:8f:88:99:89:69:
e7:1d:10:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWubd38CmoCFgMyGajreXyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMzE5MTI0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWI3ZjAzODkyYjVlM2I0N2M2M2VhZTAzZmFiNzc4MTRkZTE1NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnl6/g6r3ZrNKAUc2LoZluZfNi4u
Bn4LOZwX0dW73VZRyasB8JXZqmRXji/H1Qy7XaZ+tkhyTCBHEaUB2Q/WPjXGSvuA
3WlFu0RvSONtpCJzXaBWP+IQq+EmCN/HC9VrKNhCB/VSo1ZNBg0XZJ07+89vWvng
RKjE/BqI9fkVd5BUMUr3bXBMRqspJnx7ejEwrrIzbHjtAKV2SuxX9zyfW0HeuhCT
F29iFmQRe8LAIm5r8xzgf455u0jHbCBr3AbFvHiJib2RlXxW1OxEF4kfnC5u5FKe
Ak9uAFUAc4UKYwxwzrY7P8xjzzRfr1eqOHbXoxfbXhZqU+bftuolfS/iwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJG38DiSteO0fGPq4D+rd4FN4VWRMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEva2Jmd09KSzE0N1I4WS1yZ1A2dDNnVTNoVlpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfsWMA0G
CSqGSIb3DQEBCwUAA4IBAQAWtxakmUeFqQaJQIfnRuulmYCcLv9RqsmIZhs6T6gU
CGxyp8d4MlBS7M8yVY/9lM5x44LRKwT9lqX/M12rPpmqVW5sYdCrMrBdl68KXLpA
jyzL/2lIfaDrb1YriuBJcdS7pdKQgEhb3J9iKGkZ80mcM0UwqkXHkscziXc6AT4U
QcLrmEot9U0R0DWpCljFuVgjNoOR/ZHbsucog+lLtLM1yam5cWZizpxlKQkT8NhC
Vag/EumN8kN8I/3S0lzbF23d1xlLPUnS0s3N0GTHeIPySWnTnarIUVk20L7n5ciG
W8hR8fT1O082uu38UB5oNrHd+x9pUmYnj4iZiWnnHRCo
-----END CERTIFICATE-----
Generated at Thu Apr 17 21:33:41 2025 by rpki-client