Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/pVwaiA4PwmoKXmwL4C6b8-WPijY.roa
File: pVwaiA4PwmoKXmwL4C6b8-WPijY.roa (raw, json)
Hash identifier: ttCeMG1AbcD+7Qbi0T32vOwHPSLny9kBnXdC1g/LzYI=
Subject key identifier: A5:5C:1A:88:0E:0F:C2:6A:0A:5E:6C:0B:E0:2E:9B:F3:E5:8F:8A:36
Certificate issuer: /CN=614ca0d09bbd05f4b8a8ac30a329f6715110758c
Certificate serial: 0195AFAA522170BB362A8EE74EE4F25E94D7
Authority key identifier: 61:4C:A0:D0:9B:BD:05:F4:B8:A8:AC:30:A3:29:F6:71:51:10:75:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/pVwaiA4PwmoKXmwL4C6b8-WPijY.roa
Signing time: Wed 19 Mar 2025 18:28:49 +0000
ROA not before: Wed 19 Mar 2025 18:28:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210513
IP address blocks: 62.3.56.0/24 maxlen: 24
185.65.255.0/24 maxlen: 24
2a12:100::/29 maxlen: 29
2a12:100:19::/48 maxlen: 48
2a12:100:1a::/48 maxlen: 48
2a12:100:1c::/48 maxlen: 48
2a12:100:1d::/48 maxlen: 48
2a12:100:29::/48 maxlen: 48
2a12:100:2c::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 19 Mar 2025 18:43:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:af:aa:52:21:70:bb:36:2a:8e:e7:4e:e4:f2:5e:94:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=614ca0d09bbd05f4b8a8ac30a329f6715110758c
Validity
Not Before: Mar 19 18:28:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a55c1a880e0fc26a0a5e6c0be02e9bf3e58f8a36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:d8:a0:b3:d8:6e:d1:b4:48:53:4a:4c:5e:5b:
50:0a:7b:21:20:62:d2:e9:f2:1c:85:c5:8a:95:e2:
d8:ff:98:24:ea:0a:6a:01:c5:4a:6c:9b:c2:f3:5a:
ab:3f:79:8a:ad:fe:70:19:de:e5:f6:e8:9b:a8:d8:
38:a0:e1:24:a0:b3:f0:f2:82:9d:95:26:30:e6:a0:
2a:04:51:26:61:d7:42:57:c8:14:b7:47:b8:82:cf:
79:80:21:7e:dc:0f:cb:b2:4f:ad:d6:24:61:7b:8a:
cf:48:c4:ef:4e:67:13:cb:94:1a:5d:17:f5:25:61:
57:c5:eb:7a:64:17:49:f1:86:85:2e:ac:01:32:a1:
ca:95:c7:62:24:aa:84:61:1f:96:2b:38:01:aa:65:
85:ae:7e:18:73:69:ce:95:e8:78:8d:3e:22:68:30:
cf:c8:ae:c2:bd:9d:b8:97:36:c7:9a:b8:4d:ce:bb:
cb:ad:7d:e2:be:e9:6e:a3:6e:ff:77:c8:2a:c5:9a:
0c:39:82:66:ac:b4:77:6e:b9:4a:72:e1:66:8c:91:
e0:3e:64:6b:ce:c7:f5:5b:05:7b:11:8c:b8:b8:74:
5d:72:1c:c5:7f:35:bc:b6:e6:22:3c:66:e1:42:bf:
8d:5d:f2:4c:77:d6:74:45:61:a0:58:62:6e:b9:7a:
cf:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:5C:1A:88:0E:0F:C2:6A:0A:5E:6C:0B:E0:2E:9B:F3:E5:8F:8A:36
X509v3 Authority Key Identifier:
keyid:61:4C:A0:D0:9B:BD:05:F4:B8:A8:AC:30:A3:29:F6:71:51:10:75:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/pVwaiA4PwmoKXmwL4C6b8-WPijY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/4786c2-11a1-48a4-ba80-7944976599d8/1/YUyg0Ju9BfS4qKwwoyn2cVEQdYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.3.56.0/24
185.65.255.0/24
IPv6:
2a12:100::/29
Signature Algorithm: sha256WithRSAEncryption
2b:88:87:a1:cf:2b:e5:42:fe:be:81:68:81:23:20:ad:35:18:
08:d4:bf:25:91:78:cb:ea:55:af:81:ce:8a:e7:ab:f2:d9:57:
45:52:8d:8c:e8:b4:a0:04:02:39:0c:86:09:29:5b:01:6d:e0:
27:96:ce:95:17:af:40:7c:56:70:c0:1e:4c:b6:b4:48:c6:02:
99:66:32:36:35:34:23:68:b8:af:8c:93:56:6f:7a:fb:52:e6:
d1:d2:1d:e2:9d:c8:9f:3c:81:aa:3a:33:81:1e:98:99:d1:95:
4a:ef:05:a8:2b:96:23:e8:e1:c3:c7:ed:43:21:c0:c4:4e:e7:
80:32:e7:56:8f:f6:c0:ac:c4:b3:fd:4b:2b:69:bc:8e:1f:29:
c8:ed:e9:64:b3:ba:b5:12:4d:69:44:cb:70:b2:b0:a8:62:8e:
8d:3c:74:95:fb:01:6d:db:43:41:88:23:c1:cd:44:08:1a:0a:
58:0b:5c:f2:94:1c:1c:16:bd:ee:58:02:5f:fa:e0:39:4e:e2:
aa:c4:cb:a5:2c:18:d2:c8:b4:e0:ac:c1:18:9f:95:b5:9a:13:
5c:16:76:48:f5:ac:2e:85:08:3a:8c:2b:4d:b0:10:60:ac:f2:
05:9a:59:5e:cc:23:8c:fa:cf:e1:2b:a7:49:75:49:03:e4:ec:
25:d6:46:06
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZWvqlIhcLs2Ko7nTuTyXpTXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGNhMGQwOWJiZDA1ZjRiOGE4YWMzMGEzMjlmNjcxNTEx
MDc1OGMwHhcNMjUwMzE5MTgyODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTVjMWE4ODBlMGZjMjZhMGE1ZTZjMGJlMDJlOWJmM2U1OGY4YTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9igs9hu0bRIU0pMXltQCnshIGLS
6fIchcWKleLY/5gk6gpqAcVKbJvC81qrP3mKrf5wGd7l9uibqNg4oOEkoLPw8oKd
lSYw5qAqBFEmYddCV8gUt0e4gs95gCF+3A/Lsk+t1iRhe4rPSMTvTmcTy5QaXRf1
JWFXxet6ZBdJ8YaFLqwBMqHKlcdiJKqEYR+WKzgBqmWFrn4Yc2nOleh4jT4iaDDP
yK7CvZ24lzbHmrhNzrvLrX3ivuluo27/d8gqxZoMOYJmrLR3brlKcuFmjJHgPmRr
zsf1WwV7EYy4uHRdchzFfzW8tuYiPGbhQr+NXfJMd9Z0RWGgWGJuuXrPGwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKVcGogOD8JqCl5sC+Aum/Plj4o2MB8GA1UdIwQY
MBaAFGFMoNCbvQX0uKisMKMp9nFREHWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVV5ZzBKdTlCZlM0cUt3d295bjJjVkVRZFl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS80Nzg2YzItMTFhMS00OGE0LWJhODAt
Nzk0NDk3NjU5OWQ4LzEvcFZ3YWlBNFB3bW9LWG13TDRDNmI4LVdQaWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS80Nzg2YzItMTFhMS00OGE0LWJhODAtNzk0NDk3NjU5OWQ4
LzEvWVV5ZzBKdTlCZlM0cUt3d295bjJjVkVRZFl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAPgM4AwQA
uUH/MA0EAgACMAcDBQMqEgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAriIehzyvlQv6+
gWiBIyCtNRgI1L8lkXjL6lWvgc6K56vy2VdFUo2M6LSgBAI5DIYJKVsBbeAnls6V
F69AfFZwwB5MtrRIxgKZZjI2NTQjaLivjJNWb3r7UubR0h3incifPIGqOjOBHpiZ
0ZVK7wWoK5Yj6OHDx+1DIcDETueAMudWj/bArMSz/UsrabyOHynI7elks7q1Ek1p
RMtwsrCoYo6NPHSV+wFt20NBiCPBzUQIGgpYC1zylBwcFr3uWAJf+uA5TuKqxMul
LBjSyLTgrMEYn5W1mhNcFnZI9awuhQg6jCtNsBBgrPIFmllezCOM+s/hK6dJdUkD
5Owl1kYG
-----END CERTIFICATE-----
Generated at Wed Jun 11 22:26:57 2025 by rpki-client