Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pQ5MxZ62YDqEFuMeLsOATeKU0Sk.roa
File: pQ5MxZ62YDqEFuMeLsOATeKU0Sk.roa (raw, json)
Hash identifier: n6x/1PeiC/viFHqzNtIP16IrbqyA3JzUBXcmRyA1n50=
Subject key identifier: A5:0E:4C:C5:9E:B6:60:3A:84:16:E3:1E:2E:C3:80:4D:E2:94:D1:29
Certificate issuer: /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial: 019A406FD96B4815939B7144AC27A1ABADC0
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pQ5MxZ62YDqEFuMeLsOATeKU0Sk.roa
Signing time: Sat 01 Nov 2025 17:21:03 +0000
ROA not before: Sat 01 Nov 2025 17:21:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215614
IP address blocks: 194.28.96.0/24 maxlen: 32
2a0c:b641:610::/44 maxlen: 128
Validation: Failed, certificate revoked on Mon 03 Nov 2025 21:04:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:40:6f:d9:6b:48:15:93:9b:71:44:ac:27:a1:ab:ad:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05976801363d375786152e4d061e75c8beb35058
Validity
Not Before: Nov 1 17:21:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a50e4cc59eb6603a8416e31e2ec3804de294d129
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:64:4a:25:8e:44:05:7d:31:32:cc:02:54:3b:
0e:e7:96:39:cd:33:cb:88:aa:44:89:1c:41:a6:25:
08:9b:49:6e:f6:2a:85:1d:f2:c2:42:7f:6f:bc:5b:
56:e1:53:bd:e7:80:cc:c5:cb:21:d5:4d:74:97:ed:
1e:0d:31:a0:83:86:e0:19:d9:df:f8:78:91:80:50:
f0:96:eb:00:67:7a:1e:2a:a5:98:b5:40:cb:25:99:
e9:57:ed:5a:47:b6:27:62:a4:89:78:ae:e9:78:4f:
6a:6a:63:29:c6:71:9b:15:9f:8b:7f:dc:9e:4a:e3:
c8:93:73:0e:08:82:e2:4f:8e:00:57:b0:a4:a7:45:
8e:de:b9:75:46:d2:2c:28:60:b5:8c:e2:ba:c2:35:
2f:97:d6:22:52:41:54:14:21:47:f1:5c:52:c2:00:
3b:2a:99:1e:76:fa:41:40:d2:f4:4f:58:8c:31:d5:
55:ca:f8:41:c3:2c:b9:ca:ec:ff:6e:8a:99:2c:7c:
84:d1:60:6c:a8:b5:34:97:4b:cb:3b:cc:9a:6e:df:
33:25:f9:17:1a:1f:ac:2d:cc:51:9b:ed:a1:2e:a1:
ee:87:8e:c7:57:a2:34:f5:2d:94:58:f8:b7:1d:c2:
77:ea:9c:da:eb:50:8b:3f:4b:ee:5e:61:95:bd:60:
6e:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:0E:4C:C5:9E:B6:60:3A:84:16:E3:1E:2E:C3:80:4D:E2:94:D1:29
X509v3 Authority Key Identifier:
keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pQ5MxZ62YDqEFuMeLsOATeKU0Sk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.28.96.0/24
IPv6:
2a0c:b641:610::/44
Signature Algorithm: sha256WithRSAEncryption
16:68:d9:33:6d:25:78:5b:c6:4e:6a:cc:61:83:95:47:c9:0d:
31:88:64:9c:24:87:98:42:a3:df:6f:77:40:47:66:b2:8c:9e:
91:a9:38:0f:09:ec:b8:7f:f9:87:4b:26:1e:ca:ad:6f:ff:dc:
25:92:55:fd:7d:e9:ed:0f:4f:6e:58:d3:df:2d:ac:f6:34:4d:
b8:67:58:1b:0c:a4:a3:c2:25:ec:72:d7:22:d1:bb:03:56:ee:
8d:ec:1b:e8:c6:c5:e0:20:1d:53:16:ef:17:07:85:52:46:26:
fb:52:09:b0:78:25:b4:03:4d:49:b8:41:5e:26:5c:d6:a3:b2:
20:01:fc:ba:c3:a4:2d:ee:78:e5:31:fc:a8:24:ef:0a:d9:80:
d5:3c:39:2f:ac:7e:d2:d6:49:7b:08:b3:d4:bc:ef:e2:1e:45:
f8:35:fd:ca:f6:17:cf:91:bd:91:4c:71:16:0f:ad:d5:9f:78:
d5:98:49:54:af:1e:8d:95:df:42:6e:a6:1a:33:01:36:91:47:
a9:26:cb:f1:64:b2:ed:91:ef:f0:f5:51:35:a9:ec:23:ec:60:
47:20:aa:2f:ca:57:f5:64:c2:20:d7:be:ef:bc:ae:b7:bd:3f:
04:75:01:d9:3b:5c:cf:4b:25:61:30:2e:21:5a:13:bb:79:a6:
05:53:96:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZpAb9lrSBWTm3FErCehq63AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUxMTAxMTcyMTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTBlNGNjNTllYjY2MDNhODQxNmUzMWUyZWMzODA0ZGUyOTRkMTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2RKJY5EBX0xMswCVDsO55Y5zTPL
iKpEiRxBpiUIm0lu9iqFHfLCQn9vvFtW4VO954DMxcsh1U10l+0eDTGgg4bgGdnf
+HiRgFDwlusAZ3oeKqWYtUDLJZnpV+1aR7YnYqSJeK7peE9qamMpxnGbFZ+Lf9ye
SuPIk3MOCILiT44AV7Ckp0WO3rl1RtIsKGC1jOK6wjUvl9YiUkFUFCFH8VxSwgA7
KpkedvpBQNL0T1iMMdVVyvhBwyy5yuz/boqZLHyE0WBsqLU0l0vLO8yabt8zJfkX
Gh+sLcxRm+2hLqHuh47HV6I09S2UWPi3HcJ36pza61CLP0vuXmGVvWBuBQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKUOTMWetmA6hBbjHi7DgE3ilNEpMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcFE1TXhaNjJZRHFFRnVNZUxzT0FUZUtVMFNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhxgMA8E
AgACMAkDBwQqDLZBBhAwDQYJKoZIhvcNAQELBQADggEBABZo2TNtJXhbxk5qzGGD
lUfJDTGIZJwkh5hCo99vd0BHZrKMnpGpOA8J7Lh/+YdLJh7KrW//3CWSVf196e0P
T25Y098trPY0TbhnWBsMpKPCJexy1yLRuwNW7o3sG+jGxeAgHVMW7xcHhVJGJvtS
CbB4JbQDTUm4QV4mXNajsiAB/LrDpC3ueOUx/Kgk7wrZgNU8OS+sftLWSXsIs9S8
7+IeRfg1/cr2F8+RvZFMcRYPrdWfeNWYSVSvHo2V30JuphozATaRR6kmy/Fksu2R
7/D1UTWp7CPsYEcgqi/KV/VkwiDXvu+8rre9PwR1Adk7XM9LJWEwLiFaE7t5pgVT
lns=
-----END CERTIFICATE-----
Generated at Mon Nov 3 23:00:09 2025 by rpki-client