Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/3WMds3GqFRxwsWgptVYmc1I5MK0.roa
File: 3WMds3GqFRxwsWgptVYmc1I5MK0.roa (raw, json)
Hash identifier: x46Fu9OzFM6JV6aUsIiXSk/vUtgx4E+476rLaX5mJrI=
Subject key identifier: DD:63:1D:B3:71:AA:15:1C:70:B1:68:29:B5:56:26:73:52:39:30:AD
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 019717F9C7B477499E5D69D9CA79F3FBB64C
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/3WMds3GqFRxwsWgptVYmc1I5MK0.roa
Signing time: Wed 28 May 2025 17:38:54 +0000
ROA not before: Wed 28 May 2025 17:38:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209024
IP address blocks: 176.109.64.0/24 maxlen: 24
176.109.65.0/24 maxlen: 24
176.109.66.0/24 maxlen: 24
176.109.68.0/24 maxlen: 24
176.109.69.0/24 maxlen: 24
176.109.70.0/24 maxlen: 24
2a02:28:d::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 02 Jun 2025 13:45:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:17:f9:c7:b4:77:49:9e:5d:69:d9:ca:79:f3:fb:b6:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: May 28 17:38:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd631db371aa151c70b16829b5562673523930ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:2f:39:af:95:2c:84:b9:75:79:df:7c:ca:e2:
30:a4:17:03:be:23:da:8b:82:2c:ba:90:9f:f8:f6:
2d:bf:e5:88:88:f0:11:08:66:59:fe:27:cf:53:69:
ff:db:d2:06:66:e4:15:da:b5:bd:2d:93:60:e6:85:
a4:39:c3:a2:48:21:8c:b1:42:50:c1:4a:a3:68:fa:
8d:f8:46:98:b4:ab:f4:f0:dd:fa:bf:00:e8:74:39:
43:fe:c1:ee:10:8e:a9:52:84:8f:42:3c:53:4c:31:
79:9e:5e:19:bb:d7:59:e8:ce:49:54:82:48:a6:65:
d7:75:8b:ea:87:6b:c5:54:d4:c9:86:70:02:4d:e0:
e2:97:8d:3a:12:01:0c:08:0b:84:3b:cc:25:86:bb:
19:1e:f3:c2:d6:d4:bc:6f:67:91:e3:41:d0:30:d2:
a6:a2:5e:09:e2:94:c7:7c:8e:3e:52:85:80:cb:70:
9c:a3:70:bb:d6:b6:8e:20:51:a6:6e:22:69:f7:cb:
41:02:ae:a5:22:99:68:5a:48:12:75:1d:0b:36:d7:
75:22:ec:ec:a9:a7:d3:f2:f8:89:eb:1a:85:64:ba:
46:56:db:63:33:43:df:bf:65:ed:7d:32:66:fb:e7:
e4:8d:98:08:4f:d4:b3:46:33:f7:17:09:ab:50:16:
ad:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:63:1D:B3:71:AA:15:1C:70:B1:68:29:B5:56:26:73:52:39:30:AD
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/3WMds3GqFRxwsWgptVYmc1I5MK0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.109.64.0-176.109.66.255
176.109.68.0-176.109.70.255
IPv6:
2a02:28:d::/48
Signature Algorithm: sha256WithRSAEncryption
64:9e:d6:9a:b1:13:94:7e:0b:52:67:ff:fe:6d:45:55:a7:61:
ea:e7:87:ff:c7:67:0b:32:87:e7:57:d1:40:9e:f8:a6:46:da:
90:44:9c:49:7b:59:82:20:6b:a9:5c:29:f8:08:6c:b3:af:3a:
22:18:fc:80:23:8c:d7:85:91:f3:e6:4a:b7:6a:d7:1d:85:f9:
58:67:e9:0c:90:c3:90:5e:58:a1:6f:90:56:04:6c:57:dd:16:
60:12:ee:42:78:90:d3:8e:a0:6c:87:d1:3e:17:9b:f6:2e:40:
00:63:38:73:55:e0:f2:b1:23:5f:19:91:9b:23:ef:a3:bb:78:
f6:d1:41:32:c2:ec:d7:cf:3e:5a:55:7e:ba:d2:53:5d:49:af:
ae:30:f8:2e:4f:76:b9:f7:4f:f2:ec:5f:81:41:6c:18:c1:42:
73:80:ef:51:f7:0b:e3:77:1e:4a:b6:98:ca:c6:45:ee:d6:3e:
6c:c7:10:54:c5:75:66:f7:36:67:3e:04:25:b3:13:a9:95:30:
d8:d4:08:5b:ac:48:a5:b7:70:cc:b2:73:e7:b5:0b:ed:34:25:
5d:66:57:9a:80:29:10:54:09:40:03:0e:34:70:f9:f7:a3:5e:
11:53:b4:91:29:1a:7c:71:8e:3c:93:7b:53:38:ed:0b:57:36:
3a:fd:41:85
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZcX+ce0d0meXWnZynnz+7ZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjUwNTI4MTczODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDYzMWRiMzcxYWExNTFjNzBiMTY4MjliNTU2MjY3MzUyMzkzMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui85r5UshLl1ed98yuIwpBcDviPa
i4IsupCf+PYtv+WIiPARCGZZ/ifPU2n/29IGZuQV2rW9LZNg5oWkOcOiSCGMsUJQ
wUqjaPqN+EaYtKv08N36vwDodDlD/sHuEI6pUoSPQjxTTDF5nl4Zu9dZ6M5JVIJI
pmXXdYvqh2vFVNTJhnACTeDil406EgEMCAuEO8wlhrsZHvPC1tS8b2eR40HQMNKm
ol4J4pTHfI4+UoWAy3Cco3C71raOIFGmbiJp98tBAq6lIploWkgSdR0LNtd1Iuzs
qafT8viJ6xqFZLpGVttjM0Pfv2XtfTJm++fkjZgIT9SzRjP3FwmrUBatfwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFN1jHbNxqhUccLFoKbVWJnNSOTCtMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvM1dNZHMzR3FGUnh3c1dncHRWWW1jMUk1TUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAiBAIAATAcMAwDBAawbUAD
BACwbUIwDAMEArBtRAMEALBtRjAPBAIAAjAJAwcAKgIAKAANMA0GCSqGSIb3DQEB
CwUAA4IBAQBkntaasROUfgtSZ//+bUVVp2Hq54f/x2cLMofnV9FAnvimRtqQRJxJ
e1mCIGupXCn4CGyzrzoiGPyAI4zXhZHz5kq3atcdhflYZ+kMkMOQXlihb5BWBGxX
3RZgEu5CeJDTjqBsh9E+F5v2LkAAYzhzVeDysSNfGZGbI++ju3j20UEywuzXzz5a
VX660lNdSa+uMPguT3a590/y7F+BQWwYwUJzgO9R9wvjdx5KtpjKxkXu1j5sxxBU
xXVm9zZnPgQlsxOplTDY1AhbrEilt3DMsnPntQvtNCVdZleagCkQVAlAAw40cPn3
o14RU7SRKRp8cY48k3tTOO0LVzY6/UGF
-----END CERTIFICATE-----
Generated at Sat Jun 7 16:45:49 2025 by rpki-client