Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fBKUH6JAMd4mB5u1vA4-PN5HftI.roa
File: fBKUH6JAMd4mB5u1vA4-PN5HftI.roa (raw, json)
Hash identifier: TCcMBiSJM+fpitdpTtwvlLdmt+3OKRsF4H4rqd5W0dE=
Subject key identifier: 7C:12:94:1F:A2:40:31:DE:26:07:9B:B5:BC:0E:3E:3C:DE:47:7E:D2
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 019655793B7E6A65AC76DA9E16C365B78D03
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fBKUH6JAMd4mB5u1vA4-PN5HftI.roa
Signing time: Sun 20 Apr 2025 23:12:10 +0000
ROA not before: Sun 20 Apr 2025 23:12:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 109.111.32.0/20 maxlen: 24
109.111.42.0/23 maxlen: 24
109.111.44.0/22 maxlen: 24
109.111.48.0/22 maxlen: 24
109.111.56.0/22 maxlen: 22
176.221.20.0/22 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, certificate revoked on Sat 26 Apr 2025 02:10:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:55:79:3b:7e:6a:65:ac:76:da:9e:16:c3:65:b7:8d:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Apr 20 23:12:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7c12941fa24031de26079bb5bc0e3e3cde477ed2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:f0:7f:a0:cd:25:a1:af:0b:d9:19:ab:ec:98:
29:52:bc:90:67:d4:6c:77:c8:b1:90:04:8c:ae:5e:
64:d9:5e:93:6d:0e:6f:6a:57:87:4d:8f:04:5b:6c:
c0:69:24:1f:d6:e2:c7:cd:05:80:5c:c3:21:23:98:
81:82:da:e7:d9:81:d3:c0:e6:87:b6:1e:d6:db:0b:
b6:4a:ed:8b:7c:7f:0a:66:97:6b:e2:74:97:ac:39:
08:64:49:26:65:ea:67:d7:75:6c:ba:b4:06:ca:54:
f4:0b:d0:91:c9:45:3d:f9:f5:3a:3e:37:d6:bd:1d:
6f:a7:28:c1:e8:0e:a0:78:ea:0c:a1:f4:70:0a:54:
00:e7:f9:f4:94:56:56:55:17:e8:4e:29:ae:9d:ac:
d2:dd:27:58:da:2a:7f:68:9e:c9:3b:a0:c7:60:9a:
a5:99:7c:72:1f:9b:6c:1d:2e:bc:fc:95:be:4d:ba:
9c:ad:e4:68:13:45:59:67:70:21:d3:fc:e9:6d:ed:
c4:66:4a:9c:9c:52:67:a5:3f:ef:80:7e:18:7c:32:
22:79:74:20:ed:c4:1a:08:eb:2e:cf:78:3a:f8:be:
af:99:3b:5b:d6:43:7d:82:41:45:9b:ed:a7:da:fa:
45:a4:df:cc:88:23:65:89:13:29:7f:4b:50:5d:b9:
c4:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:12:94:1F:A2:40:31:DE:26:07:9B:B5:BC:0E:3E:3C:DE:47:7E:D2
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/fBKUH6JAMd4mB5u1vA4-PN5HftI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.111.32.0-109.111.51.255
109.111.56.0/22
176.221.20.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
8d:ba:80:07:fd:0b:8d:78:ad:ab:29:1d:19:8d:84:92:9c:de:
29:d3:70:9d:52:71:22:6a:28:4c:e7:c1:be:0d:0e:6b:52:e0:
14:17:4e:9b:97:dd:54:90:e8:00:aa:54:a0:87:77:e8:25:e1:
4b:fa:f9:85:05:6b:8d:78:99:7f:38:02:86:07:0b:b8:07:c3:
54:ca:86:07:f8:e0:48:f1:c0:17:0a:01:ed:9d:c3:44:70:6e:
51:6d:7a:b1:05:dc:b2:0b:c8:0e:05:07:b8:e4:7a:00:70:b3:
9a:f5:83:c2:7b:db:58:34:06:fd:aa:8b:03:7d:87:c2:09:21:
2b:17:cf:95:35:6e:04:9e:95:69:e6:3e:ae:e0:14:cc:59:ac:
1d:e2:df:f5:96:38:38:bc:7f:36:c5:77:e8:44:c7:8c:7d:59:
16:25:62:c6:43:58:b7:3d:6e:f9:0a:4f:22:84:a4:62:e2:6e:
2e:ba:c2:96:c9:b2:a7:3f:e1:96:86:c6:f2:e8:97:71:a9:7b:
bb:46:aa:30:2d:60:91:46:c7:fc:df:30:2e:56:7d:e6:e1:05:
4c:ef:8d:60:33:b9:e6:cc:8c:1a:8a:d1:ed:3f:a8:fc:38:a4:
81:4a:73:9e:5d:d3:64:6c:91:26:fb:73:e2:09:b6:5f:03:e6:
cc:5c:ea:68
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZZVeTt+amWsdtqeFsNlt40DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwNDIwMjMxMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzEyOTQxZmEyNDAzMWRlMjYwNzliYjViYzBlM2UzY2RlNDc3ZWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/B/oM0loa8L2Rmr7JgpUryQZ9Rs
d8ixkASMrl5k2V6TbQ5valeHTY8EW2zAaSQf1uLHzQWAXMMhI5iBgtrn2YHTwOaH
th7W2wu2Su2LfH8KZpdr4nSXrDkIZEkmZepn13VsurQGylT0C9CRyUU9+fU6PjfW
vR1vpyjB6A6geOoMofRwClQA5/n0lFZWVRfoTimunazS3SdY2ip/aJ7JO6DHYJql
mXxyH5tsHS68/JW+TbqcreRoE0VZZ3Ah0/zpbe3EZkqcnFJnpT/vgH4YfDIieXQg
7cQaCOsuz3g6+L6vmTtb1kN9gkFFm+2n2vpFpN/MiCNliRMpf0tQXbnEYQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHwSlB+iQDHeJgebtbwOPjzeR37SMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZkJLVUg2SkFNZDRtQjV1MXZBNC1QTjVIZnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAVtbyAD
BAJtbzADBAJtbzgwDAMEArDdFAMEArDdGDANBgkqhkiG9w0BAQsFAAOCAQEAjbqA
B/0LjXitqykdGY2EkpzeKdNwnVJxImooTOfBvg0Oa1LgFBdOm5fdVJDoAKpUoId3
6CXhS/r5hQVrjXiZfzgChgcLuAfDVMqGB/jgSPHAFwoB7Z3DRHBuUW16sQXcsgvI
DgUHuOR6AHCzmvWDwnvbWDQG/aqLA32HwgkhKxfPlTVuBJ6VaeY+ruAUzFmsHeLf
9ZY4OLx/NsV36ETHjH1ZFiVixkNYtz1u+QpPIoSkYuJuLrrClsmypz/hlobG8uiX
cal7u0aqMC1gkUbH/N8wLlZ95uEFTO+NYDO55syMGorR7T+o/DikgUpznl3TZGyR
Jvtz4gm2XwPmzFzqaA==
-----END CERTIFICATE-----
Generated at Sat Jun 7 21:51:49 2025 by rpki-client