Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa
File: MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa (raw, json)
Hash identifier: xl56hrcC2vdtGqoWByQJLzqQms1sMIhFprXdgk7PuIA=
Subject key identifier: 30:17:4F:93:C8:AA:AE:25:48:43:4C:2F:B9:27:20:B5:75:3E:E8:78
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0196BAA57FF5245BFFF0FD058AB761373B73
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa
Signing time: Sat 10 May 2025 14:42:10 +0000
ROA not before: Sat 10 May 2025 14:42:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.153.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 30 May 2025 11:33:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ba:a5:7f:f5:24:5b:ff:f0:fd:05:8a:b7:61:37:3b:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: May 10 14:42:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30174f93c8aaae2548434c2fb92720b5753ee878
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:5f:99:1a:e9:9d:13:22:9f:1b:8f:27:35:7b:
79:e3:28:2d:b1:7a:10:ba:bb:f3:10:00:ff:aa:49:
7a:c2:27:26:3a:4a:aa:56:ce:5b:9b:69:17:b6:40:
0d:1e:d8:6e:eb:79:27:f5:c4:f4:0a:6b:b4:d2:b7:
56:d4:35:56:e7:99:8c:21:50:5d:9b:51:c1:b6:e8:
bc:a4:a1:ec:9a:a8:05:c8:21:84:34:ea:fd:31:a6:
f0:a3:d9:b3:96:91:79:8c:91:a0:e7:65:96:c2:d9:
6b:4f:cb:e2:99:20:c3:9a:1e:37:27:94:2c:e7:c6:
8d:1d:d2:47:70:a8:55:9c:a1:1c:ce:c1:d4:50:0f:
5f:7d:95:e7:fa:28:1c:7b:f9:32:0c:3d:96:53:2d:
17:b0:7c:da:68:a2:a8:68:09:12:93:7a:ed:c7:88:
79:3f:3b:63:86:1b:e8:bd:dc:47:2b:a1:55:80:19:
fa:c2:d7:ed:49:24:ea:77:a8:15:ab:08:51:5f:18:
4a:fd:8e:4e:25:86:26:96:96:7e:d9:0c:3e:a3:35:
46:58:b0:1b:a5:6b:d5:74:6d:19:47:4b:44:5c:01:
7b:43:c2:66:3c:49:fb:d5:dd:a3:1c:55:b7:9f:c6:
c4:cb:a8:8c:f9:51:fc:6e:40:3c:3a:5a:ee:24:f1:
00:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:17:4F:93:C8:AA:AE:25:48:43:4C:2F:B9:27:20:B5:75:3E:E8:78
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/MBdPk8iqriVIQ0wvuScgtXU-6Hg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0/24
109.236.51.0/24
185.86.6.0/24
185.254.28.0/23
193.35.152.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:1b:92:a2:d9:de:a5:34:e9:26:d4:d1:5b:50:81:73:d5:64:
7b:84:91:06:8d:da:8f:fc:b8:d8:40:a8:1a:46:d5:68:87:1e:
b1:a4:1e:69:cd:28:3e:be:9a:ac:86:35:2b:fa:2a:40:66:88:
c1:1f:d8:a8:51:b9:5d:12:71:cd:b5:bb:f5:b9:a5:75:04:2e:
47:01:ec:11:32:0d:ed:9d:b9:a3:21:f3:33:15:2e:61:d7:63:
68:39:c3:e8:b0:03:36:b9:44:8f:e5:5f:66:49:6a:09:cb:cb:
a2:95:bd:57:95:a1:5f:17:21:b6:5a:36:d6:e9:b8:25:46:26:
ab:43:c1:b5:60:d6:9d:86:1b:d0:73:4a:08:dd:92:60:e2:d9:
08:25:54:71:24:e4:07:3b:f8:ce:3d:00:6e:a0:8c:33:8d:28:
47:fd:f1:7d:47:be:33:c8:d6:88:52:e5:41:f8:88:c3:76:71:
b5:ff:e3:43:25:ad:19:81:5c:e5:70:3b:3b:71:7e:a2:d4:41:
e6:24:10:0a:6e:b0:79:ab:9b:67:bc:48:47:c6:ae:a2:8d:ee:
4b:56:b6:95:3a:d0:1e:7e:1d:ad:27:e5:5a:39:f1:37:02:87:
89:19:63:5f:31:8f:66:bf:09:4b:98:ab:fe:a9:b9:e7:90:ca:
d0:56:f7:de
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZa6pX/1JFv/8P0FirdhNztzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwNTEwMTQ0MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDE3NGY5M2M4YWFhZTI1NDg0MzRjMmZiOTI3MjBiNTc1M2VlODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1+ZGumdEyKfG48nNXt54ygtsXoQ
urvzEAD/qkl6wicmOkqqVs5bm2kXtkANHthu63kn9cT0Cmu00rdW1DVW55mMIVBd
m1HBtui8pKHsmqgFyCGENOr9Mabwo9mzlpF5jJGg52WWwtlrT8vimSDDmh43J5Qs
58aNHdJHcKhVnKEczsHUUA9ffZXn+igce/kyDD2WUy0XsHzaaKKoaAkSk3rtx4h5
PztjhhvovdxHK6FVgBn6wtftSSTqd6gVqwhRXxhK/Y5OJYYmlpZ+2Qw+ozVGWLAb
pWvVdG0ZR0tEXAF7Q8JmPEn71d2jHFW3n8bEy6iM+VH8bkA8OlruJPEAyQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDAXT5PIqq4lSENML7knILV1Puh4MB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvTUJkUGs4aXFyaVZJUTB3dnVTY2d0WFUtNkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAbewxAwQA
bewzAwQAuVYGAwQBuf4cAwQBwSOYMA0GCSqGSIb3DQEBCwUAA4IBAQCPG5Ki2d6l
NOkm1NFbUIFz1WR7hJEGjdqP/LjYQKgaRtVohx6xpB5pzSg+vpqshjUr+ipAZojB
H9ioUbldEnHNtbv1uaV1BC5HAewRMg3tnbmjIfMzFS5h12NoOcPosAM2uUSP5V9m
SWoJy8uilb1XlaFfFyG2WjbW6bglRiarQ8G1YNadhhvQc0oI3ZJg4tkIJVRxJOQH
O/jOPQBuoIwzjShH/fF9R74zyNaIUuVB+IjDdnG1/+NDJa0ZgVzlcDs7cX6i1EHm
JBAKbrB5q5tnvEhHxq6ije5LVraVOtAefh2tJ+VaOfE3AoeJGWNfMY9mvwlLmKv+
qbnnkMrQVvfe
-----END CERTIFICATE-----
Generated at Mon Jun 9 23:47:36 2025 by rpki-client