Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/dnVj30Qs2l5po4e26OBBB5zAAYk.roa
File: dnVj30Qs2l5po4e26OBBB5zAAYk.roa (raw, json)
Hash identifier: XG+Vyfw16BdactGVw4j8SXlOxFymY4+is022X4rRp/w=
Subject key identifier: 76:75:63:DF:44:2C:DA:5E:69:A3:87:B6:E8:E0:41:07:9C:C0:01:89
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 0196ADEFB6D6DE80F47731149A6EEEADB595
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/dnVj30Qs2l5po4e26OBBB5zAAYk.roa
Signing time: Thu 08 May 2025 03:28:10 +0000
ROA not before: Thu 08 May 2025 03:28:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197968
IP address blocks: 91.147.108.0/24 maxlen: 24
91.147.109.0/24 maxlen: 24
109.175.225.0/24 maxlen: 24
212.108.86.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 12 May 2025 10:16:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ad:ef:b6:d6:de:80:f4:77:31:14:9a:6e:ee:ad:b5:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: May 8 03:28:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=767563df442cda5e69a387b6e8e041079cc00189
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2c:07:93:16:92:85:ee:bb:a7:a6:5e:c2:65:
f5:fc:24:50:47:ff:90:9c:bc:6b:25:fd:3b:a7:fd:
c0:a4:8b:80:2d:a0:c3:2b:41:5a:ad:c2:1d:64:3c:
97:ef:84:b5:7a:9b:49:d5:d2:ea:6c:d2:86:c1:8b:
91:48:8f:9e:4d:0d:45:5f:3c:ba:c5:dd:bf:4f:c6:
bc:66:d5:35:b9:32:85:23:b8:c9:ed:87:2e:27:81:
76:db:78:2a:3c:d7:50:1c:90:a3:0e:c0:c1:81:b0:
57:54:22:9b:0f:ac:8d:6c:68:e9:70:4b:af:71:62:
ed:3f:8c:1d:aa:de:da:16:92:d0:5b:31:a8:d0:e0:
62:9a:6b:e0:aa:68:6b:44:eb:5c:c6:7c:2f:59:2e:
d4:c2:6e:2f:bd:a3:3c:bc:b8:8b:93:b2:d0:f5:4b:
82:e3:4e:d0:8b:6b:e6:c9:80:b8:00:0d:6e:e3:35:
81:94:12:f4:c2:77:3b:55:4a:04:cc:8b:da:0c:de:
a4:1b:44:3c:49:8b:ac:37:7b:81:6b:84:2e:36:68:
72:2c:70:db:ed:67:df:f9:55:35:a8:d8:14:55:bf:
6c:2e:63:c0:44:29:9f:2b:e8:5c:12:a7:4d:a2:98:
a2:67:67:02:2b:8b:36:d6:7d:85:e1:bc:76:97:0b:
c8:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:75:63:DF:44:2C:DA:5E:69:A3:87:B6:E8:E0:41:07:9C:C0:01:89
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/dnVj30Qs2l5po4e26OBBB5zAAYk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.147.108.0/23
109.175.225.0/24
212.108.86.0/24
Signature Algorithm: sha256WithRSAEncryption
d3:ba:6d:05:da:07:9e:50:37:43:61:1e:c3:02:0d:a4:f9:8a:
dd:7a:0c:3c:6e:09:5e:8e:59:23:9e:1f:da:41:b6:5e:ce:14:
f0:e4:0b:ee:a2:bc:3a:b5:2b:cd:35:bd:af:be:42:de:45:e2:
8a:77:e5:da:0c:ee:cd:ad:1d:cb:46:c7:73:9e:55:cd:35:4e:
67:34:34:a8:eb:ac:59:b6:c2:b0:59:bf:6a:4e:e7:98:34:ab:
58:44:86:c8:2a:b5:12:2b:f7:55:3b:26:26:44:37:b3:60:ae:
3f:b0:18:9d:57:39:a3:98:cc:d6:fb:00:bc:a2:54:54:97:7b:
ef:b9:c8:22:5c:55:0a:9d:d2:cd:91:4a:44:5e:20:c3:8a:6b:
24:20:f3:c0:51:bd:57:e7:c9:e8:fe:67:0d:1b:ec:24:00:3d:
cb:9a:84:25:85:80:ae:b5:0b:74:25:61:27:4f:a6:41:f1:9c:
19:55:eb:96:d5:46:26:4d:1e:83:5a:8c:e2:7f:e5:01:37:ae:
78:67:e4:70:71:95:e3:e1:96:41:c3:4b:6e:8d:25:5e:b6:76:
7c:ea:57:d6:b5:df:f1:e7:2f:44:6b:7e:6c:4d:a5:13:4f:a0:
77:1f:98:2d:81:fa:e9:16:03:15:24:1d:77:21:35:a3:76:0e:
23:1b:f2:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZat77bW3oD0dzEUmm7urbWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwNTA4MDMyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njc1NjNkZjQ0MmNkYTVlNjlhMzg3YjZlOGUwNDEwNzljYzAwMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCwHkxaShe67p6ZewmX1/CRQR/+Q
nLxrJf07p/3ApIuALaDDK0FarcIdZDyX74S1eptJ1dLqbNKGwYuRSI+eTQ1FXzy6
xd2/T8a8ZtU1uTKFI7jJ7YcuJ4F223gqPNdQHJCjDsDBgbBXVCKbD6yNbGjpcEuv
cWLtP4wdqt7aFpLQWzGo0OBimmvgqmhrROtcxnwvWS7Uwm4vvaM8vLiLk7LQ9UuC
407Qi2vmyYC4AA1u4zWBlBL0wnc7VUoEzIvaDN6kG0Q8SYusN3uBa4QuNmhyLHDb
7Wff+VU1qNgUVb9sLmPARCmfK+hcEqdNopiiZ2cCK4s21n2F4bx2lwvI+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHZ1Y99ELNpeaaOHtujgQQecwAGJMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvZG5WajMwUXMybDVwbzRlMjZPQkJCNXpBQVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW5NsAwQA
ba/hAwQA1GxWMA0GCSqGSIb3DQEBCwUAA4IBAQDTum0F2geeUDdDYR7DAg2k+Yrd
egw8bglejlkjnh/aQbZezhTw5Avuorw6tSvNNb2vvkLeReKKd+XaDO7NrR3LRsdz
nlXNNU5nNDSo66xZtsKwWb9qTueYNKtYRIbIKrUSK/dVOyYmRDezYK4/sBidVzmj
mMzW+wC8olRUl3vvucgiXFUKndLNkUpEXiDDimskIPPAUb1X58no/mcNG+wkAD3L
moQlhYCutQt0JWEnT6ZB8ZwZVeuW1UYmTR6DWozif+UBN654Z+RwcZXj4ZZBw0tu
jSVetnZ86lfWtd/x5y9Ea35sTaUTT6B3H5gtgfrpFgMVJB13ITWjdg4jG/Ku
-----END CERTIFICATE-----
Generated at Thu Jun 12 02:11:43 2025 by rpki-client