Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IvCJfdUrEhotNGEoxp4IJYfpRlM.roa
File: IvCJfdUrEhotNGEoxp4IJYfpRlM.roa (raw, json)
Hash identifier: 5qzXADyHgjKKRqlwaNbINeCRzBejQ5UHBUwGZQOSY/E=
Subject key identifier: 22:F0:89:7D:D5:2B:12:1A:2D:34:61:28:C6:9E:08:25:87:E9:46:53
Certificate issuer: /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial: 0198B33CD2F1E5CD783643F66997FE0CDAE6
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IvCJfdUrEhotNGEoxp4IJYfpRlM.roa
Signing time: Sat 16 Aug 2025 14:16:04 +0000
ROA not before: Sat 16 Aug 2025 14:16:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398704
IP address blocks: 159.197.200.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 20 Aug 2025 16:24:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:b3:3c:d2:f1:e5:cd:78:36:43:f6:69:97:fe:0c:da:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Validity
Not Before: Aug 16 14:16:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=22f0897dd52b121a2d346128c69e082587e94653
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:77:c5:ad:5d:d3:ac:f2:8d:7c:15:3e:b3:6e:
b8:a6:a0:b8:e6:10:79:d0:92:28:f4:4f:87:a1:da:
9c:92:2e:91:ac:52:80:f8:03:2a:80:76:d2:39:44:
a2:23:44:ab:62:ba:e6:68:bf:f6:c1:65:99:5a:a8:
35:7c:ed:ba:13:ed:60:02:18:b2:c8:af:4b:d3:ef:
c5:e7:28:90:54:39:e2:64:5a:e3:b9:4a:0e:48:ad:
f6:d1:9d:73:12:19:d5:12:88:b4:08:7d:80:1a:72:
94:1f:36:98:09:6e:96:19:b9:7a:ab:ed:69:8b:bd:
81:83:26:23:dc:ae:ee:fe:c4:c0:3f:83:91:91:0b:
ca:c0:55:d7:87:d2:8d:a1:25:0b:bc:b1:9d:5b:ea:
97:76:b7:ea:8d:29:23:4c:b6:95:45:0a:de:f3:c0:
9f:dc:31:f5:e0:b1:a2:9b:62:f7:8b:e9:ef:60:d7:
c3:3d:c6:eb:43:14:03:90:0d:2f:18:be:17:f1:de:
9d:ac:79:2a:c4:74:b8:a4:b6:63:9c:6f:d9:28:78:
bf:ef:27:88:ea:88:1f:40:be:b9:bc:11:c5:c1:82:
11:f1:3e:ee:e9:45:0a:bd:81:d1:7a:16:bb:9a:eb:
89:30:18:e5:57:4c:1d:e1:47:ec:0a:ea:6d:3c:2f:
e4:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:F0:89:7D:D5:2B:12:1A:2D:34:61:28:C6:9E:08:25:87:E9:46:53
X509v3 Authority Key Identifier:
keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/IvCJfdUrEhotNGEoxp4IJYfpRlM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.197.200.0/24
Signature Algorithm: sha256WithRSAEncryption
2b:c2:f8:61:c4:e4:48:64:6b:02:f1:db:22:ed:78:87:04:0e:
ee:30:f7:1f:9c:e0:70:31:28:30:e8:05:23:b0:ea:9c:a8:9e:
47:6e:8f:1e:7d:38:ef:cb:ed:78:6c:7c:6b:a1:c6:2f:44:db:
96:3c:59:47:4f:e0:b7:0f:04:1b:55:6d:2c:88:14:a3:a4:35:
46:87:30:73:d3:cd:56:b6:ae:e5:43:dc:b0:fe:f5:25:79:57:
50:9c:55:ad:bc:9b:56:d0:5b:06:a0:b3:5c:ac:b2:47:fc:fe:
d8:88:7d:de:a4:e0:5d:0a:3f:4a:0a:85:ba:96:7e:38:2d:ff:
7c:e2:0f:be:23:aa:db:0a:c0:e3:d2:67:d3:7b:69:b3:88:2a:
09:09:12:af:18:91:52:2f:5c:ed:ee:6a:fc:3e:b4:38:43:00:
81:7f:d2:06:a6:ac:d7:76:5e:df:dd:72:ff:38:8f:cb:24:ef:
c4:08:44:99:35:06:9d:e8:f9:79:80:91:2e:7d:c4:96:34:ff:
53:62:02:16:a2:29:41:b2:3b:2f:83:80:a4:9d:a2:a8:bd:57:
b8:8d:81:93:d5:76:84:9f:05:d1:22:9c:cf:e2:85:64:a6:bf:
6f:87:61:57:65:22:09:e7:2a:af:8e:94:08:8b:c5:00:e2:d1:
42:1b:67:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizPNLx5c14NkP2aZf+DNrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjUwODE2MTQxNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmYwODk3ZGQ1MmIxMjFhMmQzNDYxMjhjNjllMDgyNTg3ZTk0NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23fFrV3TrPKNfBU+s264pqC45hB5
0JIo9E+Hodqcki6RrFKA+AMqgHbSOUSiI0SrYrrmaL/2wWWZWqg1fO26E+1gAhiy
yK9L0+/F5yiQVDniZFrjuUoOSK320Z1zEhnVEoi0CH2AGnKUHzaYCW6WGbl6q+1p
i72BgyYj3K7u/sTAP4ORkQvKwFXXh9KNoSULvLGdW+qXdrfqjSkjTLaVRQre88Cf
3DH14LGim2L3i+nvYNfDPcbrQxQDkA0vGL4X8d6drHkqxHS4pLZjnG/ZKHi/7yeI
6ogfQL65vBHFwYIR8T7u6UUKvYHReha7muuJMBjlV0wd4UfsCuptPC/k2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLwiX3VKxIaLTRhKMaeCCWH6UZTMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvSXZDSmZkVXJFaG90TkdFb3hwNElKWWZwUmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn8XIMA0G
CSqGSIb3DQEBCwUAA4IBAQArwvhhxORIZGsC8dsi7XiHBA7uMPcfnOBwMSgw6AUj
sOqcqJ5Hbo8efTjvy+14bHxrocYvRNuWPFlHT+C3DwQbVW0siBSjpDVGhzBz081W
tq7lQ9yw/vUleVdQnFWtvJtW0FsGoLNcrLJH/P7YiH3epOBdCj9KCoW6ln44Lf98
4g++I6rbCsDj0mfTe2mziCoJCRKvGJFSL1zt7mr8PrQ4QwCBf9IGpqzXdl7f3XL/
OI/LJO/ECESZNQad6Pl5gJEufcSWNP9TYgIWoilBsjsvg4CknaKovVe4jYGT1XaE
nwXRIpzP4oVkpr9vh2FXZSIJ5yqvjpQIi8UA4tFCG2cX
-----END CERTIFICATE-----
Generated at Wed Aug 20 21:22:19 2025 by rpki-client