Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/6IjKQgSBEd94MpB66TvdcvUaaqM.roa
File: 6IjKQgSBEd94MpB66TvdcvUaaqM.roa (raw, json)
Hash identifier: axwNS/6BKsc/dqrCIZbGXQYatqwImpIL7hnmJPUEgTk=
Subject key identifier: E8:88:CA:42:04:81:11:DF:78:32:90:7A:E9:3B:DD:72:F5:1A:6A:A3
Certificate issuer: /CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Certificate serial: 01971734F16E8B5AA3A555FA3D465AA4E4A2
Authority key identifier: 83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/6IjKQgSBEd94MpB66TvdcvUaaqM.roa
Signing time: Wed 28 May 2025 14:03:55 +0000
ROA not before: Wed 28 May 2025 14:03:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39150
IP address blocks: 91.196.136.0/24 maxlen: 24
91.196.137.0/24 maxlen: 24
91.196.138.0/24 maxlen: 24
91.196.139.0/24 maxlen: 24
93.179.120.0/24 maxlen: 24
95.85.83.128/25 maxlen: 25
95.181.213.0/24 maxlen: 24
109.196.133.0/24 maxlen: 24
195.182.8.0/24 maxlen: 24
2a04:8680::/32 maxlen: 32
2a04:8681::/32 maxlen: 32
2a09:d5c0::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 30 May 2025 10:01:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:17:34:f1:6e:8b:5a:a3:a5:55:fa:3d:46:5a:a4:e4:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8338ef41b2c0105a91ccbb9c89337faeb129ff84
Validity
Not Before: May 28 14:03:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e888ca42048111df7832907ae93bdd72f51a6aa3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:99:74:6c:27:47:40:58:3a:50:aa:a8:e0:c0:
20:85:f2:41:e3:cc:11:b5:8e:9c:d3:41:c4:a1:86:
a4:56:1a:c1:29:4a:93:38:ed:0a:63:ae:4a:68:63:
29:e1:ad:0d:02:df:74:c0:7d:c4:8b:59:41:65:8f:
10:8d:b1:93:94:c3:b9:b3:2d:30:87:d8:91:db:62:
cf:94:91:d8:08:6e:3e:97:04:e1:5d:32:84:3f:65:
96:de:80:69:b6:77:12:91:25:ed:24:9c:b0:ce:ab:
1f:cc:49:27:2b:e5:39:a8:d1:63:b1:71:6f:94:6f:
4b:9d:f6:40:27:de:0a:01:54:a5:c8:5d:d2:e3:e1:
2a:e2:5b:74:c2:cb:6a:1a:66:32:df:1b:b1:b8:1a:
4e:cb:38:4d:79:de:28:5f:4b:5e:40:f2:69:29:97:
17:46:e1:6a:82:1f:42:20:ae:c1:f1:99:f5:97:6e:
cc:4e:8d:20:79:08:1b:ea:1f:ab:4a:bb:37:17:48:
d4:6d:21:f2:6f:fc:82:0b:66:4a:a0:84:51:07:cf:
92:62:74:fc:d0:49:b7:27:fa:19:9e:c7:55:d1:63:
31:69:aa:ba:ee:29:55:96:a3:18:86:6b:e9:71:3c:
ed:b4:f9:da:8e:97:86:c0:9a:66:f2:fa:c8:be:c0:
5e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:88:CA:42:04:81:11:DF:78:32:90:7A:E9:3B:DD:72:F5:1A:6A:A3
X509v3 Authority Key Identifier:
keyid:83:38:EF:41:B2:C0:10:5A:91:CC:BB:9C:89:33:7F:AE:B1:29:FF:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gzjvQbLAEFqRzLuciTN_rrEp_4Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/6IjKQgSBEd94MpB66TvdcvUaaqM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/40d996-a2cd-41f1-a738-28fc77967763/1/gzjvQbLAEFqRzLuciTN_rrEp_4Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.196.136.0/22
93.179.120.0/24
95.85.83.128/25
95.181.213.0/24
109.196.133.0/24
195.182.8.0/24
IPv6:
2a04:8680::/31
2a09:d5c0::/32
Signature Algorithm: sha256WithRSAEncryption
c1:33:a1:97:1d:e1:95:33:71:b5:97:2f:7c:79:72:2e:93:e3:
52:5a:0e:2b:8b:18:94:8d:03:47:3f:62:79:bf:59:f4:b8:a8:
bd:d1:7d:b5:68:cf:15:f4:50:18:49:e3:97:dd:84:c6:69:06:
94:b3:f3:df:25:6d:12:71:cc:00:22:8a:07:05:7a:1f:e5:ee:
0b:df:25:79:1b:46:3e:0b:ad:1e:d6:ae:8b:37:62:c0:e5:64:
12:b6:84:e9:79:ca:ed:3c:4c:83:dd:66:ae:c1:98:cc:31:16:
94:c0:64:81:cd:53:16:56:94:5f:07:0e:26:e7:de:45:06:04:
56:8e:c0:5c:59:ca:6f:e5:2c:b0:bc:25:fa:f6:d8:8d:d5:fd:
27:f5:1f:85:2b:56:52:f9:2f:b9:29:c8:22:d9:23:8e:c1:bd:
1c:b3:6a:82:63:c6:03:7b:96:8b:78:02:09:bf:d6:8f:14:65:
17:0b:06:10:df:40:38:30:52:e1:58:96:6f:70:fe:45:8a:09:
bd:b7:b6:0e:8c:43:ce:b7:6d:ee:4b:c6:46:55:b6:eb:de:81:
b6:4a:b2:d7:81:29:40:5b:fa:e0:87:98:88:ec:6c:e5:c6:2f:
78:eb:94:ed:de:f1:a8:d0:f8:de:a4:79:b7:c5:50:fe:c3:69:
fb:4e:04:e4
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZcXNPFui1qjpVX6PUZapOSiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMzhlZjQxYjJjMDEwNWE5MWNjYmI5Yzg5MzM3ZmFlYjEy
OWZmODQwHhcNMjUwNTI4MTQwMzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODg4Y2E0MjA0ODExMWRmNzgzMjkwN2FlOTNiZGQ3MmY1MWE2YWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJl0bCdHQFg6UKqo4MAghfJB48wR
tY6c00HEoYakVhrBKUqTOO0KY65KaGMp4a0NAt90wH3Ei1lBZY8QjbGTlMO5sy0w
h9iR22LPlJHYCG4+lwThXTKEP2WW3oBptncSkSXtJJywzqsfzEknK+U5qNFjsXFv
lG9LnfZAJ94KAVSlyF3S4+Eq4lt0wstqGmYy3xuxuBpOyzhNed4oX0teQPJpKZcX
RuFqgh9CIK7B8Zn1l27MTo0geQgb6h+rSrs3F0jUbSHyb/yCC2ZKoIRRB8+SYnT8
0Em3J/oZnsdV0WMxaaq67ilVlqMYhmvpcTzttPnajpeGwJpm8vrIvsBetQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFOiIykIEgRHfeDKQeuk73XL1GmqjMB8GA1UdIwQY
MBaAFIM470GywBBakcy7nIkzf66xKf+EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3Mzgt
MjhmYzc3OTY3NzYzLzEvNklqS1FnU0JFZDk0TXBCNjZUdmRjdlVhYXFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80MGQ5OTYtYTJjZC00MWYxLWE3MzgtMjhmYzc3OTY3NzYz
LzEvZ3pqdlFiTEFFRnFSekx1Y2lUTl9yckVwXzRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzArBAIAATAlAwQCW8SIAwQA
XbN4AwUHX1VTgAMEAF+11QMEAG3EhQMEAMO2CDAUBAIAAjAOAwUBKgSGgAMFACoJ
1cAwDQYJKoZIhvcNAQELBQADggEBAMEzoZcd4ZUzcbWXL3x5ci6T41JaDiuLGJSN
A0c/Ynm/WfS4qL3RfbVozxX0UBhJ45fdhMZpBpSz898lbRJxzAAiigcFeh/l7gvf
JXkbRj4LrR7Wros3YsDlZBK2hOl5yu08TIPdZq7BmMwxFpTAZIHNUxZWlF8HDibn
3kUGBFaOwFxZym/lLLC8Jfr22I3V/Sf1H4UrVlL5L7kpyCLZI47BvRyzaoJjxgN7
lot4Agm/1o8UZRcLBhDfQDgwUuFYlm9w/kWKCb23tg6MQ863be5LxkZVtuvegbZK
steBKUBb+uCHmIjsbOXGL3jrlO3e8ajQ+N6kebfFUP7DaftOBOQ=
-----END CERTIFICATE-----
Generated at Mon Jun 9 11:55:52 2025 by rpki-client