Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/3dKQNPDvvN00qO1tRlSr4MyUOB4.roa
File: 3dKQNPDvvN00qO1tRlSr4MyUOB4.roa (raw, json)
Hash identifier: iz8nff4Aa3qPH9324bZ404WJLkcPwJUUdmSoh4C1i6I=
Subject key identifier: DD:D2:90:34:F0:EF:BC:DD:34:A8:ED:6D:46:54:AB:E0:CC:94:38:1E
Certificate issuer: /CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Certificate serial: 0197DC6B7C92D023755F67DAEAEAC003CDD6
Authority key identifier: 74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/3dKQNPDvvN00qO1tRlSr4MyUOB4.roa
Signing time: Sat 05 Jul 2025 21:08:41 +0000
ROA not before: Sat 05 Jul 2025 21:08:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210318
IP address blocks: 94.156.75.0/24 maxlen: 24
185.37.232.0/24 maxlen: 24
185.37.232.26/32 maxlen: 32
185.37.232.29/32 maxlen: 32
185.37.232.252/32 maxlen: 32
185.37.233.0/24 maxlen: 24
185.37.234.0/24 maxlen: 24
185.37.235.0/24 maxlen: 24
185.37.235.2/32 maxlen: 32
194.55.187.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 10 Jul 2025 11:35:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:dc:6b:7c:92:d0:23:75:5f:67:da:ea:ea:c0:03:cd:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Validity
Not Before: Jul 5 21:08:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddd29034f0efbcdd34a8ed6d4654abe0cc94381e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:70:8f:4f:1a:07:55:c2:95:3e:89:02:3f:90:
e7:28:04:71:76:64:26:16:96:7a:64:2b:85:d5:16:
21:68:93:eb:c8:9c:03:ee:4f:9e:ea:49:0b:8e:e0:
e2:31:c3:05:77:15:70:a0:ca:bb:00:52:95:e2:d0:
4b:6a:73:b4:8b:b9:f9:71:80:1e:5e:65:85:c4:f4:
c6:76:cc:1f:01:87:5f:80:7f:c2:66:b8:73:29:ea:
4f:72:39:23:ab:ab:20:19:a6:42:a5:57:12:f2:57:
51:6d:23:bd:bd:2b:3a:fe:72:40:2a:e7:37:bb:8e:
ea:25:41:1b:c2:02:ee:1c:60:78:19:7e:d7:b1:d0:
3b:00:f9:51:87:dc:b6:ab:9d:db:b1:d4:ba:a0:56:
12:ef:96:33:9e:93:da:f0:db:78:f1:9f:f9:01:c3:
ca:c3:bd:4c:9e:bc:6a:1b:9f:5f:4b:b3:c1:96:87:
1d:43:58:ca:16:a4:d4:12:43:13:c7:71:4e:35:65:
6f:e9:1d:54:71:ed:24:f6:3c:3f:1c:0b:38:f1:62:
b0:4e:af:7f:a7:86:92:fb:d8:21:07:ea:be:67:65:
77:92:a4:b7:88:d2:7a:f0:45:09:92:ef:73:10:63:
64:30:55:f1:51:07:24:74:34:35:9e:c3:e1:f7:ab:
cc:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:D2:90:34:F0:EF:BC:DD:34:A8:ED:6D:46:54:AB:E0:CC:94:38:1E
X509v3 Authority Key Identifier:
keyid:74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/3dKQNPDvvN00qO1tRlSr4MyUOB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.75.0/24
185.37.232.0/22
194.55.187.0/24
Signature Algorithm: sha256WithRSAEncryption
72:11:41:3a:37:12:55:ee:6d:b4:4e:fd:3b:b2:55:dc:c9:25:
4f:d1:da:a7:83:cb:8c:14:17:a4:34:8d:28:ce:b5:5f:bc:25:
9c:ea:f0:bb:9a:ef:03:c9:7a:11:81:f2:d2:b6:85:44:e2:c3:
0c:63:ff:b7:fa:3f:fc:de:b0:00:ac:f7:67:77:93:4d:99:e7:
27:52:e2:ab:a8:86:0b:3c:e0:72:ea:7d:66:a4:f2:a6:e4:03:
57:ad:0e:f6:e4:6d:64:48:bd:02:64:3d:9c:9c:ba:30:a4:08:
6e:28:eb:9d:00:8e:d6:97:e9:7f:7d:2d:49:85:af:7a:49:18:
81:7d:0e:c6:d7:47:6f:b3:86:f4:e5:f8:f5:7a:9f:b8:e5:73:
36:07:b0:da:d2:7f:13:bd:4a:15:84:ac:9d:bf:98:2c:54:51:
05:f0:88:cc:de:df:6c:63:7b:7a:60:99:a8:99:c5:25:0d:85:
06:08:2f:e1:a8:c8:60:fe:30:63:94:15:79:30:f8:ad:dd:9e:
ae:10:1a:28:8a:44:0b:93:8d:88:09:31:09:99:a6:be:03:a2:
5d:3c:6d:48:bd:6a:9c:1b:ab:93:b0:7a:58:d1:99:4b:7b:b4:
58:ea:d6:80:ea:3f:82:8a:4b:9f:c1:77:37:25:21:a2:30:aa:
85:b6:18:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZfca3yS0CN1X2fa6urAA83WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YTU5YjdmYjRlMDM0ZjY3Nzc1ZjI4NzVlZmJmYzllZmYy
NDdlOGUwHhcNMjUwNzA1MjEwODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQyOTAzNGYwZWZiY2RkMzRhOGVkNmQ0NjU0YWJlMGNjOTQzODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnCPTxoHVcKVPokCP5DnKARxdmQm
FpZ6ZCuF1RYhaJPryJwD7k+e6kkLjuDiMcMFdxVwoMq7AFKV4tBLanO0i7n5cYAe
XmWFxPTGdswfAYdfgH/CZrhzKepPcjkjq6sgGaZCpVcS8ldRbSO9vSs6/nJAKuc3
u47qJUEbwgLuHGB4GX7XsdA7APlRh9y2q53bsdS6oFYS75YznpPa8Nt48Z/5AcPK
w71MnrxqG59fS7PBlocdQ1jKFqTUEkMTx3FONWVv6R1Uce0k9jw/HAs48WKwTq9/
p4aS+9ghB+q+Z2V3kqS3iNJ68EUJku9zEGNkMFXxUQckdDQ1nsPh96vM0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN3SkDTw77zdNKjtbUZUq+DMlDgeMB8GA1UdIwQY
MBaAFHSlm3+04DT2d3Xyh177/J7/JH6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2It
YWQzMmVmNDlkNDE5LzEvM2RLUU5QRHZ2TjAwcU8xdFJsU3I0TXlVT0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2ItYWQzMmVmNDlkNDE5
LzEvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpxLAwQC
uSXoAwQAwje7MA0GCSqGSIb3DQEBCwUAA4IBAQByEUE6NxJV7m20Tv07slXcySVP
0dqng8uMFBekNI0ozrVfvCWc6vC7mu8DyXoRgfLStoVE4sMMY/+3+j/83rAArPdn
d5NNmecnUuKrqIYLPOBy6n1mpPKm5ANXrQ725G1kSL0CZD2cnLowpAhuKOudAI7W
l+l/fS1Jha96SRiBfQ7G10dvs4b05fj1ep+45XM2B7Da0n8TvUoVhKydv5gsVFEF
8IjM3t9sY3t6YJmomcUlDYUGCC/hqMhg/jBjlBV5MPit3Z6uEBooikQLk42ICTEJ
maa+A6JdPG1IvWqcG6uTsHpY0ZlLe7RY6taA6j+CikufwXc3JSGiMKqFthgZ
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:54:03 2025 by rpki-client