Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/XHHIwGv1LPDxf27el_4IYe88fus.roa
File: XHHIwGv1LPDxf27el_4IYe88fus.roa (raw, json)
Hash identifier: ZDr6SgDPoEnxDd/UuxAgi7KJXsne3i4AZ6LOsBx2Si0=
Subject key identifier: 5C:71:C8:C0:6B:F5:2C:F0:F1:7F:6E:DE:97:FE:08:61:EF:3C:7E:EB
Certificate issuer: /CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Certificate serial: 0197F41E30EE95739A661A97370E89F0693D
Authority key identifier: 74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/XHHIwGv1LPDxf27el_4IYe88fus.roa
Signing time: Thu 10 Jul 2025 11:35:08 +0000
ROA not before: Thu 10 Jul 2025 11:35:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210318
IP address blocks: 94.156.75.0/24 maxlen: 24
185.37.232.0/24 maxlen: 24
185.37.232.16/32 maxlen: 32
185.37.232.26/32 maxlen: 32
185.37.232.29/32 maxlen: 32
185.37.232.252/32 maxlen: 32
185.37.233.0/24 maxlen: 24
185.37.234.0/24 maxlen: 24
185.37.235.0/24 maxlen: 24
185.37.235.2/32 maxlen: 32
194.55.187.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 11 Jul 2025 11:08:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:f4:1e:30:ee:95:73:9a:66:1a:97:37:0e:89:f0:69:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=74a59b7fb4e034f67775f2875efbfc9eff247e8e
Validity
Not Before: Jul 10 11:35:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5c71c8c06bf52cf0f17f6ede97fe0861ef3c7eeb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:bc:15:7a:16:29:e9:91:51:a7:c2:b0:55:4a:
94:81:fe:41:54:4c:9a:b7:47:67:04:7d:d8:7b:7e:
48:73:0d:93:fc:19:61:c8:27:90:39:48:85:1c:58:
c3:39:ed:75:76:92:06:99:a3:fd:93:68:e8:0b:f2:
4a:fd:3a:55:1b:99:e2:af:9a:4e:9e:e8:36:a5:57:
b6:55:40:96:89:4a:92:3c:14:92:4e:12:16:08:4d:
fd:d4:13:8f:8e:cf:f5:bf:8f:40:88:a1:50:57:6e:
d4:ac:c3:ea:36:2e:01:62:d3:71:67:75:6f:ba:a6:
d1:38:e4:f9:2a:a5:dc:b1:4f:e3:e7:0c:0d:87:f9:
6e:0d:b5:20:9e:14:6d:4e:09:93:0f:3a:23:ed:cf:
20:4a:ac:a8:f7:54:27:b6:0f:76:f9:7c:a0:25:59:
07:aa:61:cc:19:d2:67:e4:66:9d:cc:4f:85:f4:39:
27:51:52:c8:b9:aa:7a:a8:93:7b:2f:8b:5f:48:b6:
66:43:be:65:00:07:5a:3b:95:46:ae:2f:ae:ed:b5:
59:c3:93:e1:58:aa:e7:7a:ed:b1:f8:66:33:b3:dc:
4c:8a:32:47:66:01:70:95:11:96:cd:eb:d5:0e:5f:
cf:29:2d:96:62:19:2d:df:4b:88:29:06:72:16:63:
34:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:71:C8:C0:6B:F5:2C:F0:F1:7F:6E:DE:97:FE:08:61:EF:3C:7E:EB
X509v3 Authority Key Identifier:
keyid:74:A5:9B:7F:B4:E0:34:F6:77:75:F2:87:5E:FB:FC:9E:FF:24:7E:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/XHHIwGv1LPDxf27el_4IYe88fus.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/2b195e-0aba-47d4-8e3b-ad32ef49d419/1/dKWbf7TgNPZ3dfKHXvv8nv8kfo4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.75.0/24
185.37.232.0/22
194.55.187.0/24
Signature Algorithm: sha256WithRSAEncryption
97:75:ea:70:b3:af:87:6c:cb:59:25:c0:b9:dd:d7:bd:21:f5:
4e:04:c9:ab:55:63:6a:d2:5c:fa:46:e4:c2:e9:a2:ba:b9:45:
74:b1:3e:6e:e9:15:64:d9:80:87:b7:22:98:20:99:ac:16:76:
c5:54:99:2b:00:1b:ed:17:89:3f:46:b9:e5:8d:21:f9:73:19:
ee:c1:a0:a6:ab:9b:63:eb:1b:d2:e8:64:c3:0b:45:af:98:e4:
6a:51:f3:c8:08:8b:c7:0f:33:8b:8e:bc:29:3f:7c:35:c7:fc:
46:b8:f8:b7:f1:be:ad:31:b2:cf:23:2a:03:0d:57:e5:47:ba:
4f:21:56:21:e3:0e:56:43:98:52:2b:e3:c8:a7:8b:25:93:b3:
3f:2c:ee:a2:58:91:c6:33:db:2c:c9:96:24:47:c3:3b:ce:39:
4f:cb:4b:4a:5d:82:93:81:21:6f:6f:82:c3:87:dc:ed:14:32:
0b:9e:a3:45:94:28:e3:43:a2:a8:b4:b1:a8:79:c3:30:bb:10:
74:81:08:aa:6b:e9:34:c9:be:0a:78:dc:27:9c:ec:c5:d1:e7:
54:a9:d0:69:11:9c:4c:4d:3d:18:a5:e8:d3:ea:bf:9f:7a:00:
5d:b5:30:b6:ec:58:81:ba:9d:0a:14:7d:39:13:2f:3d:42:e2:
c0:13:5a:29
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZf0HjDulXOaZhqXNw6J8Gk9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YTU5YjdmYjRlMDM0ZjY3Nzc1ZjI4NzVlZmJmYzllZmYy
NDdlOGUwHhcNMjUwNzEwMTEzNTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzcxYzhjMDZiZjUyY2YwZjE3ZjZlZGU5N2ZlMDg2MWVmM2M3ZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7wVehYp6ZFRp8KwVUqUgf5BVEya
t0dnBH3Ye35Icw2T/BlhyCeQOUiFHFjDOe11dpIGmaP9k2joC/JK/TpVG5nir5pO
nug2pVe2VUCWiUqSPBSSThIWCE391BOPjs/1v49AiKFQV27UrMPqNi4BYtNxZ3Vv
uqbROOT5KqXcsU/j5wwNh/luDbUgnhRtTgmTDzoj7c8gSqyo91Qntg92+XygJVkH
qmHMGdJn5GadzE+F9DknUVLIuap6qJN7L4tfSLZmQ75lAAdaO5VGri+u7bVZw5Ph
WKrneu2x+GYzs9xMijJHZgFwlRGWzevVDl/PKS2WYhkt30uIKQZyFmM0lwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFxxyMBr9Szw8X9u3pf+CGHvPH7rMB8GA1UdIwQY
MBaAFHSlm3+04DT2d3Xyh177/J7/JH6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2It
YWQzMmVmNDlkNDE5LzEvWEhISXdHdjFMUER4ZjI3ZWxfNElZZTg4ZnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8yYjE5NWUtMGFiYS00N2Q0LThlM2ItYWQzMmVmNDlkNDE5
LzEvZEtXYmY3VGdOUFozZGZLSFh2djhudjhrZm80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXpxLAwQC
uSXoAwQAwje7MA0GCSqGSIb3DQEBCwUAA4IBAQCXdepws6+HbMtZJcC53de9IfVO
BMmrVWNq0lz6RuTC6aK6uUV0sT5u6RVk2YCHtyKYIJmsFnbFVJkrABvtF4k/Rrnl
jSH5cxnuwaCmq5tj6xvS6GTDC0WvmORqUfPICIvHDzOLjrwpP3w1x/xGuPi38b6t
MbLPIyoDDVflR7pPIVYh4w5WQ5hSK+PIp4slk7M/LO6iWJHGM9ssyZYkR8M7zjlP
y0tKXYKTgSFvb4LDh9ztFDILnqNFlCjjQ6KotLGoecMwuxB0gQiqa+k0yb4KeNwn
nOzF0edUqdBpEZxMTT0YpejT6r+fegBdtTC27FiBup0KFH05Ey89QuLAE1op
-----END CERTIFICATE-----
Generated at Sun Jul 27 07:49:28 2025 by rpki-client