Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/ceba5c-e9d9-4e91-babc-67282d7138a0/1/3XriD2B_eG5SYT3TE4UhvtDzQXo.roa
File: 3XriD2B_eG5SYT3TE4UhvtDzQXo.roa (raw, json)
Hash identifier: Z2Bj73GCY//rR/Nfd5IsD3SupmdJH330CZDxdRShBHY=
Subject key identifier: DD:7A:E2:0F:60:7F:78:6E:52:61:3D:D3:13:85:21:BE:D0:F3:41:7A
Certificate issuer: /CN=a538bb0c2b41efa8c3b02064ebc52fba92c23626
Certificate serial: 01958B2988D510A48DF5133EDD7BCBCB1DA0
Authority key identifier: A5:38:BB:0C:2B:41:EF:A8:C3:B0:20:64:EB:C5:2F:BA:92:C2:36:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pTi7DCtB76jDsCBk68UvupLCNiY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/ceba5c-e9d9-4e91-babc-67282d7138a0/1/3XriD2B_eG5SYT3TE4UhvtDzQXo.roa
Signing time: Wed 12 Mar 2025 16:21:49 +0000
ROA not before: Wed 12 Mar 2025 16:21:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199927
IP address blocks: 185.251.236.0/22 maxlen: 24
Validation: Failed, certificate revoked on Thu 13 Mar 2025 12:02:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:8b:29:88:d5:10:a4:8d:f5:13:3e:dd:7b:cb:cb:1d:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a538bb0c2b41efa8c3b02064ebc52fba92c23626
Validity
Not Before: Mar 12 16:21:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd7ae20f607f786e52613dd3138521bed0f3417a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:e4:00:02:a4:34:ef:f9:6a:8d:d6:fd:ac:98:
95:59:b8:8c:d5:b8:6a:d2:aa:df:e8:9f:a6:e6:9b:
b2:6f:dc:db:85:cb:b0:be:bd:0b:05:7b:df:92:b9:
63:d3:46:83:af:70:71:34:94:f4:15:62:9d:d3:f7:
97:fd:64:05:0c:2a:30:14:7a:ff:85:3b:61:04:4d:
88:3e:23:e1:75:7b:cf:d8:6d:d8:94:1f:3d:c8:3b:
66:bb:a1:27:22:2d:8e:f3:41:46:ce:c0:34:86:a7:
3c:c3:b0:4d:49:ca:e8:02:d5:7c:5e:ab:67:ea:b9:
ed:b7:2c:1e:2b:0c:84:b9:98:08:df:10:2e:f4:30:
f6:8f:52:27:3b:12:73:a2:be:f8:31:56:fe:7d:05:
3d:42:a5:39:db:aa:a1:ca:4a:47:d1:40:10:ca:3a:
5c:34:70:0f:c7:4e:e9:ee:55:d1:0c:dd:87:ad:ad:
d2:54:e4:eb:1e:d2:cb:9d:7b:c4:7f:02:dd:90:a5:
27:ac:f2:54:ac:9c:f5:75:4b:14:d8:36:b5:19:48:
a1:e7:0b:37:77:3f:50:06:62:92:b1:fb:85:99:30:
11:8c:9c:02:98:ad:2e:9c:2b:75:32:73:02:94:35:
30:a7:11:a7:e9:24:00:9c:79:92:9e:36:d4:e5:98:
6c:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:7A:E2:0F:60:7F:78:6E:52:61:3D:D3:13:85:21:BE:D0:F3:41:7A
X509v3 Authority Key Identifier:
keyid:A5:38:BB:0C:2B:41:EF:A8:C3:B0:20:64:EB:C5:2F:BA:92:C2:36:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pTi7DCtB76jDsCBk68UvupLCNiY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/ceba5c-e9d9-4e91-babc-67282d7138a0/1/3XriD2B_eG5SYT3TE4UhvtDzQXo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/ceba5c-e9d9-4e91-babc-67282d7138a0/1/pTi7DCtB76jDsCBk68UvupLCNiY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.251.236.0/22
Signature Algorithm: sha256WithRSAEncryption
42:f0:95:a5:83:46:82:af:c0:a5:30:74:47:55:e8:3e:19:ea:
de:27:47:ff:e5:d1:8a:41:be:05:3d:b2:a4:18:aa:56:7b:56:
d3:98:a8:eb:5c:c9:0f:a6:e8:cc:a2:89:92:d5:03:61:e4:fa:
29:35:10:49:6e:d3:1d:d6:1a:e4:db:82:bd:5c:b0:0c:d3:a2:
4e:b1:e8:42:e5:ca:ee:e7:c5:00:09:22:19:78:3f:de:5a:b4:
04:ff:1a:ec:ac:52:eb:ed:a4:13:fe:08:d0:69:0a:b0:b9:90:
71:f4:cf:ad:dc:0b:38:dc:b1:eb:61:c9:1d:5e:17:a4:74:ae:
d9:ba:ac:f0:53:28:3b:b6:cc:b8:2c:30:83:7f:2f:47:f9:fd:
f4:95:96:5e:fb:2f:0a:5a:0f:39:38:5a:9b:fe:8f:31:9f:73:
06:92:5f:53:1c:1f:bc:e3:8e:29:c0:37:52:e9:8a:92:e1:15:
dc:a4:6b:8f:54:6f:ea:db:da:90:ad:e7:a4:7a:73:e1:25:5a:
96:ca:42:15:42:5f:4b:a8:53:64:58:94:d0:43:6d:80:07:9f:
bf:06:a0:34:05:f6:f4:c7:16:82:39:06:a9:e7:e6:5d:0c:42:
64:36:38:89:92:64:35:ff:9e:78:7d:59:6c:31:ea:8b:43:96:
8e:d9:e3:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWLKYjVEKSN9RM+3XvLyx2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MzhiYjBjMmI0MWVmYThjM2IwMjA2NGViYzUyZmJhOTJj
MjM2MjYwHhcNMjUwMzEyMTYyMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDdhZTIwZjYwN2Y3ODZlNTI2MTNkZDMxMzg1MjFiZWQwZjM0MTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOQAAqQ07/lqjdb9rJiVWbiM1bhq
0qrf6J+m5puyb9zbhcuwvr0LBXvfkrlj00aDr3BxNJT0FWKd0/eX/WQFDCowFHr/
hTthBE2IPiPhdXvP2G3YlB89yDtmu6EnIi2O80FGzsA0hqc8w7BNScroAtV8Xqtn
6rnttyweKwyEuZgI3xAu9DD2j1InOxJzor74MVb+fQU9QqU526qhykpH0UAQyjpc
NHAPx07p7lXRDN2Hra3SVOTrHtLLnXvEfwLdkKUnrPJUrJz1dUsU2Da1GUih5ws3
dz9QBmKSsfuFmTARjJwCmK0unCt1MnMClDUwpxGn6SQAnHmSnjbU5ZhsnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN164g9gf3huUmE90xOFIb7Q80F6MB8GA1UdIwQY
MBaAFKU4uwwrQe+ow7AgZOvFL7qSwjYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFRpN0RDdEI3NmpEc0NCazY4VXZ1cExDTmlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9jZWJhNWMtZTlkOS00ZTkxLWJhYmMt
NjcyODJkNzEzOGEwLzEvM1hyaUQyQl9lRzVTWVQzVEU0VWh2dER6UVhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9jZWJhNWMtZTlkOS00ZTkxLWJhYmMtNjcyODJkNzEzOGEw
LzEvcFRpN0RDdEI3NmpEc0NCazY4VXZ1cExDTmlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufvsMA0G
CSqGSIb3DQEBCwUAA4IBAQBC8JWlg0aCr8ClMHRHVeg+GereJ0f/5dGKQb4FPbKk
GKpWe1bTmKjrXMkPpujMoomS1QNh5PopNRBJbtMd1hrk24K9XLAM06JOsehC5cru
58UACSIZeD/eWrQE/xrsrFLr7aQT/gjQaQqwuZBx9M+t3As43LHrYckdXhekdK7Z
uqzwUyg7tsy4LDCDfy9H+f30lZZe+y8KWg85OFqb/o8xn3MGkl9THB+8444pwDdS
6YqS4RXcpGuPVG/q29qQreekenPhJVqWykIVQl9LqFNkWJTQQ22AB5+/BqA0Bfb0
xxaCOQap5+ZdDEJkNjiJkmQ1/554fVlsMeqLQ5aO2eOt
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:26:33 2025 by rpki-client