Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/AX_tfsbmZi2-w4xej0PCBmP-_gM.roa
File: AX_tfsbmZi2-w4xej0PCBmP-_gM.roa (raw, json)
Hash identifier: 0LCB1pwyVXn72huvFYl9TcqAYZPy3lJkq//sx3kY+j4=
Subject key identifier: 01:7F:ED:7E:C6:E6:66:2D:BE:C3:8C:5E:8F:43:C2:06:63:FE:FE:03
Certificate issuer: /CN=dc94bb69453f139a60029e22db0fb3424a906cee
Certificate serial: 0195899A5D2D01C0C45ABA162928F7850344
Authority key identifier: DC:94:BB:69:45:3F:13:9A:60:02:9E:22:DB:0F:B3:42:4A:90:6C:EE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/AX_tfsbmZi2-w4xej0PCBmP-_gM.roa
Signing time: Wed 12 Mar 2025 09:05:49 +0000
ROA not before: Wed 12 Mar 2025 09:05:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34661
IP address blocks: 91.200.248.0/22 maxlen: 24
94.45.60.0/22 maxlen: 24
193.43.224.0/22 maxlen: 24
Validation: Failed, certificate revoked on Mon 31 Mar 2025 11:16:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:89:9a:5d:2d:01:c0:c4:5a:ba:16:29:28:f7:85:03:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc94bb69453f139a60029e22db0fb3424a906cee
Validity
Not Before: Mar 12 09:05:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=017fed7ec6e6662dbec38c5e8f43c20663fefe03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:8d:da:48:2c:de:fc:b1:20:2d:4a:e5:df:ed:
c9:d7:7d:9e:da:a4:a4:b1:94:85:7b:08:1d:c2:db:
a4:db:d1:55:37:8d:87:3a:a4:47:15:21:31:44:18:
6f:49:65:73:b3:c8:ad:0b:20:e7:91:06:db:1b:f7:
86:dc:58:b4:77:91:b1:34:bc:a0:ec:8f:5a:1e:09:
9b:ce:87:f7:29:e1:1c:f4:f3:27:f1:e9:68:12:4c:
64:f0:98:02:67:a7:45:6f:8b:02:2c:98:54:54:78:
23:9e:df:2c:52:88:91:fd:1c:74:1d:8e:e1:d4:b7:
3b:35:56:1a:e2:7a:89:ed:3c:3e:13:6f:96:ec:8f:
ec:e4:7e:40:70:e5:2b:e3:a4:9c:0a:0d:07:82:83:
6a:b5:fc:5c:0c:75:07:61:40:1f:55:69:3a:51:8f:
a4:fb:94:63:c8:59:75:15:96:85:6f:3a:95:61:b5:
04:86:9a:c8:d2:8a:ea:ba:ef:99:98:1d:ed:5c:7a:
d2:4b:de:53:5e:47:96:f4:90:58:3a:a6:07:9e:89:
c7:6d:3d:af:ba:f0:7d:d4:de:9c:c8:43:5c:12:4d:
cf:01:dc:b4:14:3f:2b:2a:2f:4e:21:cc:91:d4:2a:
8c:92:b6:83:d9:c9:d7:ae:8c:9d:f4:39:e3:7d:ed:
56:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:7F:ED:7E:C6:E6:66:2D:BE:C3:8C:5E:8F:43:C2:06:63:FE:FE:03
X509v3 Authority Key Identifier:
keyid:DC:94:BB:69:45:3F:13:9A:60:02:9E:22:DB:0F:B3:42:4A:90:6C:EE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/AX_tfsbmZi2-w4xej0PCBmP-_gM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.248.0/22
94.45.60.0/22
193.43.224.0/22
Signature Algorithm: sha256WithRSAEncryption
c9:b3:0a:25:35:7a:d9:55:bf:a9:17:ae:7f:ba:80:5c:26:a8:
41:30:6f:1f:38:cd:bb:ff:11:73:0f:41:24:a1:f3:2e:16:25:
90:59:91:93:83:23:81:33:26:a0:87:66:97:86:29:51:12:f0:
c1:05:49:86:1f:60:9f:a4:96:12:e1:85:27:eb:16:4a:46:a4:
a5:e1:cf:41:a2:50:aa:d1:dd:d1:0f:90:77:76:65:6b:ab:44:
4a:48:31:de:d1:7e:30:49:61:27:7a:89:13:ff:3f:38:9c:0a:
62:3e:37:46:3b:dc:3c:0d:00:d4:d4:7c:a1:50:81:6c:d3:c9:
0e:68:fd:83:21:3d:65:c3:1b:7c:de:c0:4c:8b:85:5b:6f:08:
43:cb:91:f5:c3:e6:84:51:21:9f:77:1d:78:c5:05:f2:86:74:
2f:c8:53:a6:a2:1f:4a:f7:a6:35:ca:68:6d:b3:53:11:93:eb:
4a:a3:3b:f9:a7:3b:a0:60:38:72:10:ce:08:55:2b:9b:35:e8:
47:ba:dd:49:71:e9:c4:a5:96:29:ee:99:06:b3:fc:1d:95:f5:
83:10:11:e0:18:b9:45:c1:89:26:d2:45:10:b9:f6:65:79:9a:
7f:91:59:e0:15:b5:9c:50:6c:57:a2:d8:30:f4:2e:97:f8:8d:
4d:70:de:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWJml0tAcDEWroWKSj3hQNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOTRiYjY5NDUzZjEzOWE2MDAyOWUyMmRiMGZiMzQyNGE5
MDZjZWUwHhcNMjUwMzEyMDkwNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdmZWQ3ZWM2ZTY2NjJkYmVjMzhjNWU4ZjQzYzIwNjYzZmVmZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno3aSCze/LEgLUrl3+3J132e2qSk
sZSFewgdwtuk29FVN42HOqRHFSExRBhvSWVzs8itCyDnkQbbG/eG3Fi0d5GxNLyg
7I9aHgmbzof3KeEc9PMn8eloEkxk8JgCZ6dFb4sCLJhUVHgjnt8sUoiR/Rx0HY7h
1Lc7NVYa4nqJ7Tw+E2+W7I/s5H5AcOUr46ScCg0HgoNqtfxcDHUHYUAfVWk6UY+k
+5RjyFl1FZaFbzqVYbUEhprI0orquu+ZmB3tXHrSS95TXkeW9JBYOqYHnonHbT2v
uvB91N6cyENcEk3PAdy0FD8rKi9OIcyR1CqMkraD2cnXroyd9Dnjfe1WJQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAF/7X7G5mYtvsOMXo9DwgZj/v4DMB8GA1UdIwQY
MBaAFNyUu2lFPxOaYAKeItsPs0JKkGzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0pTN2FVVV9FNXBnQXA0aTJ3LXpRa3FRYk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMDQ1Y2EtYzFmNy00ZWQ5LWFmZGIt
MDkwYzQ2ZTlmMmVkLzEvQVhfdGZzYm1aaTItdzR4ZWowUENCbVAtX2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMDQ1Y2EtYzFmNy00ZWQ5LWFmZGItMDkwYzQ2ZTlmMmVk
LzEvM0pTN2FVVV9FNXBnQXA0aTJ3LXpRa3FRYk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8j4AwQC
Xi08AwQCwSvgMA0GCSqGSIb3DQEBCwUAA4IBAQDJswolNXrZVb+pF65/uoBcJqhB
MG8fOM27/xFzD0EkofMuFiWQWZGTgyOBMyagh2aXhilREvDBBUmGH2CfpJYS4YUn
6xZKRqSl4c9BolCq0d3RD5B3dmVrq0RKSDHe0X4wSWEneokT/z84nApiPjdGO9w8
DQDU1HyhUIFs08kOaP2DIT1lwxt83sBMi4VbbwhDy5H1w+aEUSGfdx14xQXyhnQv
yFOmoh9K96Y1ymhts1MRk+tKozv5pzugYDhyEM4IVSubNehHut1JcenEpZYp7pkG
s/wdlfWDEBHgGLlFwYkm0kUQufZleZp/kVngFbWcUGxXotgw9C6X+I1NcN47
-----END CERTIFICATE-----
Generated at Wed Apr 16 13:41:29 2025 by rpki-client