Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/1OCpNDl-R1Qh-_8sfvwFnctW9RE.roa
File: 1OCpNDl-R1Qh-_8sfvwFnctW9RE.roa (raw, json)
Hash identifier: x9Yw1NQoczspHvGiVldqgW2ELHlRzDt1IZcQXXZ/8Ts=
Subject key identifier: D4:E0:A9:34:39:7E:47:54:21:FB:FF:2C:7E:FC:05:9D:CB:56:F5:11
Certificate issuer: /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial: 019AF80D42E892847367EA5239DBEAE4D7B2
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/1OCpNDl-R1Qh-_8sfvwFnctW9RE.roa
Signing time: Sun 07 Dec 2025 09:03:29 +0000
ROA not before: Sun 07 Dec 2025 09:03:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25198
IP address blocks: 212.134.109.0/24 maxlen: 24
212.134.171.0/24 maxlen: 24
212.134.232.0/24 maxlen: 24
212.135.20.0/24 maxlen: 24
212.135.158.0/24 maxlen: 24
212.135.164.0/24 maxlen: 24
212.135.246.0/24 maxlen: 24
212.135.247.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 12 Dec 2025 13:46:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9a:f8:0d:42:e8:92:84:73:67:ea:52:39:db:ea:e4:d7:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7e20b034e2c497b1884488def106972704765029
Validity
Not Before: Dec 7 09:03:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4e0a934397e475421fbff2c7efc059dcb56f511
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:4d:f7:20:3f:bc:d5:a0:85:61:3b:35:ac:33:
6e:3f:fc:d5:b9:8b:ad:14:ed:c2:bb:2e:f5:0f:9e:
1b:7f:f1:20:f9:5c:0c:3f:3b:40:08:2c:95:8b:27:
7a:26:81:d0:26:31:48:7b:c5:40:d0:ed:e6:0a:cf:
36:51:ca:1f:f4:60:b2:98:e8:da:f9:23:ff:5e:8d:
95:b9:f6:9f:5d:96:f1:b3:04:85:fc:c6:75:f0:28:
20:5b:b8:6a:85:af:d5:d3:c8:16:26:ff:96:17:da:
04:9d:46:2a:a0:1f:f0:6e:15:e6:23:ce:e2:00:eb:
dd:ea:b5:78:13:76:b2:0f:28:a7:3b:b3:cb:f4:00:
09:00:6b:5d:bc:71:70:9f:22:85:3e:ba:b3:57:18:
96:ad:93:d8:b1:d6:60:b0:5a:72:33:f8:c6:23:b1:
41:7f:b0:1d:48:83:24:a5:08:b8:6c:88:5e:1b:a8:
a8:de:ca:ab:72:c7:14:61:c0:c6:64:79:65:79:b5:
45:1a:df:b0:d5:5f:c0:79:99:eb:db:10:a0:f9:0a:
b9:06:17:7b:18:d9:f5:42:64:d1:f7:07:ca:70:5c:
3f:ca:30:c5:4d:39:a7:d8:27:ab:a5:6b:b1:1f:18:
80:96:db:e2:ac:59:8c:c8:02:05:80:39:59:cf:64:
f2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:E0:A9:34:39:7E:47:54:21:FB:FF:2C:7E:FC:05:9D:CB:56:F5:11
X509v3 Authority Key Identifier:
keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/1OCpNDl-R1Qh-_8sfvwFnctW9RE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.134.109.0/24
212.134.171.0/24
212.134.232.0/24
212.135.20.0/24
212.135.158.0/24
212.135.164.0/24
212.135.246.0/23
Signature Algorithm: sha256WithRSAEncryption
ce:4d:dd:1c:90:d2:0f:dd:40:1c:5e:28:ad:39:f6:e9:3b:cd:
d6:c6:50:f5:e3:f2:00:05:35:f0:89:88:45:bc:bc:7d:c4:9c:
d3:bc:be:93:8e:af:60:61:10:72:38:7d:4a:c4:cd:f6:6d:a6:
11:4b:c1:dd:e6:d5:01:e5:b3:83:62:0b:28:47:c3:67:71:32:
c4:28:82:be:da:26:17:22:3b:64:f6:76:6a:9e:e0:9f:a3:92:
b4:4d:eb:c2:3f:66:69:7b:43:a0:00:4d:60:13:d4:93:cc:0b:
d5:50:f6:5e:0a:ed:ad:98:96:ed:d6:94:48:c1:ef:29:29:b1:
ce:e7:18:3d:90:64:45:66:fb:55:15:35:b0:f8:05:1a:e7:c2:
28:dc:e1:ad:99:f0:35:28:40:2d:97:bb:08:82:4b:0e:0c:30:
15:c1:24:3f:c9:31:1a:01:fe:de:e3:aa:df:7a:0a:ad:bc:c4:
8d:78:b4:08:79:8b:6f:e7:a1:2a:16:eb:89:dd:e0:6f:82:ad:
72:22:58:5d:83:66:5e:3b:80:8b:fd:f1:4c:16:71:a8:a9:78:
26:65:bb:34:22:e0:03:9e:6a:8e:39:c8:4a:02:61:5a:68:02:
22:ea:71:3b:a0:70:8c:ca:b5:9c:54:8b:fc:19:b3:07:c5:2a:
bb:0a:e9:bc
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZr4DULokoRzZ+pSOdvq5NeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMjA3MDkwMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGUwYTkzNDM5N2U0NzU0MjFmYmZmMmM3ZWZjMDU5ZGNiNTZmNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4k33ID+81aCFYTs1rDNuP/zVuYut
FO3Cuy71D54bf/Eg+VwMPztACCyViyd6JoHQJjFIe8VA0O3mCs82Ucof9GCymOja
+SP/Xo2VufafXZbxswSF/MZ18CggW7hqha/V08gWJv+WF9oEnUYqoB/wbhXmI87i
AOvd6rV4E3ayDyinO7PL9AAJAGtdvHFwnyKFPrqzVxiWrZPYsdZgsFpyM/jGI7FB
f7AdSIMkpQi4bIheG6io3sqrcscUYcDGZHllebVFGt+w1V/AeZnr2xCg+Qq5Bhd7
GNn1QmTR9wfKcFw/yjDFTTmn2CerpWuxHxiAltvirFmMyAIFgDlZz2TyZQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNTgqTQ5fkdUIfv/LH78BZ3LVvURMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvMU9DcE5EbC1SMVFoLV84c2Z2d0ZuY3RXOVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQA1IZtAwQA
1IarAwQA1IboAwQA1IcUAwQA1IeeAwQA1IekAwQB1If2MA0GCSqGSIb3DQEBCwUA
A4IBAQDOTd0ckNIP3UAcXiitOfbpO83WxlD14/IABTXwiYhFvLx9xJzTvL6Tjq9g
YRByOH1KxM32baYRS8Hd5tUB5bODYgsoR8NncTLEKIK+2iYXIjtk9nZqnuCfo5K0
TevCP2Zpe0OgAE1gE9STzAvVUPZeCu2tmJbt1pRIwe8pKbHO5xg9kGRFZvtVFTWw
+AUa58Io3OGtmfA1KEAtl7sIgksODDAVwSQ/yTEaAf7e46rfegqtvMSNeLQIeYtv
56EqFuuJ3eBvgq1yIlhdg2ZeO4CL/fFMFnGoqXgmZbs0IuADnmqOOchKAmFaaAIi
6nE7oHCMyrWcVIv8GbMHxSq7Cum8
-----END CERTIFICATE-----
Generated at Tue Mar 3 08:45:59 2026 by rpki-client