Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aIz14TnFhypYPmsceuNm16VlbUc.roa
File: aIz14TnFhypYPmsceuNm16VlbUc.roa (raw, json)
Hash identifier: fOAz+7E9Kcam4lvk9AAQuC3ugfiajy8JFstEQDQkyVY=
Subject key identifier: 68:8C:F5:E1:39:C5:87:2A:58:3E:6B:1C:7A:E3:66:D7:A5:65:6D:47
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019880177F3A00DE26ACC3727CDF8B8516D5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aIz14TnFhypYPmsceuNm16VlbUc.roa
Signing time: Wed 06 Aug 2025 15:54:40 +0000
ROA not before: Wed 06 Aug 2025 15:54:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 14618
IP address blocks: 80.240.88.0/21 maxlen: 24
82.152.174.0/23 maxlen: 23
82.153.208.0/22 maxlen: 22
82.163.24.0/21 maxlen: 24
89.213.58.0/24 maxlen: 24
89.213.60.0/23 maxlen: 24
89.213.198.0/23 maxlen: 24
89.213.200.0/23 maxlen: 24
89.213.202.0/23 maxlen: 24
89.213.204.0/23 maxlen: 24
89.213.228.0/24 maxlen: 24
89.213.249.0/24 maxlen: 24
217.144.156.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 14 Aug 2025 09:35:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:80:17:7f:3a:00:de:26:ac:c3:72:7c:df:8b:85:16:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 6 15:54:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=688cf5e139c5872a583e6b1c7ae366d7a5656d47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ae:6b:28:2e:e7:1f:96:91:76:87:b1:b2:8a:
f6:2d:76:b9:e8:c8:9e:7b:40:3b:23:8f:cf:43:51:
b6:a4:ca:45:0d:8b:d9:f6:03:1b:0c:be:46:92:91:
1b:ee:57:77:74:94:a8:a2:ac:1d:b7:d9:0e:92:7b:
44:a1:16:fa:82:aa:9b:ff:76:3c:4d:af:eb:b8:1e:
5d:f5:ce:52:75:6f:4e:2d:97:0f:3f:71:07:10:f1:
1a:9d:6d:c7:dd:7a:c7:e3:8c:63:20:f3:a3:79:e1:
90:91:d4:25:aa:8f:8e:14:e6:12:72:a0:dc:62:c6:
ba:ad:d2:25:9a:0b:0c:7d:c0:23:61:c3:2b:8e:77:
48:dd:a4:1a:07:ec:05:f5:08:06:81:7f:dc:53:f3:
82:1f:30:60:e7:6a:39:64:c4:b6:87:4b:b6:5e:9b:
43:04:63:a7:fe:de:17:53:86:85:69:90:3f:d5:95:
0b:80:ce:9b:b7:36:7c:66:02:b4:a1:12:5e:16:50:
f6:e4:63:06:93:cc:e1:e7:e3:d9:8b:9a:f2:0e:d9:
71:03:f1:af:4e:2e:e3:25:7d:41:e0:10:5d:1a:2c:
15:07:65:77:94:17:7a:c9:a8:1d:9d:19:a1:97:59:
1c:c4:4d:a8:85:0b:de:2b:8d:b2:d1:97:a5:04:5a:
b4:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:8C:F5:E1:39:C5:87:2A:58:3E:6B:1C:7A:E3:66:D7:A5:65:6D:47
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aIz14TnFhypYPmsceuNm16VlbUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.88.0/21
82.152.174.0/23
82.153.208.0/22
82.163.24.0/21
89.213.58.0/24
89.213.60.0/23
89.213.198.0-89.213.205.255
89.213.228.0/24
89.213.249.0/24
217.144.156.0/24
Signature Algorithm: sha256WithRSAEncryption
99:ab:55:7e:11:da:9f:4d:ea:a5:1e:5a:f7:62:0a:77:de:13:
d3:14:19:2f:a1:e3:99:d3:1e:0f:fc:19:41:69:8b:c7:1a:bb:
49:90:ee:ce:b6:b2:7e:63:46:9b:04:df:77:f8:b0:7f:f2:df:
27:b8:55:f9:b2:cc:11:28:53:aa:70:bc:d4:7f:18:54:70:1f:
31:2d:9b:88:69:16:d3:d5:63:0e:72:18:bc:54:63:34:ab:47:
47:41:c7:6a:bd:49:ab:b2:f9:f4:3e:10:4c:28:cc:82:54:4b:
73:08:bf:1e:1a:e1:d2:c0:b6:b2:80:1f:c3:ea:7d:9f:e3:cb:
55:57:d1:5c:79:5c:9c:4a:13:1e:19:4d:64:47:8b:91:97:b1:
ca:89:64:4e:9b:57:6d:39:9d:ec:1c:2f:ec:38:0b:49:a1:5f:
bc:4f:49:9c:5e:d0:d6:92:3e:16:8c:7d:8d:8c:14:4a:62:47:
08:d3:a8:bd:55:bf:a9:e9:3b:00:6b:d5:04:12:aa:32:f4:38:
44:5f:ef:e8:d3:b1:c7:35:d4:0b:b6:19:fe:33:4e:88:3e:a6:
50:5a:24:e8:ba:dc:c8:d1:7e:c8:1e:c8:df:6f:35:62:0b:9d:
1a:c1:b4:7f:d4:6b:62:14:e2:69:bf:95:76:c3:d6:c5:36:68:
df:71:c3:c3
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZiAF386AN4mrMNyfN+LhRbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwODA2MTU1NDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhjZjVlMTM5YzU4NzJhNTgzZTZiMWM3YWUzNjZkN2E1NjU2ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva5rKC7nH5aRdoexsor2LXa56Mie
e0A7I4/PQ1G2pMpFDYvZ9gMbDL5GkpEb7ld3dJSooqwdt9kOkntEoRb6gqqb/3Y8
Ta/ruB5d9c5SdW9OLZcPP3EHEPEanW3H3XrH44xjIPOjeeGQkdQlqo+OFOYScqDc
Ysa6rdIlmgsMfcAjYcMrjndI3aQaB+wF9QgGgX/cU/OCHzBg52o5ZMS2h0u2XptD
BGOn/t4XU4aFaZA/1ZULgM6btzZ8ZgK0oRJeFlD25GMGk8zh5+PZi5ryDtlxA/Gv
Ti7jJX1B4BBdGiwVB2V3lBd6yagdnRmhl1kcxE2ohQveK42y0ZelBFq02QIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFGiM9eE5xYcqWD5rHHrjZtelZW1HMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYUl6MTRUbkZoeXBZUG1zY2V1Tm0xNlZsYlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDUPBYAwQB
UpiuAwQCUpnQAwQDUqMYAwQAWdU6AwQBWdU8MAwDBAFZ1cYDBAFZ1cwDBABZ1eQD
BABZ1fkDBADZkJwwDQYJKoZIhvcNAQELBQADggEBAJmrVX4R2p9N6qUeWvdiCnfe
E9MUGS+h45nTHg/8GUFpi8cau0mQ7s62sn5jRpsE33f4sH/y3ye4VfmyzBEoU6pw
vNR/GFRwHzEtm4hpFtPVYw5yGLxUYzSrR0dBx2q9Sauy+fQ+EEwozIJUS3MIvx4a
4dLAtrKAH8PqfZ/jy1VX0Vx5XJxKEx4ZTWRHi5GXscqJZE6bV205newcL+w4C0mh
X7xPSZxe0NaSPhaMfY2MFEpiRwjTqL1Vv6npOwBr1QQSqjL0OERf7+jTscc11Au2
Gf4zTog+plBaJOi63MjRfsgeyN9vNWILnRrBtH/Ua2IU4mm/lXbD1sU2aN9xw8M=
-----END CERTIFICATE-----
Generated at Sun Aug 31 22:11:14 2025 by rpki-client