Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/yqn3mdxatr3BRACkeE9rcIo7PJc.roa
File: yqn3mdxatr3BRACkeE9rcIo7PJc.roa (raw, json)
Hash identifier: EbQDNWgP9oUHMjbtQoBy+hwScffnBSXWrSmUvv39JL0=
Subject key identifier: CA:A9:F7:99:DC:5A:B6:BD:C1:44:00:A4:78:4F:6B:70:8A:3B:3C:97
Certificate issuer: /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial: 0196F7E3ABB693EF06D01CEB47D2E11563BB
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/yqn3mdxatr3BRACkeE9rcIo7PJc.roa
Signing time: Thu 22 May 2025 12:06:55 +0000
ROA not before: Thu 22 May 2025 12:06:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48648
IP address blocks: 91.198.233.0/24 maxlen: 24
91.211.120.0/24 maxlen: 24
91.211.122.0/24 maxlen: 24
193.107.80.0/24 maxlen: 24
194.28.103.0/24 maxlen: 24
195.12.56.0/22 maxlen: 22
2a0a:2c0::/48 maxlen: 48
2a0a:2c0:2::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 27 May 2025 15:55:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:f7:e3:ab:b6:93:ef:06:d0:1c:eb:47:d2:e1:15:63:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Validity
Not Before: May 22 12:06:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=caa9f799dc5ab6bdc14400a4784f6b708a3b3c97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:a3:94:4a:40:22:dc:67:c6:2d:69:de:55:5b:
5f:ec:f6:fb:3f:9b:ad:12:87:a0:fe:5c:b0:5c:1a:
39:10:e3:0a:b2:46:9a:06:ba:df:93:d4:b5:89:94:
3f:b5:c1:ed:d2:88:1c:6a:7a:b3:17:fe:6e:e4:ba:
f1:28:3a:51:31:f4:0f:af:74:78:a8:ed:bc:82:8d:
f2:2f:13:91:af:13:31:0d:dd:82:d4:6f:4b:6e:3c:
28:aa:d3:b1:3c:1f:00:08:af:6f:e9:f6:4b:17:ee:
f5:58:c3:07:ea:6a:14:71:45:d5:23:7f:85:66:99:
34:53:9a:73:c4:d7:b4:69:5a:fa:02:0c:b6:b8:c6:
63:dc:77:2c:d3:bf:d0:81:18:d3:16:3d:fc:74:54:
bd:84:ba:a1:e6:92:91:2d:57:45:f6:71:00:6f:bf:
75:67:01:37:f2:85:eb:9d:28:64:64:98:d9:8f:69:
cf:1b:e5:8d:a1:0e:0e:0b:9b:17:9e:d5:8c:61:4c:
5b:db:4c:fc:72:0c:af:d5:c0:82:df:a3:56:2a:f3:
1b:25:3a:cd:70:d3:91:08:3b:70:f0:15:7e:4f:57:
7c:f1:b9:26:af:e1:20:e9:63:28:ad:f6:7c:75:43:
88:1c:23:cb:df:0a:bb:91:c7:34:b7:5c:b1:c5:d1:
c4:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:A9:F7:99:DC:5A:B6:BD:C1:44:00:A4:78:4F:6B:70:8A:3B:3C:97
X509v3 Authority Key Identifier:
keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/yqn3mdxatr3BRACkeE9rcIo7PJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.233.0/24
91.211.120.0/24
91.211.122.0/24
193.107.80.0/24
194.28.103.0/24
195.12.56.0/22
IPv6:
2a0a:2c0::/48
2a0a:2c0:2::/48
Signature Algorithm: sha256WithRSAEncryption
69:b3:0d:5e:f8:bd:ae:aa:2e:92:62:24:68:87:ec:4c:82:59:
62:b1:4c:2f:5e:bd:02:ff:cf:31:16:6f:f5:c6:26:19:1c:96:
f9:51:ba:29:56:5e:1d:d1:aa:c7:1e:7c:08:55:e5:77:c9:87:
08:85:be:6e:15:4d:54:d7:46:d5:71:89:d5:4c:e8:20:4f:ed:
ec:0b:e5:ab:5f:a1:cd:db:18:59:fd:26:e9:74:16:97:ad:ac:
69:ea:cc:62:ee:ef:aa:dd:75:81:b4:8a:56:e6:1d:bc:30:b8:
16:3d:9a:b2:a4:47:c5:0b:a4:5f:5b:19:f9:54:0d:17:cf:a8:
c7:3c:90:6d:0d:43:7c:8c:9e:17:4f:d2:28:9d:63:67:ca:0e:
52:41:f1:cf:f6:41:85:90:40:6c:c4:05:2b:22:ef:e3:74:d2:
23:9a:b3:be:22:4e:0e:89:1a:fe:4e:a9:b9:89:91:50:69:37:
95:4d:58:ff:5a:2a:ff:08:6e:e3:e4:de:4d:22:8b:5b:78:5e:
ac:43:e5:d1:72:86:05:63:56:b5:6e:39:85:65:86:17:49:59:
eb:4c:a5:7f:e8:97:4b:4e:a0:84:38:61:6d:65:46:7a:cc:6c:
0d:99:40:d7:13:14:47:d8:51:09:5e:72:32:f1:48:92:53:11:
29:0b:83:77
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZb346u2k+8G0BzrR9LhFWO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwNTIyMTIwNjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWE5Zjc5OWRjNWFiNmJkYzE0NDAwYTQ3ODRmNmI3MDhhM2IzYzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6OUSkAi3GfGLWneVVtf7Pb7P5ut
Eoeg/lywXBo5EOMKskaaBrrfk9S1iZQ/tcHt0ogcanqzF/5u5LrxKDpRMfQPr3R4
qO28go3yLxORrxMxDd2C1G9LbjwoqtOxPB8ACK9v6fZLF+71WMMH6moUcUXVI3+F
Zpk0U5pzxNe0aVr6Agy2uMZj3Hcs07/QgRjTFj38dFS9hLqh5pKRLVdF9nEAb791
ZwE38oXrnShkZJjZj2nPG+WNoQ4OC5sXntWMYUxb20z8cgyv1cCC36NWKvMbJTrN
cNORCDtw8BV+T1d88bkmr+Eg6WMorfZ8dUOIHCPL3wq7kcc0t1yxxdHEFQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFMqp95ncWra9wUQApHhPa3CKOzyXMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEveXFuM21keGF0cjNCUkFDa2VFOXJjSW83UEpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQAW8bpAwQA
W9N4AwQAW9N6AwQAwWtQAwQAwhxnAwQCwww4MBgEAgACMBIDBwAqCgLAAAADBwAq
CgLAAAIwDQYJKoZIhvcNAQELBQADggEBAGmzDV74va6qLpJiJGiH7EyCWWKxTC9e
vQL/zzEWb/XGJhkclvlRuilWXh3RqscefAhV5XfJhwiFvm4VTVTXRtVxidVM6CBP
7ewL5atfoc3bGFn9Jul0FpetrGnqzGLu76rddYG0ilbmHbwwuBY9mrKkR8ULpF9b
GflUDRfPqMc8kG0NQ3yMnhdP0iidY2fKDlJB8c/2QYWQQGzEBSsi7+N00iOas74i
Tg6JGv5OqbmJkVBpN5VNWP9aKv8IbuPk3k0ii1t4XqxD5dFyhgVjVrVuOYVlhhdJ
WetMpX/ol0tOoIQ4YW1lRnrMbA2ZQNcTFEfYUQlecjLxSJJTESkLg3c=
-----END CERTIFICATE-----
Generated at Sun Jun 8 19:54:52 2025 by rpki-client