Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/9z5hRco7JOV0tkSBwg-yH2Etniw.roa
File: 9z5hRco7JOV0tkSBwg-yH2Etniw.roa (raw, json)
Hash identifier: daQqLbm+rGZpr6jm2iT0nclkzMdOKDoq8fK32FmuoNM=
Subject key identifier: F7:3E:61:45:CA:3B:24:E5:74:B6:44:81:C2:0F:B2:1F:61:2D:9E:2C
Certificate issuer: /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial: 01992EF6AE9A312C652FD3E6CA28C1CB717E
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/9z5hRco7JOV0tkSBwg-yH2Etniw.roa
Signing time: Tue 09 Sep 2025 14:52:22 +0000
ROA not before: Tue 09 Sep 2025 14:52:22 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48955
IP address blocks: 86.107.58.0/23 maxlen: 24
94.154.122.0/24 maxlen: 24
185.216.190.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 09 Sep 2025 17:49:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:2e:f6:ae:9a:31:2c:65:2f:d3:e6:ca:28:c1:cb:71:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Validity
Not Before: Sep 9 14:52:22 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f73e6145ca3b24e574b64481c20fb21f612d9e2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:d6:be:07:6e:45:df:5c:d7:3d:ec:5e:0a:6a:
8b:06:ca:09:10:da:2a:4b:8a:97:e2:4f:20:d7:e4:
31:53:d8:8e:5d:8a:f0:37:18:1f:f2:fc:0b:d6:a1:
17:e1:84:01:6f:93:3e:c7:12:77:b0:93:20:b0:8e:
6a:3f:99:45:90:12:3e:7f:13:8d:35:05:16:16:a8:
26:c5:79:1c:81:10:bf:37:a4:5e:1d:a6:00:5c:b8:
28:7f:15:b8:fc:e9:4a:8b:5d:5e:21:4a:f0:3c:77:
a3:64:4c:79:37:2c:f8:f7:3c:ae:26:19:63:d5:85:
f1:21:83:7c:ce:dd:a4:97:4b:f6:7a:ea:58:98:53:
d0:e3:7c:6c:ca:5e:87:01:b9:c4:f2:16:c5:ce:80:
01:e1:76:64:38:47:24:f1:e8:55:50:87:15:e3:eb:
e3:15:e3:cf:44:17:11:06:17:a5:b4:ac:7a:c0:9e:
8a:ee:7f:71:a0:00:16:3c:60:e5:67:1c:b3:7c:c5:
9f:03:0f:d3:fa:93:73:ed:a0:fe:2b:7e:86:94:b8:
4c:e4:0d:df:d0:88:68:d7:8d:9d:42:5d:01:de:d6:
26:f1:d5:53:c1:f0:62:bf:fd:54:b2:dc:df:8e:b4:
bf:30:a3:c6:a2:d9:5b:1d:82:32:6e:6f:b9:f1:02:
44:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:3E:61:45:CA:3B:24:E5:74:B6:44:81:C2:0F:B2:1F:61:2D:9E:2C
X509v3 Authority Key Identifier:
keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/9z5hRco7JOV0tkSBwg-yH2Etniw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.58.0/23
94.154.122.0/24
185.216.190.0/24
Signature Algorithm: sha256WithRSAEncryption
69:eb:1c:39:c0:ff:c0:7e:fd:ce:d4:4c:eb:1e:cc:f5:70:4b:
8e:cc:82:17:28:cf:59:3a:98:b3:f6:05:e8:ec:bc:ee:ab:3c:
52:9f:c5:7c:b9:a6:62:2f:74:0e:a0:a5:62:72:98:70:cc:12:
9d:55:d0:0a:a0:47:6a:ca:c7:0c:4a:21:54:a8:20:de:16:d0:
a0:a6:cc:5b:a6:ff:4c:fb:d2:50:0f:c5:a0:8e:e9:93:51:8b:
e3:1f:3d:02:96:a9:f9:5a:68:c7:ed:98:28:ac:48:81:df:68:
91:95:9b:c5:f3:d2:8f:9e:32:20:c4:0b:13:43:a1:9a:2f:c3:
83:89:f2:9b:ba:22:dd:a9:b1:0f:22:3a:85:d0:3a:5e:d2:1c:
13:df:ba:58:e6:bd:2c:bf:a4:28:72:72:be:c6:4d:ac:37:1b:
4e:77:6f:70:57:29:4d:48:d6:60:71:8d:69:f9:4d:43:4e:e2:
56:c8:8e:30:57:55:6a:30:5b:d7:d5:22:d3:27:67:8a:66:f3:
4f:94:99:df:f1:2d:bb:68:8b:33:8a:ec:a9:26:54:1b:62:e5:
80:14:d4:60:8d:5a:bd:2b:c6:01:a6:0f:71:6d:4f:1f:09:39:
c6:7a:b8:91:45:71:39:41:ae:c1:10:64:e3:a9:a5:a4:b0:1e:
fa:0d:f1:0d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZku9q6aMSxlL9PmyijBy3F+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjUwOTA5MTQ1MjIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNlNjE0NWNhM2IyNGU1NzRiNjQ0ODFjMjBmYjIxZjYxMmQ5ZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApta+B25F31zXPexeCmqLBsoJENoq
S4qX4k8g1+QxU9iOXYrwNxgf8vwL1qEX4YQBb5M+xxJ3sJMgsI5qP5lFkBI+fxON
NQUWFqgmxXkcgRC/N6ReHaYAXLgofxW4/OlKi11eIUrwPHejZEx5Nyz49zyuJhlj
1YXxIYN8zt2kl0v2eupYmFPQ43xsyl6HAbnE8hbFzoAB4XZkOEck8ehVUIcV4+vj
FePPRBcRBheltKx6wJ6K7n9xoAAWPGDlZxyzfMWfAw/T+pNz7aD+K36GlLhM5A3f
0Iho142dQl0B3tYm8dVTwfBiv/1UstzfjrS/MKPGotlbHYIybm+58QJEoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPc+YUXKOyTldLZEgcIPsh9hLZ4sMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvOXo1aFJjbzdKT1YwdGtTQndnLXlIMkV0bml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVms6AwQA
Xpp6AwQAudi+MA0GCSqGSIb3DQEBCwUAA4IBAQBp6xw5wP/Afv3O1EzrHsz1cEuO
zIIXKM9ZOpiz9gXo7LzuqzxSn8V8uaZiL3QOoKVicphwzBKdVdAKoEdqyscMSiFU
qCDeFtCgpsxbpv9M+9JQD8WgjumTUYvjHz0Clqn5WmjH7ZgorEiB32iRlZvF89KP
njIgxAsTQ6GaL8ODifKbuiLdqbEPIjqF0Dpe0hwT37pY5r0sv6QocnK+xk2sNxtO
d29wVylNSNZgcY1p+U1DTuJWyI4wV1VqMFvX1SLTJ2eKZvNPlJnf8S27aIsziuyp
JlQbYuWAFNRgjVq9K8YBpg9xbU8fCTnGeriRRXE5Qa7BEGTjqaWksB76DfEN
-----END CERTIFICATE-----
Generated at Tue Sep 9 23:47:22 2025 by rpki-client