Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/sqIW9ZKXX1cs9z8XDKB6U-j5moM.roa
File: sqIW9ZKXX1cs9z8XDKB6U-j5moM.roa (raw, json)
Hash identifier: jo0gVB0hojEZMPutTd5wMHL6sbsNdbqC5YRwxV5cYZw=
Subject key identifier: B2:A2:16:F5:92:97:5F:57:2C:F7:3F:17:0C:A0:7A:53:E8:F9:9A:83
Certificate issuer: /CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Certificate serial: 01942827B0A905A97A71820A3D30F69B7CB8
Authority key identifier: 65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/sqIW9ZKXX1cs9z8XDKB6U-j5moM.roa
Signing time: Thu 02 Jan 2025 17:54:37 +0000
ROA not before: Thu 02 Jan 2025 17:54:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51765
IP address blocks: 195.216.160.0/24 maxlen: 24
195.216.186.0/24 maxlen: 24
195.216.189.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sat 05 Apr 2025 11:31:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:27:b0:a9:05:a9:7a:71:82:0a:3d:30:f6:9b:7c:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65b7d6699835bfe9a8081dfc114df1bf6d215da7
Validity
Not Before: Jan 2 17:54:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b2a216f592975f572cf73f170ca07a53e8f99a83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:1a:81:63:33:67:5a:ea:33:a4:b4:1e:62:2f:
fc:54:a7:3d:d6:49:be:1a:76:de:10:54:8a:67:22:
3f:08:1a:a4:64:4a:4d:9b:7f:bc:3b:52:06:24:86:
23:9a:b8:17:65:88:d7:82:95:0a:0e:ed:f9:e6:41:
d1:61:34:a5:61:73:78:c1:3c:f5:32:a8:f3:72:ef:
d1:e2:07:89:de:dd:ce:17:e2:5f:19:ef:da:20:f9:
6e:ad:f3:18:e9:a0:3d:fe:06:4b:49:64:fc:36:43:
3b:68:0b:c2:47:33:29:3e:dc:ff:9f:8e:cc:43:31:
3c:35:4b:98:1b:dc:71:f1:ba:27:80:db:57:de:19:
f0:65:7c:39:ae:c1:2b:b7:19:61:09:b7:54:ad:ed:
b9:ee:ce:41:f7:7d:67:de:8b:6c:37:68:83:47:1a:
73:3b:6b:53:ef:fc:43:c9:67:b2:31:11:34:0d:37:
74:8c:7d:7a:be:b9:11:9f:9f:79:0e:7a:5b:3d:76:
dc:d6:aa:94:ab:0d:e9:5a:4e:e1:91:d6:0d:4f:6b:
07:0d:bf:07:7e:90:67:5a:e0:c6:6e:cf:6b:5d:8e:
ee:f0:d9:0c:c8:c2:75:1d:2b:5e:19:df:f3:c5:58:
04:d8:a3:9c:6e:ac:19:87:b9:69:50:84:01:2d:05:
55:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:A2:16:F5:92:97:5F:57:2C:F7:3F:17:0C:A0:7A:53:E8:F9:9A:83
X509v3 Authority Key Identifier:
keyid:65:B7:D6:69:98:35:BF:E9:A8:08:1D:FC:11:4D:F1:BF:6D:21:5D:A7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZbfWaZg1v-moCB38EU3xv20hXac.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/sqIW9ZKXX1cs9z8XDKB6U-j5moM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/90/025ee8-3f47-457d-8d47-9e413ebf42f3/1/ZbfWaZg1v-moCB38EU3xv20hXac.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.216.160.0/24
195.216.186.0/24
195.216.189.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:32:35:3c:da:65:13:e0:34:79:31:5a:8c:5d:cf:af:4d:4c:
95:d5:ae:27:ce:7c:d2:ae:36:d6:ea:6d:cd:dc:65:c2:35:32:
14:8e:b9:33:75:5f:45:c2:97:8e:50:3a:d6:53:37:02:de:af:
70:5d:63:23:00:82:30:06:47:0c:bf:92:fd:ba:25:b8:c0:42:
44:98:00:73:f7:f8:39:28:ef:b4:12:45:7c:a2:76:30:b0:1b:
40:9e:b8:60:8b:eb:30:96:49:c5:89:7d:57:00:7b:14:26:f1:
5a:4e:06:2e:f1:35:26:c3:22:4b:23:3c:fb:13:2b:59:60:c5:
c4:91:37:47:f7:d4:99:42:6d:f4:d3:e0:a4:e7:0a:64:a9:d6:
f5:4b:83:98:6a:99:b2:7f:46:3f:65:4f:25:64:39:2d:4c:90:
89:ef:3c:55:88:71:54:18:50:ba:4e:8e:e7:72:7b:47:91:6e:
fb:af:91:74:66:00:b9:3f:45:88:fe:b5:fb:8b:d6:3c:f9:e1:
54:0e:36:f2:00:8c:35:9c:ad:6e:d5:84:f6:b7:35:ad:a5:7e:
08:dd:9c:65:63:c7:10:33:ca:23:3e:8f:9d:19:8c:43:eb:be:
3d:84:01:fb:f8:5a:d1:aa:43:5d:fb:46:be:84:08:bf:26:cf:
65:fe:d8:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJ7CpBal6cYIKPTD2m3y4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YjdkNjY5OTgzNWJmZTlhODA4MWRmYzExNGRmMWJmNmQy
MTVkYTcwHhcNMjUwMTAyMTc1NDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmEyMTZmNTkyOTc1ZjU3MmNmNzNmMTcwY2EwN2E1M2U4Zjk5YTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hqBYzNnWuozpLQeYi/8VKc91km+
GnbeEFSKZyI/CBqkZEpNm3+8O1IGJIYjmrgXZYjXgpUKDu355kHRYTSlYXN4wTz1
Mqjzcu/R4geJ3t3OF+JfGe/aIPlurfMY6aA9/gZLSWT8NkM7aAvCRzMpPtz/n47M
QzE8NUuYG9xx8bongNtX3hnwZXw5rsErtxlhCbdUre257s5B931n3otsN2iDRxpz
O2tT7/xDyWeyMRE0DTd0jH16vrkRn595DnpbPXbc1qqUqw3pWk7hkdYNT2sHDb8H
fpBnWuDGbs9rXY7u8NkMyMJ1HSteGd/zxVgE2KOcbqwZh7lpUIQBLQVVwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLKiFvWSl19XLPc/FwygelPo+ZqDMB8GA1UdIwQY
MBaAFGW31mmYNb/pqAgd/BFN8b9tIV2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDct
OWU0MTNlYmY0MmYzLzEvc3FJVzlaS1hYMWNzOXo4WERLQjZVLWo1bW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8wMjVlZTgtM2Y0Ny00NTdkLThkNDctOWU0MTNlYmY0MmYz
LzEvWmJmV2FaZzF2LW1vQ0IzOEVVM3h2MjBoWGFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAw9igAwQA
w9i6AwQAw9i9MA0GCSqGSIb3DQEBCwUAA4IBAQAKMjU82mUT4DR5MVqMXc+vTUyV
1a4nznzSrjbW6m3N3GXCNTIUjrkzdV9FwpeOUDrWUzcC3q9wXWMjAIIwBkcMv5L9
uiW4wEJEmABz9/g5KO+0EkV8onYwsBtAnrhgi+swlknFiX1XAHsUJvFaTgYu8TUm
wyJLIzz7EytZYMXEkTdH99SZQm300+Ck5wpkqdb1S4OYapmyf0Y/ZU8lZDktTJCJ
7zxViHFUGFC6To7ncntHkW77r5F0ZgC5P0WI/rX7i9Y8+eFUDjbyAIw1nK1u1YT2
tzWtpX4I3ZxlY8cQM8ojPo+dGYxD6749hAH7+FrRqkNd+0a+hAi/Js9l/tg2
-----END CERTIFICATE-----
Generated at Sat Apr 5 21:27:56 2025 by rpki-client