Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/67bbc5-64ae-41d5-93d3-3b2894f0e69c/1/xlmUXUdrbQXDyscdSc9vYRsgpiM.roa
File: xlmUXUdrbQXDyscdSc9vYRsgpiM.roa (raw, json)
Hash identifier: dhxqMRTHf+UEqWhi9gZ59+6N4lkHSlj9OYMGDRCoRkc=
Subject key identifier: C6:59:94:5D:47:6B:6D:05:C3:CA:C7:1D:49:CF:6F:61:1B:20:A6:23
Certificate issuer: /CN=027e5858fa543fe3ff474d8d76ab9701ea010b0b
Certificate serial: 019B7C80BC400A789C2AFCCC516402EBE0FD
Authority key identifier: 02:7E:58:58:FA:54:3F:E3:FF:47:4D:8D:76:AB:97:01:EA:01:0B:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/An5YWPpUP-P_R02NdquXAeoBCws.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/67bbc5-64ae-41d5-93d3-3b2894f0e69c/1/xlmUXUdrbQXDyscdSc9vYRsgpiM.roa
Signing time: Fri 02 Jan 2026 02:19:30 +0000
ROA not before: Fri 02 Jan 2026 02:19:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 214443
IP address blocks: 217.61.242.0/23 maxlen: 23
217.61.242.0/24 maxlen: 24
217.61.243.0/24 maxlen: 24
2a01:e600::/29 maxlen: 29
2a01:e600::/32 maxlen: 32
2a01:e601::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 21 Jan 2026 14:12:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7c:80:bc:40:0a:78:9c:2a:fc:cc:51:64:02:eb:e0:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=027e5858fa543fe3ff474d8d76ab9701ea010b0b
Validity
Not Before: Jan 2 02:19:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=c659945d476b6d05c3cac71d49cf6f611b20a623
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:c6:72:ae:df:b1:ba:ab:40:5d:61:31:eb:c0:
47:f9:35:bb:15:6b:67:a4:84:33:0d:83:97:89:95:
93:5d:2f:d0:20:81:af:34:e4:88:1d:9f:3e:54:98:
84:91:b4:94:2c:c2:06:9f:b8:db:99:ed:cd:d0:c3:
04:0d:2a:02:28:6f:2b:60:14:98:f8:85:63:c8:83:
39:2f:3a:9c:f9:c9:74:59:aa:da:7d:2c:6e:d4:71:
57:2e:e7:1f:f5:49:12:2b:19:dd:8a:74:84:da:e0:
27:9a:e5:0b:2b:87:49:b5:51:2a:1d:f9:1e:5d:e6:
ab:9b:92:28:77:d3:f1:3c:9c:78:26:e6:f8:e4:5d:
53:58:74:97:ec:03:5f:47:2e:b8:b2:45:6f:ff:a2:
f9:76:1e:2b:ac:29:8d:fc:5c:88:0f:ce:f7:38:84:
3a:6f:03:db:0e:a0:4a:29:4c:5f:e9:72:d4:46:41:
3d:1a:24:d9:44:03:99:3a:15:6e:e2:71:29:71:b2:
3b:d9:1e:7b:50:a5:a5:bc:5e:a7:56:b5:5a:7c:79:
30:b0:21:69:37:ab:01:20:52:0e:b5:fe:25:2d:92:
6e:6a:1e:d9:c9:35:c8:4d:88:e2:68:2d:7d:6a:99:
33:37:f2:64:99:fd:68:66:81:1d:8a:c0:7e:fb:0c:
f5:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:59:94:5D:47:6B:6D:05:C3:CA:C7:1D:49:CF:6F:61:1B:20:A6:23
X509v3 Authority Key Identifier:
keyid:02:7E:58:58:FA:54:3F:E3:FF:47:4D:8D:76:AB:97:01:EA:01:0B:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/An5YWPpUP-P_R02NdquXAeoBCws.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/67bbc5-64ae-41d5-93d3-3b2894f0e69c/1/xlmUXUdrbQXDyscdSc9vYRsgpiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/67bbc5-64ae-41d5-93d3-3b2894f0e69c/1/An5YWPpUP-P_R02NdquXAeoBCws.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.61.242.0/23
IPv6:
2a01:e600::/29
Signature Algorithm: sha256WithRSAEncryption
6b:c4:d5:42:4e:35:a7:0f:f4:6a:0a:64:0d:c2:96:ff:0e:d6:
27:32:04:53:69:bb:ca:2a:b3:f0:e3:5f:61:c4:05:96:da:aa:
c2:7a:7d:5f:e5:b1:3e:ab:59:1f:83:91:c4:b8:86:49:b2:38:
c9:62:7d:2c:2d:89:60:be:04:57:42:b4:64:26:2f:b0:11:d7:
d2:b9:06:fd:e5:a5:f9:21:4e:d5:39:1d:94:15:ff:5b:e5:a0:
a4:73:9c:1d:a1:4f:6b:30:f5:49:00:4d:36:c4:90:35:e2:6a:
24:ce:c4:fe:32:0a:62:db:bc:91:31:7b:f5:d6:44:a3:3a:97:
3a:e1:54:76:f2:63:cc:6c:3a:24:0d:f8:62:41:f6:e2:0c:b8:
69:b2:7a:cb:d5:65:6f:2e:b8:b8:06:5e:f2:14:0f:1c:0f:2f:
e9:ec:d0:4a:84:be:79:de:b8:c2:7d:be:bc:c0:56:67:0f:97:
c9:91:91:39:04:10:61:a8:2e:4a:f1:e3:6c:88:7e:13:df:c8:
31:ed:03:28:cf:ea:ad:05:50:67:6f:73:b1:81:20:b9:e4:25:
05:c9:52:16:4c:94:28:f6:6a:43:56:78:6b:52:21:aa:75:63:
ec:a6:ef:3e:cb:b3:9f:df:da:9a:f8:15:b0:e7:f1:f6:e1:e9:
e9:93:f1:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt8gLxACnicKvzMUWQC6+D9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyN2U1ODU4ZmE1NDNmZTNmZjQ3NGQ4ZDc2YWI5NzAxZWEw
MTBiMGIwHhcNMjYwMTAyMDIxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjU5OTQ1ZDQ3NmI2ZDA1YzNjYWM3MWQ0OWNmNmY2MTFiMjBhNjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMZyrt+xuqtAXWEx68BH+TW7FWtn
pIQzDYOXiZWTXS/QIIGvNOSIHZ8+VJiEkbSULMIGn7jbme3N0MMEDSoCKG8rYBSY
+IVjyIM5Lzqc+cl0WarafSxu1HFXLucf9UkSKxndinSE2uAnmuULK4dJtVEqHfke
Xearm5Iod9PxPJx4Jub45F1TWHSX7ANfRy64skVv/6L5dh4rrCmN/FyID873OIQ6
bwPbDqBKKUxf6XLURkE9GiTZRAOZOhVu4nEpcbI72R57UKWlvF6nVrVafHkwsCFp
N6sBIFIOtf4lLZJuah7ZyTXITYjiaC19apkzN/Jkmf1oZoEdisB++wz1YwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMZZlF1Ha20Fw8rHHUnPb2EbIKYjMB8GA1UdIwQY
MBaAFAJ+WFj6VD/j/0dNjXarlwHqAQsLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW41WVdQcFVQLVBfUjAyTmRxdVhBZW9CQ3dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi82N2JiYzUtNjRhZS00MWQ1LTkzZDMt
M2IyODk0ZjBlNjljLzEveGxtVVhVZHJiUVhEeXNjZFNjOXZZUnNncGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi82N2JiYzUtNjRhZS00MWQ1LTkzZDMtM2IyODk0ZjBlNjlj
LzEvQW41WVdQcFVQLVBfUjAyTmRxdVhBZW9CQ3dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQB2T3yMA0E
AgACMAcDBQMqAeYAMA0GCSqGSIb3DQEBCwUAA4IBAQBrxNVCTjWnD/RqCmQNwpb/
DtYnMgRTabvKKrPw419hxAWW2qrCen1f5bE+q1kfg5HEuIZJsjjJYn0sLYlgvgRX
QrRkJi+wEdfSuQb95aX5IU7VOR2UFf9b5aCkc5wdoU9rMPVJAE02xJA14mokzsT+
Mgpi27yRMXv11kSjOpc64VR28mPMbDokDfhiQfbiDLhpsnrL1WVvLri4Bl7yFA8c
Dy/p7NBKhL553rjCfb68wFZnD5fJkZE5BBBhqC5K8eNsiH4T38gx7QMoz+qtBVBn
b3OxgSC55CUFyVIWTJQo9mpDVnhrUiGqdWPspu8+y7Of39qa+BWw5/H24enpk/GA
-----END CERTIFICATE-----
Generated at Wed Mar 11 15:47:37 2026 by rpki-client