Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/1H1-LV6mNS3FZb1H6Os-Ft4NjDM.roa
File: 1H1-LV6mNS3FZb1H6Os-Ft4NjDM.roa (raw, json)
Hash identifier: DsnJQR8lRs286YQ33RnqiMSVAhUMHebcGHRTBu91JPE=
Subject key identifier: D4:7D:7E:2D:5E:A6:35:2D:C5:65:BD:47:E8:EB:3E:16:DE:0D:8C:33
Certificate issuer: /CN=f5cb856d4269219ed3a0c0dc47333236f155953a
Certificate serial: 0196D434C63FB23AC545E3C84B4EF56C72F4
Authority key identifier: F5:CB:85:6D:42:69:21:9E:D3:A0:C0:DC:47:33:32:36:F1:55:95:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/1H1-LV6mNS3FZb1H6Os-Ft4NjDM.roa
Signing time: Thu 15 May 2025 13:49:10 +0000
ROA not before: Thu 15 May 2025 13:49:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8612
IP address blocks: 185.38.136.0/22 maxlen: 22
193.43.2.0/24 maxlen: 24
217.73.208.0/21 maxlen: 22
Validation: Failed, certificate revoked on Thu 22 May 2025 15:29:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:d4:34:c6:3f:b2:3a:c5:45:e3:c8:4b:4e:f5:6c:72:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f5cb856d4269219ed3a0c0dc47333236f155953a
Validity
Not Before: May 15 13:49:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d47d7e2d5ea6352dc565bd47e8eb3e16de0d8c33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:7f:51:b5:a9:7f:87:57:f0:52:f6:02:18:fc:
ca:4b:2a:9a:22:d4:17:94:34:11:aa:a1:06:9d:ec:
bf:be:f5:da:6b:b0:69:85:e8:71:8f:a1:28:59:68:
7e:05:04:ca:d8:ad:cf:9b:89:cb:74:10:29:ff:c9:
eb:53:ee:7b:57:6d:05:2e:01:db:03:5f:5b:c7:72:
80:99:15:0c:c5:4d:cf:47:98:0d:bb:79:26:da:cd:
c0:48:27:a8:c4:71:7c:39:4f:0e:60:f0:2a:50:21:
a3:04:5d:db:dd:64:ac:b8:2c:c3:42:0f:4a:ee:39:
24:91:8f:c2:de:01:1a:02:43:f6:50:c6:5a:dd:a8:
b3:05:66:d1:21:e4:3f:b7:4c:9c:9b:24:49:22:e8:
52:1d:32:63:c6:d4:b5:4a:9c:f2:c0:dd:4a:40:ec:
fd:6e:48:8d:1b:5f:84:7d:e5:4d:65:da:0b:b4:f9:
be:4a:0e:6f:a8:79:fb:b1:a6:ad:9d:c1:f1:fc:20:
a0:9a:d6:d9:c5:ee:91:67:c9:ad:b4:64:fb:53:a7:
cc:15:9e:85:ec:11:a6:62:2b:ab:bc:f6:df:34:29:
c0:20:ca:2b:46:12:db:a4:62:12:33:a6:57:31:97:
10:a9:b1:04:13:08:07:c4:14:ef:aa:94:62:b7:10:
be:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:7D:7E:2D:5E:A6:35:2D:C5:65:BD:47:E8:EB:3E:16:DE:0D:8C:33
X509v3 Authority Key Identifier:
keyid:F5:CB:85:6D:42:69:21:9E:D3:A0:C0:DC:47:33:32:36:F1:55:95:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/1H1-LV6mNS3FZb1H6Os-Ft4NjDM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/74b280-e1b4-4310-8085-d65617bd3b4f/1/9cuFbUJpIZ7ToMDcRzMyNvFVlTo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.38.136.0/22
193.43.2.0/24
217.73.208.0/21
Signature Algorithm: sha256WithRSAEncryption
ce:4b:37:66:fc:10:ec:f6:75:9e:c7:f0:57:41:91:6c:df:8d:
1a:8d:31:07:31:8e:b3:3c:c3:f4:13:78:c1:2a:e0:ea:7d:98:
8a:fc:09:ef:89:71:71:8a:eb:83:10:04:a5:f0:e4:54:68:91:
83:43:66:1d:db:cf:4f:21:bb:83:40:21:bf:49:00:6b:f3:3f:
94:ac:1b:cd:c4:6b:e1:8c:04:11:a8:8f:7e:ec:3c:b3:3d:32:
40:94:5d:7d:20:50:1a:c3:a7:87:2d:d6:3a:c5:4d:45:d9:f2:
50:e9:37:30:0f:a4:3e:e7:1f:8d:2d:a7:db:ae:ef:bd:7a:22:
64:0d:0b:80:d2:9b:c5:69:f9:7f:c2:d3:c2:c9:a3:07:7a:50:
29:42:2e:66:11:ed:cd:2d:15:22:94:d8:91:ae:41:99:72:e4:
8d:ed:67:73:bb:e8:ee:da:59:b4:f1:38:e1:83:87:9a:f1:b4:
a6:04:65:49:3c:47:14:b2:be:06:6a:c5:3d:38:03:00:2e:2f:
1b:d3:95:d9:47:51:22:a3:62:e1:bf:c5:6b:09:d9:c1:8c:7f:
5b:ed:92:42:58:02:8e:af:4c:f8:69:a6:2b:e8:32:5a:58:35:
ba:9b:9a:55:08:df:4d:08:1a:fb:99:af:52:75:82:af:75:42:
4c:14:18:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbUNMY/sjrFRePIS071bHL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1Y2I4NTZkNDI2OTIxOWVkM2EwYzBkYzQ3MzMzMjM2ZjE1
NTk1M2EwHhcNMjUwNTE1MTM0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdkN2UyZDVlYTYzNTJkYzU2NWJkNDdlOGViM2UxNmRlMGQ4YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n9Rtal/h1fwUvYCGPzKSyqaItQX
lDQRqqEGney/vvXaa7Bphehxj6EoWWh+BQTK2K3Pm4nLdBAp/8nrU+57V20FLgHb
A19bx3KAmRUMxU3PR5gNu3km2s3ASCeoxHF8OU8OYPAqUCGjBF3b3WSsuCzDQg9K
7jkkkY/C3gEaAkP2UMZa3aizBWbRIeQ/t0ycmyRJIuhSHTJjxtS1SpzywN1KQOz9
bkiNG1+EfeVNZdoLtPm+Sg5vqHn7saatncHx/CCgmtbZxe6RZ8mttGT7U6fMFZ6F
7BGmYiurvPbfNCnAIMorRhLbpGISM6ZXMZcQqbEEEwgHxBTvqpRitxC+UQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNR9fi1epjUtxWW9R+jrPhbeDYwzMB8GA1UdIwQY
MBaAFPXLhW1CaSGe06DA3EczMjbxVZU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWN1RmJVSnBJWjdUb01EY1J6TXlOdkZWbFRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUt
ZDY1NjE3YmQzYjRmLzEvMUgxLUxWNm1OUzNGWmIxSDZPcy1GdDROakRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS83NGIyODAtZTFiNC00MzEwLTgwODUtZDY1NjE3YmQzYjRm
LzEvOWN1RmJVSnBJWjdUb01EY1J6TXlOdkZWbFRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuSaIAwQA
wSsCAwQD2UnQMA0GCSqGSIb3DQEBCwUAA4IBAQDOSzdm/BDs9nWex/BXQZFs340a
jTEHMY6zPMP0E3jBKuDqfZiK/AnviXFxiuuDEASl8ORUaJGDQ2Yd289PIbuDQCG/
SQBr8z+UrBvNxGvhjAQRqI9+7DyzPTJAlF19IFAaw6eHLdY6xU1F2fJQ6TcwD6Q+
5x+NLafbru+9eiJkDQuA0pvFafl/wtPCyaMHelApQi5mEe3NLRUilNiRrkGZcuSN
7Wdzu+ju2lm08Tjhg4ea8bSmBGVJPEcUsr4GasU9OAMALi8b05XZR1Eio2Lhv8Vr
CdnBjH9b7ZJCWAKOr0z4aaYr6DJaWDW6m5pVCN9NCBr7ma9SdYKvdUJMFBg4
-----END CERTIFICATE-----
Generated at Sat Jun 7 13:51:15 2025 by rpki-client