Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/OkbEP6aukVs-t69l49C-IcvvB7A.roa
File: OkbEP6aukVs-t69l49C-IcvvB7A.roa (raw, json)
Hash identifier: aIFusSQv/mn+x04LrrOxpwCp8+9aY0oDJGRB9INL4DM=
Subject key identifier: 3A:46:C4:3F:A6:AE:91:5B:3E:B7:AF:65:E3:D0:BE:21:CB:EF:07:B0
Certificate issuer: /CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Certificate serial: 0195D1952E754F091FBDA8C0E49E0761EC6D
Authority key identifier: 41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/OkbEP6aukVs-t69l49C-IcvvB7A.roa
Signing time: Wed 26 Mar 2025 08:32:49 +0000
ROA not before: Wed 26 Mar 2025 08:32:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9002
IP address blocks: 31.128.32.0/22 maxlen: 24
45.130.212.0/22 maxlen: 24
77.73.233.0/24 maxlen: 24
77.73.235.0/24 maxlen: 24
77.73.238.0/24 maxlen: 24
83.222.20.0/23 maxlen: 24
90.156.254.0/23 maxlen: 24
91.218.142.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 27 Mar 2025 08:35:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:95:2e:75:4f:09:1f:bd:a8:c0:e4:9e:07:61:ec:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4173eeb8d02f5f64788b3fdc78d6bab8a55fd16a
Validity
Not Before: Mar 26 08:32:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a46c43fa6ae915b3eb7af65e3d0be21cbef07b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:01:a0:d9:32:1b:38:19:1f:a8:50:0f:d1:28:
3c:d6:3c:a2:42:57:50:d0:9d:31:5a:2d:c0:a6:bf:
fa:6f:0b:c5:fb:58:38:2a:d2:d0:1a:f6:d6:0a:da:
70:ba:fd:97:b0:39:de:dc:16:88:44:e9:e8:b7:ed:
d8:3b:57:ed:ee:cc:f4:f5:cb:01:6f:be:94:97:e8:
37:a5:dc:f3:a0:99:88:76:bc:67:db:73:65:d1:fe:
88:fa:ce:9a:fc:e8:89:99:25:3e:a4:ec:cf:82:87:
ff:47:99:d6:cf:91:5a:f7:9e:94:06:f7:99:0b:3b:
64:e2:d1:f5:f0:24:4a:c5:cb:1b:27:86:14:e2:26:
7b:12:89:d9:09:e5:b1:66:6b:a5:cc:d0:e2:43:15:
ac:26:7b:b6:52:f5:25:05:20:ea:a6:1f:35:88:ee:
69:06:74:f8:4e:18:31:66:9b:fe:93:39:1d:cc:1a:
1f:d5:1f:3e:99:1c:10:b5:6f:16:04:3c:29:81:80:
ce:83:52:09:78:97:13:fc:bd:f3:89:5f:05:ae:93:
65:f3:d1:97:5f:ef:af:ac:97:c0:37:c1:44:83:69:
4b:38:9e:0e:6d:35:13:d4:6f:bb:e3:bb:9d:27:a6:
40:aa:6f:28:e5:51:49:c2:d4:8f:42:f6:f7:df:ba:
85:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:46:C4:3F:A6:AE:91:5B:3E:B7:AF:65:E3:D0:BE:21:CB:EF:07:B0
X509v3 Authority Key Identifier:
keyid:41:73:EE:B8:D0:2F:5F:64:78:8B:3F:DC:78:D6:BA:B8:A5:5F:D1:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/OkbEP6aukVs-t69l49C-IcvvB7A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4892a9-3b37-4d39-9c2b-d83ed140d28d/1/QXPuuNAvX2R4iz_ceNa6uKVf0Wo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.128.32.0/22
45.130.212.0/22
77.73.233.0/24
77.73.235.0/24
77.73.238.0/24
83.222.20.0/23
90.156.254.0/23
91.218.142.0/23
Signature Algorithm: sha256WithRSAEncryption
1a:00:0b:1f:64:30:ce:4f:10:f1:9c:ab:25:a6:43:a9:b7:21:
77:4e:50:6d:43:6f:d6:42:02:87:db:50:c2:7e:5e:6d:8d:04:
31:e7:75:8d:a7:59:4e:e0:20:81:89:6c:77:f5:db:fc:1e:71:
e1:71:0a:5c:ae:39:39:4a:c5:34:6c:3a:2c:ed:9d:81:d8:ec:
98:a7:96:11:eb:5c:e8:be:6b:43:7f:bb:b8:b2:46:bc:85:b0:
fb:28:8f:83:f5:01:f1:8b:1a:33:12:7a:ed:d8:28:5c:56:d1:
8f:41:a7:5a:5c:58:f5:c2:e9:cf:cf:6e:98:b0:34:28:d7:cc:
fb:94:0b:87:97:68:e4:61:05:23:0a:a6:15:7c:99:d8:a0:da:
60:34:9b:eb:38:32:59:37:3a:68:a0:44:98:18:a7:df:e6:6b:
f9:f8:d3:22:8c:ad:b3:6c:c1:37:32:2a:4b:cc:73:dc:91:7f:
32:65:d6:ca:11:de:d7:08:28:7a:4e:bc:db:81:a0:81:ca:9b:
1e:ab:9c:28:28:92:9a:39:89:5f:d2:2a:7b:14:45:a8:2a:37:
b9:d4:37:f9:51:df:44:1d:d6:f7:7c:00:6d:33:f9:4a:21:cb:
36:3f:18:92:5e:bb:cb:9e:fe:0e:71:0d:4f:d2:2d:3b:80:1a:
cd:ae:13:e8
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZXRlS51TwkfvajA5J4HYextMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzNlZWI4ZDAyZjVmNjQ3ODhiM2ZkYzc4ZDZiYWI4YTU1
ZmQxNmEwHhcNMjUwMzI2MDgzMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQ2YzQzZmE2YWU5MTViM2ViN2FmNjVlM2QwYmUyMWNiZWYwN2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswGg2TIbOBkfqFAP0Sg81jyiQldQ
0J0xWi3Apr/6bwvF+1g4KtLQGvbWCtpwuv2XsDne3BaIROnot+3YO1ft7sz09csB
b76Ul+g3pdzzoJmIdrxn23Nl0f6I+s6a/OiJmSU+pOzPgof/R5nWz5Fa956UBveZ
Cztk4tH18CRKxcsbJ4YU4iZ7EonZCeWxZmulzNDiQxWsJnu2UvUlBSDqph81iO5p
BnT4ThgxZpv+kzkdzBof1R8+mRwQtW8WBDwpgYDOg1IJeJcT/L3ziV8FrpNl89GX
X++vrJfAN8FEg2lLOJ4ObTUT1G+747udJ6ZAqm8o5VFJwtSPQvb337qFOwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDpGxD+mrpFbPrevZePQviHL7wewMB8GA1UdIwQY
MBaAFEFz7rjQL19keIs/3HjWurilX9FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmIt
ZDgzZWQxNDBkMjhkLzEvT2tiRVA2YXVrVnMtdDY5bDQ5Qy1JY3Z2QjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ODkyYTktM2IzNy00ZDM5LTljMmItZDgzZWQxNDBkMjhk
LzEvUVhQdXVOQXZYMlI0aXpfY2VOYTZ1S1ZmMFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCH4AgAwQC
LYLUAwQATUnpAwQATUnrAwQATUnuAwQBU94UAwQBWpz+AwQBW9qOMA0GCSqGSIb3
DQEBCwUAA4IBAQAaAAsfZDDOTxDxnKslpkOptyF3TlBtQ2/WQgKH21DCfl5tjQQx
53WNp1lO4CCBiWx39dv8HnHhcQpcrjk5SsU0bDos7Z2B2OyYp5YR61zovmtDf7u4
ska8hbD7KI+D9QHxixozEnrt2ChcVtGPQadaXFj1wunPz26YsDQo18z7lAuHl2jk
YQUjCqYVfJnYoNpgNJvrODJZNzpooESYGKff5mv5+NMijK2zbME3MipLzHPckX8y
ZdbKEd7XCCh6TrzbgaCBypseq5woKJKaOYlf0ip7FEWoKje51Df5Ud9EHdb3fABt
M/lKIcs2PxiSXrvLnv4OcQ1P0i07gBrNrhPo
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:22:18 2025 by rpki-client