Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cTAz-PVTVhDYUePQQlvoY2zpRdQ.roa
File: cTAz-PVTVhDYUePQQlvoY2zpRdQ.roa (raw, json)
Hash identifier: X8RE19VXcl5KQ/k0fAOo2A+OR1pLEzUst1twTzXLDC0=
Subject key identifier: 71:30:33:F8:F5:53:56:10:D8:51:E3:D0:42:5B:E8:63:6C:E9:45:D4
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019C1D8F849024DEE8AA5454DB01951DF3E8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cTAz-PVTVhDYUePQQlvoY2zpRdQ.roa
Signing time: Mon 02 Feb 2026 08:54:30 +0000
ROA not before: Mon 02 Feb 2026 08:54:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 5650
IP address blocks: 82.197.208.0/20 maxlen: 24
84.245.32.0/20 maxlen: 24
Validation: Failed, certificate revoked on Thu 12 Feb 2026 18:03:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:1d:8f:84:90:24:de:e8:aa:54:54:db:01:95:1d:f3:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 2 08:54:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=713033f8f5535610d851e3d0425be8636ce945d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:97:dc:cd:06:b8:f6:ea:68:45:03:b7:b7:7d:
ce:c8:ed:c5:3d:90:aa:08:71:be:75:e7:f4:f2:50:
4f:51:12:40:0e:e4:f1:32:b6:47:3e:7d:21:2c:cb:
5c:91:68:6d:ab:62:2d:71:8e:fe:62:33:dc:36:7f:
62:db:7c:d0:42:3c:a6:61:02:d7:38:21:62:f7:f8:
af:48:72:0c:30:51:d1:32:1d:8d:cf:78:a1:8c:8a:
4a:3c:1f:bd:68:25:77:1c:a1:de:1e:06:d5:8a:27:
1d:b8:21:5b:18:70:3f:28:cf:bc:c2:7a:1a:ea:b1:
84:ea:21:57:9b:27:65:9b:c6:e5:48:d0:b4:ef:17:
d2:09:e8:d4:4b:01:ff:7e:6a:16:92:bb:dc:cf:7a:
46:fd:11:05:62:56:d1:55:d1:2b:05:c5:bb:b0:fd:
97:1a:f7:ac:85:4b:ec:5b:cc:10:1c:da:4a:bc:c4:
df:1b:09:51:e0:04:d6:32:f4:4e:a7:46:9b:a8:bc:
5e:05:0c:f2:94:0c:56:0b:93:b2:c3:c5:db:72:fd:
7e:20:45:6c:2d:a3:b4:33:53:4c:6a:61:d2:dc:8f:
9d:14:d9:a1:8c:26:e0:b4:87:e1:cc:c4:a7:bf:de:
37:39:31:c0:18:8e:2e:e2:c2:88:61:f8:8f:e4:37:
9c:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:30:33:F8:F5:53:56:10:D8:51:E3:D0:42:5B:E8:63:6C:E9:45:D4
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cTAz-PVTVhDYUePQQlvoY2zpRdQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.197.208.0/20
84.245.32.0/20
Signature Algorithm: sha256WithRSAEncryption
77:0e:56:21:20:bc:19:17:a3:cb:27:b4:99:83:bf:3d:f1:f6:
28:18:a3:a9:b7:67:7a:ed:6d:e3:a3:06:51:fe:94:39:7d:71:
89:60:e4:1e:60:57:e1:fd:bd:43:7a:d4:51:32:de:47:dc:4e:
26:c2:00:6d:4a:48:5c:26:0b:8f:ef:29:85:ec:d0:2f:b7:f1:
6e:5c:9a:93:db:cd:a2:78:37:02:9e:3a:12:ef:63:b0:75:d1:
87:18:4a:fd:cf:81:4d:03:b6:0c:7a:56:68:7d:1b:e5:1f:fb:
8d:90:de:6e:3c:8a:a3:80:fe:29:ae:2a:b3:a6:6d:d5:90:5a:
b1:40:91:1e:a5:ae:86:d6:ae:71:0a:95:ef:c1:9c:57:de:ec:
ee:2c:72:a6:bd:ff:66:f5:26:8a:c7:4c:1b:5e:5a:f3:27:3a:
68:f6:22:ea:dc:b8:f6:72:1d:71:35:88:27:ba:cc:fc:41:61:
de:0a:72:fc:21:be:c4:79:55:a8:80:3e:39:07:80:58:37:cc:
35:45:09:1f:e5:58:72:29:3f:ba:4b:14:b0:b5:db:45:81:f9:
e4:cd:8e:3f:ee:9d:75:9c:cb:7a:5c:20:90:35:c9:7b:50:54:
7e:e8:c5:7a:7a:22:ea:57:f5:e6:91:8e:90:d7:19:28:e4:98:
22:03:25:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZwdj4SQJN7oqlRU2wGVHfPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjAyMDg1NDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTMwMzNmOGY1NTM1NjEwZDg1MWUzZDA0MjViZTg2MzZjZTk0NWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJfczQa49upoRQO3t33OyO3FPZCq
CHG+def08lBPURJADuTxMrZHPn0hLMtckWhtq2ItcY7+YjPcNn9i23zQQjymYQLX
OCFi9/ivSHIMMFHRMh2Nz3ihjIpKPB+9aCV3HKHeHgbViicduCFbGHA/KM+8wnoa
6rGE6iFXmydlm8blSNC07xfSCejUSwH/fmoWkrvcz3pG/REFYlbRVdErBcW7sP2X
GveshUvsW8wQHNpKvMTfGwlR4ATWMvROp0abqLxeBQzylAxWC5Oyw8Xbcv1+IEVs
LaO0M1NMamHS3I+dFNmhjCbgtIfhzMSnv943OTHAGI4u4sKIYfiP5Dec0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHEwM/j1U1YQ2FHj0EJb6GNs6UXUMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvY1RBei1QVlRWaERZVWVQUVFsdm9ZMnpwUmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUsXQAwQE
VPUgMA0GCSqGSIb3DQEBCwUAA4IBAQB3DlYhILwZF6PLJ7SZg7898fYoGKOpt2d6
7W3jowZR/pQ5fXGJYOQeYFfh/b1DetRRMt5H3E4mwgBtSkhcJguP7ymF7NAvt/Fu
XJqT282ieDcCnjoS72OwddGHGEr9z4FNA7YMelZofRvlH/uNkN5uPIqjgP4priqz
pm3VkFqxQJEepa6G1q5xCpXvwZxX3uzuLHKmvf9m9SaKx0wbXlrzJzpo9iLq3Lj2
ch1xNYgnusz8QWHeCnL8Ib7EeVWogD45B4BYN8w1RQkf5VhyKT+6SxSwtdtFgfnk
zY4/7p11nMt6XCCQNcl7UFR+6MV6eiLqV/XmkY6Q1xko5JgiAyX+
-----END CERTIFICATE-----
Generated at Wed Mar 18 08:08:05 2026 by rpki-client