Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PHGhNex-xdAdbhr94SRVlV7m6Wc.roa
File: PHGhNex-xdAdbhr94SRVlV7m6Wc.roa (raw, json)
Hash identifier: FUQ+9kZ9iPTeVwAwYK2R3I0OUyhil5H7JTq0+Qn2mO0=
Subject key identifier: 3C:71:A1:35:EC:7E:C5:D0:1D:6E:1A:FD:E1:24:55:95:5E:E6:E9:67
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 01967D65EBF73E00041B840CD746C412998F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PHGhNex-xdAdbhr94SRVlV7m6Wc.roa
Signing time: Mon 28 Apr 2025 17:15:53 +0000
ROA not before: Mon 28 Apr 2025 17:15:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.124.0/24 maxlen: 24
64.188.125.0/24 maxlen: 24
64.188.126.0/24 maxlen: 24
64.188.127.0/24 maxlen: 24
185.216.104.0/22 maxlen: 24
193.23.196.0/24 maxlen: 24
193.23.197.0/24 maxlen: 24
193.23.210.0/24 maxlen: 24
193.23.211.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 30 Apr 2025 15:47:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7d:65:eb:f7:3e:00:04:1b:84:0c:d7:46:c4:12:99:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Apr 28 17:15:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c71a135ec7ec5d01d6e1afde12455955ee6e967
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:f5:a8:55:53:07:96:df:6e:14:d1:d8:6e:13:
a4:d0:40:dd:f7:5e:71:7b:32:ce:0d:28:b4:32:a9:
35:f8:a9:c9:4b:d8:04:a3:b2:d2:57:f1:67:24:8c:
91:4d:1f:fd:b2:55:01:5c:84:4b:84:4e:8e:c2:8a:
9e:cc:2a:a9:c3:27:8e:7d:bd:7e:62:b9:ab:da:5c:
9c:7d:69:b4:ad:48:62:e8:b3:75:1a:f1:bd:52:7d:
44:c1:8c:63:d2:28:0e:95:99:6c:53:ba:a8:f4:94:
f7:5a:74:0d:10:35:50:18:92:62:ea:f0:28:cb:ac:
90:ac:fa:8a:34:89:c5:7e:3d:93:84:a5:3c:5c:21:
a3:7d:b7:89:2c:fc:27:ef:ee:ba:6f:9b:d1:69:1b:
3a:3e:24:68:0d:51:95:12:c5:59:31:5b:8d:81:5a:
da:2a:4e:69:6f:9a:7a:74:7e:b2:5a:6e:d1:30:bc:
b0:c1:40:54:78:37:d5:ed:9d:e0:11:ef:a1:08:3c:
7f:aa:67:fc:20:bc:3f:80:fb:3b:ab:81:e9:5a:52:
a9:03:29:ca:7a:3e:c7:4e:c2:9d:36:9d:97:05:6d:
f7:37:02:aa:67:d2:eb:ea:58:2f:c9:72:43:50:07:
bb:7c:54:55:cf:65:72:cc:f4:c6:42:44:72:da:58:
91:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:71:A1:35:EC:7E:C5:D0:1D:6E:1A:FD:E1:24:55:95:5E:E6:E9:67
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/PHGhNex-xdAdbhr94SRVlV7m6Wc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.124.0/22
185.216.104.0/22
193.23.196.0/23
193.23.210.0/23
Signature Algorithm: sha256WithRSAEncryption
b5:bf:10:e4:00:89:2a:54:31:b0:51:32:8c:bd:21:ac:c2:1e:
98:26:97:44:cf:22:82:0d:31:92:c3:3a:77:62:31:8f:53:67:
21:e5:77:41:06:01:f6:ae:69:c0:65:1c:fd:72:49:75:65:46:
db:04:19:49:71:b0:69:5a:7f:35:60:8c:48:aa:f5:d8:02:be:
41:07:a3:37:51:be:ec:b5:a7:7f:c0:b0:f9:0a:7d:cd:e8:52:
7c:86:a1:4e:ca:62:54:ed:6b:40:cf:ca:14:35:77:7c:47:03:
ed:10:40:9a:22:19:b9:6b:06:d5:ca:80:1a:b3:55:6f:20:e8:
18:00:3b:17:86:f1:ed:bc:f6:ae:3b:d9:fc:ef:a8:a3:48:bc:
e3:df:bf:bb:6f:6d:bf:48:f2:4d:4c:26:bb:20:30:08:6b:c9:
d1:17:47:cc:67:71:0f:c6:ca:76:f1:c8:d7:62:e8:26:49:c8:
6e:f7:38:7c:ef:88:ae:80:69:2d:cb:8e:f2:39:99:63:bd:22:
50:b5:96:71:56:67:60:f7:d7:9b:69:bc:5e:6a:3f:32:e0:58:
52:f9:f8:11:89:de:94:0b:9f:3d:37:20:33:6c:c5:26:04:1b:
ef:0f:76:ad:50:51:24:63:13:43:58:ec:0c:f6:a4:1b:13:26:
22:18:24:de
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZZ9Zev3PgAEG4QM10bEEpmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNDI4MTcxNTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzcxYTEzNWVjN2VjNWQwMWQ2ZTFhZmRlMTI0NTU5NTVlZTZlOTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/WoVVMHlt9uFNHYbhOk0EDd915x
ezLODSi0Mqk1+KnJS9gEo7LSV/FnJIyRTR/9slUBXIRLhE6OwoqezCqpwyeOfb1+
Yrmr2lycfWm0rUhi6LN1GvG9Un1EwYxj0igOlZlsU7qo9JT3WnQNEDVQGJJi6vAo
y6yQrPqKNInFfj2ThKU8XCGjfbeJLPwn7+66b5vRaRs6PiRoDVGVEsVZMVuNgVra
Kk5pb5p6dH6yWm7RMLywwUBUeDfV7Z3gEe+hCDx/qmf8ILw/gPs7q4HpWlKpAynK
ej7HTsKdNp2XBW33NwKqZ9Lr6lgvyXJDUAe7fFRVz2VyzPTGQkRy2liRzwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDxxoTXsfsXQHW4a/eEkVZVe5ulnMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUEhHaE5leC14ZEFkYmhyOTRTUlZsVjdtNldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCQLx8AwQC
udhoAwQBwRfEAwQBwRfSMA0GCSqGSIb3DQEBCwUAA4IBAQC1vxDkAIkqVDGwUTKM
vSGswh6YJpdEzyKCDTGSwzp3YjGPU2ch5XdBBgH2rmnAZRz9ckl1ZUbbBBlJcbBp
Wn81YIxIqvXYAr5BB6M3Ub7stad/wLD5Cn3N6FJ8hqFOymJU7WtAz8oUNXd8RwPt
EECaIhm5awbVyoAas1VvIOgYADsXhvHtvPauO9n876ijSLzj37+7b22/SPJNTCa7
IDAIa8nRF0fMZ3EPxsp28cjXYugmSchu9zh874iugGkty47yOZljvSJQtZZxVmdg
99ebabxeaj8y4FhS+fgRid6UC589NyAzbMUmBBvvD3atUFEkYxNDWOwM9qQbEyYi
GCTe
-----END CERTIFICATE-----
Generated at Sun Jun 8 07:02:52 2025 by rpki-client