Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/XNLowwGzAtvR4imeFBhZtA9L2s4.roa
File: XNLowwGzAtvR4imeFBhZtA9L2s4.roa (raw, json)
Hash identifier: DhuZ0fSKaljU6kKimZ3eZ4pDrwiGgDDhMup2nMrVkOk=
Subject key identifier: 5C:D2:E8:C3:01:B3:02:DB:D1:E2:29:9E:14:18:59:B4:0F:4B:DA:CE
Certificate issuer: /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial: 01972BF6A920E8FAB43FFA6398F2AB6DD09D
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/XNLowwGzAtvR4imeFBhZtA9L2s4.roa
Signing time: Sun 01 Jun 2025 14:47:54 +0000
ROA not before: Sun 01 Jun 2025 14:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.159.148.0/24 maxlen: 24
2a05:9080:1::/48 maxlen: 48
Validation: Failed, certificate revoked on Sat 07 Jun 2025 08:09:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:2b:f6:a9:20:e8:fa:b4:3f:fa:63:98:f2:ab:6d:d0:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Validity
Not Before: Jun 1 14:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5cd2e8c301b302dbd1e2299e141859b40f4bdace
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:dc:e7:f8:2b:96:a9:b1:5d:08:c6:df:c9:04:
d0:52:c3:7e:62:36:5f:4b:c9:3f:02:1f:f3:65:e0:
43:28:e6:1f:51:62:2b:22:91:0c:6a:c3:fa:4c:25:
fb:4b:c4:f7:19:67:c8:f6:8d:35:09:fd:a6:6c:c2:
65:34:f2:ae:dd:c9:74:53:51:68:0e:e1:86:6a:09:
5f:d1:2c:14:3a:32:6b:17:9f:59:90:7a:7d:3e:1f:
47:38:fc:ea:9e:d3:5d:dd:e5:90:28:5c:1a:0c:39:
26:72:32:5a:a0:9a:aa:b4:89:a8:e5:2a:8c:6a:88:
62:8c:b8:b8:d5:f1:c2:78:a0:41:51:6a:2b:93:a4:
d6:5c:06:4c:34:ca:9f:0e:9c:7f:08:97:f1:89:19:
de:13:47:47:c8:54:2c:03:9d:3b:66:c4:a2:57:4c:
c2:6c:a4:dc:6e:6a:fd:f9:53:be:30:88:fe:da:de:
bd:e5:5b:99:26:52:df:e5:f4:64:c0:c1:d0:e1:26:
6d:39:39:67:2f:ad:19:0f:cf:4c:64:6a:9a:59:5d:
ab:e4:f9:50:ec:04:fa:79:a4:81:50:b8:3c:72:1c:
fd:4b:7c:8c:4b:c4:31:1e:09:b4:15:03:ab:b8:ba:
c3:ae:8f:b8:ee:4f:a8:a7:01:32:ad:83:2b:42:f9:
a2:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:D2:E8:C3:01:B3:02:DB:D1:E2:29:9E:14:18:59:B4:0F:4B:DA:CE
X509v3 Authority Key Identifier:
keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/XNLowwGzAtvR4imeFBhZtA9L2s4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.159.148.0/24
IPv6:
2a05:9080:1::/48
Signature Algorithm: sha256WithRSAEncryption
cf:51:db:3b:0b:da:d0:d6:88:f3:93:57:80:d8:26:3d:28:2a:
87:0e:0b:c9:0f:4f:c1:de:84:78:03:30:7d:5f:aa:a3:0c:d1:
1a:e7:3d:c2:45:33:57:24:9c:9c:42:b0:33:89:f0:be:dc:ed:
63:8a:9c:64:0a:b5:cd:b6:7b:cc:72:ae:ff:2f:34:01:84:7a:
10:94:ec:6e:0f:f2:33:b0:03:ec:f0:c6:1f:8f:e6:ce:35:98:
b2:d0:d8:da:ad:30:d7:dc:6f:83:6e:59:61:6d:31:eb:b4:7c:
94:07:ca:dd:87:93:a3:0f:6b:dd:fe:9e:73:da:89:77:f6:77:
71:98:9d:7d:62:e3:fa:b6:f3:ea:f1:03:0d:56:dd:41:af:f3:
82:df:60:cb:63:c1:bc:08:94:a0:df:0a:be:58:51:48:e0:ee:
1c:c9:b6:8c:3f:f3:20:d8:a7:46:cd:23:1e:ff:85:b7:34:46:
02:28:d1:db:1c:cd:db:87:94:d2:27:b1:a1:a3:02:f1:51:e5:
06:f0:b4:95:f5:6c:ca:4d:6b:01:17:84:b1:7e:a5:8c:56:be:
1e:d6:bb:da:95:03:e8:7f:97:74:08:a5:a3:ba:c3:63:c5:9f:
d0:eb:e9:ad:48:49:d4:db:c8:ed:04:0d:1c:52:6e:93:83:f6:
3b:67:67:98
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZcr9qkg6Pq0P/pjmPKrbdCdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwNjAxMTQ0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2QyZThjMzAxYjMwMmRiZDFlMjI5OWUxNDE4NTliNDBmNGJkYWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdzn+CuWqbFdCMbfyQTQUsN+YjZf
S8k/Ah/zZeBDKOYfUWIrIpEMasP6TCX7S8T3GWfI9o01Cf2mbMJlNPKu3cl0U1Fo
DuGGaglf0SwUOjJrF59ZkHp9Ph9HOPzqntNd3eWQKFwaDDkmcjJaoJqqtImo5SqM
aohijLi41fHCeKBBUWork6TWXAZMNMqfDpx/CJfxiRneE0dHyFQsA507ZsSiV0zC
bKTcbmr9+VO+MIj+2t695VuZJlLf5fRkwMHQ4SZtOTlnL60ZD89MZGqaWV2r5PlQ
7AT6eaSBULg8chz9S3yMS8QxHgm0FQOruLrDro+47k+opwEyrYMrQvmiGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFzS6MMBswLb0eIpnhQYWbQPS9rOMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvWE5Mb3d3R3pBdHZSNGltZUZCaFp0QTlMMnM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZ+UMA8E
AgACMAkDBwAqBZCAAAEwDQYJKoZIhvcNAQELBQADggEBAM9R2zsL2tDWiPOTV4DY
Jj0oKocOC8kPT8HehHgDMH1fqqMM0RrnPcJFM1cknJxCsDOJ8L7c7WOKnGQKtc22
e8xyrv8vNAGEehCU7G4P8jOwA+zwxh+P5s41mLLQ2NqtMNfcb4NuWWFtMeu0fJQH
yt2Hk6MPa93+nnPaiXf2d3GYnX1i4/q28+rxAw1W3UGv84LfYMtjwbwIlKDfCr5Y
UUjg7hzJtow/8yDYp0bNIx7/hbc0RgIo0dsczduHlNInsaGjAvFR5QbwtJX1bMpN
awEXhLF+pYxWvh7Wu9qVA+h/l3QIpaO6w2PFn9Dr6a1ISdTbyO0EDRxSbpOD9jtn
Z5g=
-----END CERTIFICATE-----
Generated at Sat Jun 7 15:35:29 2025 by rpki-client