Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/3HcpqgKKlVsgUG6vp7fbdQDFc7k.roa
File: 3HcpqgKKlVsgUG6vp7fbdQDFc7k.roa (raw, json)
Hash identifier: xlYg7Cg6Kd9xJN5mNhv5B4ivilyve0naQxflGjpSs0U=
Subject key identifier: DC:77:29:AA:02:8A:95:5B:20:50:6E:AF:A7:B7:DB:75:00:C5:73:B9
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0196FBC8AD3F6406A8A88E35904EC3DC7EBA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/3HcpqgKKlVsgUG6vp7fbdQDFc7k.roa
Signing time: Fri 23 May 2025 06:15:54 +0000
ROA not before: Fri 23 May 2025 06:15:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 88.151.56.0/23 maxlen: 24
88.209.198.0/24 maxlen: 24
88.209.201.0/24 maxlen: 24
88.209.232.0/22 maxlen: 24
Validation: Failed, certificate revoked on Sat 31 May 2025 06:04:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:fb:c8:ad:3f:64:06:a8:a8:8e:35:90:4e:c3:dc:7e:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: May 23 06:15:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dc7729aa028a955b20506eafa7b7db7500c573b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:45:2a:83:28:8e:66:0c:6e:24:02:bc:87:de:
37:dd:e4:7b:00:15:8a:9f:0b:90:d2:f7:1d:78:9e:
0a:52:da:1d:27:ff:51:1c:6c:d9:13:33:58:b0:10:
ec:f4:fd:5c:8d:55:af:71:5a:23:2a:c3:53:25:4d:
41:ac:89:5d:ec:b2:65:14:08:0c:60:6c:92:b7:83:
30:2c:3d:09:b6:3d:ab:ee:65:5c:46:01:e6:36:ae:
46:6c:77:11:76:db:be:11:ae:22:e0:7b:d3:f2:dd:
c5:8e:a9:17:42:86:24:fb:85:cd:e2:24:cc:7d:f7:
8d:62:6f:be:ca:df:84:64:eb:63:3a:cd:c5:32:47:
12:7a:c8:68:b4:10:6b:27:86:11:08:31:6d:c4:4b:
d0:56:98:b8:35:a0:2d:2f:b5:f5:6c:c8:2e:df:4c:
a6:ec:e5:68:27:af:37:55:2a:bc:2d:5c:a3:60:3e:
ba:6b:20:05:20:a5:e2:0c:df:af:5a:6d:cd:5c:01:
22:78:53:f2:ec:ad:b1:16:de:ca:83:9b:0d:0e:f9:
46:26:bc:d0:85:a2:68:2c:e9:21:31:a8:99:74:aa:
2e:28:f4:0f:de:d1:ea:19:e6:19:e0:8e:72:16:5c:
a4:e5:3d:bd:4e:44:a3:ef:02:c3:b6:d2:61:67:59:
25:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:77:29:AA:02:8A:95:5B:20:50:6E:AF:A7:B7:DB:75:00:C5:73:B9
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/3HcpqgKKlVsgUG6vp7fbdQDFc7k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.151.56.0/23
88.209.198.0/24
88.209.201.0/24
88.209.232.0/22
Signature Algorithm: sha256WithRSAEncryption
8f:57:cd:ae:6c:2d:5f:f7:53:e5:2a:df:8d:19:c2:3a:db:f8:
41:0e:c3:67:ae:c7:97:08:2c:17:8d:d3:0a:47:67:9f:b0:99:
7a:2c:4f:83:98:bd:28:3a:45:50:4c:ce:3e:6f:6a:4b:be:d3:
b8:68:f8:05:52:bf:c9:23:5b:2b:80:97:d1:16:21:62:1f:4f:
a6:d2:b5:d1:99:76:fd:41:92:c7:d6:42:fe:2e:e3:d1:77:f1:
c1:a0:bf:b1:81:e7:b3:32:9f:93:6b:34:28:c6:23:24:16:67:
86:11:b7:5a:e4:e6:84:9a:6a:4e:a4:6f:0c:65:c3:b7:41:cc:
f6:ba:c0:5a:f2:fa:11:01:68:f6:c7:3e:d0:c0:59:a1:f5:c0:
d1:56:ac:c7:5a:0f:0e:41:40:ce:6a:a8:b4:2e:1f:63:a4:b5:
84:f2:dd:73:41:e1:b9:de:fd:ed:13:a6:d8:cf:7a:54:11:73:
8d:86:7f:86:43:46:98:41:7d:e0:ee:31:3f:bb:bb:75:6e:95:
fe:9c:92:95:b4:1f:11:a7:4e:bf:3b:55:d7:04:58:85:73:1f:
e0:e4:a5:09:14:fe:cd:19:ec:bc:b0:17:6d:4f:9f:8a:72:d2:
ad:81:db:b3:19:0e:8e:d3:3e:a8:37:17:4c:26:4c:db:f0:11:
51:47:d0:8e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZb7yK0/ZAaoqI41kE7D3H66MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjUwNTIzMDYxNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc3MjlhYTAyOGE5NTViMjA1MDZlYWZhN2I3ZGI3NTAwYzU3M2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEUqgyiOZgxuJAK8h9433eR7ABWK
nwuQ0vcdeJ4KUtodJ/9RHGzZEzNYsBDs9P1cjVWvcVojKsNTJU1BrIld7LJlFAgM
YGySt4MwLD0Jtj2r7mVcRgHmNq5GbHcRdtu+Ea4i4HvT8t3FjqkXQoYk+4XN4iTM
ffeNYm++yt+EZOtjOs3FMkcSeshotBBrJ4YRCDFtxEvQVpi4NaAtL7X1bMgu30ym
7OVoJ683VSq8LVyjYD66ayAFIKXiDN+vWm3NXAEieFPy7K2xFt7Kg5sNDvlGJrzQ
haJoLOkhMaiZdKouKPQP3tHqGeYZ4I5yFlyk5T29TkSj7wLDttJhZ1kl2QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNx3KaoCipVbIFBur6e323UAxXO5MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvM0hjcHFnS0tsVnNnVUc2dnA3ZmJkUURGYzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBWJc4AwQA
WNHGAwQAWNHJAwQCWNHoMA0GCSqGSIb3DQEBCwUAA4IBAQCPV82ubC1f91PlKt+N
GcI62/hBDsNnrseXCCwXjdMKR2efsJl6LE+DmL0oOkVQTM4+b2pLvtO4aPgFUr/J
I1srgJfRFiFiH0+m0rXRmXb9QZLH1kL+LuPRd/HBoL+xgeezMp+TazQoxiMkFmeG
Ebda5OaEmmpOpG8MZcO3Qcz2usBa8voRAWj2xz7QwFmh9cDRVqzHWg8OQUDOaqi0
Lh9jpLWE8t1zQeG53v3tE6bYz3pUEXONhn+GQ0aYQX3g7jE/u7t1bpX+nJKVtB8R
p06/O1XXBFiFcx/g5KUJFP7NGey8sBdtT5+KctKtgduzGQ6O0z6oNxdMJkzb8BFR
R9CO
-----END CERTIFICATE-----
Generated at Sun Jun 8 06:40:29 2025 by rpki-client