Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/5h34GMT_Z0e6V9sTRDg9aaUEN7U.roa
File: 5h34GMT_Z0e6V9sTRDg9aaUEN7U.roa (raw, json)
Hash identifier: 4Na2oSA/LIBmwVCKKMjxtvE2qpBrEAvnkiNYA3PVVzg=
Subject key identifier: E6:1D:F8:18:C4:FF:67:47:BA:57:DB:13:44:38:3D:69:A5:04:37:B5
Certificate issuer: /CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Certificate serial: 0195CEE021A788D65F737DBDC90E5F44FD2F
Authority key identifier: 63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/5h34GMT_Z0e6V9sTRDg9aaUEN7U.roa
Signing time: Tue 25 Mar 2025 19:55:49 +0000
ROA not before: Tue 25 Mar 2025 19:55:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204490
IP address blocks: 2a11:7683::/32 maxlen: 32
2a11:8304::/32 maxlen: 32
2a11:8441::/32 maxlen: 32
2a11:b782::/32 maxlen: 32
2a11:c445::/32 maxlen: 32
2a11:cd06::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 28 Mar 2025 20:04:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ce:e0:21:a7:88:d6:5f:73:7d:bd:c9:0e:5f:44:fd:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=632cd87feabe407522e06553f2eb05a0c1602fbf
Validity
Not Before: Mar 25 19:55:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e61df818c4ff6747ba57db1344383d69a50437b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7a:22:d3:9a:73:74:97:33:96:f9:31:24:fe:
b3:75:86:2f:4f:e5:b2:8d:5c:ac:64:02:15:b3:cc:
27:96:c7:ab:b5:ef:ef:36:76:80:55:24:52:6c:cc:
3c:93:ac:20:2b:c2:ea:2f:13:b0:f5:34:48:22:0a:
3c:95:aa:37:4e:88:a7:27:16:34:29:69:ea:5f:91:
eb:28:27:fc:e6:cb:c1:f6:77:0c:8b:a8:ad:8c:23:
be:cd:14:1c:64:f3:b5:f7:86:42:7c:9c:79:bd:72:
45:d7:b3:16:55:0b:38:9c:de:49:3b:bf:17:25:57:
5d:45:5a:62:39:a8:29:07:89:18:d1:2e:aa:32:9a:
8b:4e:60:09:58:e9:51:78:7d:61:ac:20:d2:d9:dc:
22:29:4f:98:ca:e4:c9:d1:ba:3d:a9:95:60:09:bc:
dc:f6:80:06:44:bd:db:98:42:92:24:a7:95:3e:c3:
64:3b:0b:7d:14:b4:d2:53:3f:c9:af:cc:31:f9:a0:
9b:00:dc:14:3a:28:14:d4:a4:39:9e:a4:15:35:ac:
08:47:84:20:57:b8:3f:89:c4:4a:76:2e:6e:dd:76:
2d:fa:ba:fa:ac:e0:8c:00:1b:6e:0f:85:27:67:7f:
fb:22:3c:ad:80:5f:f4:ec:41:1d:a7:ca:68:b1:8b:
96:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:1D:F8:18:C4:FF:67:47:BA:57:DB:13:44:38:3D:69:A5:04:37:B5
X509v3 Authority Key Identifier:
keyid:63:2C:D8:7F:EA:BE:40:75:22:E0:65:53:F2:EB:05:A0:C1:60:2F:BF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YyzYf-q-QHUi4GVT8usFoMFgL78.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/5h34GMT_Z0e6V9sTRDg9aaUEN7U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fddf47-ff64-447a-b98f-55104173b180/1/YyzYf-q-QHUi4GVT8usFoMFgL78.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:7683::/32
2a11:8304::/32
2a11:8441::/32
2a11:b782::/32
2a11:c445::/32
2a11:cd06::/32
Signature Algorithm: sha256WithRSAEncryption
42:da:4c:e1:8b:94:5e:68:f9:32:bf:da:89:5f:20:6f:ef:5e:
33:4f:26:52:bb:26:5d:7c:e4:77:ba:9b:33:b6:d2:9c:48:09:
9f:bc:8b:2d:97:f6:70:32:bf:5b:b5:b1:04:0d:d9:8e:62:a1:
c8:2e:96:2f:9d:39:9c:42:f8:be:7f:1b:43:52:16:20:5c:7b:
7d:d7:08:c6:74:cc:1b:8b:c1:c0:2c:72:87:7f:33:e5:d9:34:
a6:73:1a:cb:a1:5c:1c:ce:f5:65:cf:c4:d9:19:33:18:d9:8f:
10:31:f0:6e:90:f3:da:4d:b4:6d:ba:5b:12:53:46:42:94:27:
62:43:02:a8:8a:26:a5:dd:cb:68:eb:f7:12:4d:34:0c:a3:14:
70:6e:28:25:83:0b:32:fa:51:7e:92:ad:30:44:05:ff:b4:3a:
a0:16:09:94:b8:5d:bc:4e:7d:91:1f:c1:51:10:35:db:8d:09:
dd:e7:54:41:8c:34:40:6e:91:d6:a7:c2:80:cb:56:48:2e:18:
09:12:71:dd:a1:92:bc:57:53:be:c7:fe:53:31:b6:30:8e:46:
78:e6:e2:9c:67:8a:cc:2f:85:9b:2f:bc:ef:6a:61:3a:ff:51:
dd:73:4d:8e:f0:4a:2f:10:60:d0:da:1b:d3:90:5c:04:e5:61:
ac:a5:f9:bf
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZXO4CGniNZfc329yQ5fRP0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmNkODdmZWFiZTQwNzUyMmUwNjU1M2YyZWIwNWEwYzE2
MDJmYmYwHhcNMjUwMzI1MTk1NTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFkZjgxOGM0ZmY2NzQ3YmE1N2RiMTM0NDM4M2Q2OWE1MDQzN2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3oi05pzdJczlvkxJP6zdYYvT+Wy
jVysZAIVs8wnlserte/vNnaAVSRSbMw8k6wgK8LqLxOw9TRIIgo8lao3ToinJxY0
KWnqX5HrKCf85svB9ncMi6itjCO+zRQcZPO194ZCfJx5vXJF17MWVQs4nN5JO78X
JVddRVpiOagpB4kY0S6qMpqLTmAJWOlReH1hrCDS2dwiKU+YyuTJ0bo9qZVgCbzc
9oAGRL3bmEKSJKeVPsNkOwt9FLTSUz/Jr8wx+aCbANwUOigU1KQ5nqQVNawIR4Qg
V7g/icRKdi5u3XYt+rr6rOCMABtuD4UnZ3/7IjytgF/07EEdp8posYuWWQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOYd+BjE/2dHulfbE0Q4PWmlBDe1MB8GA1UdIwQY
MBaAFGMs2H/qvkB1IuBlU/LrBaDBYC+/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYt
NTUxMDQxNzNiMTgwLzEvNWgzNEdNVF9aMGU2VjlzVFJEZzlhYVVFTjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGRmNDctZmY2NC00NDdhLWI5OGYtNTUxMDQxNzNiMTgw
LzEvWXl6WWYtcS1RSFVpNEdWVDh1c0ZvTUZnTDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUAKhF2gwMF
ACoRgwQDBQAqEYRBAwUAKhG3ggMFACoRxEUDBQAqEc0GMA0GCSqGSIb3DQEBCwUA
A4IBAQBC2kzhi5ReaPkyv9qJXyBv714zTyZSuyZdfOR3upszttKcSAmfvIstl/Zw
Mr9btbEEDdmOYqHILpYvnTmcQvi+fxtDUhYgXHt91wjGdMwbi8HALHKHfzPl2TSm
cxrLoVwczvVlz8TZGTMY2Y8QMfBukPPaTbRtulsSU0ZClCdiQwKoiial3cto6/cS
TTQMoxRwbiglgwsy+lF+kq0wRAX/tDqgFgmUuF28Tn2RH8FREDXbjQnd51RBjDRA
bpHWp8KAy1ZILhgJEnHdoZK8V1O+x/5TMbYwjkZ45uKcZ4rML4WbL7zvamE6/1Hd
c02O8EovEGDQ2hvTkFwE5WGspfm/
-----END CERTIFICATE-----
Generated at Mon Apr 14 02:48:46 2025 by rpki-client