Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/3XSGDdtIM0uCLRNvSY_Ipcf6BKE.roa
File: 3XSGDdtIM0uCLRNvSY_Ipcf6BKE.roa (raw, json)
Hash identifier: k/svYDEibI/QX2tBPbsbkLLIO1bHD8c7ET+/jf2uMLI=
Subject key identifier: DD:74:86:0D:DB:48:33:4B:82:2D:13:6F:49:8F:C8:A5:C7:FA:04:A1
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 01973D3A42BB6FD5089F91318FD834021430
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/3XSGDdtIM0uCLRNvSY_Ipcf6BKE.roa
Signing time: Wed 04 Jun 2025 23:15:17 +0000
ROA not before: Wed 04 Jun 2025 23:15:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
2001:67c:64:ffff:0:197:353f:be91/128 maxlen: 128
Validation: Failed, certificate revoked on Thu 05 Jun 2025 00:04:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3d:3a:42:bb:6f:d5:08:9f:91:31:8f:d8:34:02:14:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 4 23:15:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd74860ddb48334b822d136f498fc8a5c7fa04a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:d2:47:8c:74:c9:6c:d7:61:a3:13:50:38:17:
f2:b2:ef:b1:68:a5:98:a7:dd:cc:7d:01:ef:0f:19:
06:87:7a:93:23:0f:7a:57:66:19:02:6a:ee:0c:7d:
fb:3f:13:bd:b4:00:a6:5a:4f:c9:c8:da:98:99:47:
e9:58:a2:9a:1e:b7:37:26:e9:fb:9b:2b:99:04:87:
92:81:b7:cf:ae:41:f8:70:c4:46:8a:ae:11:c8:f6:
dd:b9:8d:59:aa:fb:ea:a3:4f:39:de:28:44:01:cc:
cc:a7:66:8d:e9:df:39:c3:0b:a9:e8:57:8c:e9:bd:
70:82:3e:53:57:5a:23:9c:38:61:bf:62:b4:e1:21:
ac:ff:3f:4a:82:98:ff:16:01:bc:9f:ae:79:d5:c5:
89:3e:61:f1:6d:6e:e2:16:dc:51:43:35:cf:aa:4d:
85:c3:18:f8:72:e2:4d:5b:b5:5d:1b:d4:47:cd:4c:
0b:14:7c:1c:bf:81:10:7f:a4:79:44:f7:c9:4e:e1:
04:85:dc:d0:98:09:fa:fc:44:84:6d:2c:f8:13:05:
18:87:d6:90:9c:a3:52:87:83:fb:ef:01:f3:19:b6:
2c:ff:7b:37:5b:8d:cb:9d:f0:d4:52:7f:4f:f1:d5:
ae:1a:6f:42:4f:e8:13:ff:74:ea:2e:e0:02:dd:89:
17:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:74:86:0D:DB:48:33:4B:82:2D:13:6F:49:8F:C8:A5:C7:FA:04:A1
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/3XSGDdtIM0uCLRNvSY_Ipcf6BKE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
2001:67c:64:ffff:0:197:353f:be91/128
Signature Algorithm: sha256WithRSAEncryption
90:41:a9:28:a8:b4:2d:12:5a:00:68:1c:fa:ad:7d:df:67:6b:
f3:51:5f:f6:03:ec:7b:2d:cc:6b:e8:6b:3a:d1:f5:47:99:02:
42:1d:74:38:c9:02:0b:1f:71:a5:ee:9f:65:5f:c6:e2:3c:84:
97:92:76:41:1b:35:84:7d:95:93:9e:bc:a7:dd:53:16:d4:a6:
51:bd:15:c2:94:9b:73:85:ac:49:70:a2:8f:18:e9:f4:d1:60:
ee:cf:8e:45:54:c0:12:f7:65:fa:37:79:1b:eb:85:57:b9:77:
9b:c1:30:ed:8d:cd:8f:78:ec:16:cb:d1:98:ef:39:00:b9:ce:
b7:67:08:8e:8a:1d:1f:d5:20:e0:93:10:fe:7c:3f:1e:1e:cf:
f5:38:16:f8:4a:4e:58:0a:17:8c:be:c3:4d:31:37:5d:ee:be:
8a:de:80:91:58:97:3a:a0:5e:df:c8:d6:ea:3d:f1:8e:83:0b:
28:4a:8d:e4:80:59:59:15:d5:22:42:f3:4b:39:f3:92:55:24:
fd:89:db:f2:fa:f4:96:0f:e6:51:3e:3a:d3:14:b4:8a:2b:b4:
4c:0a:3c:40:97:70:1d:eb:62:4b:e1:35:a1:5e:10:17:fd:a8:
ba:fb:c3:89:78:7d:47:05:7b:a3:7d:b9:1a:3b:16:c8:34:1c:
33:93:6b:68
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZc9OkK7b9UIn5Exj9g0AhQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjA0MjMxNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDc0ODYwZGRiNDgzMzRiODIyZDEzNmY0OThmYzhhNWM3ZmEwNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dJHjHTJbNdhoxNQOBfysu+xaKWY
p93MfQHvDxkGh3qTIw96V2YZAmruDH37PxO9tACmWk/JyNqYmUfpWKKaHrc3Jun7
myuZBIeSgbfPrkH4cMRGiq4RyPbduY1Zqvvqo0853ihEAczMp2aN6d85wwup6FeM
6b1wgj5TV1ojnDhhv2K04SGs/z9Kgpj/FgG8n6551cWJPmHxbW7iFtxRQzXPqk2F
wxj4cuJNW7VdG9RHzUwLFHwcv4EQf6R5RPfJTuEEhdzQmAn6/ESEbSz4EwUYh9aQ
nKNSh4P77wHzGbYs/3s3W43LnfDUUn9P8dWuGm9CT+gT/3TqLuAC3YkXVQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFN10hg3bSDNLgi0Tb0mPyKXH+gShMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvM1hTR0RkdElNMHVDTFJOdlNZX0lwY2Y2QktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAAjBMAxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
AxEAIAEGfABk//8AAAGXNT++kTANBgkqhkiG9w0BAQsFAAOCAQEAkEGpKKi0LRJa
AGgc+q1932dr81Ff9gPsey3Ma+hrOtH1R5kCQh10OMkCCx9xpe6fZV/G4jyEl5J2
QRs1hH2Vk568p91TFtSmUb0VwpSbc4WsSXCijxjp9NFg7s+ORVTAEvdl+jd5G+uF
V7l3m8Ew7Y3Nj3jsFsvRmO85ALnOt2cIjoodH9Ug4JMQ/nw/Hh7P9TgW+EpOWAoX
jL7DTTE3Xe6+it6AkViXOqBe38jW6j3xjoMLKEqN5IBZWRXVIkLzSznzklUk/Ynb
8vr0lg/mUT460xS0iiu0TAo8QJdwHetiS+E1oV4QF/2ouvvDiXh9RwV7o325GjsW
yDQcM5NraA==
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:45:57 2025 by rpki-client