Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/GHPafIZ6Dq8HIa0iH4aMvrebvJ0.roa
File: GHPafIZ6Dq8HIa0iH4aMvrebvJ0.roa (raw, json)
Hash identifier: zhjEQ8LLFDYadKjepqgM/n90vP61ybWhRvME2YVhlMQ=
Subject key identifier: 18:73:DA:7C:86:7A:0E:AF:07:21:AD:22:1F:86:8C:BE:B7:9B:BC:9D
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 0197302314FED2A3CD077B244A5009E5FA8B
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/GHPafIZ6Dq8HIa0iH4aMvrebvJ0.roa
Signing time: Mon 02 Jun 2025 10:14:54 +0000
ROA not before: Mon 02 Jun 2025 10:14:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
Validation: Failed, certificate revoked on Mon 02 Jun 2025 11:04:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:30:23:14:fe:d2:a3:cd:07:7b:24:4a:50:09:e5:fa:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 2 10:14:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1873da7c867a0eaf0721ad221f868cbeb79bbc9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:d7:b8:d6:0a:c6:3f:85:44:86:b3:b4:94:ac:
3d:f5:1d:a3:97:c6:31:fa:35:b8:f0:6f:9b:5e:3e:
8e:fb:13:fe:a8:b5:3a:3b:1a:cf:00:f1:94:00:1c:
3c:e0:cd:a0:d2:ea:5f:00:67:d0:30:e6:02:e6:8d:
30:6b:ee:61:5a:c9:a9:1f:e4:f0:b8:d0:08:21:f8:
1e:6a:a0:4b:71:d4:08:b5:66:11:9f:86:1f:98:4c:
e5:04:80:a5:6c:6d:aa:64:7f:4d:b1:a6:1b:13:e5:
d9:79:cf:7c:16:aa:1a:f4:52:b2:a4:12:5d:e7:2b:
a8:b4:b7:2a:de:a7:a2:1d:0b:64:51:f6:2a:42:ef:
97:60:b7:92:40:8f:ba:c3:c1:4c:ef:48:20:3e:2b:
94:a2:fa:0a:6a:85:f0:5e:db:44:45:20:95:cb:d1:
f0:ba:da:9f:d2:8b:6d:0c:5c:c4:c2:6b:01:c4:f6:
52:be:67:38:bd:a0:54:fa:6d:a6:75:ed:8d:07:8e:
1d:32:8c:0c:3a:b8:e1:3f:e6:12:2b:35:6a:e3:b4:
e8:eb:54:b6:f8:90:71:a9:29:c2:55:c4:71:e3:5c:
e9:03:94:c8:90:f9:1a:8e:bf:bf:c4:00:eb:53:cd:
c0:8a:13:a3:86:8f:eb:fd:d0:32:26:e7:55:a0:a9:
d5:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:73:DA:7C:86:7A:0E:AF:07:21:AD:22:1F:86:8C:BE:B7:9B:BC:9D
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/GHPafIZ6Dq8HIa0iH4aMvrebvJ0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
Signature Algorithm: sha256WithRSAEncryption
8f:7a:53:8e:45:f3:cf:41:c0:23:46:4d:ea:d0:42:1d:1f:27:
10:dd:ca:8d:cd:95:47:cd:0a:b1:c3:54:e3:9c:80:6c:7e:62:
dd:75:45:1d:5a:1a:4b:96:b3:31:7b:ef:a0:30:90:d7:3f:72:
55:28:7e:02:75:74:a5:41:31:12:96:dc:66:f1:e4:0f:a2:7d:
91:9c:65:06:7b:f3:a0:ce:dd:25:a9:2c:73:a7:43:d5:6a:03:
59:fe:94:fe:be:7d:4c:e0:01:19:8f:ae:f2:b8:d5:db:fd:41:
04:5a:4c:28:b8:de:63:f9:47:c0:b2:9a:95:c7:f2:b9:c9:de:
d2:d8:03:1c:35:1a:09:7e:5c:c3:7f:15:67:da:6e:0d:62:0b:
3a:03:a4:c5:04:00:12:63:e2:8b:22:9d:d4:88:ba:fe:22:14:
1f:2d:05:b0:b8:f4:3f:0b:98:9d:46:26:97:81:cb:82:4b:98:
b1:17:4d:49:cd:9a:21:61:a8:0f:6e:af:94:3b:94:5a:05:52:
86:94:21:00:f1:ef:9f:30:32:d7:2f:a3:6f:da:52:9a:01:eb:
2b:98:1c:cf:7b:cd:99:6f:20:1d:a9:cd:56:84:31:40:f1:8b:
bb:87:c6:fc:23:d0:37:d0:8a:79:8b:5e:e2:03:cf:82:1c:ca:
65:85:38:de
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZcwIxT+0qPNB3skSlAJ5fqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjAyMTAxNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODczZGE3Yzg2N2EwZWFmMDcyMWFkMjIxZjg2OGNiZWI3OWJiYzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNe41grGP4VEhrO0lKw99R2jl8Yx
+jW48G+bXj6O+xP+qLU6OxrPAPGUABw84M2g0upfAGfQMOYC5o0wa+5hWsmpH+Tw
uNAIIfgeaqBLcdQItWYRn4YfmEzlBIClbG2qZH9NsaYbE+XZec98Fqoa9FKypBJd
5yuotLcq3qeiHQtkUfYqQu+XYLeSQI+6w8FM70ggPiuUovoKaoXwXttERSCVy9Hw
utqf0ottDFzEwmsBxPZSvmc4vaBU+m2mde2NB44dMowMOrjhP+YSKzVq47To61S2
+JBxqSnCVcRx41zpA5TIkPkajr+/xADrU83AihOjho/r/dAyJudVoKnVbQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFBhz2nyGeg6vByGtIh+GjL63m7ydMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvR0hQYWZJWjZEcThISWEwaUg0YU12cmVidkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAAjA5AxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
MA0GCSqGSIb3DQEBCwUAA4IBAQCPelOORfPPQcAjRk3q0EIdHycQ3cqNzZVHzQqx
w1TjnIBsfmLddUUdWhpLlrMxe++gMJDXP3JVKH4CdXSlQTESltxm8eQPon2RnGUG
e/Ogzt0lqSxzp0PVagNZ/pT+vn1M4AEZj67yuNXb/UEEWkwouN5j+UfAspqVx/K5
yd7S2AMcNRoJflzDfxVn2m4NYgs6A6TFBAASY+KLIp3UiLr+IhQfLQWwuPQ/C5id
RiaXgcuCS5ixF01JzZohYagPbq+UO5RaBVKGlCEA8e+fMDLXL6Nv2lKaAesrmBzP
e82ZbyAdqc1WhDFA8Yu7h8b8I9A30Ip5i17iA8+CHMplhTje
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:55:27 2025 by rpki-client