Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/h_iCGn850_5HarN8zqO5vW5uyNY.roa
File: h_iCGn850_5HarN8zqO5vW5uyNY.roa (raw, json)
Hash identifier: JrkRQtuwskC3B+BH+ae1m0dumH+H1z5b4heeuVLRUUs=
Subject key identifier: 87:F8:82:1A:7F:39:D3:FE:47:6A:B3:7C:CE:A3:B9:BD:6E:6E:C8:D6
Certificate issuer: /CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Certificate serial: 019729445A1836D103B4B0EF0F8CB3FB0E4A
Authority key identifier: 7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/h_iCGn850_5HarN8zqO5vW5uyNY.roa
Signing time: Sun 01 Jun 2025 02:13:54 +0000
ROA not before: Sun 01 Jun 2025 02:13:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:196:ed5d:8c28/128 maxlen: 128
2001:67c:64:ffff:0:197:108e:927e/128 maxlen: 128
2001:67c:64:ffff:0:197:15eb:6226/128 maxlen: 128
Validation: Failed, certificate revoked on Sun 01 Jun 2025 03:04:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:29:44:5a:18:36:d1:03:b4:b0:ef:0f:8c:b3:fb:0e:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7acd817f25893e7f88b3f3affa9152c66d6b6702
Validity
Not Before: Jun 1 02:13:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=87f8821a7f39d3fe476ab37ccea3b9bd6e6ec8d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:30:04:13:11:92:cf:b0:18:7e:e2:0b:e0:ce:
ab:d0:62:a8:97:56:e5:74:42:ac:e6:e1:14:f3:64:
e5:f1:20:62:fa:f7:ed:63:19:8c:dc:fc:d9:67:b9:
4c:aa:2e:6a:d5:8b:30:c7:3d:58:0c:f7:f7:ad:fb:
c6:66:5e:b8:8a:54:39:34:9b:81:ba:18:29:7f:a5:
2e:7f:fc:50:53:82:a3:6f:1d:45:a1:b4:7f:11:9b:
f6:c7:fa:b8:35:3c:26:32:de:96:d8:52:a8:62:90:
8b:ed:1e:76:a4:65:e2:7d:40:12:4e:94:45:fd:e2:
60:0e:c2:5c:dd:c6:c0:f0:00:78:94:d1:39:c5:4d:
78:ab:f0:aa:b8:04:ef:c3:c9:ed:0a:43:75:c1:07:
9d:a4:a4:77:2a:7f:42:0c:ee:c3:7e:01:07:73:d4:
1e:b7:8c:53:c1:05:aa:ce:59:34:d5:84:6b:62:73:
7f:b9:91:fc:2c:1b:f2:ee:29:f1:b6:f9:2c:80:56:
a4:31:79:d0:75:13:9f:d9:98:35:73:95:c5:35:44:
b4:27:f6:cb:2b:3a:45:f4:d4:2f:fd:9d:61:73:ce:
fd:05:fb:d8:6b:ce:61:7b:d6:bd:ed:5a:94:f8:d4:
b9:e4:bc:1c:38:51:f4:ab:f4:6c:7f:e3:5d:61:ac:
20:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:F8:82:1A:7F:39:D3:FE:47:6A:B3:7C:CE:A3:B9:BD:6E:6E:C8:D6
X509v3 Authority Key Identifier:
keyid:7A:CD:81:7F:25:89:3E:7F:88:B3:F3:AF:FA:91:52:C6:6D:6B:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/es2BfyWJPn-Is_Ov-pFSxm1rZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/h_iCGn850_5HarN8zqO5vW5uyNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/c56a1e-326d-4c67-a0b2-90eb95109d89/1/es2BfyWJPn-Is_Ov-pFSxm1rZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:196:ed5d:8c28/128
2001:67c:64:ffff:0:197:108e:927e/128
2001:67c:64:ffff:0:197:15eb:6226/128
Signature Algorithm: sha256WithRSAEncryption
85:a5:0a:31:81:06:a6:f0:1c:bb:a6:31:0d:11:d6:8f:eb:88:
a2:f7:98:a4:38:15:24:4d:fc:26:51:8a:a7:6e:09:26:f7:0a:
44:7e:17:6d:95:c6:be:d3:f8:00:15:b0:f0:4a:af:5b:59:db:
b0:4e:52:04:60:ae:82:08:a9:e5:85:bb:d6:ad:46:92:05:05:
a1:b7:b6:21:c8:ee:6e:db:4f:40:28:35:a1:73:c0:c7:0a:a9:
1d:6c:c2:4f:e6:b7:4f:fb:7f:35:f5:4b:f3:b3:71:03:e5:80:
50:d8:a0:a5:6a:77:2c:79:81:96:4f:cc:a4:be:1f:c0:0b:c0:
d8:6d:dd:c4:07:3c:83:e7:aa:49:87:3f:dd:68:3e:ca:f2:4d:
86:b1:71:9f:68:01:63:95:82:80:90:68:81:4f:a5:f8:10:3f:
79:19:fc:cf:c9:8e:4c:d9:e0:3a:ef:d1:3d:e9:a0:07:16:b5:
cf:a9:65:64:ac:5f:bb:be:9c:7b:6f:2f:13:4f:07:c0:85:cd:
6c:de:8a:d4:ed:d1:e8:9e:ff:b5:d4:43:79:69:16:24:d5:f1:
41:a9:4d:55:ec:3f:ca:76:ea:bc:34:c9:22:c9:18:0c:89:45:
8f:0e:70:c1:d1:41:69:f3:00:ff:54:ea:72:b5:90:4c:b5:51:
62:18:b4:1c
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZcpRFoYNtEDtLDvD4yz+w5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhY2Q4MTdmMjU4OTNlN2Y4OGIzZjNhZmZhOTE1MmM2NmQ2
YjY3MDIwHhcNMjUwNjAxMDIxMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Y4ODIxYTdmMzlkM2ZlNDc2YWIzN2NjZWEzYjliZDZlNmVjOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DAEExGSz7AYfuIL4M6r0GKol1bl
dEKs5uEU82Tl8SBi+vftYxmM3PzZZ7lMqi5q1Yswxz1YDPf3rfvGZl64ilQ5NJuB
uhgpf6Uuf/xQU4Kjbx1FobR/EZv2x/q4NTwmMt6W2FKoYpCL7R52pGXifUASTpRF
/eJgDsJc3cbA8AB4lNE5xU14q/CquATvw8ntCkN1wQedpKR3Kn9CDO7DfgEHc9Qe
t4xTwQWqzlk01YRrYnN/uZH8LBvy7inxtvksgFakMXnQdROf2Zg1c5XFNUS0J/bL
KzpF9NQv/Z1hc879BfvYa85he9a97VqU+NS55LwcOFH0q/Rsf+NdYawgsQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFIf4ghp/OdP+R2qzfM6jub1ubsjWMB8GA1UdIwQY
MBaAFHrNgX8liT5/iLPzr/qRUsZta2cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjIt
OTBlYjk1MTA5ZDg5LzEvaF9pQ0duODUwXzVIYXJOOHpxTzV2VzV1eU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9jNTZhMWUtMzI2ZC00YzY3LWEwYjItOTBlYjk1MTA5ZDg5
LzEvZXMyQmZ5V0pQbi1Jc19Pdi1wRlN4bTFyWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAAjA5AxEAIAEGfABk
//8AAAGW7V2MKAMRACABBnwAZP//AAABlxCOkn4DEQAgAQZ8AGT//wAAAZcV62Im
MA0GCSqGSIb3DQEBCwUAA4IBAQCFpQoxgQam8By7pjENEdaP64ii95ikOBUkTfwm
UYqnbgkm9wpEfhdtlca+0/gAFbDwSq9bWduwTlIEYK6CCKnlhbvWrUaSBQWht7Yh
yO5u209AKDWhc8DHCqkdbMJP5rdP+3819Uvzs3ED5YBQ2KClancseYGWT8ykvh/A
C8DYbd3EBzyD56pJhz/daD7K8k2GsXGfaAFjlYKAkGiBT6X4ED95GfzPyY5M2eA6
79E96aAHFrXPqWVkrF+7vpx7by8TTwfAhc1s3orU7dHonv+11EN5aRYk1fFBqU1V
7D/Kduq8NMkiyRgMiUWPDnDB0UFp8wD/VOpytZBMtVFiGLQc
-----END CERTIFICATE-----
Generated at Sun Jun 8 07:45:15 2025 by rpki-client