Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/bSqrMK9tKwEfUMQgtYfG17flinQ.roa
File: bSqrMK9tKwEfUMQgtYfG17flinQ.roa (raw, json)
Hash identifier: aLlXYrBYT3EexXF4mUCwgXynzmBYI7iAizaV81J7TPQ=
Subject key identifier: 6D:2A:AB:30:AF:6D:2B:01:1F:50:C4:20:B5:87:C6:D7:B7:E5:8A:74
Certificate issuer: /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial: 019706B10A15D9BC0870FF1E767D4631CDD2
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/bSqrMK9tKwEfUMQgtYfG17flinQ.roa
Signing time: Sun 25 May 2025 09:05:54 +0000
ROA not before: Sun 25 May 2025 09:05:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 91.108.225.0/24 maxlen: 24
91.108.237.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 27 May 2025 13:45:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:06:b1:0a:15:d9:bc:08:70:ff:1e:76:7d:46:31:cd:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Validity
Not Before: May 25 09:05:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d2aab30af6d2b011f50c420b587c6d7b7e58a74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:a5:25:0f:91:72:7f:86:ee:64:fe:58:58:2f:
22:b7:4b:58:19:e4:fa:e4:68:67:4d:58:5a:cc:41:
76:34:12:54:87:b1:fa:73:48:5d:d4:68:a5:aa:42:
1b:63:5a:9f:a2:1d:0c:c7:32:0f:f0:4b:d1:8f:5f:
c6:02:f6:87:e7:fd:81:40:b1:94:86:b8:3e:cf:e7:
55:2f:bb:bd:10:6c:a8:6a:7f:39:23:d4:7c:6c:a2:
d4:61:6c:1c:a4:78:78:22:6d:cd:66:7d:94:82:67:
1c:af:e9:d7:f8:fc:e2:33:57:1b:f3:c9:30:c9:13:
7b:de:11:ce:48:f9:4f:7c:ed:4e:74:21:84:1f:8a:
54:94:a8:ed:75:91:fc:cd:8b:f2:09:83:92:7c:1a:
41:ca:14:3c:9d:63:0c:10:ac:ce:11:1c:be:c6:fd:
64:75:23:4c:ce:76:b7:9d:1c:52:df:5c:13:6f:5a:
6d:c4:bf:fa:10:53:98:3d:5b:90:5d:d3:df:31:42:
7e:9c:4a:d3:8f:87:e7:a7:78:f8:ff:df:04:22:73:
bc:4f:1a:63:e4:c8:e1:d7:d0:8f:12:7e:f2:e5:8d:
90:2f:68:66:41:be:93:34:83:f1:ca:a4:32:35:32:
87:2e:0f:a9:4c:e0:53:4c:c7:d3:0b:cd:e1:2d:54:
77:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:2A:AB:30:AF:6D:2B:01:1F:50:C4:20:B5:87:C6:D7:B7:E5:8A:74
X509v3 Authority Key Identifier:
keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/bSqrMK9tKwEfUMQgtYfG17flinQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.225.0/24
91.108.237.0/24
Signature Algorithm: sha256WithRSAEncryption
46:95:80:22:10:ae:1a:db:34:ad:2b:fb:9a:c8:69:b5:8e:86:
5b:77:83:42:b1:0e:18:a1:0c:15:e6:2e:37:68:2e:e0:2f:e3:
a3:77:5a:14:bd:12:5c:50:d2:cb:63:6e:9f:fa:d4:7e:d5:9e:
df:dd:3f:8f:7f:10:4c:56:4f:de:b8:a8:99:e1:71:44:88:4f:
96:27:c2:8e:ef:24:01:c8:74:cb:5f:67:0f:a3:53:89:76:85:
48:d0:e9:5b:70:6a:0a:d5:da:12:8b:02:80:f7:44:fd:5d:94:
b3:89:ae:0a:5b:c5:7b:97:6f:ba:ac:c6:0c:44:5c:71:f6:c7:
60:ae:f7:35:aa:9c:a6:30:a4:a6:0e:f7:65:94:d7:de:bf:c4:
a4:a2:0e:b0:73:82:6f:24:56:33:23:52:c6:55:3e:81:06:9d:
c0:56:de:aa:21:e6:d0:2f:c9:7f:6f:d8:ea:35:2e:a7:b9:b1:
44:0e:8e:af:d1:67:e1:3e:56:08:34:8a:d7:e9:57:ac:7c:c3:
aa:4e:a0:42:14:59:22:82:fa:48:d0:88:7c:48:39:94:5d:b5:
df:e8:b5:f1:68:77:6f:3c:eb:db:c9:bd:49:b1:da:3e:8b:de:
ad:c6:7b:10:72:7c:3c:8f:b7:98:a8:47:d4:a6:6e:e5:d8:fa:
ed:d4:b0:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcGsQoV2bwIcP8edn1GMc3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwNTI1MDkwNTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDJhYWIzMGFmNmQyYjAxMWY1MGM0MjBiNTg3YzZkN2I3ZTU4YTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6UlD5Fyf4buZP5YWC8it0tYGeT6
5GhnTVhazEF2NBJUh7H6c0hd1GilqkIbY1qfoh0MxzIP8EvRj1/GAvaH5/2BQLGU
hrg+z+dVL7u9EGyoan85I9R8bKLUYWwcpHh4Im3NZn2Ugmccr+nX+PziM1cb88kw
yRN73hHOSPlPfO1OdCGEH4pUlKjtdZH8zYvyCYOSfBpByhQ8nWMMEKzOERy+xv1k
dSNMzna3nRxS31wTb1ptxL/6EFOYPVuQXdPfMUJ+nErTj4fnp3j4/98EInO8Txpj
5Mjh19CPEn7y5Y2QL2hmQb6TNIPxyqQyNTKHLg+pTOBTTMfTC83hLVR3uwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG0qqzCvbSsBH1DEILWHxte35Yp0MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvYlNxck1LOXRLd0VmVU1RZ3RZZkcxN2ZsaW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW2zhAwQA
W2ztMA0GCSqGSIb3DQEBCwUAA4IBAQBGlYAiEK4a2zStK/uayGm1joZbd4NCsQ4Y
oQwV5i43aC7gL+Ojd1oUvRJcUNLLY26f+tR+1Z7f3T+PfxBMVk/euKiZ4XFEiE+W
J8KO7yQByHTLX2cPo1OJdoVI0OlbcGoK1doSiwKA90T9XZSzia4KW8V7l2+6rMYM
RFxx9sdgrvc1qpymMKSmDvdllNfev8Skog6wc4JvJFYzI1LGVT6BBp3AVt6qIebQ
L8l/b9jqNS6nubFEDo6v0WfhPlYINIrX6VesfMOqTqBCFFkigvpI0Ih8SDmUXbXf
6LXxaHdvPOvbyb1Jsdo+i96txnsQcnw8j7eYqEfUpm7l2Prt1LBM
-----END CERTIFICATE-----
Generated at Mon Jun 9 11:56:04 2025 by rpki-client