Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/3DRnLleYgmOxzLFKLqx0UvPANU8.roa
File: 3DRnLleYgmOxzLFKLqx0UvPANU8.roa (raw, json)
Hash identifier: D3YwevkAS8QwWY5TwycbG2uikKTnGbyw94j9DdcDxQs=
Subject key identifier: DC:34:67:2E:57:98:82:63:B1:CC:B1:4A:2E:AC:74:52:F3:C0:35:4F
Certificate issuer: /CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
Certificate serial: 019D3950CC30726D7A5EDDC70361413B7F8D
Authority key identifier: 4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/3DRnLleYgmOxzLFKLqx0UvPANU8.roa
Signing time: Sun 29 Mar 2026 11:18:09 +0000
ROA not before: Sun 29 Mar 2026 11:18:09 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 2001:67c:64:ffff:0:19c:1eac:7d76/128 maxlen: 128
2001:67c:64:ffff:0:19c:2f30:cc98/128 maxlen: 128
2001:67c:64:ffff:0:19c:4770:2527/128 maxlen: 128
2001:67c:64:ffff:0:19c:5298:96f7/128 maxlen: 128
2001:67c:64:ffff:0:19d:aea:d31a/128 maxlen: 128
Validation: Failed, certificate revoked on Sun 29 Mar 2026 12:05:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9d:39:50:cc:30:72:6d:7a:5e:dd:c7:03:61:41:3b:7f:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e13d0c0a703e09cda64c12b08dda2b749a0429c
Validity
Not Before: Mar 29 11:18:09 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=dc34672e57988263b1ccb14a2eac7452f3c0354f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:a1:32:4f:6e:e5:d6:58:39:0b:c9:3b:25:02:
b9:74:cc:39:4a:47:7b:95:c1:3a:31:75:a0:fc:58:
91:dd:04:41:02:f3:d3:63:57:de:c9:27:f1:b3:45:
19:a5:61:f0:31:e3:60:06:72:e8:e9:77:e9:d7:d4:
f5:44:22:ad:ad:f1:b0:df:5a:10:45:c0:9f:8b:20:
0a:fe:fc:ed:57:ea:b6:fe:c3:d6:9c:c8:b2:c4:a1:
ac:6b:c5:14:bb:bc:69:01:8a:10:d0:39:e0:7b:00:
4d:92:e2:65:b9:b1:58:d9:02:69:09:c1:df:99:12:
f0:a5:f2:4a:d0:dd:2d:36:3c:53:c3:00:29:7b:86:
68:04:ea:c4:bf:e4:04:2f:b8:89:43:a2:7b:d6:62:
d7:bc:f1:ac:01:ae:cb:f3:87:43:6d:da:ca:2b:82:
d3:05:5b:c5:a7:53:88:cd:fc:24:29:b5:19:d6:36:
13:96:52:3b:cd:20:48:b3:00:f5:d1:39:0e:96:73:
d0:e7:66:b3:d9:a4:c7:85:47:26:ee:ac:58:92:ef:
30:1f:9f:da:e0:91:60:0d:e9:47:b0:93:d2:1b:80:
5f:06:4b:64:92:c8:1e:01:a7:b7:bf:eb:9c:cb:c9:
f5:da:1d:f4:f6:9a:31:6e:e5:ca:4b:39:e5:4e:b5:
2e:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:34:67:2E:57:98:82:63:B1:CC:B1:4A:2E:AC:74:52:F3:C0:35:4F
X509v3 Authority Key Identifier:
keyid:4E:13:D0:C0:A7:03:E0:9C:DA:64:C1:2B:08:DD:A2:B7:49:A0:42:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ThPQwKcD4JzaZMErCN2it0mgQpw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/3DRnLleYgmOxzLFKLqx0UvPANU8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/ae049a-078b-42ed-a28f-6aa443528ce5/1/ThPQwKcD4JzaZMErCN2it0mgQpw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:64:ffff:0:19c:1eac:7d76/128
2001:67c:64:ffff:0:19c:2f30:cc98/128
2001:67c:64:ffff:0:19c:4770:2527/128
2001:67c:64:ffff:0:19c:5298:96f7/128
2001:67c:64:ffff:0:19d:aea:d31a/128
Signature Algorithm: sha256WithRSAEncryption
57:f1:e6:81:a3:30:33:dc:da:44:19:50:bb:51:9b:6d:6d:61:
ca:a3:2b:7b:76:3a:91:aa:b9:cb:05:bd:d9:da:80:d9:94:0c:
f5:31:b4:02:5a:80:2e:cf:2e:55:c9:c9:5f:5f:16:18:b9:f9:
93:e5:f6:70:cb:bc:41:3b:d3:03:c7:66:04:4a:73:0c:5b:cb:
e2:ad:76:42:7f:70:15:47:28:7a:63:49:f9:ee:06:82:2d:7e:
c4:9a:0a:42:44:27:5f:f9:a7:98:f0:1c:50:06:d6:28:a0:f0:
ac:e6:80:b6:09:55:f4:18:75:0d:32:ac:34:b6:fc:9d:c0:c4:
5b:57:37:f1:11:b3:a8:83:21:f0:92:88:6c:55:50:4a:6f:3d:
9e:22:05:fc:da:7a:b9:40:96:f0:ed:d1:6d:37:a4:36:9f:9c:
77:6b:96:c9:30:30:ce:14:4a:7f:7a:ee:1d:25:e0:f2:44:8c:
8c:e1:57:9f:c6:fc:21:87:fa:c0:fe:94:fe:3f:0e:1c:d1:1f:
84:50:67:de:94:d7:12:44:d7:e6:92:ee:ad:54:e8:83:0c:ff:
80:ac:05:bf:84:e7:66:74:89:0d:f7:6e:01:b6:90:6a:c0:20:
9a:d3:4d:78:21:2b:92:cb:06:09:47:48:76:d7:b0:61:d7:4c:
17:66:c7:e4
-----BEGIN CERTIFICATE-----
MIIFVjCCBD6gAwIBAgISAZ05UMwwcm16Xt3HA2FBO3+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMTNkMGMwYTcwM2UwOWNkYTY0YzEyYjA4ZGRhMmI3NDlh
MDQyOWMwHhcNMjYwMzI5MTExODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzM0NjcyZTU3OTg4MjYzYjFjY2IxNGEyZWFjNzQ1MmYzYzAzNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKEyT27l1lg5C8k7JQK5dMw5Skd7
lcE6MXWg/FiR3QRBAvPTY1feySfxs0UZpWHwMeNgBnLo6Xfp19T1RCKtrfGw31oQ
RcCfiyAK/vztV+q2/sPWnMiyxKGsa8UUu7xpAYoQ0DngewBNkuJlubFY2QJpCcHf
mRLwpfJK0N0tNjxTwwApe4ZoBOrEv+QEL7iJQ6J71mLXvPGsAa7L84dDbdrKK4LT
BVvFp1OIzfwkKbUZ1jYTllI7zSBIswD10TkOlnPQ52az2aTHhUcm7qxYku8wH5/a
4JFgDelHsJPSG4BfBktkksgeAae3v+ucy8n12h309poxbuXKSznlTrUuqQIDAQAB
o4ICYjCCAl4wHQYDVR0OBBYEFNw0Zy5XmIJjscyxSi6sdFLzwDVPMB8GA1UdIwQY
MBaAFE4T0MCnA+Cc2mTBKwjdordJoEKcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYt
NmFhNDQzNTI4Y2U1LzEvM0RSbkxsZVlnbU94ekxGS0xxeDBVdlBBTlU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hZTA0OWEtMDc4Yi00MmVkLWEyOGYtNmFhNDQzNTI4Y2U1
LzEvVGhQUXdLY0Q0SnphWk1FckNOMml0MG1nUXB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHgGCCsGAQUFBwEHAQH/BGkwZzBlBAIAAjBfAxEAIAEGfABk
//8AAAGcHqx9dgMRACABBnwAZP//AAABnC8wzJgDEQAgAQZ8AGT//wAAAZxHcCUn
AxEAIAEGfABk//8AAAGcUpiW9wMRACABBnwAZP//AAABnQrq0xowDQYJKoZIhvcN
AQELBQADggEBAFfx5oGjMDPc2kQZULtRm21tYcqjK3t2OpGqucsFvdnagNmUDPUx
tAJagC7PLlXJyV9fFhi5+ZPl9nDLvEE70wPHZgRKcwxby+KtdkJ/cBVHKHpjSfnu
BoItfsSaCkJEJ1/5p5jwHFAG1iig8KzmgLYJVfQYdQ0yrDS2/J3AxFtXN/ERs6iD
IfCSiGxVUEpvPZ4iBfzaerlAlvDt0W03pDafnHdrlskwMM4USn967h0l4PJEjIzh
V5/G/CGH+sD+lP4/DhzRH4RQZ96U1xJE1+aS7q1U6IMM/4CsBb+E52Z0iQ33bgG2
kGrAIJrTTXghK5LLBglHSHbXsGHXTBdmx+Q=
-----END CERTIFICATE-----
Generated at Sun Mar 29 15:28:35 2026 by rpki-client