Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Kzb4cNb2wkAZ6SPJaSFWda-gPu0.roa
File: Kzb4cNb2wkAZ6SPJaSFWda-gPu0.roa (raw, json)
Hash identifier: LgiQeWuycu3dx5/C6yPkSASUFUAPeBdhLhEK9BEuV6w=
Subject key identifier: 2B:36:F8:70:D6:F6:C2:40:19:E9:23:C9:69:21:56:75:AF:A0:3E:ED
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 0196FDF0BD5B07DA711D9A07110EF65A4C19
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Kzb4cNb2wkAZ6SPJaSFWda-gPu0.roa
Signing time: Fri 23 May 2025 16:18:54 +0000
ROA not before: Fri 23 May 2025 16:18:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 14.102.226.0/23 maxlen: 24
45.151.142.0/24 maxlen: 24
77.111.96.0/22 maxlen: 22
77.111.102.0/23 maxlen: 24
94.229.212.0/24 maxlen: 24
94.229.220.0/24 maxlen: 24
94.229.222.0/24 maxlen: 24
94.229.223.0/24 maxlen: 24
194.36.34.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 26 May 2025 18:43:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:fd:f0:bd:5b:07:da:71:1d:9a:07:11:0e:f6:5a:4c:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: May 23 16:18:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b36f870d6f6c24019e923c969215675afa03eed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:b1:31:01:ca:9c:fe:c0:a7:76:2c:90:df:89:
d6:d0:dd:aa:97:b6:9f:4f:f7:71:93:9e:2f:bc:da:
d9:74:c3:d5:2c:1b:38:81:b4:34:b2:4c:c8:26:42:
52:15:40:91:8f:ae:1f:a4:89:04:51:ab:49:40:d8:
a8:d0:2e:12:68:42:a3:56:a4:bf:e6:8a:18:47:7c:
6e:37:17:2d:70:50:fb:70:98:b7:7d:ae:c9:99:d5:
6c:cb:58:f1:45:a5:b8:28:f5:e3:e9:1c:6b:bc:7d:
97:4f:62:b0:18:f6:52:4a:31:86:d3:3d:21:5a:56:
fb:1c:f8:4a:04:b0:26:56:1f:0d:87:70:ff:d2:2f:
f2:7d:8d:13:66:75:01:6c:3c:53:2c:b4:b5:20:bb:
6b:4c:dd:49:4c:cc:0c:ae:36:99:a0:8d:33:79:b6:
a5:2d:5e:93:00:60:06:fa:2a:9c:5d:cc:cf:2b:7e:
cc:69:bb:24:8d:48:14:e9:1e:af:e3:4d:30:e9:5a:
67:f8:db:75:1a:94:b4:72:b2:55:91:3f:18:be:e8:
7d:30:99:23:c2:28:8b:1f:9a:bc:0d:68:3a:62:35:
46:5a:b6:79:4f:8f:0e:91:e9:73:8d:44:e6:cb:84:
3a:90:08:fe:5b:4c:c1:91:f3:d5:6d:dd:25:b5:60:
af:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:36:F8:70:D6:F6:C2:40:19:E9:23:C9:69:21:56:75:AF:A0:3E:ED
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Kzb4cNb2wkAZ6SPJaSFWda-gPu0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.226.0/23
45.151.142.0/24
77.111.96.0/22
77.111.102.0/23
94.229.212.0/24
94.229.220.0/24
94.229.222.0/23
194.36.34.0/24
Signature Algorithm: sha256WithRSAEncryption
62:06:b1:4d:79:9f:e5:00:22:3d:93:1c:64:09:2b:26:bf:9d:
48:cc:df:a5:71:e8:0a:45:e0:bf:10:e2:40:41:93:b6:5c:65:
0c:6a:9a:f7:0b:4f:e3:2e:dd:b4:5e:36:4a:da:33:9f:31:0f:
97:75:8b:52:8d:dc:a9:59:ad:97:72:1a:bb:2e:74:c3:41:33:
bc:bb:a0:5d:40:fb:bd:c1:ba:69:4c:3c:01:69:eb:1f:af:80:
c8:e8:4a:1c:82:b7:7b:c4:b3:e1:42:13:cc:38:ba:ba:bc:c6:
12:9f:9c:b0:ce:0b:5f:68:cb:3b:c4:f2:0e:9c:bc:01:7d:4c:
51:26:60:32:1b:99:b1:18:07:d7:c9:fc:2d:96:f1:93:4f:32:
1d:71:e6:6e:3e:4d:73:fa:79:0a:7a:25:e6:81:5c:e0:cd:70:
59:0a:5b:f2:14:06:20:d1:66:51:b8:da:07:47:b1:8b:36:0c:
38:49:46:7f:b2:fe:b1:af:6d:a3:03:ed:e7:1d:a6:f9:0c:a0:
74:47:54:52:e4:8f:34:ac:9c:25:99:e1:d8:71:db:ec:cf:4a:
80:3f:91:8c:16:bc:47:40:f1:18:d9:e8:19:17:71:61:37:e1:
1d:cc:c7:84:d8:93:6f:07:06:5b:86:0e:ac:cd:b0:96:87:5e:
a2:76:23:23
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZb98L1bB9pxHZoHEQ72WkwZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNTIzMTYxODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjM2Zjg3MGQ2ZjZjMjQwMTllOTIzYzk2OTIxNTY3NWFmYTAzZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbExAcqc/sCndiyQ34nW0N2ql7af
T/dxk54vvNrZdMPVLBs4gbQ0skzIJkJSFUCRj64fpIkEUatJQNio0C4SaEKjVqS/
5ooYR3xuNxctcFD7cJi3fa7JmdVsy1jxRaW4KPXj6RxrvH2XT2KwGPZSSjGG0z0h
Wlb7HPhKBLAmVh8Nh3D/0i/yfY0TZnUBbDxTLLS1ILtrTN1JTMwMrjaZoI0zebal
LV6TAGAG+iqcXczPK37MabskjUgU6R6v400w6Vpn+Nt1GpS0crJVkT8Yvuh9MJkj
wiiLH5q8DWg6YjVGWrZ5T48OkelzjUTmy4Q6kAj+W0zBkfPVbd0ltWCvBQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCs2+HDW9sJAGekjyWkhVnWvoD7tMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvS3piNGNOYjJ3a0FaNlNQSmFTRldkYS1nUHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBDmbiAwQA
LZeOAwQCTW9gAwQBTW9mAwQAXuXUAwQAXuXcAwQBXuXeAwQAwiQiMA0GCSqGSIb3
DQEBCwUAA4IBAQBiBrFNeZ/lACI9kxxkCSsmv51IzN+lcegKReC/EOJAQZO2XGUM
apr3C0/jLt20XjZK2jOfMQ+XdYtSjdypWa2Xchq7LnTDQTO8u6BdQPu9wbppTDwB
aesfr4DI6Eocgrd7xLPhQhPMOLq6vMYSn5ywzgtfaMs7xPIOnLwBfUxRJmAyG5mx
GAfXyfwtlvGTTzIdceZuPk1z+nkKeiXmgVzgzXBZClvyFAYg0WZRuNoHR7GLNgw4
SUZ/sv6xr22jA+3nHab5DKB0R1RS5I80rJwlmeHYcdvsz0qAP5GMFrxHQPEY2egZ
F3FhN+EdzMeE2JNvBwZbhg6szbCWh16idiMj
-----END CERTIFICATE-----
Generated at Sat Jun 14 17:48:22 2025 by rpki-client