Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e32312e302f32342d3234203d3e20383334.roa
File: 3134332e32302e32312e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier: HlvIfZ47Zf+IUaKYDp5v66/CaClEIT1gYh5BFLv4jrQ=
Subject key identifier: 93:8C:7F:14:ED:FF:31:03:8F:26:EB:E2:1B:36:FC:4C:31:57:D3:6C
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 4B9AA60AAA5122F0FBAF4BB74E6654A0C7CED689
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e32312e302f32342d3234203d3e20383334.roa
Signing time: Tue 03 Jun 2025 23:41:49 +0000
ROA not before: Tue 03 Jun 2025 23:36:49 +0000
ROA not after: Tue 02 Jun 2026 23:41:49 +0000
asID: 834
IP address blocks: 143.20.21.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 05 Jun 2025 17:39:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:9a:a6:0a:aa:51:22:f0:fb:af:4b:b7:4e:66:54:a0:c7:ce:d6:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 3 23:36:49 2025 GMT
Not After : Jun 2 23:41:49 2026 GMT
Subject: CN=938C7F14EDFF31038F26EBE21B36FC4C3157D36C
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:45:88:6a:e4:59:a7:05:48:ee:e3:cd:4a:dd:
eb:74:1d:ec:50:d0:55:02:72:8c:78:0d:0e:d2:a4:
82:f5:68:b9:7b:ef:11:f4:eb:aa:9a:35:2e:e6:be:
3e:63:4c:9f:21:ba:e9:a2:2c:a6:14:f5:23:a3:26:
50:95:99:ca:f0:a9:5d:58:19:de:40:39:d6:54:e1:
db:aa:d7:ac:8d:ca:1a:4e:4a:c3:69:72:a7:c1:e3:
10:e1:15:52:2c:2a:19:47:fa:62:b4:9f:a2:51:dc:
21:31:b0:00:2c:e0:94:f9:58:b4:b7:de:17:65:c2:
2f:20:8e:a7:32:b1:75:8c:4a:cb:7e:bf:a9:40:b4:
3e:29:67:9b:b9:a7:8a:a9:3b:71:15:f2:28:8a:89:
9a:c2:aa:ce:ec:53:f9:d6:d3:51:de:05:a9:21:5b:
1d:81:74:db:ee:c2:70:04:a3:bd:d9:51:a3:af:79:
32:c2:13:57:16:15:76:da:70:72:39:d0:94:6c:b2:
67:99:87:8a:c6:b8:ac:80:da:45:98:f9:c6:2a:a0:
1b:a2:87:72:a0:2a:7d:47:c1:bd:b6:68:db:e4:c2:
02:30:2a:89:7e:09:13:7a:a8:c6:be:22:f0:e3:03:
92:98:ea:fa:54:30:3d:03:e6:ca:8b:b8:35:8a:42:
b7:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:8C:7F:14:ED:FF:31:03:8F:26:EB:E2:1B:36:FC:4C:31:57:D3:6C
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e32312e302f32342d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.21.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:7c:78:73:b1:3c:29:2c:ee:2e:c1:02:7d:61:0f:7c:28:0d:
05:29:0f:14:77:6d:a2:07:3b:2f:6b:5a:10:80:8a:3a:65:33:
bc:ba:da:10:3c:63:78:c2:bd:4e:b5:3a:af:b8:de:7a:b1:d3:
f8:6b:6d:33:ab:8a:42:5c:2f:9c:48:06:29:ba:9c:22:6d:cb:
7c:50:e4:1d:39:61:06:a9:7b:b8:f9:63:eb:6b:33:08:d6:5d:
a4:0d:c1:3c:24:4e:18:20:41:87:61:ad:9a:3f:35:37:f6:59:
0e:37:89:0a:f7:64:4c:34:2b:cf:b3:9f:a2:15:aa:dd:9f:83:
86:ba:e8:7e:1a:5f:fe:b5:a3:0d:23:e6:c4:a7:66:a0:b4:ac:
e5:88:03:c2:80:da:98:01:9c:cf:b9:22:1b:97:f0:a3:30:5f:
89:82:6f:8b:e6:6a:65:5a:a6:ba:99:45:cc:aa:69:60:7d:2f:
58:dd:b4:84:c3:b3:91:8b:4d:2b:f1:3e:a7:fd:93:0a:ef:2a:
a8:bb:3b:4c:08:58:5c:df:72:c3:62:27:09:49:76:85:1c:fd:
2f:8d:51:ec:aa:86:95:ad:05:95:ab:80:c4:4a:fd:cd:21:0f:
c6:39:e5:2c:d4:b6:bd:7d:fb:e3:22:58:ce:b7:e8:69:74:00:
10:58:6b:32
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUS5qmCqpRIvD7r0u3TmZUoMfO1okwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDMyMzM2NDlaFw0yNjA2MDIyMzQxNDlaMDMxMTAvBgNV
BAMTKDkzOEM3RjE0RURGRjMxMDM4RjI2RUJFMjFCMzZGQzRDMzE1N0QzNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjRYhq5FmnBUju481K3et0HexQ
0FUCcox4DQ7SpIL1aLl77xH066qaNS7mvj5jTJ8huumiLKYU9SOjJlCVmcrwqV1Y
Gd5AOdZU4duq16yNyhpOSsNpcqfB4xDhFVIsKhlH+mK0n6JR3CExsAAs4JT5WLS3
3hdlwi8gjqcysXWMSst+v6lAtD4pZ5u5p4qpO3EV8iiKiZrCqs7sU/nW01HeBakh
Wx2BdNvuwnAEo73ZUaOveTLCE1cWFXbacHI50JRssmeZh4rGuKyA2kWY+cYqoBui
h3KgKn1Hwb22aNvkwgIwKol+CRN6qMa+IvDjA5KY6vpUMD0D5sqLuDWKQrfLAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUk4x/FO3/MQOPJuviGzb8TDFX02wwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMx
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQVMA0G
CSqGSIb3DQEBCwUAA4IBAQA9fHhzsTwpLO4uwQJ9YQ98KA0FKQ8Ud22iBzsva1oQ
gIo6ZTO8utoQPGN4wr1OtTqvuN56sdP4a20zq4pCXC+cSAYpupwibct8UOQdOWEG
qXu4+WPrazMI1l2kDcE8JE4YIEGHYa2aPzU39lkON4kK92RMNCvPs5+iFardn4OG
uuh+Gl/+taMNI+bEp2agtKzliAPCgNqYAZzPuSIbl/CjMF+Jgm+L5mplWqa6mUXM
qmlgfS9Y3bSEw7ORi00r8T6n/ZMK7yqouztMCFhc33LDYicJSXaFHP0vjVHsqoaV
rQWVq4DESv3NIQ/GOeUs1La9ffvjIljOt+hpdAAQWGsy
-----END CERTIFICATE-----
Generated at Fri Jun 6 23:29:02 2025 by rpki-client