Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e32322e302f32332d3234203d3e20383334.roa
File: 3134332e32302e32322e302f32332d3234203d3e20383334.roa (raw, json)
Hash identifier: unloBEGL+WQ1Lmk7qjn+828ZFAJ9841eAAMey+D2qCE=
Subject key identifier: A8:4C:46:D0:05:FA:58:7D:18:56:A0:DF:47:E6:9A:03:C9:35:FF:D0
Certificate issuer: /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial: 4A6E20EBF0FFA497233AC09F5C8E02996BCF572E
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e32322e302f32332d3234203d3e20383334.roa
Signing time: Tue 03 Jun 2025 23:41:49 +0000
ROA not before: Tue 03 Jun 2025 23:36:49 +0000
ROA not after: Tue 02 Jun 2026 23:41:49 +0000
asID: 834
IP address blocks: 143.20.22.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 05 Jun 2025 17:39:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:6e:20:eb:f0:ff:a4:97:23:3a:c0:9f:5c:8e:02:99:6b:cf:57:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Validity
Not Before: Jun 3 23:36:49 2025 GMT
Not After : Jun 2 23:41:49 2026 GMT
Subject: CN=A84C46D005FA587D1856A0DF47E69A03C935FFD0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:54:6e:3e:29:09:8b:3b:b7:a8:de:a4:8e:78:
10:26:e0:01:f1:97:c0:3f:70:d4:f1:6a:7a:76:c4:
1f:6e:ce:99:16:d6:b4:36:27:c9:41:b9:44:e9:30:
18:9d:47:ca:15:f3:1a:6f:88:ad:bf:d9:d7:5c:cf:
a9:63:70:b8:97:46:84:0e:0f:ab:99:56:64:d1:92:
91:85:8a:7c:45:79:bb:47:47:95:3c:64:d4:a6:26:
1f:52:a7:92:b9:28:ea:89:d1:bc:8a:8a:61:ee:7d:
f0:59:3c:d0:af:f6:a0:11:99:20:a8:68:62:f4:35:
39:1e:a5:1f:35:4e:f0:a0:23:4b:5e:d2:34:b4:23:
7b:08:d0:84:4d:93:8b:d8:51:b6:d4:c2:1c:59:72:
6a:2d:e6:ca:8f:7f:4c:5f:1b:6f:4b:48:0b:09:6c:
ea:fd:69:ee:bc:4f:81:77:17:11:61:0a:dd:f7:1b:
9b:b8:2a:fc:0e:f2:f4:ca:cc:d1:cc:c7:8f:84:e8:
d8:f7:88:cd:bc:12:1a:58:c9:a6:8f:bd:ca:39:42:
36:ba:96:3e:c1:a0:56:7c:44:71:02:6f:8c:dd:39:
17:35:fb:51:1c:a9:58:4b:ba:b2:57:8c:be:ed:28:
54:05:87:75:e5:a6:bd:cc:f9:56:c0:e8:20:89:f2:
d6:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:4C:46:D0:05:FA:58:7D:18:56:A0:DF:47:E6:9A:03:C9:35:FF:D0
X509v3 Authority Key Identifier:
keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/3134332e32302e32322e302f32332d3234203d3e20383334.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.20.22.0/23
Signature Algorithm: sha256WithRSAEncryption
2a:6c:ff:b5:92:8a:eb:82:13:9b:af:6b:9c:51:a4:99:99:55:
36:cc:df:d7:30:f5:89:40:6c:26:29:3a:35:51:aa:92:b0:bb:
70:b1:7e:33:62:5e:69:b8:7d:f6:d7:d0:02:22:6c:b4:7d:7b:
7e:11:bf:17:66:25:b2:a9:24:ed:cc:6e:bd:ac:2c:e0:12:df:
d9:d6:33:01:1f:b1:d0:0f:17:f0:77:83:5b:80:5e:ca:04:9b:
2a:0a:82:54:e9:16:dc:84:ae:25:ca:b2:9a:bd:a2:46:63:68:
81:f0:8e:f5:e7:c4:ab:28:e6:17:5e:88:7f:c0:17:46:49:bd:
2a:82:1d:79:31:dc:69:b5:7c:82:36:8a:93:8a:07:61:c8:96:
f9:7e:db:52:28:2d:d3:bc:6b:67:ea:8f:ca:4b:c4:15:8f:e4:
9a:fb:c1:71:9f:3d:20:e0:aa:45:2c:af:d1:c9:ab:69:fb:a9:
e9:4b:92:87:ce:5d:9c:eb:af:55:b7:44:a3:17:9c:71:8a:09:
4e:98:d9:02:15:3c:84:50:1f:e9:a5:9d:59:79:cc:76:a0:30:
58:4a:b1:20:10:9d:39:d1:f9:fd:b2:9a:4c:39:2e:ad:4e:95:
17:b6:e2:b6:52:39:24:58:09:ff:dc:98:2b:4e:fa:f8:68:6f:
c8:17:92:fe
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUSm4g6/D/pJcjOsCfXI4CmWvPVy4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDMyMzM2NDlaFw0yNjA2MDIyMzQxNDlaMDMxMTAvBgNV
BAMTKEE4NEM0NkQwMDVGQTU4N0QxODU2QTBERjQ3RTY5QTAzQzkzNUZGRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1VG4+KQmLO7eo3qSOeBAm4AHx
l8A/cNTxanp2xB9uzpkW1rQ2J8lBuUTpMBidR8oV8xpviK2/2ddcz6ljcLiXRoQO
D6uZVmTRkpGFinxFebtHR5U8ZNSmJh9Sp5K5KOqJ0byKimHuffBZPNCv9qARmSCo
aGL0NTkepR81TvCgI0te0jS0I3sI0IRNk4vYUbbUwhxZcmot5sqPf0xfG29LSAsJ
bOr9ae68T4F3FxFhCt33G5u4KvwO8vTKzNHMx4+E6Nj3iM28EhpYyaaPvco5Qja6
lj7BoFZ8RHECb4zdORc1+1EcqVhLurJXjL7tKFQFh3Xlpr3M+VbA6CCJ8tY9AgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUqExG0AX6WH0YVqDfR+aaA8k1/9AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjIt
ZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2MmUwLzAvMzEzNDMzMmUzMjMwMmUzMjMy
MmUzMDJmMzIzMzJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjxQWMA0G
CSqGSIb3DQEBCwUAA4IBAQAqbP+1korrghObr2ucUaSZmVU2zN/XMPWJQGwmKTo1
UaqSsLtwsX4zYl5puH3219ACImy0fXt+Eb8XZiWyqSTtzG69rCzgEt/Z1jMBH7HQ
Dxfwd4NbgF7KBJsqCoJU6RbchK4lyrKavaJGY2iB8I7158SrKOYXXoh/wBdGSb0q
gh15MdxptXyCNoqTigdhyJb5fttSKC3TvGtn6o/KS8QVj+Sa+8Fxnz0g4KpFLK/R
yatp+6npS5KHzl2c669Vt0SjF5xxiglOmNkCFTyEUB/ppZ1Zecx2oDBYSrEgEJ05
0fn9sppMOS6tTpUXtuK2UjkkWAn/3JgrTvr4aG/IF5L+
-----END CERTIFICATE-----
Generated at Fri Jun 6 23:37:19 2025 by rpki-client