Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pLsqocmAGXExOLLI7lgJv6yelr0.roa
File: pLsqocmAGXExOLLI7lgJv6yelr0.roa (raw, json)
Hash identifier: g2QUAFBJFUhQt6rh8/4bAUvccYFlIIRpdX8ePMIH2c4=
Subject key identifier: A4:BB:2A:A1:C9:80:19:71:31:38:B2:C8:EE:58:09:BF:AC:9E:96:BD
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01965C6B316ADDEBC692BAF94EA8661305E1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pLsqocmAGXExOLLI7lgJv6yelr0.roa
Signing time: Tue 22 Apr 2025 07:34:10 +0000
ROA not before: Tue 22 Apr 2025 07:34:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210644
IP address blocks: 45.88.88.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
94.156.104.0/24 maxlen: 24
94.156.166.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 22 Apr 2025 07:44:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5c:6b:31:6a:dd:eb:c6:92:ba:f9:4e:a8:66:13:05:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 22 07:34:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a4bb2aa1c98019713138b2c8ee5809bfac9e96bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:c4:d8:c6:2f:da:87:4a:c8:54:e6:86:1d:37:
83:50:7b:70:75:86:17:48:a3:e8:b6:3c:9a:a1:15:
cd:2c:20:ba:da:97:e8:81:2b:86:f9:33:e7:c4:a5:
e8:ef:9c:bf:fe:93:6a:19:c7:3a:2a:42:f4:ca:62:
d1:85:2d:21:a1:f3:09:78:9a:88:f4:a8:e3:a3:a6:
58:5b:ed:b9:3b:e7:df:68:4f:38:03:39:4a:68:65:
08:04:80:bb:42:93:cf:88:da:a5:24:de:ad:06:3e:
9d:0a:6e:65:c6:aa:43:f5:16:26:d1:c7:93:0c:c5:
d7:6d:0a:c4:85:09:94:06:de:b9:5b:9e:51:6a:86:
80:5e:1e:50:3b:f7:a4:64:90:76:16:02:63:75:0d:
84:0c:21:95:ae:b3:6f:b0:38:e5:71:07:e9:70:5a:
ae:b1:be:fd:af:d2:04:50:fb:3a:c7:21:ff:bd:b8:
e1:ab:5f:e1:07:8c:7e:87:ec:b7:f7:af:40:ef:17:
a8:10:62:b5:f2:d3:ed:87:6c:8f:4e:ef:c3:0c:47:
aa:31:bd:40:ad:c9:80:d1:4c:26:74:5f:9c:c1:25:
a0:3f:b3:f1:5e:1f:41:25:78:52:2a:ea:2d:51:65:
6f:23:db:53:2a:6f:82:bb:33:16:fb:dd:f8:32:bc:
bd:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:BB:2A:A1:C9:80:19:71:31:38:B2:C8:EE:58:09:BF:AC:9E:96:BD
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pLsqocmAGXExOLLI7lgJv6yelr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.88.88.0/24
45.151.91.0/24
94.156.104.0/24
94.156.166.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:ce:36:d4:55:a5:db:cf:1f:1d:79:fe:c3:ec:a8:37:68:2f:
6b:2a:38:91:cb:c9:7a:69:ad:62:17:2f:1c:93:2d:2c:61:5e:
fc:e4:dd:d4:28:16:cb:b8:68:e2:b6:67:13:9b:7c:8f:15:07:
b5:8f:3c:84:e2:bf:88:ed:61:1b:82:85:ed:71:92:4c:9b:91:
50:62:d3:e1:ad:a8:9b:53:66:6a:11:85:a6:92:ef:a8:e9:95:
68:36:ac:08:22:13:50:ce:89:f2:18:dd:0c:0b:dd:ca:8e:ef:
12:f2:04:5c:9e:6d:f9:14:32:7b:81:08:06:c2:ca:ce:b0:70:
e6:80:57:8d:48:cd:3c:f7:ba:0c:cd:0a:6b:27:af:11:f6:75:
58:49:fe:59:00:44:1c:02:8f:13:2f:6a:50:99:a9:b0:6d:be:
90:d8:eb:38:57:b4:73:ef:31:25:e8:15:97:56:a5:95:50:7e:
5e:0d:73:6d:f9:2f:24:4c:ec:73:cd:5c:31:e8:e1:2e:b7:61:
83:47:c8:d8:14:cb:5a:cf:c1:68:c7:5e:b6:f1:66:e6:a4:c8:
98:14:8f:25:b1:78:f2:37:d0:8d:87:6a:5c:4a:b7:b5:9f:e7:
0c:2a:35:8b:ca:6e:75:bd:da:66:61:3a:50:5d:9d:41:05:31:
d2:22:22:d6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZZcazFq3evGkrr5TqhmEwXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDIyMDczNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGJiMmFhMWM5ODAxOTcxMzEzOGIyYzhlZTU4MDliZmFjOWU5NmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8TYxi/ah0rIVOaGHTeDUHtwdYYX
SKPotjyaoRXNLCC62pfogSuG+TPnxKXo75y//pNqGcc6KkL0ymLRhS0hofMJeJqI
9Kjjo6ZYW+25O+ffaE84AzlKaGUIBIC7QpPPiNqlJN6tBj6dCm5lxqpD9RYm0ceT
DMXXbQrEhQmUBt65W55RaoaAXh5QO/ekZJB2FgJjdQ2EDCGVrrNvsDjlcQfpcFqu
sb79r9IEUPs6xyH/vbjhq1/hB4x+h+y3969A7xeoEGK18tPth2yPTu/DDEeqMb1A
rcmA0UwmdF+cwSWgP7PxXh9BJXhSKuotUWVvI9tTKm+CuzMW+934Mry9TwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKS7KqHJgBlxMTiyyO5YCb+snpa9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcExzcW9jbUFHWEV4T0xMSTdsZ0p2NnllbHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVhYAwQA
LZdbAwQAXpxoAwQAXpymMA0GCSqGSIb3DQEBCwUAA4IBAQAszjbUVaXbzx8def7D
7Kg3aC9rKjiRy8l6aa1iFy8cky0sYV785N3UKBbLuGjitmcTm3yPFQe1jzyE4r+I
7WEbgoXtcZJMm5FQYtPhraibU2ZqEYWmku+o6ZVoNqwIIhNQzonyGN0MC93Kju8S
8gRcnm35FDJ7gQgGwsrOsHDmgFeNSM0897oMzQprJ68R9nVYSf5ZAEQcAo8TL2pQ
mamwbb6Q2Os4V7Rz7zEl6BWXVqWVUH5eDXNt+S8kTOxzzVwx6OEut2GDR8jYFMta
z8Fox1628WbmpMiYFI8lsXjyN9CNh2pcSre1n+cMKjWLym51vdpmYTpQXZ1BBTHS
IiLW
-----END CERTIFICATE-----
Generated at Tue May 13 17:08:20 2025 by rpki-client