Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/MGuAvQXqNP7uil2yN8ylFEwy_5w.roa
File: MGuAvQXqNP7uil2yN8ylFEwy_5w.roa (raw, json)
Hash identifier: X891iqU5ccojZtxXyzQjkeX2+oC8spBq+PkE3GI1Haw=
Subject key identifier: 30:6B:80:BD:05:EA:34:FE:EE:8A:5D:B2:37:CC:A5:14:4C:32:FF:9C
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 0196643D713443E354925D0D842303F56E18
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/MGuAvQXqNP7uil2yN8ylFEwy_5w.roa
Signing time: Wed 23 Apr 2025 20:01:10 +0000
ROA not before: Wed 23 Apr 2025 20:01:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24750
IP address blocks: 85.239.152.0/22 maxlen: 22
178.239.112.0/21 maxlen: 21
2a05:4c00::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 24 Apr 2025 07:06:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:64:3d:71:34:43:e3:54:92:5d:0d:84:23:03:f5:6e:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Apr 23 20:01:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=306b80bd05ea34feee8a5db237cca5144c32ff9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:b5:8b:7f:b2:aa:4a:a5:87:c8:28:2e:8b:82:
e9:79:97:e7:2f:62:4e:2b:91:da:3d:d1:b4:c5:9c:
7b:88:2c:fb:43:34:89:cd:f2:44:fb:e8:f0:80:d6:
99:da:05:f1:10:d7:2f:47:59:2b:9c:d9:2e:12:f9:
6d:7e:65:30:8a:90:36:65:ca:98:46:de:45:64:63:
31:ea:34:63:aa:07:4a:a4:0b:07:26:45:40:ef:07:
34:14:23:73:99:cf:44:77:b6:35:b8:90:69:9d:45:
ec:c3:71:72:1f:79:98:7d:be:4d:3a:6b:d0:9b:f7:
80:83:f0:08:7a:1d:c3:9a:9c:56:10:52:1a:cf:f2:
90:13:a1:48:64:a3:78:bc:8e:d3:e1:7d:95:f6:ff:
b3:74:a9:80:f3:fa:a8:58:c4:5b:e0:fe:59:51:b3:
d6:0b:3e:19:5f:ea:5c:6d:f3:00:d6:ef:9f:6f:c4:
b1:77:4a:f3:37:92:63:6c:07:80:d4:f7:fc:e8:71:
b5:26:ad:91:b1:75:6b:24:0c:22:30:ab:71:5d:d0:
cb:6e:9a:96:d2:29:24:e3:10:c3:1a:a5:ef:8e:9a:
6f:ca:97:4c:34:cc:35:fd:c8:6e:6d:54:89:31:8f:
c0:fd:a7:5a:c4:87:75:b7:84:89:34:a9:83:49:08:
c5:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:6B:80:BD:05:EA:34:FE:EE:8A:5D:B2:37:CC:A5:14:4C:32:FF:9C
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/MGuAvQXqNP7uil2yN8ylFEwy_5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.152.0/22
178.239.112.0/21
IPv6:
2a05:4c00::/29
Signature Algorithm: sha256WithRSAEncryption
a0:72:63:97:c4:72:95:8f:00:9a:64:80:87:0d:98:7e:4b:06:
fe:d1:fd:c1:4e:82:54:76:34:b7:85:46:c7:b7:0a:38:58:20:
86:09:bb:b3:c7:89:b9:8d:82:18:c3:0c:0b:cb:75:02:ce:d1:
2b:d9:e5:dd:ba:f3:85:6d:2f:8e:5e:12:d7:e7:14:5f:19:d3:
a1:4f:89:87:a4:66:d7:23:f4:5b:e2:74:a2:00:b2:c1:4d:c3:
b7:d2:00:c2:e9:c2:55:6d:82:d8:30:d3:fa:2b:76:5d:7b:74:
7c:bc:43:dd:1f:a1:bc:c4:1b:08:f5:b1:e3:25:6b:81:a8:22:
49:07:1c:8d:60:18:71:9e:ad:d1:3c:db:eb:5b:72:0e:47:1c:
46:d9:d8:10:0d:be:24:9f:8f:65:04:81:72:24:cf:65:fa:c9:
5b:af:ff:d0:1a:87:01:6c:78:8b:68:e3:de:7c:82:23:ac:2b:
c2:a7:c0:62:9e:be:43:e2:44:bf:52:0c:63:18:8c:aa:90:51:
ad:75:c1:ce:a8:8d:6d:4f:4a:45:79:2a:87:fa:82:50:38:1a:
77:c6:0c:d1:7c:9f:19:68:10:40:e3:69:91:c7:cb:0f:27:51:
88:7f:df:d7:fa:e8:5a:eb:6d:19:bd:f7:94:67:1c:0a:6a:c5:
c9:0c:03:e0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZZkPXE0Q+NUkl0NhCMD9W4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwNDIzMjAwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDZiODBiZDA1ZWEzNGZlZWU4YTVkYjIzN2NjYTUxNDRjMzJmZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrWLf7KqSqWHyCgui4LpeZfnL2JO
K5HaPdG0xZx7iCz7QzSJzfJE++jwgNaZ2gXxENcvR1krnNkuEvltfmUwipA2ZcqY
Rt5FZGMx6jRjqgdKpAsHJkVA7wc0FCNzmc9Ed7Y1uJBpnUXsw3FyH3mYfb5NOmvQ
m/eAg/AIeh3DmpxWEFIaz/KQE6FIZKN4vI7T4X2V9v+zdKmA8/qoWMRb4P5ZUbPW
Cz4ZX+pcbfMA1u+fb8Sxd0rzN5JjbAeA1Pf86HG1Jq2RsXVrJAwiMKtxXdDLbpqW
0ikk4xDDGqXvjppvypdMNMw1/chubVSJMY/A/adaxId1t4SJNKmDSQjFwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDBrgL0F6jT+7opdsjfMpRRMMv+cMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvTUd1QXZRWHFOUDd1aWwyeU44eWxGRXd5XzV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVe+YAwQD
su9wMA0EAgACMAcDBQMqBUwAMA0GCSqGSIb3DQEBCwUAA4IBAQCgcmOXxHKVjwCa
ZICHDZh+Swb+0f3BToJUdjS3hUbHtwo4WCCGCbuzx4m5jYIYwwwLy3UCztEr2eXd
uvOFbS+OXhLX5xRfGdOhT4mHpGbXI/Rb4nSiALLBTcO30gDC6cJVbYLYMNP6K3Zd
e3R8vEPdH6G8xBsI9bHjJWuBqCJJBxyNYBhxnq3RPNvrW3IORxxG2dgQDb4kn49l
BIFyJM9l+slbr//QGocBbHiLaOPefIIjrCvCp8Binr5D4kS/UgxjGIyqkFGtdcHO
qI1tT0pFeSqH+oJQOBp3xgzRfJ8ZaBBA42mRx8sPJ1GIf9/X+uha620ZvfeUZxwK
asXJDAPg
-----END CERTIFICATE-----
Generated at Thu May 8 09:28:15 2025 by rpki-client