Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ywRa6oHQscVnKtOtBtKDAvk2Tgg.roa
File: ywRa6oHQscVnKtOtBtKDAvk2Tgg.roa (raw, json)
Hash identifier: 7IZ2y2GvRaBjmPmTW8lVwA54Abui1ynzWGYxKvGn8y8=
Subject key identifier: CB:04:5A:EA:81:D0:B1:C5:67:2A:D3:AD:06:D2:83:02:F9:36:4E:08
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 019583F0A0AD5327EB03BB65C73F0B197BEC
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ywRa6oHQscVnKtOtBtKDAvk2Tgg.roa
Signing time: Tue 11 Mar 2025 06:42:19 +0000
ROA not before: Tue 11 Mar 2025 06:42:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 85.239.156.0/24 maxlen: 24
92.62.251.0/24 maxlen: 24
92.62.253.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 12 Mar 2025 14:52:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:83:f0:a0:ad:53:27:eb:03:bb:65:c7:3f:0b:19:7b:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Mar 11 06:42:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb045aea81d0b1c5672ad3ad06d28302f9364e08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b7:3c:c2:15:a3:7c:a2:c2:f7:3e:aa:05:08:
e1:66:fb:59:30:ae:4c:ee:60:e2:63:4f:67:a4:51:
bb:71:d1:5a:30:ad:91:ff:95:2b:48:c7:05:a7:0d:
4b:3f:1d:14:22:b4:a2:34:2e:de:a8:26:8f:6e:e2:
91:a8:e3:63:33:22:95:35:64:06:c3:89:86:29:1f:
e2:ac:a4:c7:65:a6:35:2a:95:74:6e:a7:a3:fc:18:
8e:78:0e:19:e0:b9:71:c0:21:91:43:0c:c6:00:69:
a1:f4:c0:80:57:60:c5:7f:72:78:46:b0:f0:fb:aa:
f9:63:39:e7:40:7c:b7:64:e9:f8:6e:83:9c:fe:14:
30:fa:7d:10:35:d4:fd:37:dc:f4:03:76:48:28:63:
c5:cf:0c:6e:96:07:c2:e2:a8:2b:e8:d5:8a:1e:d2:
a7:43:4d:e9:22:83:36:82:11:82:5c:12:49:fb:03:
5a:d7:4f:40:0e:95:ae:17:7d:c0:d4:52:19:28:af:
80:d1:5e:ce:c6:c0:bc:05:97:c8:49:08:f6:1f:99:
7c:10:53:d8:09:df:9e:b1:33:c2:de:24:36:d4:c8:
ba:78:98:89:77:04:c4:32:c2:9d:bb:83:84:74:74:
cb:69:05:38:8a:3e:41:28:49:8a:61:cb:28:45:d8:
68:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:04:5A:EA:81:D0:B1:C5:67:2A:D3:AD:06:D2:83:02:F9:36:4E:08
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ywRa6oHQscVnKtOtBtKDAvk2Tgg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.156.0/24
92.62.251.0/24
92.62.253.0/24
Signature Algorithm: sha256WithRSAEncryption
6d:16:3c:82:db:19:e6:b4:e4:1c:5d:b6:29:1c:74:05:b6:dc:
ad:a7:65:b2:7a:a8:53:9a:85:97:2d:ff:e3:39:3a:18:84:4c:
01:87:1e:fd:b5:04:04:7a:5c:9b:3e:ff:e3:90:70:64:ca:2e:
b6:e8:14:f1:e0:e6:cb:ed:90:50:44:71:64:f6:87:c8:46:78:
bb:63:94:d6:57:5c:d8:b3:21:ba:f1:33:51:dc:49:9d:3c:c6:
3f:93:f6:03:56:c8:dc:d0:ed:15:c0:62:48:44:16:fd:75:8d:
fb:cf:4d:5f:bd:9f:d3:70:06:05:36:27:82:0d:bb:03:cb:87:
ac:c3:1e:fb:1b:63:e6:41:c7:e3:a9:f9:19:f6:d9:43:b7:b5:
e2:ee:d3:3a:7d:65:22:4d:32:10:b5:a6:76:48:15:f7:8c:54:
c6:a9:2e:3b:11:18:7e:2f:76:9a:4d:eb:3f:b1:c8:a6:d7:ba:
70:ee:a1:9a:cf:03:44:23:e4:44:fb:73:76:ce:ad:14:d7:d6:
42:92:30:1c:d6:4c:38:75:60:eb:30:ae:16:87:a0:18:49:06:
52:7c:1b:c8:77:a6:a6:00:b4:49:2c:4b:44:4a:ed:2b:50:61:
4a:ed:45:31:7d:af:a1:0a:30:84:fd:c5:c5:f8:e2:e9:73:26:
a0:f0:c2:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWD8KCtUyfrA7tlxz8LGXvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMzExMDY0MjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjA0NWFlYTgxZDBiMWM1NjcyYWQzYWQwNmQyODMwMmY5MzY0ZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7c8whWjfKLC9z6qBQjhZvtZMK5M
7mDiY09npFG7cdFaMK2R/5UrSMcFpw1LPx0UIrSiNC7eqCaPbuKRqONjMyKVNWQG
w4mGKR/irKTHZaY1KpV0bqej/BiOeA4Z4LlxwCGRQwzGAGmh9MCAV2DFf3J4RrDw
+6r5YznnQHy3ZOn4boOc/hQw+n0QNdT9N9z0A3ZIKGPFzwxulgfC4qgr6NWKHtKn
Q03pIoM2ghGCXBJJ+wNa109ADpWuF33A1FIZKK+A0V7OxsC8BZfISQj2H5l8EFPY
Cd+esTPC3iQ21Mi6eJiJdwTEMsKdu4OEdHTLaQU4ij5BKEmKYcsoRdhopQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMsEWuqB0LHFZyrTrQbSgwL5Nk4IMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEveXdSYTZvSFFzY1ZuS3RPdEJ0S0RBdmsyVGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVe+cAwQA
XD77AwQAXD79MA0GCSqGSIb3DQEBCwUAA4IBAQBtFjyC2xnmtOQcXbYpHHQFttyt
p2WyeqhTmoWXLf/jOToYhEwBhx79tQQEelybPv/jkHBkyi626BTx4ObL7ZBQRHFk
9ofIRni7Y5TWV1zYsyG68TNR3EmdPMY/k/YDVsjc0O0VwGJIRBb9dY37z01fvZ/T
cAYFNieCDbsDy4eswx77G2PmQcfjqfkZ9tlDt7Xi7tM6fWUiTTIQtaZ2SBX3jFTG
qS47ERh+L3aaTes/scim17pw7qGazwNEI+RE+3N2zq0U19ZCkjAc1kw4dWDrMK4W
h6AYSQZSfBvId6amALRJLEtESu0rUGFK7UUxfa+hCjCE/cXF+OLpcyag8MIS
-----END CERTIFICATE-----
Generated at Sat May 10 10:11:43 2025 by rpki-client