Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lQGcEa-RqPXSu0NLI-BSfDXaW88.roa
File: lQGcEa-RqPXSu0NLI-BSfDXaW88.roa (raw, json)
Hash identifier: R2bR8VjrMtesJGDqkz7zNVhA/A/YeL9Hpni65IAhLog=
Subject key identifier: 95:01:9C:11:AF:91:A8:F5:D2:BB:43:4B:23:E0:52:7C:35:DA:5B:CF
Certificate issuer: /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial: 0196315ED1C960C2FB7A5BAA5722F1508067
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lQGcEa-RqPXSu0NLI-BSfDXaW88.roa
Signing time: Sun 13 Apr 2025 22:56:59 +0000
ROA not before: Sun 13 Apr 2025 22:56:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213893
IP address blocks: 2a0d:d940:10::/48 maxlen: 48
2a0d:d940:11::/48 maxlen: 48
2a0d:d940:13::/48 maxlen: 48
2a0d:d940:14::/48 maxlen: 48
2a0d:d940:15::/48 maxlen: 48
2a0d:d940:18::/48 maxlen: 48
2a0d:d940:1f00::/40 maxlen: 40
Validation: Failed, certificate revoked on Wed 16 Apr 2025 10:28:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:31:5e:d1:c9:60:c2:fb:7a:5b:aa:57:22:f1:50:80:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Validity
Not Before: Apr 13 22:56:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95019c11af91a8f5d2bb434b23e0527c35da5bcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:30:be:b0:3a:92:d8:da:ab:99:60:58:3b:9a:
a5:ea:64:91:ef:b1:9a:52:bb:e0:69:9a:a2:69:f6:
22:6e:43:4c:86:64:97:f5:68:22:9a:d3:98:d1:30:
60:4f:5e:1d:51:e9:25:56:44:7d:96:b3:be:5d:23:
c1:94:f5:55:2d:85:db:51:df:7d:34:a6:70:5e:bf:
5b:a2:1e:39:39:f7:74:af:c9:88:de:bd:70:f1:eb:
22:9d:52:4b:28:66:e1:8c:0c:33:1c:ce:84:3a:12:
2d:95:d2:d8:a2:f1:24:e4:94:1c:3a:52:6c:23:ff:
80:60:d0:97:6e:7e:88:c0:4c:a2:69:f9:b0:ef:ee:
c9:51:c8:00:2b:ec:2a:52:df:4f:5e:1b:2d:4e:e7:
63:a6:c5:a3:f7:0b:48:96:ac:be:ce:6a:05:a2:22:
da:5f:2c:60:4d:a4:49:2d:b5:82:6a:e8:0a:e5:8c:
ca:d1:9b:3d:66:05:c1:b1:6d:2b:03:e3:3c:9d:c9:
1a:a8:0f:b0:aa:4b:38:16:25:68:30:c5:54:43:7f:
d4:92:d4:47:6b:6e:fc:0c:87:01:34:0b:33:c7:66:
7c:97:94:53:38:8c:36:9d:30:c4:d9:00:6e:73:d0:
1a:e9:29:03:82:74:fe:e9:b5:b7:8a:4c:33:2b:bc:
fd:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:01:9C:11:AF:91:A8:F5:D2:BB:43:4B:23:E0:52:7C:35:DA:5B:CF
X509v3 Authority Key Identifier:
keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lQGcEa-RqPXSu0NLI-BSfDXaW88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:d940:10::/47
2a0d:d940:13::-2a0d:d940:15:ffff:ffff:ffff:ffff:ffff
2a0d:d940:18::/48
2a0d:d940:1f00::/40
Signature Algorithm: sha256WithRSAEncryption
c7:81:83:1f:37:76:c4:a3:ab:c1:dc:7f:09:93:7f:9f:d5:6b:
1c:10:28:b4:90:bb:c7:4f:31:1a:da:f6:80:90:3b:8f:e9:b6:
ee:4d:34:70:b7:de:ff:49:7f:00:76:90:c4:9a:7a:bc:86:e8:
0b:21:33:50:68:89:38:a5:27:59:1a:13:90:e9:98:5f:10:7c:
72:19:3b:4a:85:4a:07:ad:2a:50:17:40:ff:6b:a7:fc:8e:c2:
0d:97:06:ab:b5:29:69:70:6b:da:92:2d:f9:23:90:08:d7:5d:
77:22:c8:27:7b:a1:52:3b:25:68:cf:0f:9b:ef:d6:fa:04:4b:
92:7f:4b:0c:75:6b:46:a0:18:9c:b4:dc:e3:19:58:bd:01:a6:
33:18:f0:b6:6f:b9:9c:b4:f2:9a:c5:3c:73:a0:37:a6:5d:00:
cc:7d:24:5a:6b:04:f8:69:70:82:2c:2a:45:a0:8a:b2:ce:51:
34:b0:fc:4f:cd:dc:ee:d9:d0:46:8c:11:25:4b:b2:8c:79:b1:
25:f7:9e:5e:6a:21:14:45:77:d3:be:27:1b:4e:f2:a0:b6:b5:
5a:22:aa:b8:4f:12:b9:af:82:7e:6d:41:a1:80:4b:85:a9:1b:
49:08:8c:36:99:5d:ba:d4:59:81:fd:2a:e7:f6:4e:e8:7c:b1:
8c:aa:d6:4a
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZYxXtHJYML7eluqVyLxUIBnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNDEzMjI1NjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTAxOWMxMWFmOTFhOGY1ZDJiYjQzNGIyM2UwNTI3YzM1ZGE1YmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjC+sDqS2NqrmWBYO5ql6mSR77Ga
UrvgaZqiafYibkNMhmSX9WgimtOY0TBgT14dUeklVkR9lrO+XSPBlPVVLYXbUd99
NKZwXr9boh45Ofd0r8mI3r1w8esinVJLKGbhjAwzHM6EOhItldLYovEk5JQcOlJs
I/+AYNCXbn6IwEyiafmw7+7JUcgAK+wqUt9PXhstTudjpsWj9wtIlqy+zmoFoiLa
XyxgTaRJLbWCaugK5YzK0Zs9ZgXBsW0rA+M8nckaqA+wqks4FiVoMMVUQ3/UktRH
a278DIcBNAszx2Z8l5RTOIw2nTDE2QBuc9Aa6SkDgnT+6bW3ikwzK7z9lwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJUBnBGvkaj10rtDSyPgUnw12lvPMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbFFHY0VhLVJxUFhTdTBOTEktQlNmRFhhVzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAAjAuAwcBKg3ZQAAQ
MBIDBwAqDdlAABMDBwEqDdlAABQDBwAqDdlAABgDBgAqDdlAHzANBgkqhkiG9w0B
AQsFAAOCAQEAx4GDHzd2xKOrwdx/CZN/n9VrHBAotJC7x08xGtr2gJA7j+m27k00
cLfe/0l/AHaQxJp6vIboCyEzUGiJOKUnWRoTkOmYXxB8chk7SoVKB60qUBdA/2un
/I7CDZcGq7UpaXBr2pIt+SOQCNdddyLIJ3uhUjslaM8Pm+/W+gRLkn9LDHVrRqAY
nLTc4xlYvQGmMxjwtm+5nLTymsU8c6A3pl0AzH0kWmsE+GlwgiwqRaCKss5RNLD8
T83c7tnQRowRJUuyjHmxJfeeXmohFEV3074nG07yoLa1WiKquE8Sua+Cfm1BoYBL
hakbSQiMNpldutRZgf0q5/ZO6HyxjKrWSg==
-----END CERTIFICATE-----
Generated at Sun May 11 15:54:37 2025 by rpki-client