Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/NLUG3p_gK8Y__U-ASTL_nUWrxSg.roa
File: NLUG3p_gK8Y__U-ASTL_nUWrxSg.roa (raw, json)
Hash identifier: zwrI8b0OwhwkbYK/LYEafkV87100vggfkQXAndNA6v0=
Subject key identifier: 34:B5:06:DE:9F:E0:2B:C6:3F:FD:4F:80:49:32:FF:9D:45:AB:C5:28
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 01967B1D284305BB6C44B2A1D0828968B8C7
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/NLUG3p_gK8Y__U-ASTL_nUWrxSg.roa
Signing time: Mon 28 Apr 2025 06:37:10 +0000
ROA not before: Mon 28 Apr 2025 06:37:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 45.149.25.0/24 maxlen: 24
89.251.28.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 29 Apr 2025 05:22:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7b:1d:28:43:05:bb:6c:44:b2:a1:d0:82:89:68:b8:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Apr 28 06:37:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=34b506de9fe02bc63ffd4f804932ff9d45abc528
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:41:51:36:4a:6c:9f:e9:c3:33:c1:ff:c1:4a:
34:21:ad:13:4c:cd:26:84:92:a4:8b:e6:76:b5:4c:
d1:50:20:f8:ba:eb:b0:c0:5d:1d:05:dc:8a:8c:06:
7b:0e:47:52:19:2a:9d:b2:65:33:04:84:1f:19:b3:
b4:dd:53:db:b4:61:67:f0:d5:63:24:0d:80:b3:20:
c9:40:72:3c:b6:f0:01:3f:f0:7a:1c:e7:e7:6d:40:
1d:fd:fb:61:e0:8d:fc:71:3d:f6:73:f3:ef:54:f4:
37:70:fa:44:bd:59:93:e5:7c:b8:46:59:67:7b:fd:
53:fa:30:59:bc:6a:59:e3:06:74:15:52:2a:c0:4c:
56:79:19:1f:e2:37:6e:c9:53:25:81:c8:2d:41:77:
3f:bb:32:38:85:f5:a1:f2:70:66:e6:e8:2b:1e:ee:
6c:7f:cf:2e:b5:8b:17:29:4e:dd:d9:14:b6:28:ce:
19:d6:da:fb:bb:b9:07:df:45:19:fa:41:a1:11:be:
0b:23:f3:31:7f:76:cd:e2:2b:be:c8:10:c3:0e:b1:
66:3c:38:5f:7a:6e:80:8d:48:13:28:4c:27:1f:17:
5e:05:cb:6a:07:ec:2f:d4:b5:0c:15:af:bb:db:fb:
76:8a:a8:91:13:be:05:61:54:82:c7:41:d8:d9:cf:
78:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:B5:06:DE:9F:E0:2B:C6:3F:FD:4F:80:49:32:FF:9D:45:AB:C5:28
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/NLUG3p_gK8Y__U-ASTL_nUWrxSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.25.0/24
89.251.28.0/24
Signature Algorithm: sha256WithRSAEncryption
85:cb:83:3b:49:e8:f7:a0:77:ca:05:82:3c:68:ed:36:ae:b9:
c4:1c:bb:4e:90:74:c4:cd:26:b3:5d:f5:54:51:e3:fe:18:01:
1e:af:63:a6:c9:6f:7a:11:69:c1:44:07:c6:e0:4e:54:10:31:
ed:dd:94:16:0c:d8:49:d1:4a:70:73:85:41:c4:91:03:b9:4f:
ab:a8:d9:ec:bf:f8:c1:f3:af:d1:66:44:6f:a4:00:ad:a5:d0:
35:27:32:0d:34:19:10:b7:fb:1b:12:d2:7f:c9:3b:b4:83:a3:
ff:0c:d5:53:44:50:7a:59:f5:45:dd:8f:b4:ef:e9:30:be:9e:
f5:86:af:3c:40:58:bb:2e:92:b7:b2:f6:32:ff:08:da:f1:2f:
ac:9d:47:fd:92:d0:44:78:55:7d:6d:d5:ab:04:03:88:50:d5:
19:30:12:df:2e:5b:e7:70:b3:39:b6:5f:05:f6:1d:12:ee:8d:
52:ce:e1:ca:5d:e5:2d:70:7b:6d:fd:74:74:da:b1:83:93:ac:
9e:1a:66:f1:60:b6:e0:88:bd:16:f8:4a:ff:a8:aa:cc:89:10:
f4:28:bb:be:bf:22:81:cf:ff:44:5f:8b:a2:eb:75:a5:0b:e8:
39:36:b5:92:fb:5d:1d:28:59:b0:9f:d6:30:cd:c9:d4:c7:15:
50:a8:e0:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ7HShDBbtsRLKh0IKJaLjHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNDI4MDYzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI1MDZkZTlmZTAyYmM2M2ZmZDRmODA0OTMyZmY5ZDQ1YWJjNTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUFRNkpsn+nDM8H/wUo0Ia0TTM0m
hJKki+Z2tUzRUCD4uuuwwF0dBdyKjAZ7DkdSGSqdsmUzBIQfGbO03VPbtGFn8NVj
JA2AsyDJQHI8tvABP/B6HOfnbUAd/fth4I38cT32c/PvVPQ3cPpEvVmT5Xy4Rlln
e/1T+jBZvGpZ4wZ0FVIqwExWeRkf4jduyVMlgcgtQXc/uzI4hfWh8nBm5ugrHu5s
f88utYsXKU7d2RS2KM4Z1tr7u7kH30UZ+kGhEb4LI/Mxf3bN4iu+yBDDDrFmPDhf
em6AjUgTKEwnHxdeBctqB+wv1LUMFa+72/t2iqiRE74FYVSCx0HY2c94/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDS1Bt6f4CvGP/1PgEky/51Fq8UoMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvTkxVRzNwX2dLOFlfX1UtQVNUTF9uVVdyeFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZUZAwQA
WfscMA0GCSqGSIb3DQEBCwUAA4IBAQCFy4M7Sej3oHfKBYI8aO02rrnEHLtOkHTE
zSazXfVUUeP+GAEer2OmyW96EWnBRAfG4E5UEDHt3ZQWDNhJ0Upwc4VBxJEDuU+r
qNnsv/jB86/RZkRvpACtpdA1JzINNBkQt/sbEtJ/yTu0g6P/DNVTRFB6WfVF3Y+0
7+kwvp71hq88QFi7LpK3svYy/wja8S+snUf9ktBEeFV9bdWrBAOIUNUZMBLfLlvn
cLM5tl8F9h0S7o1SzuHKXeUtcHtt/XR02rGDk6yeGmbxYLbgiL0W+Er/qKrMiRD0
KLu+vyKBz/9EX4ui63WlC+g5NrWS+10dKFmwn9YwzcnUxxVQqOCS
-----END CERTIFICATE-----
Generated at Wed May 7 11:52:37 2025 by rpki-client