Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/U85_fGiPRKgo2Zlv97bow1Q4xoM.roa
File: U85_fGiPRKgo2Zlv97bow1Q4xoM.roa (raw, json)
Hash identifier: Q02R9Yu4NGY10IBHKEUv4JqQl7+okuEUDh7tkQFkjbM=
Subject key identifier: 53:CE:7F:7C:68:8F:44:A8:28:D9:99:6F:F7:B6:E8:C3:54:38:C6:83
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 019519D017A4B028FF46F7677BD86E7E3B7C
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/U85_fGiPRKgo2Zlv97bow1Q4xoM.roa
Signing time: Tue 18 Feb 2025 16:07:02 +0000
ROA not before: Tue 18 Feb 2025 16:07:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209737
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
109.236.51.0/24 maxlen: 24
185.86.6.0/24 maxlen: 24
185.254.28.0/24 maxlen: 24
185.254.29.0/24 maxlen: 24
193.35.152.0/24 maxlen: 24
193.35.155.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 24 Feb 2025 11:57:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:19:d0:17:a4:b0:28:ff:46:f7:67:7b:d8:6e:7e:3b:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Feb 18 16:07:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=53ce7f7c688f44a828d9996ff7b6e8c35438c683
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ea:57:d0:3a:29:ce:ed:c0:44:30:65:a7:e2:
a9:83:cb:31:fb:4c:a7:4b:63:d4:ff:8e:de:5d:a6:
58:68:29:bd:af:6f:0e:ec:6e:0f:83:af:cb:1c:a1:
e2:6c:76:7d:0f:bc:04:79:89:d6:5f:5c:04:56:c6:
56:59:62:4d:a3:f0:e6:89:a0:09:bb:ca:c8:ae:30:
fe:a7:2d:77:4b:87:e9:c8:56:8c:74:a7:2c:48:fe:
3e:6c:71:46:cc:60:b0:97:ba:c3:e0:48:ec:dc:c8:
36:33:b8:06:5e:f4:95:ef:dc:90:e6:ca:07:0d:91:
73:8a:36:b3:a3:d5:a7:ae:c5:93:63:fc:e9:75:c3:
d3:f2:e1:a6:89:63:e6:79:05:0b:44:fc:73:74:d0:
ff:71:b9:fd:f4:b5:06:d8:e1:6f:fd:6b:33:eb:70:
79:de:c0:d2:b6:ad:b9:a3:96:ef:f1:03:b1:1d:05:
d9:34:9a:e2:3f:1a:42:74:ab:6d:1f:48:d4:00:b4:
8b:58:f4:d3:b2:b3:77:da:13:ad:c2:46:35:87:6e:
ee:55:eb:31:ff:c2:11:38:1c:00:a2:05:f1:46:4e:
4c:5d:42:a7:0e:e0:8c:eb:d1:71:9f:7a:7c:e1:15:
8d:36:4f:96:24:39:35:ec:e5:99:7e:d6:5d:05:61:
81:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:CE:7F:7C:68:8F:44:A8:28:D9:99:6F:F7:B6:E8:C3:54:38:C6:83
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/U85_fGiPRKgo2Zlv97bow1Q4xoM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.51.255
185.86.6.0/24
185.254.28.0/23
193.35.152.0/24
193.35.155.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:8e:ae:67:7a:d9:fe:f6:09:44:a4:f1:3e:5f:4f:85:40:8d:
55:e0:cd:9d:af:93:e7:89:69:dd:44:78:e7:17:38:b6:dc:6c:
96:28:61:16:3c:93:12:99:7f:09:1a:fd:05:ad:9b:99:ac:97:
0b:73:aa:ee:27:38:20:17:70:98:95:52:4a:a5:ba:e1:b2:1c:
91:58:6c:d7:01:0e:a2:02:d5:19:02:8e:1c:c7:19:6b:e0:0b:
42:5f:5d:e0:9f:c0:f7:6d:d4:c4:21:40:a5:fd:b8:8e:b6:84:
2c:e7:b6:a2:31:dc:20:39:54:f1:94:d4:ac:99:4b:3d:3f:48:
4c:45:ff:3d:3e:c5:b6:1a:a9:67:8e:65:b8:61:de:d3:6d:10:
9b:4b:d4:5d:14:0b:a6:3e:89:c7:df:54:7b:6b:fd:e2:2c:e8:
51:74:39:38:0a:cf:30:b6:3d:e8:f6:af:83:71:95:34:7c:44:
fe:ea:ff:3f:b0:02:bc:8c:c4:41:23:4f:03:04:6d:7f:60:72:
0a:6f:ce:ce:ad:ec:c8:86:ce:33:ce:f3:16:6e:f1:be:82:84:
c2:2b:6e:ef:34:37:80:36:49:d0:05:43:f7:6d:e7:99:60:d6:
34:15:de:8a:f0:ee:4b:fb:e5:bb:7a:6d:0d:af:3d:73:52:1f:
d5:9f:35:1d
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZUZ0BeksCj/Rvdne9hufjt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMjE4MTYwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NlN2Y3YzY4OGY0NGE4MjhkOTk5NmZmN2I2ZThjMzU0MzhjNjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtepX0Dopzu3ARDBlp+Kpg8sx+0yn
S2PU/47eXaZYaCm9r28O7G4Pg6/LHKHibHZ9D7wEeYnWX1wEVsZWWWJNo/DmiaAJ
u8rIrjD+py13S4fpyFaMdKcsSP4+bHFGzGCwl7rD4Ejs3Mg2M7gGXvSV79yQ5soH
DZFzijazo9WnrsWTY/zpdcPT8uGmiWPmeQULRPxzdND/cbn99LUG2OFv/Wsz63B5
3sDStq25o5bv8QOxHQXZNJriPxpCdKttH0jUALSLWPTTsrN32hOtwkY1h27uVesx
/8IROBwAogXxRk5MXUKnDuCM69Fxn3p84RWNNk+WJDk17OWZftZdBWGBmwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFFPOf3xoj0SoKNmZb/e26MNUOMaDMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvVTg1X2ZHaVBSS2dvMlpsdjk3Ym93MVE0eG9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBABt7DED
BAJt7DADBAC5VgYDBAG5/hwDBADBI5gDBADBI5swDQYJKoZIhvcNAQELBQADggEB
AKKOrmd62f72CUSk8T5fT4VAjVXgzZ2vk+eJad1EeOcXOLbcbJYoYRY8kxKZfwka
/QWtm5mslwtzqu4nOCAXcJiVUkqluuGyHJFYbNcBDqIC1RkCjhzHGWvgC0JfXeCf
wPdt1MQhQKX9uI62hCzntqIx3CA5VPGU1KyZSz0/SExF/z0+xbYaqWeOZbhh3tNt
EJtL1F0UC6Y+icffVHtr/eIs6FF0OTgKzzC2Pej2r4NxlTR8RP7q/z+wAryMxEEj
TwMEbX9gcgpvzs6t7MiGzjPO8xZu8b6ChMIrbu80N4A2SdAFQ/dt55lg1jQV3orw
7kv75bt6bQ2vPXNSH9WfNR0=
-----END CERTIFICATE-----
Generated at Sat May 10 16:59:55 2025 by rpki-client