Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/aqc9iqNZ3UEyKF66J0Kk63YWrPM.roa
File: aqc9iqNZ3UEyKF66J0Kk63YWrPM.roa (raw, json)
Hash identifier: yKjnntu1oUMc6fhZy1ymosOL2rcqCAyyDWtOYLlOhRg=
Subject key identifier: 6A:A7:3D:8A:A3:59:DD:41:32:28:5E:BA:27:42:A4:EB:76:16:AC:F3
Certificate issuer: /CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
Certificate serial: 0197C03EFC99560DCE1285DFF07204554024
Authority key identifier: B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/aqc9iqNZ3UEyKF66J0Kk63YWrPM.roa
Signing time: Mon 30 Jun 2025 09:50:42 +0000
ROA not before: Mon 30 Jun 2025 09:50:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197033
IP address blocks: 46.18.224.0/21 maxlen: 21
91.216.43.0/24 maxlen: 24
185.24.152.0/22 maxlen: 22
185.33.88.0/22 maxlen: 22
185.147.65.0/24 maxlen: 24
185.147.67.0/24 maxlen: 24
185.155.173.0/24 maxlen: 24
185.195.250.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Jul 2025 06:44:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c0:3e:fc:99:56:0d:ce:12:85:df:f0:72:04:55:40:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3d5ec1516ee6dc19d1e5c3998cb7e7a646f715a
Validity
Not Before: Jun 30 09:50:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6aa73d8aa359dd4132285eba2742a4eb7616acf3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:98:52:4d:a2:d1:13:7a:71:97:b8:ae:7a:4d:
d1:4e:89:2f:96:2c:c2:b0:a5:6d:9f:5a:c4:27:7e:
cb:f2:56:81:06:71:b2:e2:08:f6:9a:9e:21:1f:ad:
7d:ca:6d:f0:33:12:c0:74:8d:1f:25:88:e8:f2:9d:
bc:3f:66:7e:7e:60:94:a3:50:9f:64:29:88:45:78:
f1:94:88:2a:d8:8b:c0:31:55:b6:d0:9c:cb:3d:ba:
0a:b4:20:4c:4d:22:22:ec:08:55:8e:24:2e:e4:38:
be:c1:92:d9:b3:31:92:ee:51:88:77:4d:59:cd:ff:
2a:80:de:7c:c8:47:a6:db:e7:d6:38:90:60:40:9b:
9a:79:8e:5c:b4:4f:6f:92:74:e0:df:8c:e9:e5:46:
c5:dc:3b:6f:4a:d9:6a:c1:b0:f5:2f:9f:e9:ee:f6:
eb:50:73:aa:fd:86:d9:80:2c:af:c2:a3:26:4c:b5:
a7:74:69:be:1d:f9:d1:d1:cb:1f:8f:4d:4e:51:bc:
8e:0d:72:c3:32:61:ab:0b:60:17:ea:95:3e:0c:d8:
bf:dd:a6:60:ce:84:21:a3:fe:f0:97:3a:d4:2e:c1:
e7:39:91:82:94:6d:c1:00:15:c9:9e:aa:f7:9d:27:
83:36:ea:fd:f0:5b:46:70:32:5f:0c:42:ca:7f:ed:
05:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:A7:3D:8A:A3:59:DD:41:32:28:5E:BA:27:42:A4:EB:76:16:AC:F3
X509v3 Authority Key Identifier:
keyid:B3:D5:EC:15:16:EE:6D:C1:9D:1E:5C:39:98:CB:7E:7A:64:6F:71:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9XsFRbubcGdHlw5mMt-emRvcVo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/aqc9iqNZ3UEyKF66J0Kk63YWrPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/3ad7cc-3c08-4b72-870a-6c305a6dbab9/1/s9XsFRbubcGdHlw5mMt-emRvcVo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.18.224.0/21
91.216.43.0/24
185.24.152.0/22
185.33.88.0/22
185.147.65.0/24
185.147.67.0/24
185.155.173.0/24
185.195.250.0/24
Signature Algorithm: sha256WithRSAEncryption
82:c9:8b:01:ab:19:25:a4:46:9a:3b:97:29:b6:c3:92:5f:51:
9a:d8:8a:47:b9:d0:64:cd:c4:cf:6c:e4:47:52:20:88:12:2c:
76:8a:d0:13:f0:e9:31:c8:ee:7d:bc:fc:e4:24:5d:84:a8:da:
49:98:bb:31:0b:50:4b:dc:e0:5e:8d:20:52:0f:4c:9b:98:f1:
6e:98:55:cf:03:78:0e:79:81:34:c4:c1:59:9a:b1:dc:2c:c7:
78:1e:7b:6c:2b:a0:eb:6b:dc:a8:fc:4c:24:83:42:fa:62:c2:
5f:14:09:b6:7e:c0:6c:1b:23:c3:f1:1f:cb:53:54:21:20:15:
f2:08:b1:da:53:9b:2c:7e:8f:b7:4d:c2:e9:4e:db:80:07:fc:
1e:4c:ed:b2:b1:72:4d:6e:3c:11:1d:61:8f:96:81:16:28:0b:
e9:a6:c9:8d:e2:76:2c:a0:b5:02:8a:41:09:e8:75:12:66:db:
4b:66:53:c1:3f:4b:4b:9b:3b:ea:31:1d:c0:b2:eb:2d:c8:21:
39:2b:e3:8d:b5:30:92:86:bf:0d:1c:18:2d:d5:51:5c:46:d0:
8f:b6:07:cd:08:b3:2e:7f:7d:02:a1:c4:8e:76:aa:c3:b6:0e:
72:3c:f4:cf:39:74:f4:4f:12:d2:61:1e:f3:3d:bc:f2:ca:12:
19:5f:91:eb
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZfAPvyZVg3OEoXf8HIEVUAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDVlYzE1MTZlZTZkYzE5ZDFlNWMzOTk4Y2I3ZTdhNjQ2
ZjcxNWEwHhcNMjUwNjMwMDk1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE3M2Q4YWEzNTlkZDQxMzIyODVlYmEyNzQyYTRlYjc2MTZhY2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJhSTaLRE3pxl7iuek3RTokvlizC
sKVtn1rEJ37L8laBBnGy4gj2mp4hH619ym3wMxLAdI0fJYjo8p28P2Z+fmCUo1Cf
ZCmIRXjxlIgq2IvAMVW20JzLPboKtCBMTSIi7AhVjiQu5Di+wZLZszGS7lGId01Z
zf8qgN58yEem2+fWOJBgQJuaeY5ctE9vknTg34zp5UbF3DtvStlqwbD1L5/p7vbr
UHOq/YbZgCyvwqMmTLWndGm+HfnR0csfj01OUbyODXLDMmGrC2AX6pU+DNi/3aZg
zoQho/7wlzrULsHnOZGClG3BABXJnqr3nSeDNur98FtGcDJfDELKf+0FRQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGqnPYqjWd1BMiheuidCpOt2FqzzMB8GA1UdIwQY
MBaAFLPV7BUW7m3BnR5cOZjLfnpkb3FaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEt
NmMzMDVhNmRiYWI5LzEvYXFjOWlxTlozVUV5S0Y2NkowS2s2M1lXclBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8zYWQ3Y2MtM2MwOC00YjcyLTg3MGEtNmMzMDVhNmRiYWI5
LzEvczlYc0ZSYnViY0dkSGx3NW1NdC1lbVJ2Y1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQDLhLgAwQA
W9grAwQCuRiYAwQCuSFYAwQAuZNBAwQAuZNDAwQAuZutAwQAucP6MA0GCSqGSIb3
DQEBCwUAA4IBAQCCyYsBqxklpEaaO5cptsOSX1Ga2IpHudBkzcTPbORHUiCIEix2
itAT8OkxyO59vPzkJF2EqNpJmLsxC1BL3OBejSBSD0ybmPFumFXPA3gOeYE0xMFZ
mrHcLMd4HntsK6Dra9yo/Ewkg0L6YsJfFAm2fsBsGyPD8R/LU1QhIBXyCLHaU5ss
fo+3TcLpTtuAB/weTO2ysXJNbjwRHWGPloEWKAvppsmN4nYsoLUCikEJ6HUSZttL
ZlPBP0tLmzvqMR3AsustyCE5K+ONtTCShr8NHBgt1VFcRtCPtgfNCLMuf30CocSO
dqrDtg5yPPTPOXT0TxLSYR7zPbzyyhIZX5Hr
-----END CERTIFICATE-----
Generated at Tue Jul 1 18:06:26 2025 by rpki-client