Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GFr7UBX6iJzuk3QNYezNH9nMYLM.roa
File: GFr7UBX6iJzuk3QNYezNH9nMYLM.roa (raw, json)
Hash identifier: Uvc1bnFdC+Oxlb8U6k5xu2ocRNkTTk7gmY5jI1PYJDs=
Subject key identifier: 18:5A:FB:50:15:FA:88:9C:EE:93:74:0D:61:EC:CD:1F:D9:CC:60:B3
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01965A52B23331297B8A9F7F24EAAABE0A8B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GFr7UBX6iJzuk3QNYezNH9nMYLM.roa
Signing time: Mon 21 Apr 2025 21:48:10 +0000
ROA not before: Mon 21 Apr 2025 21:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215287
IP address blocks: 109.176.193.0/24 maxlen: 24
213.130.135.0/24 maxlen: 24
213.210.62.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 28 Apr 2025 08:41:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:5a:52:b2:33:31:29:7b:8a:9f:7f:24:ea:aa:be:0a:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 21 21:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=185afb5015fa889cee93740d61eccd1fd9cc60b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:94:c9:3a:b3:92:d5:6c:80:47:dc:e5:13:a7:
c6:bf:9e:31:40:21:50:5e:ff:b5:48:f6:c2:e0:3e:
43:c1:16:9f:fc:88:99:67:fd:cc:0b:a3:2f:e8:54:
e4:15:d3:34:4e:52:bc:14:d0:93:ff:56:1c:ca:6f:
ab:c8:2c:e1:ab:8d:22:86:3b:5d:2b:e8:6e:0c:ee:
e9:63:44:d5:f7:a8:2c:64:f0:ab:3e:d3:59:71:ce:
dc:c0:56:af:71:47:f4:be:8a:b8:4e:0a:73:c0:f9:
bb:f1:d7:4e:61:ce:fe:eb:06:75:90:15:4e:8a:f3:
3f:f9:d1:1c:3c:50:5c:ae:8e:cd:37:08:a0:62:73:
3f:f4:6a:a3:67:c8:e4:cc:e5:a2:da:a3:43:fb:cc:
70:79:02:fa:60:e3:fe:e3:6f:d5:e8:09:a4:5a:59:
ed:09:a1:1c:29:6c:17:14:79:37:c9:d7:b3:5a:fa:
91:33:77:ff:fa:b8:a6:7f:89:76:1f:32:84:6c:6a:
4e:41:d6:b0:af:72:2e:6a:01:13:9e:73:72:e2:b0:
71:21:6c:24:26:4e:b2:c2:93:c0:f7:fa:56:b7:3e:
07:fc:2e:96:59:e1:e8:ce:12:f4:8e:c9:b9:b0:e5:
ca:f4:22:7b:4f:93:5f:c7:2a:1f:0c:bf:a2:ff:59:
7a:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:5A:FB:50:15:FA:88:9C:EE:93:74:0D:61:EC:CD:1F:D9:CC:60:B3
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/GFr7UBX6iJzuk3QNYezNH9nMYLM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.176.193.0/24
213.130.135.0/24
213.210.62.0/24
Signature Algorithm: sha256WithRSAEncryption
55:22:2e:62:9f:fe:44:ee:50:01:79:5f:ab:34:7b:8d:b4:56:
22:e1:40:c7:2f:26:31:28:9b:3d:68:99:98:01:57:b9:7f:78:
a4:ee:c5:8a:2c:33:b4:34:6e:c0:d0:a8:f7:0b:ce:10:31:4b:
2f:85:e9:fb:7d:c7:45:5d:e3:13:e4:55:17:c7:26:d3:a6:a7:
8a:ae:9b:34:5a:3b:ba:fa:87:b7:76:f0:67:09:1a:01:63:7c:
a3:b4:34:51:04:f4:79:e8:d8:3c:a9:1a:94:7a:37:b0:6a:ec:
1e:fd:38:1f:cb:d1:98:28:de:76:8e:ea:e8:20:4f:10:c7:3a:
32:d8:53:aa:a9:ac:29:02:cf:22:17:a1:dd:55:f2:72:cf:a6:
d7:7d:e1:f7:19:51:a0:82:6c:7f:8e:3c:ea:d3:49:08:5c:33:
d6:39:c3:ea:c6:80:99:15:0b:dc:e9:8b:ff:85:ca:6b:5c:4c:
01:10:f3:33:b7:5f:1a:c5:dd:f6:07:87:84:72:5c:a3:72:c3:
9c:66:9f:64:ae:d2:96:bc:fe:e0:c7:72:b9:db:08:17:49:28:
86:21:06:8f:a5:a7:9f:1a:69:2e:73:aa:8d:7f:13:3e:fc:34:
96:03:4c:49:94:1e:33:64:e9:d5:a2:e1:39:ac:06:bf:23:80:
0e:36:7a:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZaUrIzMSl7ip9/JOqqvgqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDIxMjE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODVhZmI1MDE1ZmE4ODljZWU5Mzc0MGQ2MWVjY2QxZmQ5Y2M2MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5TJOrOS1WyAR9zlE6fGv54xQCFQ
Xv+1SPbC4D5DwRaf/IiZZ/3MC6Mv6FTkFdM0TlK8FNCT/1Ycym+ryCzhq40ihjtd
K+huDO7pY0TV96gsZPCrPtNZcc7cwFavcUf0voq4TgpzwPm78ddOYc7+6wZ1kBVO
ivM/+dEcPFBcro7NNwigYnM/9GqjZ8jkzOWi2qND+8xweQL6YOP+42/V6AmkWlnt
CaEcKWwXFHk3ydezWvqRM3f/+rimf4l2HzKEbGpOQdawr3IuagETnnNy4rBxIWwk
Jk6ywpPA9/pWtz4H/C6WWeHozhL0jsm5sOXK9CJ7T5NfxyofDL+i/1l6qQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBha+1AV+oic7pN0DWHszR/ZzGCzMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvR0ZyN1VCWDZpSnp1azNRTlllek5IOW5NWUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAbbDBAwQA
1YKHAwQA1dI+MA0GCSqGSIb3DQEBCwUAA4IBAQBVIi5in/5E7lABeV+rNHuNtFYi
4UDHLyYxKJs9aJmYAVe5f3ik7sWKLDO0NG7A0Kj3C84QMUsvhen7fcdFXeMT5FUX
xybTpqeKrps0Wju6+oe3dvBnCRoBY3yjtDRRBPR56Ng8qRqUejewauwe/Tgfy9GY
KN52juroIE8Qxzoy2FOqqawpAs8iF6HdVfJyz6bXfeH3GVGggmx/jjzq00kIXDPW
OcPqxoCZFQvc6Yv/hcprXEwBEPMzt18axd32B4eEclyjcsOcZp9krtKWvP7gx3K5
2wgXSSiGIQaPpaefGmkuc6qNfxM+/DSWA0xJlB4zZOnVouE5rAa/I4AONno4
-----END CERTIFICATE-----
Generated at Sat May 17 02:26:05 2025 by rpki-client