Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qbdx7MO8RSAlwqbxpASsr14cSKA.roa
File: qbdx7MO8RSAlwqbxpASsr14cSKA.roa (raw, json)
Hash identifier: fI2y1jlcbzYlnjfu2Ks9glXIa3iKarC/TwaXWJLy1xA=
Subject key identifier: A9:B7:71:EC:C3:BC:45:20:25:C2:A6:F1:A4:04:AC:AF:5E:1C:48:A0
Certificate issuer: /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial: 0197C7AF480729BF0316F098F6F2F749CB91
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qbdx7MO8RSAlwqbxpASsr14cSKA.roa
Signing time: Tue 01 Jul 2025 20:30:42 +0000
ROA not before: Tue 01 Jul 2025 20:30:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 401152
IP address blocks: 64.188.72.0/24 maxlen: 24
64.188.73.0/24 maxlen: 24
64.188.74.0/24 maxlen: 24
64.188.75.0/24 maxlen: 24
193.23.196.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 01 Jul 2025 21:40:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:c7:af:48:07:29:bf:03:16:f0:98:f6:f2:f7:49:cb:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
Validity
Not Before: Jul 1 20:30:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a9b771ecc3bc452025c2a6f1a404acaf5e1c48a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:41:8e:b1:cc:99:f0:f5:10:2c:f0:72:b1:1d:
94:58:8c:fa:ae:6a:32:e3:29:56:f1:e9:f3:ed:04:
0d:bf:77:c6:86:e4:83:16:18:87:63:0d:95:e8:61:
3a:25:0d:fa:28:7b:92:a4:00:27:23:e6:1e:61:05:
62:9f:08:de:e9:77:b6:1c:78:1d:6a:fd:ef:0e:53:
e8:24:3f:5a:90:ef:6f:3f:0e:fb:8f:62:09:83:46:
e6:e4:91:6d:0e:2d:66:29:df:71:6f:5b:07:f7:1e:
c9:c3:45:9a:8a:bd:c9:ef:43:0d:85:bc:3f:ab:42:
cc:92:cd:96:22:3d:b9:f8:f1:f9:96:6e:90:91:a1:
a4:71:5f:a6:93:14:e4:6c:5e:c5:6c:ab:1d:5f:8a:
0d:de:d5:6e:02:d5:a4:54:bb:e1:79:d9:e7:1b:8d:
15:c8:3f:f3:a6:e2:af:71:bd:39:21:9e:09:e3:28:
02:18:7e:46:91:95:05:f9:1c:55:73:15:93:54:11:
f1:d1:6f:4d:ab:a5:1b:b1:ed:3b:c3:fa:b8:9a:e4:
06:ee:6d:2a:d6:83:2a:28:3f:fa:8f:0e:ab:73:18:
91:21:fb:bd:93:c4:e4:31:fd:c2:4f:6a:34:35:a3:
03:4c:b5:93:d2:24:49:ee:f1:e3:e7:e8:d9:de:d5:
95:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:B7:71:EC:C3:BC:45:20:25:C2:A6:F1:A4:04:AC:AF:5E:1C:48:A0
X509v3 Authority Key Identifier:
keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qbdx7MO8RSAlwqbxpASsr14cSKA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.188.72.0/22
193.23.196.0/24
Signature Algorithm: sha256WithRSAEncryption
18:1d:6e:1b:0d:3e:5a:b2:55:c9:f5:e5:d1:83:88:63:99:f7:
f2:78:31:81:cf:8f:f6:ec:fa:86:23:d0:e1:75:fa:e2:54:a3:
7d:81:00:81:59:2b:35:f1:46:97:ca:53:24:bc:f8:3b:60:7a:
65:68:62:44:fe:d2:2f:86:58:53:d6:e1:b2:4d:13:ee:38:bd:
b9:84:6d:e2:9b:85:cc:a6:ac:d5:f7:58:13:8b:c0:e6:57:9f:
e0:5b:4f:d9:e3:87:d8:2c:4c:9a:5d:01:71:f5:84:bc:05:58:
67:2c:65:50:1c:ad:3e:4f:90:db:75:1f:7a:46:59:97:43:d1:
75:0d:63:cc:8e:1e:a4:be:4c:35:37:3b:6f:e2:83:12:bc:0e:
bd:7c:10:96:90:e5:ec:48:2d:cd:ec:46:c4:f7:66:23:2f:a0:
e6:af:21:00:1e:6d:06:79:89:c3:4d:50:ba:cb:55:fc:37:71:
6f:35:70:54:b7:3b:ce:bb:21:20:5e:e5:9c:11:df:5b:44:7d:
7b:a7:0e:66:c2:3d:b8:99:1a:20:f8:63:25:ff:61:79:cb:86:
69:c6:9a:d5:d0:60:d0:83:ce:26:c1:82:37:80:df:89:5a:d7:
5b:4c:02:65:d4:8d:bd:90:92:14:96:e4:e1:d9:a5:91:9e:26:
54:3b:d7:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfHr0gHKb8DFvCY9vL3ScuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUwNzAxMjAzMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWI3NzFlY2MzYmM0NTIwMjVjMmE2ZjFhNDA0YWNhZjVlMWM0OGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUGOscyZ8PUQLPBysR2UWIz6rmoy
4ylW8enz7QQNv3fGhuSDFhiHYw2V6GE6JQ36KHuSpAAnI+YeYQVinwje6Xe2HHgd
av3vDlPoJD9akO9vPw77j2IJg0bm5JFtDi1mKd9xb1sH9x7Jw0Wair3J70MNhbw/
q0LMks2WIj25+PH5lm6QkaGkcV+mkxTkbF7FbKsdX4oN3tVuAtWkVLvhednnG40V
yD/zpuKvcb05IZ4J4ygCGH5GkZUF+RxVcxWTVBHx0W9Nq6Ubse07w/q4muQG7m0q
1oMqKD/6jw6rcxiRIfu9k8TkMf3CT2o0NaMDTLWT0iRJ7vHj5+jZ3tWVXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKm3cezDvEUgJcKm8aQErK9eHEigMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcWJkeDdNTzhSU0Fsd3FieHBBU3NyMTRjU0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCQLxIAwQA
wRfEMA0GCSqGSIb3DQEBCwUAA4IBAQAYHW4bDT5aslXJ9eXRg4hjmffyeDGBz4/2
7PqGI9DhdfriVKN9gQCBWSs18UaXylMkvPg7YHplaGJE/tIvhlhT1uGyTRPuOL25
hG3im4XMpqzV91gTi8DmV5/gW0/Z44fYLEyaXQFx9YS8BVhnLGVQHK0+T5DbdR96
RlmXQ9F1DWPMjh6kvkw1Nztv4oMSvA69fBCWkOXsSC3N7EbE92YjL6DmryEAHm0G
eYnDTVC6y1X8N3FvNXBUtzvOuyEgXuWcEd9bRH17pw5mwj24mRog+GMl/2F5y4Zp
xprV0GDQg84mwYI3gN+JWtdbTAJl1I29kJIUluTh2aWRniZUO9f+
-----END CERTIFICATE-----
Generated at Wed Jul 2 14:17:35 2025 by rpki-client