Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/oy617U6wjQOrPVW_MM7cDRvk-88.roa
File: oy617U6wjQOrPVW_MM7cDRvk-88.roa (raw, json)
Hash identifier: SR4/jIr9jywxSAh/giAcTnmMy1O4rp13bVl0yXgxlPg=
Subject key identifier: A3:2E:B5:ED:4E:B0:8D:03:AB:3D:55:BF:30:CE:DC:0D:1B:E4:FB:CF
Certificate issuer: /CN=e47e3c9a951f1b158113ab7c3df19dfc336d9eef
Certificate serial: 0196A4EF90093FC14C5BDAFC5B74ADC1167B
Authority key identifier: E4:7E:3C:9A:95:1F:1B:15:81:13:AB:7C:3D:F1:9D:FC:33:6D:9E:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5H48mpUfGxWBE6t8PfGd_DNtnu8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/oy617U6wjQOrPVW_MM7cDRvk-88.roa
Signing time: Tue 06 May 2025 09:31:25 +0000
ROA not before: Tue 06 May 2025 09:31:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205664
IP address blocks: 151.156.248.0/22 maxlen: 22
151.156.253.0/24 maxlen: 24
151.156.254.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 07 May 2025 08:41:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:a4:ef:90:09:3f:c1:4c:5b:da:fc:5b:74:ad:c1:16:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e47e3c9a951f1b158113ab7c3df19dfc336d9eef
Validity
Not Before: May 6 09:31:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a32eb5ed4eb08d03ab3d55bf30cedc0d1be4fbcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:fd:5e:a0:08:64:3d:61:79:5b:0b:1e:e1:33:
93:87:11:a8:e4:bc:5d:0e:94:22:f8:56:dd:95:c5:
83:1f:61:7a:88:9a:b6:de:6c:e2:12:09:9d:d7:a7:
5f:27:5a:96:a2:6b:40:be:9c:5b:7d:fc:87:71:37:
ac:44:3f:1e:fc:c3:10:2f:9b:e0:37:71:78:eb:f8:
9d:e4:a8:f5:d0:4f:32:00:0c:70:9a:f9:3d:43:a4:
c5:38:5b:1c:5e:f0:bd:2a:07:f0:f8:ff:0b:88:46:
09:9f:52:d2:60:43:b8:4b:53:2d:ac:8a:93:59:d5:
e6:42:da:86:a9:9b:9c:7a:61:84:9a:18:8f:5b:3b:
cb:60:f1:31:5d:38:89:53:ae:79:4f:1f:99:b0:f0:
3f:1b:f1:ba:dd:de:b4:bc:46:08:c5:38:99:3d:39:
44:ad:94:c1:ec:a6:32:d1:1b:e9:df:4f:a9:89:53:
86:f0:76:cc:06:08:a3:b0:59:08:ce:e9:7d:d3:24:
0d:bb:d0:d5:ca:a4:9c:27:ac:2e:cd:60:ec:f0:2b:
37:dd:1a:dd:2c:f6:db:08:6b:d1:3d:d0:2e:b6:43:
ee:4d:89:4c:5c:25:dd:a7:d3:0d:db:2e:ad:f6:fc:
5e:fa:8e:d0:f1:65:5d:5a:d7:f4:bc:c9:b7:d4:35:
37:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:2E:B5:ED:4E:B0:8D:03:AB:3D:55:BF:30:CE:DC:0D:1B:E4:FB:CF
X509v3 Authority Key Identifier:
keyid:E4:7E:3C:9A:95:1F:1B:15:81:13:AB:7C:3D:F1:9D:FC:33:6D:9E:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5H48mpUfGxWBE6t8PfGd_DNtnu8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/oy617U6wjQOrPVW_MM7cDRvk-88.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/60aed1-6f74-43a9-976f-7ed5e31ae44f/1/5H48mpUfGxWBE6t8PfGd_DNtnu8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.156.248.0/22
151.156.253.0-151.156.254.255
Signature Algorithm: sha256WithRSAEncryption
82:ef:e0:90:b4:d8:98:73:69:5c:e4:5b:28:6f:c3:d4:03:a8:
01:72:a6:16:75:df:98:dd:b2:8f:5b:e3:b9:4b:c2:37:64:34:
6e:20:77:01:7f:0f:cf:46:9f:87:65:e8:84:2a:40:0d:58:65:
4d:75:37:a2:b5:de:2b:32:4c:3a:a1:bb:4c:bc:e3:a3:fb:fd:
0c:f4:8e:20:5f:de:c5:67:a3:5d:7f:d9:b9:19:ea:b9:15:e0:
2e:3d:5e:9d:2b:b9:07:93:4b:e1:b0:e2:b2:dd:57:e4:e1:c6:
86:f1:25:9f:91:ff:b3:d9:11:e0:8b:ce:6e:14:4f:ab:ad:64:
6e:4f:5c:44:e1:38:6d:37:25:85:be:9e:28:50:df:1a:b1:58:
a7:24:60:00:b6:df:b2:bc:34:eb:56:6f:8a:a2:3a:42:ea:0f:
54:ad:36:91:bc:35:44:ca:6f:6c:d3:93:28:b1:99:34:2c:85:
77:cb:0f:3e:3a:e7:55:26:55:58:f9:dc:59:15:71:90:04:bb:
06:03:cf:17:3c:50:cb:76:9b:47:b5:66:ac:a6:7a:1c:17:10:
86:58:c0:6f:53:88:9b:76:b1:51:4e:b9:dd:d3:5e:fd:78:25:
a1:23:d0:54:74:db:f0:c3:28:89:9b:9f:26:f5:65:83:0b:92:
8b:49:56:e2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZak75AJP8FMW9r8W3StwRZ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0N2UzYzlhOTUxZjFiMTU4MTEzYWI3YzNkZjE5ZGZjMzM2
ZDllZWYwHhcNMjUwNTA2MDkzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzJlYjVlZDRlYjA4ZDAzYWIzZDU1YmYzMGNlZGMwZDFiZTRmYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf1eoAhkPWF5Wwse4TOThxGo5Lxd
DpQi+FbdlcWDH2F6iJq23mziEgmd16dfJ1qWomtAvpxbffyHcTesRD8e/MMQL5vg
N3F46/id5Kj10E8yAAxwmvk9Q6TFOFscXvC9Kgfw+P8LiEYJn1LSYEO4S1MtrIqT
WdXmQtqGqZucemGEmhiPWzvLYPExXTiJU655Tx+ZsPA/G/G63d60vEYIxTiZPTlE
rZTB7KYy0Rvp30+piVOG8HbMBgijsFkIzul90yQNu9DVyqScJ6wuzWDs8Cs33Rrd
LPbbCGvRPdAutkPuTYlMXCXdp9MN2y6t9vxe+o7Q8WVdWtf0vMm31DU3uwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKMute1OsI0Dqz1VvzDO3A0b5PvPMB8GA1UdIwQY
MBaAFOR+PJqVHxsVgROrfD3xnfwzbZ7vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUg0OG1wVWZHeFdCRTZ0OFBmR2RfRE50bnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MGFlZDEtNmY3NC00M2E5LTk3NmYt
N2VkNWUzMWFlNDRmLzEvb3k2MTdVNndqUU9yUFZXX01NN2NEUnZrLTg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MGFlZDEtNmY3NC00M2E5LTk3NmYtN2VkNWUzMWFlNDRm
LzEvNUg0OG1wVWZHeFdCRTZ0OFBmR2RfRE50bnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCl5z4MAwD
BACXnP0DBACXnP4wDQYJKoZIhvcNAQELBQADggEBAILv4JC02JhzaVzkWyhvw9QD
qAFyphZ135jdso9b47lLwjdkNG4gdwF/D89Gn4dl6IQqQA1YZU11N6K13isyTDqh
u0y846P7/Qz0jiBf3sVno11/2bkZ6rkV4C49Xp0ruQeTS+Gw4rLdV+ThxobxJZ+R
/7PZEeCLzm4UT6utZG5PXEThOG03JYW+nihQ3xqxWKckYAC237K8NOtWb4qiOkLq
D1StNpG8NUTKb2zTkyixmTQshXfLDz4651UmVVj53FkVcZAEuwYDzxc8UMt2m0e1
ZqymehwXEIZYwG9TiJt2sVFOud3TXv14JaEj0FR02/DDKImbnyb1ZYMLkotJVuI=
-----END CERTIFICATE-----
Generated at Mon May 12 11:08:55 2025 by rpki-client