Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/P7jpQYz_dktvYEApQ1HG4zZwUEc.roa
File: P7jpQYz_dktvYEApQ1HG4zZwUEc.roa (raw, json)
Hash identifier: NEeXpDKrquu4iF+gLfu51Lrnztx6B+hCuEcppqklv9o=
Subject key identifier: 3F:B8:E9:41:8C:FF:76:4B:6F:60:40:29:43:51:C6:E3:36:70:50:47
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 019427B670DF300D01A58A7800FEE1CF7AB9
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/P7jpQYz_dktvYEApQ1HG4zZwUEc.roa
Signing time: Thu 02 Jan 2025 15:50:55 +0000
ROA not before: Thu 02 Jan 2025 15:50:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 37.26.112.0/20 maxlen: 20
81.200.64.0/20 maxlen: 20
93.191.168.0/21 maxlen: 21
93.191.173.0/24 maxlen: 24
94.127.72.0/21 maxlen: 21
95.100.147.0/24 maxlen: 24
194.35.38.0/23 maxlen: 23
2a02:2370:fe::/47 maxlen: 48
2a0b:35c0::/29 maxlen: 31
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:70:df:30:0d:01:a5:8a:78:00:fe:e1:cf:7a:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Jan 2 15:50:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3fb8e9418cff764b6f6040294351c6e336705047
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:7e:a9:71:c8:da:bd:a2:a8:78:a4:e2:4a:b5:
be:b1:09:0d:78:8b:59:87:98:39:19:6a:ab:14:8e:
2d:aa:a1:df:fc:1b:4a:74:f3:9f:21:77:fc:cd:00:
d3:76:f6:09:8b:5a:46:47:29:30:e5:f9:fc:e7:58:
d4:55:c2:58:59:02:40:3e:48:2d:d9:3c:4a:e3:96:
5f:d7:f2:03:77:91:41:59:c5:d2:11:72:7e:e8:a6:
41:6a:fc:b4:ca:f4:27:c3:cf:98:ea:7e:90:a8:48:
37:83:d1:5f:51:0c:e6:49:cf:11:76:63:ee:ee:6d:
77:fc:e2:80:8c:ea:47:f1:d1:0a:e5:fe:e1:01:d7:
33:c7:15:b6:ea:4e:f2:c1:40:5f:78:08:01:88:57:
8e:eb:ca:2a:32:cf:08:b3:57:98:08:2c:45:01:24:
ff:7f:16:0e:a6:bc:00:8e:01:21:33:57:3d:6d:21:
55:21:47:e1:2a:27:2d:c2:16:1c:54:51:d1:e8:fe:
91:22:7c:ca:7a:a1:7b:d8:26:11:24:fd:f4:d4:bb:
3c:d8:a2:54:6e:f1:33:18:5f:43:42:5f:d4:b6:f8:
99:59:6e:38:b1:51:c1:ee:d4:22:55:c5:bf:fc:1c:
47:f5:db:a8:83:48:b8:e3:d5:70:99:ec:4b:a9:59:
64:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:B8:E9:41:8C:FF:76:4B:6F:60:40:29:43:51:C6:E3:36:70:50:47
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/P7jpQYz_dktvYEApQ1HG4zZwUEc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.26.112.0/20
81.200.64.0/20
93.191.168.0/21
94.127.72.0/21
95.100.147.0/24
194.35.38.0/23
IPv6:
2a02:2370:fe::/47
2a0b:35c0::/29
Signature Algorithm: sha256WithRSAEncryption
8d:38:0d:16:13:43:f5:d0:c0:55:5e:a1:1e:02:62:b6:cd:ad:
0e:83:3b:1a:9b:50:45:c7:7b:6b:1b:d8:16:6b:c9:18:fd:ae:
ac:db:c5:8c:6d:3a:c5:8c:2f:f2:a1:74:c3:a6:6c:6d:4d:71:
c8:8e:43:0f:46:46:a5:d5:9c:34:fb:f5:18:4e:9c:62:dc:d8:
7e:04:bc:bc:7a:a5:4d:0c:23:d5:39:28:28:02:b5:62:f2:85:
e6:65:33:4f:aa:02:19:ba:e4:89:82:da:d4:97:06:42:db:6c:
fe:30:d6:ee:55:f6:7a:c2:46:8b:61:83:75:19:10:b3:0b:3b:
01:27:ed:ab:6a:28:58:8c:44:53:00:fb:d2:ba:e1:7b:6d:72:
39:2b:36:f1:2e:f3:29:fe:4b:70:fa:43:f4:38:26:cb:d2:c3:
fa:88:d0:5e:d2:3f:65:7f:7b:72:48:8e:aa:c1:85:00:23:bf:
43:06:b1:00:45:1f:01:05:a8:b7:bd:5f:e2:ea:3c:d6:f0:3c:
36:5e:eb:9f:08:17:06:a4:75:3b:62:d8:ec:35:66:bc:3e:9e:
a7:38:71:50:6f:f8:5b:c1:7e:86:91:82:7a:bf:9b:0a:b0:c2:
eb:36:58:ae:e0:19:cd:cb:58:ca:21:30:99:07:66:62:ab:0f:
7d:05:1f:e5
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQntnDfMA0BpYp4AP7hz3q5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI4ZTk0MThjZmY3NjRiNmY2MDQwMjk0MzUxYzZlMzM2NzA1MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH6pccjavaKoeKTiSrW+sQkNeItZ
h5g5GWqrFI4tqqHf/BtKdPOfIXf8zQDTdvYJi1pGRykw5fn851jUVcJYWQJAPkgt
2TxK45Zf1/IDd5FBWcXSEXJ+6KZBavy0yvQnw8+Y6n6QqEg3g9FfUQzmSc8RdmPu
7m13/OKAjOpH8dEK5f7hAdczxxW26k7ywUBfeAgBiFeO68oqMs8Is1eYCCxFAST/
fxYOprwAjgEhM1c9bSFVIUfhKictwhYcVFHR6P6RInzKeqF72CYRJP301Ls82KJU
bvEzGF9DQl/UtviZWW44sVHB7tQiVcW//BxH9duog0i449VwmexLqVlk/QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFD+46UGM/3ZLb2BAKUNRxuM2cFBHMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvUDdqcFFZel9ka3R2WUVBcFExSEc0elp3VUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAqBAIAATAkAwQEJRpwAwQE
UchAAwQDXb+oAwQDXn9IAwQAX2STAwQBwiMmMBYEAgACMBADBwEqAiNwAP4DBQMq
CzXAMA0GCSqGSIb3DQEBCwUAA4IBAQCNOA0WE0P10MBVXqEeAmK2za0Ogzsam1BF
x3trG9gWa8kY/a6s28WMbTrFjC/yoXTDpmxtTXHIjkMPRkal1Zw0+/UYTpxi3Nh+
BLy8eqVNDCPVOSgoArVi8oXmZTNPqgIZuuSJgtrUlwZC22z+MNbuVfZ6wkaLYYN1
GRCzCzsBJ+2raihYjERTAPvSuuF7bXI5KzbxLvMp/ktw+kP0OCbL0sP6iNBe0j9l
f3tySI6qwYUAI79DBrEARR8BBai3vV/i6jzW8Dw2XuufCBcGpHU7YtjsNWa8Pp6n
OHFQb/hbwX6GkYJ6v5sKsMLrNliu4BnNy1jKITCZB2Ziqw99BR/l
-----END CERTIFICATE-----
Generated at Tue Apr 8 15:17:23 2025 by rpki-client