Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Z9-pCHbukVnLD87CbKvdfqMcjp8.roa
File: Z9-pCHbukVnLD87CbKvdfqMcjp8.roa (raw, json)
Hash identifier: 1VKomI6H8eJxRas/I2A1OFxgdNoUgegMh0Wu5FVC1Ac=
Subject key identifier: 67:DF:A9:08:76:EE:91:59:CB:0F:CE:C2:6C:AB:DD:7E:A3:1C:8E:9F
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 019427B67C933B5AB98CEB2F13500C0BB3F7
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Z9-pCHbukVnLD87CbKvdfqMcjp8.roa
Signing time: Thu 02 Jan 2025 15:50:58 +0000
ROA not before: Thu 02 Jan 2025 15:50:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12874
IP address blocks: 2.16.17.0/24 maxlen: 24
2.19.179.0/24 maxlen: 24
80.67.66.0/24 maxlen: 24
84.53.184.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:7c:93:3b:5a:b9:8c:eb:2f:13:50:0c:0b:b3:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Jan 2 15:50:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67dfa90876ee9159cb0fcec26cabdd7ea31c8e9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7c:c3:eb:73:6e:c4:95:d8:19:9c:b5:66:8a:
6e:e8:75:2a:bd:0c:52:2f:1d:f2:e3:ef:cd:b9:98:
98:b6:a7:94:41:51:22:90:18:fa:9b:1c:dd:83:a3:
76:1a:33:79:d0:47:bd:34:06:cf:69:ed:40:13:0d:
10:cf:5a:1e:d0:60:9d:b2:4e:f9:70:0c:72:a8:65:
7c:5d:c1:9c:20:51:a7:94:27:1c:22:99:4e:29:f0:
d9:5a:42:00:15:ea:23:19:3d:01:ee:19:2d:11:67:
68:a1:07:9a:b3:7d:3b:05:b1:a7:60:06:52:36:f3:
fb:95:fa:5f:69:00:b4:a4:de:ce:3d:39:10:70:01:
cb:10:a0:9f:cb:de:df:b2:c2:50:1d:cc:13:5b:d5:
05:2b:db:6a:1e:0c:66:57:0c:cd:14:46:f9:5c:0e:
5b:42:9d:81:d6:22:51:f9:49:fb:02:bf:80:59:67:
45:96:8e:be:81:2f:0b:6a:fb:c7:4e:2a:ec:02:45:
a2:51:cd:97:df:94:51:af:a3:b6:0d:a4:39:0c:1a:
be:a9:d9:0c:03:64:ff:b9:a7:aa:23:83:17:be:40:
40:b9:38:bf:19:19:64:12:2c:0a:ee:3a:bf:ec:4e:
e2:4a:37:54:b2:2d:3b:39:ad:05:78:85:2d:8a:d0:
1c:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:DF:A9:08:76:EE:91:59:CB:0F:CE:C2:6C:AB:DD:7E:A3:1C:8E:9F
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Z9-pCHbukVnLD87CbKvdfqMcjp8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.16.17.0/24
2.19.179.0/24
80.67.66.0/24
84.53.184.0/24
Signature Algorithm: sha256WithRSAEncryption
85:3d:53:e0:84:58:95:95:48:72:d0:8c:ad:b4:92:55:65:bf:
05:04:47:da:12:41:13:68:c6:b3:9a:d4:aa:ac:a5:bd:df:37:
5a:a7:52:84:fc:a7:12:d7:c7:6f:73:81:a6:ea:1e:70:76:45:
cc:20:60:5c:d0:f5:b1:bf:2d:a0:64:b9:77:38:d9:84:1a:24:
95:ee:57:68:42:8e:7a:7a:2c:c9:97:7c:35:8c:72:74:17:b1:
7c:21:2a:6f:06:b3:d9:54:cc:84:45:f2:d1:07:6a:d5:68:e4:
e8:8e:c2:a7:61:ca:b5:b3:7e:15:c8:0e:4c:5f:4b:6a:08:c0:
be:1d:4f:07:48:12:a0:af:bc:1e:5c:cc:8c:2e:6a:d0:f1:da:
6c:39:87:e0:6d:db:ee:db:fb:65:b9:96:d7:69:fb:ad:e6:c8:
c2:06:9b:28:f2:c1:46:f4:6c:75:25:74:79:a7:9c:90:6f:da:
90:44:2e:7d:7c:4a:1c:57:99:e1:eb:b5:54:af:d1:22:68:7c:
22:8e:18:e9:dc:c0:09:bc:3d:39:03:f6:4c:9f:8a:3b:23:df:
7c:da:bd:af:46:2d:8f:cd:47:b7:68:7d:d3:ed:34:95:0c:48:
2e:7e:a8:c1:9e:26:20:0f:2c:5d:d0:d7:9e:b2:36:1b:b0:6f:
28:2e:92:c7
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQntnyTO1q5jOsvE1AMC7P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTAyMTU1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2RmYTkwODc2ZWU5MTU5Y2IwZmNlYzI2Y2FiZGQ3ZWEzMWM4ZTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXzD63NuxJXYGZy1Zopu6HUqvQxS
Lx3y4+/NuZiYtqeUQVEikBj6mxzdg6N2GjN50Ee9NAbPae1AEw0Qz1oe0GCdsk75
cAxyqGV8XcGcIFGnlCccIplOKfDZWkIAFeojGT0B7hktEWdooQeas307BbGnYAZS
NvP7lfpfaQC0pN7OPTkQcAHLEKCfy97fssJQHcwTW9UFK9tqHgxmVwzNFEb5XA5b
Qp2B1iJR+Un7Ar+AWWdFlo6+gS8LavvHTirsAkWiUc2X35RRr6O2DaQ5DBq+qdkM
A2T/uaeqI4MXvkBAuTi/GRlkEiwK7jq/7E7iSjdUsi07Oa0FeIUtitAcjQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGffqQh27pFZyw/Owmyr3X6jHI6fMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvWjktcENIYnVrVm5MRDg3Q2JLdmRmcU1janA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAAhARAwQA
AhOzAwQAUENCAwQAVDW4MA0GCSqGSIb3DQEBCwUAA4IBAQCFPVPghFiVlUhy0Iyt
tJJVZb8FBEfaEkETaMazmtSqrKW93zdap1KE/KcS18dvc4Gm6h5wdkXMIGBc0PWx
vy2gZLl3ONmEGiSV7ldoQo56eizJl3w1jHJ0F7F8ISpvBrPZVMyERfLRB2rVaOTo
jsKnYcq1s34VyA5MX0tqCMC+HU8HSBKgr7weXMyMLmrQ8dpsOYfgbdvu2/tluZbX
afut5sjCBpso8sFG9Gx1JXR5p5yQb9qQRC59fEocV5nh67VUr9EiaHwijhjp3MAJ
vD05A/ZMn4o7I9982r2vRi2PzUe3aH3T7TSVDEgufqjBniYgDyxd0NeesjYbsG8o
LpLH
-----END CERTIFICATE-----
Generated at Sun Apr 6 20:44:11 2025 by rpki-client