Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/MQ9I67C6MUwfQzvk4DuSGpDsBdg.roa
File: MQ9I67C6MUwfQzvk4DuSGpDsBdg.roa (raw, json)
Hash identifier: nQba/tkookJK+ZQVFWSA10f4GofHIK4b5Nnz9E2aPIc=
Subject key identifier: 31:0F:48:EB:B0:BA:31:4C:1F:43:3B:E4:E0:3B:92:1A:90:EC:05:D8
Certificate issuer: /CN=6676dff61a8305675977e86f52eee6745d6428f4
Certificate serial: 01957FE9BE507C000C6F8C4F151C9B5F8077
Authority key identifier: 66:76:DF:F6:1A:83:05:67:59:77:E8:6F:52:EE:E6:74:5D:64:28:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Znbf9hqDBWdZd-hvUu7mdF1kKPQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/MQ9I67C6MUwfQzvk4DuSGpDsBdg.roa
Signing time: Mon 10 Mar 2025 11:56:19 +0000
ROA not before: Mon 10 Mar 2025 11:56:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200845
IP address blocks: 45.66.64.0/22 maxlen: 24
92.119.108.0/22 maxlen: 24
152.89.100.0/22 maxlen: 24
185.29.68.0/22 maxlen: 24
185.69.8.0/22 maxlen: 24
185.88.52.0/22 maxlen: 24
185.110.76.0/22 maxlen: 24
185.223.240.0/22 maxlen: 24
185.227.8.0/22 maxlen: 24
2a04:41c0::/29 maxlen: 56
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:7f:e9:be:50:7c:00:0c:6f:8c:4f:15:1c:9b:5f:80:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6676dff61a8305675977e86f52eee6745d6428f4
Validity
Not Before: Mar 10 11:56:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=310f48ebb0ba314c1f433be4e03b921a90ec05d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:06:e4:8f:30:6e:3c:d4:c7:10:f5:da:ad:0b:
91:4d:f9:81:d6:f9:fb:49:ef:e7:43:16:26:80:53:
fd:3c:10:d0:f5:2e:c7:f0:11:26:8e:83:1b:09:cd:
9f:0e:26:23:65:ea:52:34:74:9e:a8:fb:e7:dd:32:
7e:4f:2b:27:01:2c:91:1d:3d:b9:82:a0:de:48:59:
e7:be:e2:cd:28:e8:3b:83:21:a4:18:06:5b:e7:06:
0b:5f:3b:21:9d:1b:8a:83:87:9a:54:f1:30:35:d3:
d1:8c:20:20:b4:5e:7f:50:b7:06:df:16:ae:8f:58:
17:5c:eb:48:77:b1:43:bb:32:40:dd:e5:4b:62:b8:
b6:7d:6f:eb:d9:9b:a1:bf:8f:ee:86:ed:fb:8d:9a:
32:e0:33:96:03:b7:57:c7:27:66:f3:13:c3:0a:44:
e1:eb:54:e8:b1:12:29:70:9f:59:5a:4c:84:31:97:
6d:5e:d8:8a:24:87:15:31:21:dc:28:91:c8:dd:6c:
ae:39:a5:84:a0:d0:78:da:66:d6:54:0a:03:68:31:
04:b6:a6:ac:14:1c:c2:30:66:e1:8c:95:7e:4d:30:
64:ab:ac:d0:b2:00:e9:29:bf:bd:b9:6c:a3:7a:c8:
a3:27:0d:8b:f2:7c:a9:85:a7:46:3a:ef:7b:11:93:
bd:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:0F:48:EB:B0:BA:31:4C:1F:43:3B:E4:E0:3B:92:1A:90:EC:05:D8
X509v3 Authority Key Identifier:
keyid:66:76:DF:F6:1A:83:05:67:59:77:E8:6F:52:EE:E6:74:5D:64:28:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Znbf9hqDBWdZd-hvUu7mdF1kKPQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/MQ9I67C6MUwfQzvk4DuSGpDsBdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/6cb23e-7c65-46b3-9b6d-7c6635da892d/1/Znbf9hqDBWdZd-hvUu7mdF1kKPQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.64.0/22
92.119.108.0/22
152.89.100.0/22
185.29.68.0/22
185.69.8.0/22
185.88.52.0/22
185.110.76.0/22
185.223.240.0/22
185.227.8.0/22
IPv6:
2a04:41c0::/29
Signature Algorithm: sha256WithRSAEncryption
90:60:99:5d:b5:65:68:80:ca:11:89:7f:29:20:00:a5:0f:50:
a2:c9:75:6f:b1:fd:98:ab:99:9b:98:51:2f:8c:9f:f7:1e:24:
d2:27:88:ab:4e:ec:83:9a:b7:c4:df:b9:a6:85:1f:34:13:5c:
ef:a1:ee:e7:b6:c3:4d:d6:e2:16:fa:89:45:e8:d1:b2:1f:80:
42:f8:6b:58:aa:96:fd:6b:7e:7f:cf:1a:db:a5:d9:22:2a:05:
52:9b:7d:f3:94:5b:90:7b:9e:55:39:02:4c:bc:b0:ec:ec:fe:
ea:3c:23:56:ad:4a:55:e2:72:30:d0:f8:91:66:25:72:4f:0a:
e1:8e:19:dd:44:05:85:3e:1b:b9:a0:be:47:d5:6a:4f:00:98:
3f:c9:c4:f6:07:5c:a8:4a:2f:55:70:53:8d:73:c9:0d:33:59:
59:c3:57:af:e8:d2:c7:6a:cb:eb:1e:0c:4c:14:ea:eb:a9:8b:
a7:f1:9d:26:a5:a2:37:bb:b6:72:a1:d3:6d:e4:ad:2d:0b:1f:
5e:10:9e:b1:bb:18:c4:a7:e3:dd:8d:16:fc:f0:26:b7:2d:96:
f5:c0:5b:c9:87:12:52:df:aa:a3:cb:b2:e6:c6:86:87:ed:22:
fa:39:9b:96:a8:ef:e3:e9:fb:ad:79:87:9c:5a:2c:26:5e:b0:
12:dc:0a:03
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAZV/6b5QfAAMb4xPFRybX4B3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NzZkZmY2MWE4MzA1Njc1OTc3ZTg2ZjUyZWVlNjc0NWQ2
NDI4ZjQwHhcNMjUwMzEwMTE1NjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTBmNDhlYmIwYmEzMTRjMWY0MzNiZTRlMDNiOTIxYTkwZWMwNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAbkjzBuPNTHEPXarQuRTfmB1vn7
Se/nQxYmgFP9PBDQ9S7H8BEmjoMbCc2fDiYjZepSNHSeqPvn3TJ+TysnASyRHT25
gqDeSFnnvuLNKOg7gyGkGAZb5wYLXzshnRuKg4eaVPEwNdPRjCAgtF5/ULcG3xau
j1gXXOtId7FDuzJA3eVLYri2fW/r2Zuhv4/uhu37jZoy4DOWA7dXxydm8xPDCkTh
61TosRIpcJ9ZWkyEMZdtXtiKJIcVMSHcKJHI3WyuOaWEoNB42mbWVAoDaDEEtqas
FBzCMGbhjJV+TTBkq6zQsgDpKb+9uWyjesijJw2L8nyphadGOu97EZO96QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFDEPSOuwujFMH0M75OA7khqQ7AXYMB8GA1UdIwQY
MBaAFGZ23/YagwVnWXfob1Lu5nRdZCj0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm5iZjlocURCV2RaZC1odlV1N21kRjFrS1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy82Y2IyM2UtN2M2NS00NmIzLTliNmQt
N2M2NjM1ZGE4OTJkLzEvTVE5STY3QzZNVXdmUXp2azREdVNHcERzQmRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy82Y2IyM2UtN2M2NS00NmIzLTliNmQtN2M2NjM1ZGE4OTJk
LzEvWm5iZjlocURCV2RaZC1odlV1N21kRjFrS1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQCLUJAAwQC
XHdsAwQCmFlkAwQCuR1EAwQCuUUIAwQCuVg0AwQCuW5MAwQCud/wAwQCueMIMA0E
AgACMAcDBQMqBEHAMA0GCSqGSIb3DQEBCwUAA4IBAQCQYJldtWVogMoRiX8pIACl
D1CiyXVvsf2Yq5mbmFEvjJ/3HiTSJ4irTuyDmrfE37mmhR80E1zvoe7ntsNN1uIW
+olF6NGyH4BC+GtYqpb9a35/zxrbpdkiKgVSm33zlFuQe55VOQJMvLDs7P7qPCNW
rUpV4nIw0PiRZiVyTwrhjhndRAWFPhu5oL5H1WpPAJg/ycT2B1yoSi9VcFONc8kN
M1lZw1ev6NLHasvrHgxMFOrrqYun8Z0mpaI3u7ZyodNt5K0tCx9eEJ6xuxjEp+Pd
jRb88Ca3LZb1wFvJhxJS36qjy7LmxoaH7SL6OZuWqO/j6futeYecWiwmXrAS3AoD
-----END CERTIFICATE-----
Generated at Tue Apr 22 00:08:10 2025 by rpki-client