Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Q-cb4AjNFoWCznmTrkTd9_2MtQ8.roa
File: Q-cb4AjNFoWCznmTrkTd9_2MtQ8.roa (raw, json)
Hash identifier: 2USY3xNUmziDvmtALMRGKfhIKkZceNSRez2thcTQVsI=
Subject key identifier: 43:E7:1B:E0:08:CD:16:85:82:CE:79:93:AE:44:DD:F7:FD:8C:B5:0F
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 019425FCE2B3EA108E08AEC5B998A45EA054
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Q-cb4AjNFoWCznmTrkTd9_2MtQ8.roa
Signing time: Thu 02 Jan 2025 07:48:37 +0000
ROA not before: Thu 02 Jan 2025 07:48:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 64200
IP address blocks: 45.67.147.0/24 maxlen: 24
63.246.136.0/24 maxlen: 24
63.246.139.0/24 maxlen: 24
63.246.142.0/24 maxlen: 24
63.246.145.0/24 maxlen: 24
63.246.146.0/23 maxlen: 23
63.246.149.0/24 maxlen: 24
185.171.124.0/24 maxlen: 24
185.171.125.0/24 maxlen: 24
185.171.127.0/24 maxlen: 24
185.198.88.0/24 maxlen: 24
185.205.206.0/24 maxlen: 24
192.145.68.0/24 maxlen: 24
212.60.18.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:e2:b3:ea:10:8e:08:ae:c5:b9:98:a4:5e:a0:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Jan 2 07:48:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=43e71be008cd168582ce7993ae44ddf7fd8cb50f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d1:35:4c:e3:56:c7:7d:0a:75:2f:54:81:e2:
39:8f:e6:26:39:59:f4:38:ef:54:ff:90:10:e1:6e:
f3:1f:a1:ac:94:5b:e7:6e:86:47:bd:4f:b1:7c:0f:
dd:39:35:94:ca:3f:e0:13:45:7f:9a:57:47:59:6e:
91:47:d4:84:f3:d1:ea:1d:df:e7:97:8c:d5:b3:dd:
8c:f5:51:2e:cb:c9:75:a8:5c:5f:64:33:09:b4:6c:
18:9b:7a:36:96:3b:fc:a2:a4:4e:65:7a:fb:dc:9a:
bb:0f:2c:2c:83:f3:f5:89:1d:fc:3c:53:f1:96:a6:
1a:a8:1c:4f:ec:18:3b:87:c4:f6:7b:5b:d7:9f:60:
30:ab:27:ae:0c:de:d2:1e:cd:a3:6b:f3:b5:53:a3:
11:3c:7e:0e:39:11:e1:a4:f7:e5:f7:43:38:5f:a9:
3d:e8:f8:27:d3:65:60:b6:40:3d:f4:9e:c2:df:59:
b2:ab:22:3a:33:a7:4d:27:11:72:14:37:09:d5:5c:
5d:bd:27:11:30:4d:d4:2a:1e:39:de:6f:78:bd:82:
d5:85:d0:6a:d0:92:2b:fa:83:31:9f:80:3a:cc:9c:
1e:6a:49:ea:43:c2:c2:16:ec:e3:12:1c:8e:ef:07:
31:7a:02:a0:8e:53:2e:f8:ca:cc:f2:e5:aa:c7:fb:
12:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:E7:1B:E0:08:CD:16:85:82:CE:79:93:AE:44:DD:F7:FD:8C:B5:0F
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/Q-cb4AjNFoWCznmTrkTd9_2MtQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.147.0/24
63.246.136.0/24
63.246.139.0/24
63.246.142.0/24
63.246.145.0-63.246.147.255
63.246.149.0/24
185.171.124.0/23
185.171.127.0/24
185.198.88.0/24
185.205.206.0/24
192.145.68.0/24
212.60.18.0/23
Signature Algorithm: sha256WithRSAEncryption
83:70:3e:71:fa:7c:e8:24:c7:c6:34:4e:72:b0:ea:f9:4b:2e:
48:b6:6f:e1:dd:2c:fe:2c:86:b0:bd:7c:80:46:97:9f:73:25:
74:ca:3b:9c:e3:d3:5d:95:79:e6:4b:29:bd:38:a1:d4:e4:26:
d5:a8:2e:1c:d6:7f:93:48:e3:b1:3b:44:9f:d2:70:e1:4c:cc:
70:bb:8f:e2:16:f2:4a:7b:4a:c6:d8:4f:7a:51:8b:c7:b3:27:
bb:99:68:2b:f7:7c:31:26:e9:01:41:17:6f:4c:80:a5:1b:2d:
9b:70:33:dd:d1:50:4a:83:21:92:6d:2d:fe:b1:83:a1:fa:42:
8d:d8:1f:79:c7:95:5b:31:9f:49:5d:17:74:c2:a7:d3:72:ef:
62:5f:1d:e0:a4:d4:a4:9a:98:eb:58:bd:e9:aa:bc:6a:fa:e2:
4e:c9:ad:58:e0:b4:f3:ec:cf:e1:a1:3c:08:45:ef:82:73:e9:
bc:64:6f:4a:40:a8:37:c8:21:5a:2c:69:2e:c1:86:97:63:1a:
c0:a8:4d:c3:c0:12:2d:19:58:d7:c7:7f:56:fd:d2:71:a6:80:
b0:0c:d4:f2:44:c1:2a:df:2f:73:a9:53:d1:ca:a2:58:e4:5d:
55:33:53:c2:48:ea:7f:17:26:ec:8f:4c:de:c3:13:89:a6:b9:
3a:af:2a:81
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZQl/OKz6hCOCK7FuZikXqBUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMTAyMDc0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2U3MWJlMDA4Y2QxNjg1ODJjZTc5OTNhZTQ0ZGRmN2ZkOGNiNTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNE1TONWx30KdS9UgeI5j+YmOVn0
OO9U/5AQ4W7zH6GslFvnboZHvU+xfA/dOTWUyj/gE0V/mldHWW6RR9SE89HqHd/n
l4zVs92M9VEuy8l1qFxfZDMJtGwYm3o2ljv8oqROZXr73Jq7Dywsg/P1iR38PFPx
lqYaqBxP7Bg7h8T2e1vXn2AwqyeuDN7SHs2ja/O1U6MRPH4OORHhpPfl90M4X6k9
6Pgn02VgtkA99J7C31myqyI6M6dNJxFyFDcJ1VxdvScRME3UKh453m94vYLVhdBq
0JIr+oMxn4A6zJweaknqQ8LCFuzjEhyO7wcxegKgjlMu+MrM8uWqx/sSJwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFEPnG+AIzRaFgs55k65E3ff9jLUPMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvUS1jYjRBak5Gb1dDem5tVHJrVGQ5XzJNdFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQALUOTAwQA
P/aIAwQAP/aLAwQAP/aOMAwDBAA/9pEDBAI/9pADBAA/9pUDBAG5q3wDBAC5q38D
BAC5xlgDBAC5zc4DBADAkUQDBAHUPBIwDQYJKoZIhvcNAQELBQADggEBAINwPnH6
fOgkx8Y0TnKw6vlLLki2b+HdLP4shrC9fIBGl59zJXTKO5zj012VeeZLKb04odTk
JtWoLhzWf5NI47E7RJ/ScOFMzHC7j+IW8kp7SsbYT3pRi8ezJ7uZaCv3fDEm6QFB
F29MgKUbLZtwM93RUEqDIZJtLf6xg6H6Qo3YH3nHlVsxn0ldF3TCp9Ny72JfHeCk
1KSamOtYvemqvGr64k7JrVjgtPPsz+GhPAhF74Jz6bxkb0pAqDfIIVosaS7Bhpdj
GsCoTcPAEi0ZWNfHf1b90nGmgLAM1PJEwSrfL3OpU9HKoljkXVUzU8JI6n8XJuyP
TN7DE4mmuTqvKoE=
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:23:53 2025 by rpki-client