Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/zya-nVnvYDRCe-NCa3yWVbEp98k.roa
File: zya-nVnvYDRCe-NCa3yWVbEp98k.roa (raw, json)
Hash identifier: YAuOnGIJzSzoCT2LI34mrWSk3/Q4ZvQVKTNwjixKRhs=
Subject key identifier: CF:26:BE:9D:59:EF:60:34:42:7B:E3:42:6B:7C:96:55:B1:29:F7:C9
Certificate issuer: /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial: 0194221FD5832EF63BDC14238A34ABFBD5D1
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/zya-nVnvYDRCe-NCa3yWVbEp98k.roa
Signing time: Wed 01 Jan 2025 13:48:19 +0000
ROA not before: Wed 01 Jan 2025 13:48:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136787
IP address blocks: 45.66.252.0/24 maxlen: 24
45.66.253.0/24 maxlen: 24
45.66.254.0/24 maxlen: 24
45.66.255.0/24 maxlen: 24
91.217.6.0/24 maxlen: 24
91.217.7.0/24 maxlen: 24
109.74.28.0/24 maxlen: 24
109.74.29.0/24 maxlen: 24
109.74.30.0/24 maxlen: 24
109.74.31.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:d5:83:2e:f6:3b:dc:14:23:8a:34:ab:fb:d5:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
Validity
Not Before: Jan 1 13:48:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cf26be9d59ef6034427be3426b7c9655b129f7c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b0:66:24:e1:37:be:c5:9d:18:d3:5c:42:8f:
59:9a:62:c6:fd:06:ef:43:f9:35:6d:11:e1:a8:8a:
dc:99:a8:be:05:83:46:09:82:7d:f2:9e:7f:49:c3:
b8:b6:a9:3e:6a:c6:a6:6f:4e:88:63:09:77:55:ba:
8b:dd:67:b9:2e:06:5d:0b:51:89:36:8a:5b:f2:58:
9a:b8:d0:d1:8c:aa:f0:f4:da:24:28:a2:f7:f9:f5:
86:2e:7d:d7:e3:de:12:e3:ed:d4:78:3a:48:df:01:
d1:20:50:d7:7f:66:89:21:5a:68:db:3b:7e:d7:23:
78:b2:68:b4:fd:b3:b4:06:4a:0f:52:5b:cf:85:c3:
5a:47:72:70:db:47:d5:ee:53:c8:c2:2b:75:37:d2:
fa:c2:71:88:1d:eb:12:e3:ae:43:5d:b5:de:da:e2:
9c:01:b5:d7:0d:9b:79:49:90:de:3f:3c:f1:17:f5:
7f:6f:2f:54:42:10:96:f6:9c:d5:61:f7:82:eb:f3:
c5:d0:b4:86:db:53:e7:5c:d0:6c:65:05:22:06:92:
86:79:81:0e:19:61:59:1d:bd:19:c9:29:18:79:81:
32:55:82:02:08:b5:9e:50:b6:82:54:71:87:41:24:
a5:83:dd:f0:b1:75:e2:db:27:4d:36:90:ea:c6:0a:
54:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:26:BE:9D:59:EF:60:34:42:7B:E3:42:6B:7C:96:55:B1:29:F7:C9
X509v3 Authority Key Identifier:
keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/zya-nVnvYDRCe-NCa3yWVbEp98k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.252.0/22
91.217.6.0/23
109.74.28.0/22
Signature Algorithm: sha256WithRSAEncryption
3c:88:ba:e3:e1:04:e2:60:80:dd:b8:13:e9:78:06:20:62:79:
67:5c:33:09:2d:0e:50:a4:20:e1:da:23:d1:74:be:11:5d:64:
67:42:fb:07:33:e4:93:dc:54:e6:c7:11:45:e0:25:b4:e8:17:
b1:43:01:6d:ed:2f:74:f4:80:dc:12:0e:69:62:68:a0:a8:dd:
18:43:fa:9c:fe:20:8b:30:03:20:39:2d:73:1e:9a:52:0e:73:
67:d7:b8:98:bd:53:a0:26:57:75:24:61:ab:31:e1:02:6f:b7:
b5:77:ae:c4:22:df:13:64:9c:a1:a7:59:9a:3a:be:46:1e:d9:
21:7a:65:f1:d9:10:3a:f2:b8:81:f5:2d:30:89:96:17:e3:75:
bc:9d:d9:cc:af:c9:a0:5b:84:88:db:18:6f:67:fb:db:10:ff:
a3:bf:a1:d2:9d:86:f7:c1:08:2d:ed:a7:2f:fd:e6:fd:11:4d:
c5:05:e1:d4:c3:ac:74:0b:78:4b:65:f7:04:40:d4:30:3f:e7:
1a:2c:a7:a7:26:5c:69:3d:20:91:15:ad:e1:62:0e:86:0d:af:
e3:d7:2b:77:10:8a:a1:63:be:d0:0e:91:48:e4:b4:7d:73:fb:
97:5d:5d:83:35:1d:1d:40:4e:bc:6a:a6:bf:f8:ac:37:75:e9:
b2:ad:74:ac
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiH9WDLvY73BQjijSr+9XRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjI2YmU5ZDU5ZWY2MDM0NDI3YmUzNDI2YjdjOTY1NWIxMjlmN2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bBmJOE3vsWdGNNcQo9ZmmLG/Qbv
Q/k1bRHhqIrcmai+BYNGCYJ98p5/ScO4tqk+asamb06IYwl3VbqL3We5LgZdC1GJ
Nopb8liauNDRjKrw9NokKKL3+fWGLn3X494S4+3UeDpI3wHRIFDXf2aJIVpo2zt+
1yN4smi0/bO0BkoPUlvPhcNaR3Jw20fV7lPIwit1N9L6wnGIHesS465DXbXe2uKc
AbXXDZt5SZDePzzxF/V/by9UQhCW9pzVYfeC6/PF0LSG21PnXNBsZQUiBpKGeYEO
GWFZHb0ZySkYeYEyVYICCLWeULaCVHGHQSSlg93wsXXi2ydNNpDqxgpUOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM8mvp1Z72A0QnvjQmt8llWxKffJMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvenlhLW5WbnZZRFJDZS1OQ2EzeVdWYkVwOThrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLUL8AwQB
W9kGAwQCbUocMA0GCSqGSIb3DQEBCwUAA4IBAQA8iLrj4QTiYIDduBPpeAYgYnln
XDMJLQ5QpCDh2iPRdL4RXWRnQvsHM+ST3FTmxxFF4CW06BexQwFt7S909IDcEg5p
YmigqN0YQ/qc/iCLMAMgOS1zHppSDnNn17iYvVOgJld1JGGrMeECb7e1d67EIt8T
ZJyhp1maOr5GHtkhemXx2RA68riB9S0wiZYX43W8ndnMr8mgW4SI2xhvZ/vbEP+j
v6HSnYb3wQgt7acv/eb9EU3FBeHUw6x0C3hLZfcEQNQwP+caLKenJlxpPSCRFa3h
Yg6GDa/j1yt3EIqhY77QDpFI5LR9c/uXXV2DNR0dQE68aqa/+Kw3demyrXSs
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:37:47 2025 by rpki-client