Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3cRA_CZoRNGztQYzwNb6aW4kXmQ.roa
File: 3cRA_CZoRNGztQYzwNb6aW4kXmQ.roa (raw, json)
Hash identifier: AmE7H5w04VMWMeD7ap9MTvJyiE/rIFue0AWSxlgnSco=
Subject key identifier: DD:C4:40:FC:26:68:44:D1:B3:B5:06:33:C0:D6:FA:69:6E:24:5E:64
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824F2BC57585DA51CA5383D99CDB4B9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3cRA_CZoRNGztQYzwNb6aW4kXmQ.roa
Signing time: Thu 02 Jan 2025 17:51:37 +0000
ROA not before: Thu 02 Jan 2025 17:51:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51659
IP address blocks: 193.124.2.0/24 maxlen: 24
194.87.48.0/24 maxlen: 24
194.87.68.0/23 maxlen: 23
194.87.70.0/24 maxlen: 24
194.87.106.0/24 maxlen: 24
194.87.196.0/23 maxlen: 23
195.58.48.0/23 maxlen: 23
195.133.5.0/24 maxlen: 24
195.133.23.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:f2:bc:57:58:5d:a5:1c:a5:38:3d:99:cd:b4:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddc440fc266844d1b3b50633c0d6fa696e245e64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:1b:5b:ba:08:c9:84:d7:0f:56:44:af:b9:63:
42:32:d0:2e:b6:fb:0d:84:28:91:70:4c:27:91:6a:
94:4a:5f:fe:bc:5b:e5:19:95:c2:9a:55:a8:80:af:
7a:e0:48:bf:e5:47:06:ec:b6:d6:4e:f1:e6:4f:bd:
75:f0:f3:77:bc:ee:5f:53:71:b4:0a:1f:70:04:8a:
35:3a:7f:eb:96:27:75:8c:a2:aa:0a:eb:d5:73:61:
58:b6:f0:13:35:d5:36:a9:0c:0f:e2:d0:54:96:84:
30:b4:bc:e5:96:83:d6:16:1e:75:4e:01:9f:e4:44:
a1:ce:7e:e3:1b:54:d3:fe:81:a0:c2:b1:68:76:90:
8c:1d:58:a8:7d:d2:bf:3e:9f:b7:0d:9b:01:29:d7:
60:e0:f6:a2:d9:91:a1:b7:12:b2:c2:7f:ac:a5:f1:
87:a1:a3:85:6e:ee:a4:dc:4f:ba:84:6c:0c:2c:68:
a4:7f:3b:ba:b8:ff:37:ae:fd:92:52:d2:a1:6e:bb:
fe:3f:17:f2:03:93:56:9e:74:bd:da:48:c0:31:f6:
b0:67:3b:9f:ce:37:be:20:e9:c3:c7:18:fd:d8:19:
ac:11:80:47:ec:07:bf:8d:3c:ae:e5:97:2e:b4:68:
b3:4a:77:1f:bb:17:d8:55:19:31:7c:b2:fc:97:24:
85:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C4:40:FC:26:68:44:D1:B3:B5:06:33:C0:D6:FA:69:6E:24:5E:64
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/3cRA_CZoRNGztQYzwNb6aW4kXmQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.2.0/24
194.87.48.0/24
194.87.68.0-194.87.70.255
194.87.106.0/24
194.87.196.0/23
195.58.48.0/23
195.133.5.0/24
195.133.23.0/24
Signature Algorithm: sha256WithRSAEncryption
35:90:a5:9a:05:29:8c:e5:04:a4:df:b7:71:6c:5d:77:b1:d2:
d3:e7:04:4b:51:61:86:8a:72:12:3c:26:b3:ec:3f:06:69:62:
d5:58:98:f2:6b:e6:ba:fe:98:d6:4e:6b:79:77:cb:b5:fa:9d:
bb:dd:a3:93:29:90:f5:de:a7:88:a7:fa:11:3a:91:c0:f8:33:
38:f0:f2:94:1f:01:6e:43:58:e5:00:3b:2b:c3:d9:df:85:e7:
9c:98:c4:3d:8b:0a:b5:8e:c2:92:37:37:d5:5b:99:96:27:9d:
29:4d:dc:5b:af:85:3e:e0:d0:29:e3:b3:d4:34:16:ab:a6:b0:
69:64:2e:2b:b2:d5:74:af:11:13:49:23:d5:8e:ca:13:6f:fe:
45:33:b3:d6:82:b7:60:82:3c:ef:b8:b4:55:01:6f:9a:a2:38:
a7:4a:da:42:04:37:5f:ea:20:74:44:21:f0:ac:03:a0:25:ec:
b6:b7:bd:42:42:0d:af:5a:b5:50:b0:e4:da:88:a5:57:d2:e0:
e5:5d:4d:11:32:02:60:51:f1:4b:9c:ed:91:ad:92:d4:83:c8:
19:cb:92:dd:25:04:2f:70:2a:12:3d:6b:fc:02:ee:bc:72:1d:
77:e3:60:54:26:0f:df:11:69:76:93:70:b9:ca:c9:51:9e:a7:
9f:f2:a0:8d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQoJPK8V1hdpRylOD2ZzbS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM0NDBmYzI2Njg0NGQxYjNiNTA2MzNjMGQ2ZmE2OTZlMjQ1ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBtbugjJhNcPVkSvuWNCMtAutvsN
hCiRcEwnkWqUSl/+vFvlGZXCmlWogK964Ei/5UcG7LbWTvHmT7118PN3vO5fU3G0
Ch9wBIo1On/rlid1jKKqCuvVc2FYtvATNdU2qQwP4tBUloQwtLzlloPWFh51TgGf
5EShzn7jG1TT/oGgwrFodpCMHViofdK/Pp+3DZsBKddg4Pai2ZGhtxKywn+spfGH
oaOFbu6k3E+6hGwMLGikfzu6uP83rv2SUtKhbrv+PxfyA5NWnnS92kjAMfawZzuf
zje+IOnDxxj92BmsEYBH7Ae/jTyu5ZcutGizSncfuxfYVRkxfLL8lySFeQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFN3EQPwmaETRs7UGM8DW+mluJF5kMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvM2NSQV9DWm9STkd6dFFZendOYjZhVzRrWG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAwXwCAwQA
wlcwMAwDBALCV0QDBADCV0YDBADCV2oDBAHCV8QDBAHDOjADBADDhQUDBADDhRcw
DQYJKoZIhvcNAQELBQADggEBADWQpZoFKYzlBKTft3FsXXex0tPnBEtRYYaKchI8
JrPsPwZpYtVYmPJr5rr+mNZOa3l3y7X6nbvdo5MpkPXep4in+hE6kcD4Mzjw8pQf
AW5DWOUAOyvD2d+F55yYxD2LCrWOwpI3N9VbmZYnnSlN3FuvhT7g0Cnjs9Q0Fqum
sGlkLiuy1XSvERNJI9WOyhNv/kUzs9aCt2CCPO+4tFUBb5qiOKdK2kIEN1/qIHRE
IfCsA6Al7La3vUJCDa9atVCw5NqIpVfS4OVdTREyAmBR8Uuc7ZGtktSDyBnLkt0l
BC9wKhI9a/wC7rxyHXfjYFQmD98RaXaTcLnKyVGep5/yoI0=
-----END CERTIFICATE-----
Generated at Sun Apr 6 21:39:39 2025 by rpki-client