Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/e7fc98-128a-453d-bdfb-11e5f6d12ef1/1/cztKiFowQoK_UYPJ2AEdLhmfdJY.roa
File: cztKiFowQoK_UYPJ2AEdLhmfdJY.roa (raw, json)
Hash identifier: zSStQQUNC6z+zgYsdleYs1GIe5kvbt6u6C94AWl4nn0=
Subject key identifier: 73:3B:4A:88:5A:30:42:82:BF:51:83:C9:D8:01:1D:2E:19:9F:74:96
Certificate issuer: /CN=bef5252ccac3f6dc1426b553f2c1c7233acc894b
Certificate serial: 019421B2313DA2E4BC4787839783126383C7
Authority key identifier: BE:F5:25:2C:CA:C3:F6:DC:14:26:B5:53:F2:C1:C7:23:3A:CC:89:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vvUlLMrD9twUJrVT8sHHIzrMiUs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/e7fc98-128a-453d-bdfb-11e5f6d12ef1/1/cztKiFowQoK_UYPJ2AEdLhmfdJY.roa
Signing time: Wed 01 Jan 2025 11:48:33 +0000
ROA not before: Wed 01 Jan 2025 11:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1299
IP address blocks: 82.99.128.0/18 maxlen: 24
84.244.64.0/18 maxlen: 24
85.207.0.0/16 maxlen: 24
212.158.128.0/19 maxlen: 24
2a02:a40::/32 maxlen: 48
2a02:a41::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:31:3d:a2:e4:bc:47:87:83:97:83:12:63:83:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bef5252ccac3f6dc1426b553f2c1c7233acc894b
Validity
Not Before: Jan 1 11:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=733b4a885a304282bf5183c9d8011d2e199f7496
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:49:32:73:34:bc:b3:69:49:62:5a:0f:85:65:
d4:86:09:6a:07:cd:a3:da:bd:44:40:f5:8a:42:2f:
21:7f:4e:d7:21:ab:28:ea:ec:2c:86:c5:d7:f6:b9:
c9:73:87:7e:68:0d:e4:c2:ec:6a:54:d3:24:44:4b:
b1:7c:90:6d:06:1f:2c:7e:cc:e7:3e:9f:73:1f:15:
37:55:f6:01:2d:28:38:a1:90:2a:5f:ab:c5:8e:24:
99:2b:fa:c9:6b:88:2c:bb:a8:0e:10:99:e2:0d:8d:
84:60:f0:59:38:47:9e:5d:63:f9:1d:8e:a3:5e:b2:
c3:14:3f:ab:5d:6f:83:b6:23:87:c3:fe:7b:19:68:
3a:1f:a3:6d:fb:3f:c3:84:dd:fa:21:b0:e8:1c:ee:
24:36:59:39:dc:84:53:7b:50:9c:90:d8:62:56:6b:
99:c3:0e:5c:1b:d0:68:b7:70:57:12:21:9f:be:8b:
25:73:eb:94:fc:70:62:b9:2f:ca:bd:d3:57:ce:6e:
27:d8:28:be:a5:89:27:0d:84:a5:dc:1a:8d:63:d6:
27:9f:f8:aa:70:1c:ce:bb:92:db:45:3c:67:0d:60:
ed:a9:e5:6f:31:4d:45:35:88:91:e9:11:4c:24:b4:
55:0e:e3:ac:2a:c3:a7:3d:82:d0:e4:c1:a8:ef:65:
82:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:3B:4A:88:5A:30:42:82:BF:51:83:C9:D8:01:1D:2E:19:9F:74:96
X509v3 Authority Key Identifier:
keyid:BE:F5:25:2C:CA:C3:F6:DC:14:26:B5:53:F2:C1:C7:23:3A:CC:89:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vvUlLMrD9twUJrVT8sHHIzrMiUs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/e7fc98-128a-453d-bdfb-11e5f6d12ef1/1/cztKiFowQoK_UYPJ2AEdLhmfdJY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/e7fc98-128a-453d-bdfb-11e5f6d12ef1/1/vvUlLMrD9twUJrVT8sHHIzrMiUs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.99.128.0/18
84.244.64.0/18
85.207.0.0/16
212.158.128.0/19
IPv6:
2a02:a40::/31
Signature Algorithm: sha256WithRSAEncryption
a5:e6:d8:e7:e7:65:55:dc:72:cb:72:cf:db:c8:05:bd:1c:05:
bc:9d:10:69:5e:99:e3:32:0b:83:01:f7:fe:06:e6:70:49:6e:
82:35:4f:c5:71:d9:29:02:02:be:61:c5:da:79:09:4e:04:22:
5f:ab:bb:07:88:e1:b6:84:89:4a:df:72:d5:11:8e:80:8e:29:
03:13:54:d4:8a:9d:da:ec:26:59:1d:8d:15:58:37:66:24:bf:
c8:fc:c0:7d:8a:4f:f3:3d:eb:db:82:e1:1a:74:6d:27:f2:f4:
63:05:49:c8:66:75:0d:90:e9:3f:93:33:d1:7c:f1:12:f8:72:
f8:ed:ce:b4:bd:f8:43:38:fc:c7:d6:29:0c:96:ed:e6:40:56:
94:65:11:72:3e:a3:40:c5:d0:55:df:44:d3:34:5d:f5:b1:68:
b3:0b:67:96:28:22:c7:80:41:6a:58:34:2a:1d:57:37:46:a3:
55:e4:b0:6c:99:45:5c:2d:63:a9:7b:19:28:a3:22:14:5d:6e:
a2:99:1e:89:47:05:fe:c2:74:8b:c9:8f:f7:40:b3:13:d4:08:
69:09:63:59:95:b3:fb:b1:9e:6b:60:74:ae:a6:68:6c:d9:db:
c6:39:03:af:c7:4e:48:32:81:2b:fe:9f:36:f7:14:f3:86:1e:
e4:44:f5:bf
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQhsjE9ouS8R4eDl4MSY4PHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlZjUyNTJjY2FjM2Y2ZGMxNDI2YjU1M2YyYzFjNzIzM2Fj
Yzg5NGIwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzNiNGE4ODVhMzA0MjgyYmY1MTgzYzlkODAxMWQyZTE5OWY3NDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkkyczS8s2lJYloPhWXUhglqB82j
2r1EQPWKQi8hf07XIaso6uwshsXX9rnJc4d+aA3kwuxqVNMkREuxfJBtBh8sfszn
Pp9zHxU3VfYBLSg4oZAqX6vFjiSZK/rJa4gsu6gOEJniDY2EYPBZOEeeXWP5HY6j
XrLDFD+rXW+DtiOHw/57GWg6H6Nt+z/DhN36IbDoHO4kNlk53IRTe1CckNhiVmuZ
ww5cG9Bot3BXEiGfvoslc+uU/HBiuS/KvdNXzm4n2Ci+pYknDYSl3BqNY9Ynn/iq
cBzOu5LbRTxnDWDtqeVvMU1FNYiR6RFMJLRVDuOsKsOnPYLQ5MGo72WCvQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFHM7SohaMEKCv1GDydgBHS4Zn3SWMB8GA1UdIwQY
MBaAFL71JSzKw/bcFCa1U/LBxyM6zIlLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnZVbExNckQ5dHdVSnJWVDhzSEhJenJNaVVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lN2ZjOTgtMTI4YS00NTNkLWJkZmIt
MTFlNWY2ZDEyZWYxLzEvY3p0S2lGb3dRb0tfVVlQSjJBRWRMaG1mZEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lN2ZjOTgtMTI4YS00NTNkLWJkZmItMTFlNWY2ZDEyZWYx
LzEvdnZVbExNckQ5dHdVSnJWVDhzSEhJenJNaVVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwQGUmOAAwQG
VPRAAwMAVc8DBAXUnoAwDQQCAAIwBwMFASoCCkAwDQYJKoZIhvcNAQELBQADggEB
AKXm2OfnZVXccstyz9vIBb0cBbydEGlemeMyC4MB9/4G5nBJboI1T8Vx2SkCAr5h
xdp5CU4EIl+ruweI4baEiUrfctURjoCOKQMTVNSKndrsJlkdjRVYN2Ykv8j8wH2K
T/M969uC4Rp0bSfy9GMFSchmdQ2Q6T+TM9F88RL4cvjtzrS9+EM4/MfWKQyW7eZA
VpRlEXI+o0DF0FXfRNM0XfWxaLMLZ5YoIseAQWpYNCodVzdGo1XksGyZRVwtY6l7
GSijIhRdbqKZHolHBf7CdIvJj/dAsxPUCGkJY1mVs/uxnmtgdK6maGzZ28Y5A6/H
TkgygSv+nzb3FPOGHuRE9b8=
-----END CERTIFICATE-----
Generated at Sun Apr 6 09:38:23 2025 by rpki-client