Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/aXKFWmr05ujOACE-0dUG_c35U2Q.roa
File: aXKFWmr05ujOACE-0dUG_c35U2Q.roa (raw, json)
Hash identifier: V2GbIAKcxdCncnWyBDIRBH2ulZIFWnPu4CLpIswEB3c=
Subject key identifier: 69:72:85:5A:6A:F4:E6:E8:CE:00:21:3E:D1:D5:06:FD:CD:F9:53:64
Certificate issuer: /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial: 019427B64E0F7307449E486A22AFFBD5F665
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/aXKFWmr05ujOACE-0dUG_c35U2Q.roa
Signing time: Thu 02 Jan 2025 15:50:46 +0000
ROA not before: Thu 02 Jan 2025 15:50:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60253
IP address blocks: 92.205.80.0/21 maxlen: 21
92.205.156.0/22 maxlen: 24
92.205.192.0/20 maxlen: 24
188.121.60.0/24 maxlen: 24
2a00:116a::/40 maxlen: 48
2a00:116a:100::/40 maxlen: 48
2a00:116a:200::/40 maxlen: 40
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:4e:0f:73:07:44:9e:48:6a:22:af:fb:d5:f6:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Validity
Not Before: Jan 2 15:50:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6972855a6af4e6e8ce00213ed1d506fdcdf95364
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:3a:d5:3c:50:e4:8f:ff:dd:1e:68:4a:42:02:
97:fd:96:87:74:e0:74:dc:bf:11:6a:37:00:55:30:
09:a1:19:c5:bb:eb:29:15:02:b1:4b:ee:52:be:77:
49:70:cf:19:f1:ca:58:eb:2c:6e:9a:b3:c5:42:80:
60:fa:a6:7c:0d:f4:27:f1:30:53:37:ea:70:2c:bf:
54:2e:72:c7:82:17:82:bb:69:ae:7f:bb:bd:85:98:
be:44:23:62:f5:50:ff:da:71:a6:03:0b:f5:df:23:
a5:49:58:ee:47:66:96:e3:52:80:2b:7f:4d:22:0d:
c2:58:d7:63:2d:b4:09:eb:d3:de:2a:50:44:78:36:
9b:04:b9:b6:83:dc:49:b4:b0:35:5e:91:ed:88:b6:
6b:f1:9b:07:22:96:d3:5c:ba:de:f2:36:3e:96:42:
b3:4d:3c:af:26:bc:3f:34:bf:99:e1:88:52:a5:96:
d5:0b:16:6e:39:c1:63:6f:73:4b:17:15:38:8e:d3:
21:f5:a2:0e:4b:80:9a:b4:47:07:a8:4b:3e:8c:4c:
20:d2:2d:72:68:5c:c5:fa:29:3a:06:0c:20:89:be:
23:8f:3f:ce:1b:00:bd:d7:eb:56:52:ce:b2:ca:69:
4f:59:61:e5:71:66:a1:8d:97:00:c4:95:32:01:a2:
c6:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:72:85:5A:6A:F4:E6:E8:CE:00:21:3E:D1:D5:06:FD:CD:F9:53:64
X509v3 Authority Key Identifier:
keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/aXKFWmr05ujOACE-0dUG_c35U2Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.205.80.0/21
92.205.156.0/22
92.205.192.0/20
188.121.60.0/24
IPv6:
2a00:116a::-2a00:116a:2ff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
16:b2:35:df:08:1d:f9:98:fe:16:67:ea:dd:5d:bb:da:79:ee:
bc:9b:73:27:6a:d1:78:99:8f:ff:f8:e5:5f:f5:a4:27:57:3e:
ad:bc:9f:7c:28:e0:8a:67:c5:80:67:46:0d:86:5b:7b:14:42:
aa:e0:52:58:95:1c:67:ab:37:47:09:af:7b:0c:74:6f:f9:6e:
48:b9:87:61:36:4b:8e:b0:36:ee:83:64:99:b1:d2:02:a6:0e:
4f:66:0d:d2:fb:a2:0b:2b:f9:3e:2c:01:89:79:06:de:39:35:
04:4d:6a:fd:4b:b2:b0:ae:5f:95:e6:b0:37:ef:62:b1:60:8b:
fb:68:0f:9f:72:f0:17:f9:66:ee:09:3d:0e:dd:55:bc:19:d6:
6a:f0:ab:52:31:d6:43:67:1d:56:c0:59:f8:d9:53:f2:2e:8b:
2e:b5:c8:3f:73:94:8f:e5:43:ec:e1:9d:c1:d8:6b:56:4f:79:
69:09:17:d6:a7:d9:d6:cc:75:a3:2a:c7:af:33:a7:cc:99:e7:
6c:fa:d3:81:e8:c8:61:98:2a:3c:bb:65:73:ba:02:9b:9a:e6:
b6:07:d0:d7:a3:9e:6d:0a:f6:57:81:b2:f9:be:41:5b:19:eb:
24:db:ce:8e:61:19:38:a5:a2:26:73:23:30:f6:96:f2:c4:44:
1c:b4:92:9b
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAZQntk4PcwdEnkhqIq/71fZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjUwMTAyMTU1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTcyODU1YTZhZjRlNmU4Y2UwMDIxM2VkMWQ1MDZmZGNkZjk1MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DrVPFDkj//dHmhKQgKX/ZaHdOB0
3L8RajcAVTAJoRnFu+spFQKxS+5SvndJcM8Z8cpY6yxumrPFQoBg+qZ8DfQn8TBT
N+pwLL9ULnLHgheCu2muf7u9hZi+RCNi9VD/2nGmAwv13yOlSVjuR2aW41KAK39N
Ig3CWNdjLbQJ69PeKlBEeDabBLm2g9xJtLA1XpHtiLZr8ZsHIpbTXLre8jY+lkKz
TTyvJrw/NL+Z4YhSpZbVCxZuOcFjb3NLFxU4jtMh9aIOS4CatEcHqEs+jEwg0i1y
aFzF+ik6Bgwgib4jjz/OGwC91+tWUs6yymlPWWHlcWahjZcAxJUyAaLGQQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFGlyhVpq9ObozgAhPtHVBv3N+VNkMB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvYVhLRldtcjA1dWpPQUNFLTBkVUdfYzM1VTJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAeBAIAATAYAwQDXM1QAwQC
XM2cAwQEXM3AAwQAvHk8MBcEAgACMBEwDwMFASoAEWoDBgAqABFqAjANBgkqhkiG
9w0BAQsFAAOCAQEAFrI13wgd+Zj+Fmfq3V272nnuvJtzJ2rReJmP//jlX/WkJ1c+
rbyffCjgimfFgGdGDYZbexRCquBSWJUcZ6s3Rwmvewx0b/luSLmHYTZLjrA27oNk
mbHSAqYOT2YN0vuiCyv5PiwBiXkG3jk1BE1q/UuysK5fleawN+9isWCL+2gPn3Lw
F/lm7gk9Dt1VvBnWavCrUjHWQ2cdVsBZ+NlT8i6LLrXIP3OUj+VD7OGdwdhrVk95
aQkX1qfZ1sx1oyrHrzOnzJnnbPrTgejIYZgqPLtlc7oCm5rmtgfQ16OebQr2V4Gy
+b5BWxnrJNvOjmEZOKWiJnMjMPaW8sREHLSSmw==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:37:20 2025 by rpki-client