Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/MzbBL-KB16aNaaOWCdz_zlq5-Sk.roa
File: MzbBL-KB16aNaaOWCdz_zlq5-Sk.roa (raw, json)
Hash identifier: EojRlQEsQxjmCahz4GI2JRZbd+U9Ggw+WBgDfZNnVQ8=
Subject key identifier: 33:36:C1:2F:E2:81:D7:A6:8D:69:A3:96:09:DC:FF:CE:5A:B9:F9:29
Certificate issuer: /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial: 0195DD6D68D9DFD4375D672574E12559E98A
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/MzbBL-KB16aNaaOWCdz_zlq5-Sk.roa
Signing time: Fri 28 Mar 2025 15:44:49 +0000
ROA not before: Fri 28 Mar 2025 15:44:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21267
IP address blocks: 5.159.208.0/21 maxlen: 24
5.181.72.0/22 maxlen: 24
31.192.96.0/21 maxlen: 24
45.8.100.0/22 maxlen: 24
45.132.108.0/22 maxlen: 24
45.137.44.0/22 maxlen: 24
80.74.240.0/21 maxlen: 24
80.74.248.0/21 maxlen: 24
83.150.252.0/22 maxlen: 24
85.95.96.0/19 maxlen: 24
92.42.120.0/21 maxlen: 24
95.129.64.0/21 maxlen: 24
176.58.0.0/21 maxlen: 24
185.79.184.0/22 maxlen: 24
185.90.0.0/22 maxlen: 24
185.94.204.0/22 maxlen: 24
185.99.76.0/22 maxlen: 24
185.145.88.0/22 maxlen: 24
185.178.216.0/22 maxlen: 24
185.178.218.0/24 maxlen: 24
185.178.219.0/24 maxlen: 24
185.182.200.0/23 maxlen: 24
185.204.212.0/22 maxlen: 24
185.229.4.0/22 maxlen: 24
185.246.132.0/22 maxlen: 24
185.247.200.0/22 maxlen: 24
185.248.252.0/24 maxlen: 24
185.248.253.0/24 maxlen: 24
185.248.254.0/24 maxlen: 24
185.248.255.0/24 maxlen: 24
188.94.16.0/21 maxlen: 24
188.94.19.0/24 maxlen: 24
188.94.21.0/24 maxlen: 24
193.24.3.0/24 maxlen: 24
193.24.6.0/24 maxlen: 24
193.24.13.0/24 maxlen: 24
193.24.31.0/24 maxlen: 24
195.26.32.0/19 maxlen: 24
195.88.8.0/23 maxlen: 24
212.11.68.0/22 maxlen: 24
212.11.72.0/22 maxlen: 24
217.145.128.0/20 maxlen: 24
2a00:f1c0::/32 maxlen: 32
2a0d:7680::/29 maxlen: 29
2a0e:a1c0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:dd:6d:68:d9:df:d4:37:5d:67:25:74:e1:25:59:e9:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66df7742890173927935206a28efbf48123e787c
Validity
Not Before: Mar 28 15:44:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3336c12fe281d7a68d69a39609dcffce5ab9f929
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:b2:ed:81:d2:69:84:fe:d7:0b:81:6a:c9:00:
c4:b3:e3:33:18:78:be:05:4f:b3:28:ae:d0:d6:b0:
ba:b3:76:70:de:f0:87:40:f6:bd:54:c0:0b:e6:28:
7d:e8:8e:53:0e:d4:77:e6:53:d0:63:0d:dc:d4:89:
79:f8:e9:8d:c3:e9:d3:e9:d0:1c:f6:bd:d8:c7:6e:
d7:6f:37:64:31:61:ad:12:58:27:01:09:26:1c:e7:
dd:48:f1:e8:68:90:80:79:22:f5:3c:0a:3d:77:1a:
1f:ce:8b:b6:76:ba:42:22:c9:d0:27:bf:b6:04:00:
de:d0:f7:b1:42:7d:19:0d:f8:e4:6a:54:65:9d:fe:
33:03:e7:f3:f3:4b:3d:0f:10:fb:77:4a:02:77:7d:
c2:2f:5b:59:4f:d6:ad:f7:dd:5b:a3:37:11:c9:93:
b7:7b:b8:91:05:e4:8e:1b:3f:62:10:f3:13:4e:b2:
db:87:8a:06:b6:35:66:f0:5d:0a:2e:35:7c:f4:90:
cd:b5:12:88:fa:fd:b2:fe:6c:f2:bf:28:23:17:a7:
5f:73:73:dd:ef:c9:29:46:05:b8:d6:08:21:84:ac:
1c:7d:46:4b:e6:b3:24:36:c7:cf:4e:dd:60:31:28:
14:12:23:89:07:eb:07:cc:d2:f4:dd:c8:e5:13:85:
5b:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:36:C1:2F:E2:81:D7:A6:8D:69:A3:96:09:DC:FF:CE:5A:B9:F9:29
X509v3 Authority Key Identifier:
keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/MzbBL-KB16aNaaOWCdz_zlq5-Sk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.159.208.0/21
5.181.72.0/22
31.192.96.0/21
45.8.100.0/22
45.132.108.0/22
45.137.44.0/22
80.74.240.0/20
83.150.252.0/22
85.95.96.0/19
92.42.120.0/21
95.129.64.0/21
176.58.0.0/21
185.79.184.0/22
185.90.0.0/22
185.94.204.0/22
185.99.76.0/22
185.145.88.0/22
185.178.216.0/22
185.182.200.0/23
185.204.212.0/22
185.229.4.0/22
185.246.132.0/22
185.247.200.0/22
185.248.252.0/22
188.94.16.0/21
193.24.3.0/24
193.24.6.0/24
193.24.13.0/24
193.24.31.0/24
195.26.32.0/19
195.88.8.0/23
212.11.68.0-212.11.75.255
217.145.128.0/20
IPv6:
2a00:f1c0::/32
2a0d:7680::/29
2a0e:a1c0::/29
Signature Algorithm: sha256WithRSAEncryption
56:40:4a:f4:aa:14:3d:6b:02:ae:57:7d:29:3f:b0:7a:92:34:
43:62:2b:14:05:d8:ce:59:8d:16:13:03:e9:60:8f:f2:46:fb:
ef:1b:a9:96:5e:74:54:6d:32:f2:ee:af:1a:57:0e:96:6c:1f:
a2:0c:db:91:14:0c:fe:a7:b5:93:93:ef:17:66:e2:84:dc:56:
6c:c3:72:bb:d0:f4:cf:66:18:68:12:51:11:c1:cf:2e:cc:ab:
6f:e5:fd:fd:8e:36:95:4f:b4:93:c2:5b:86:b8:c8:bd:ab:32:
c0:a8:be:61:55:47:1c:0c:fb:e1:6b:1e:a9:de:8d:ae:03:42:
28:9e:8f:02:df:ba:26:95:cf:49:a7:f2:8f:27:71:94:15:e1:
14:22:85:28:b4:55:49:e9:ea:7f:e0:14:eb:6c:a5:76:b5:a6:
8c:cb:95:0e:3f:bc:19:96:e7:bc:ac:04:4a:29:51:d2:a9:95:
78:04:ca:72:a2:6a:90:b9:fc:70:c0:49:aa:f6:ca:a3:36:12:
a0:64:1c:ed:ff:ce:ff:0b:23:30:e2:89:f2:ed:c8:79:85:f3:
82:cc:0f:8f:35:2e:ae:ff:a2:dd:9a:5a:55:6c:31:3b:a9:7e:
7b:e8:a3:cc:1e:03:1a:db:5a:80:09:6b:45:d4:7f:d1:3e:ff:
32:e2:fd:8f
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgISAZXdbWjZ39Q3XWcldOElWemKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjUwMzI4MTU0NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzM2YzEyZmUyODFkN2E2OGQ2OWEzOTYwOWRjZmZjZTVhYjlmOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLLtgdJphP7XC4FqyQDEs+MzGHi+
BU+zKK7Q1rC6s3Zw3vCHQPa9VMAL5ih96I5TDtR35lPQYw3c1Il5+OmNw+nT6dAc
9r3Yx27XbzdkMWGtElgnAQkmHOfdSPHoaJCAeSL1PAo9dxofzou2drpCIsnQJ7+2
BADe0PexQn0ZDfjkalRlnf4zA+fz80s9DxD7d0oCd33CL1tZT9at991bozcRyZO3
e7iRBeSOGz9iEPMTTrLbh4oGtjVm8F0KLjV89JDNtRKI+v2y/mzyvygjF6dfc3Pd
78kpRgW41gghhKwcfUZL5rMkNsfPTt1gMSgUEiOJB+sHzNL03cjlE4VbOQIDAQAB
o4IC9DCCAvAwHQYDVR0OBBYEFDM2wS/igdemjWmjlgnc/85aufkpMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvTXpiQkwtS0IxNmFOYWFPV0Nkel96bHE1LVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCAYIKwYBBQUHAQcBAf8EgfgwgfUwgdUEAgABMIHOAwQD
BZ/QAwQCBbVIAwQDH8BgAwQCLQhkAwQCLYRsAwQCLYksAwQEUErwAwQCU5b8AwQF
VV9gAwQDXCp4AwQDX4FAAwQDsDoAAwQCuU+4AwQCuVoAAwQCuV7MAwQCuWNMAwQC
uZFYAwQCubLYAwQBubbIAwQCuczUAwQCueUEAwQCufaEAwQCuffIAwQCufj8AwQD
vF4QAwQAwRgDAwQAwRgGAwQAwRgNAwQAwRgfAwQFwxogAwQBw1gIMAwDBALUC0QD
BALUC0gDBATZkYAwGwQCAAIwFQMFACoA8cADBQMqDXaAAwUDKg6hwDANBgkqhkiG
9w0BAQsFAAOCAQEAVkBK9KoUPWsCrld9KT+wepI0Q2IrFAXYzlmNFhMD6WCP8kb7
7xupll50VG0y8u6vGlcOlmwfogzbkRQM/qe1k5PvF2bihNxWbMNyu9D0z2YYaBJR
EcHPLsyrb+X9/Y42lU+0k8JbhrjIvasywKi+YVVHHAz74Wseqd6NrgNCKJ6PAt+6
JpXPSafyjydxlBXhFCKFKLRVSenqf+AU62yldrWmjMuVDj+8GZbnvKwESilR0qmV
eATKcqJqkLn8cMBJqvbKozYSoGQc7f/O/wsjMOKJ8u3IeYXzgswPjzUurv+i3Zpa
VWwxO6l+e+ijzB4DGttagAlrRdR/0T7/MuL9jw==
-----END CERTIFICATE-----
Generated at Wed Apr 9 06:05:13 2025 by rpki-client