Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/yYg3T8Ah1yuxHz6D5ehi7z823QI.roa
File: yYg3T8Ah1yuxHz6D5ehi7z823QI.roa (raw, json)
Hash identifier: BG6boV1lZkhAvIrJNBVNIFX81voSjiHSdy+yfJw4k5k=
Subject key identifier: C9:88:37:4F:C0:21:D7:2B:B1:1F:3E:83:E5:E8:62:EF:3F:36:DD:02
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 019426D8694F045C0BAB747BF38F6B57429B
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/yYg3T8Ah1yuxHz6D5ehi7z823QI.roa
Signing time: Thu 02 Jan 2025 11:48:24 +0000
ROA not before: Thu 02 Jan 2025 11:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 216050
IP address blocks: 37.49.146.0/24 maxlen: 24
37.49.149.0/24 maxlen: 24
94.74.140.0/24 maxlen: 24
109.203.160.0/24 maxlen: 24
109.203.162.0/24 maxlen: 24
109.203.164.0/24 maxlen: 24
109.203.165.0/24 maxlen: 24
109.203.167.0/24 maxlen: 24
176.46.128.0/24 maxlen: 24
176.46.131.0/24 maxlen: 24
185.34.160.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d8:69:4f:04:5c:0b:ab:74:7b:f3:8f:6b:57:42:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Jan 2 11:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c988374fc021d72bb11f3e83e5e862ef3f36dd02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:8e:68:aa:20:3a:26:4d:a2:25:89:ee:9a:fb:
08:4a:3b:0e:9e:0c:f1:15:42:1c:cb:8d:3c:cd:72:
15:15:e8:07:a1:d9:f8:df:bf:de:c5:26:1e:74:6c:
41:62:cd:ce:c8:16:01:91:fa:3e:c0:ec:26:39:b8:
c3:3a:82:ae:51:74:a7:90:eb:ba:77:bb:db:28:3b:
1e:bd:82:9c:0a:e4:17:7e:3e:b1:98:da:91:a7:3e:
7a:c4:bb:e9:94:9e:99:82:de:80:4b:0d:1c:10:d1:
5c:82:22:12:65:e6:e2:b1:11:95:dd:60:7e:37:32:
b7:80:af:b5:d4:6a:f9:17:67:51:b1:4e:cf:1a:08:
2b:d7:36:49:a9:a1:22:f9:e2:a6:17:92:25:2b:76:
9a:49:89:57:3d:d8:8c:38:8d:1f:e8:68:c3:c3:05:
02:d8:3d:68:d3:a1:27:95:32:14:29:79:bf:ec:f7:
16:bb:48:79:1b:8c:87:aa:d0:fd:fa:57:20:86:34:
e8:f0:37:fb:d3:36:dd:82:2d:08:ef:c1:7d:94:4c:
46:d6:2b:6e:5f:c4:ed:16:5f:71:e9:62:ab:5c:b3:
b4:e8:38:96:18:e7:13:d3:61:49:d0:9b:32:28:8f:
49:87:6f:bd:46:20:18:fe:fa:fa:b1:9d:ea:52:c0:
02:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:88:37:4F:C0:21:D7:2B:B1:1F:3E:83:E5:E8:62:EF:3F:36:DD:02
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/yYg3T8Ah1yuxHz6D5ehi7z823QI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.49.146.0/24
37.49.149.0/24
94.74.140.0/24
109.203.160.0/24
109.203.162.0/24
109.203.164.0/23
109.203.167.0/24
176.46.128.0/24
176.46.131.0/24
185.34.160.0/22
Signature Algorithm: sha256WithRSAEncryption
2b:cc:97:01:53:d2:16:ee:27:2d:28:58:3f:76:65:59:d6:7a:
3b:13:92:9a:d4:06:86:33:d5:cc:fa:70:f4:cc:01:ee:bd:10:
96:30:ec:ee:84:be:8e:bd:10:ba:ab:cf:46:7b:f5:f7:50:73:
7f:3a:de:13:bf:e1:10:8c:ce:b1:1f:e1:03:58:96:20:2e:33:
bc:fa:77:f4:06:b3:52:2b:36:7f:52:31:a1:db:0d:5f:b6:1b:
63:ec:af:2b:d3:39:2b:ea:72:88:8a:44:b5:21:1c:05:a1:d3:
65:9c:20:e2:d0:c6:f3:bb:ef:aa:7c:f6:cf:d8:d8:f7:5b:98:
60:b3:53:9c:4c:a2:b9:ac:bb:1d:7c:e3:eb:67:f3:b3:2c:3e:
ee:1d:fe:fb:aa:26:8f:aa:50:14:7e:55:a6:f3:16:bf:02:30:
31:47:88:21:da:3e:5d:80:52:5d:fe:49:78:50:c1:90:d7:d2:
16:0a:85:fb:62:ca:a1:b4:42:90:54:89:c2:dc:a1:07:2c:ac:
db:b4:8f:ef:11:cf:ca:5d:98:fa:fb:37:b0:84:e1:96:cc:22:
53:c6:dd:dd:fe:a2:05:94:0a:12:a7:c0:1d:58:18:2b:44:01:
1c:22:c5:c1:1a:ea:f2:57:7a:d4:ef:14:6d:d9:90:01:0f:47:
39:d5:ce:18
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQm2GlPBFwLq3R7849rV0KbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjUwMTAyMTE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTg4Mzc0ZmMwMjFkNzJiYjExZjNlODNlNWU4NjJlZjNmMzZkZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw45oqiA6Jk2iJYnumvsISjsOngzx
FUIcy408zXIVFegHodn437/exSYedGxBYs3OyBYBkfo+wOwmObjDOoKuUXSnkOu6
d7vbKDsevYKcCuQXfj6xmNqRpz56xLvplJ6Zgt6ASw0cENFcgiISZebisRGV3WB+
NzK3gK+11Gr5F2dRsU7PGggr1zZJqaEi+eKmF5IlK3aaSYlXPdiMOI0f6GjDwwUC
2D1o06EnlTIUKXm/7PcWu0h5G4yHqtD9+lcghjTo8Df70zbdgi0I78F9lExG1itu
X8TtFl9x6WKrXLO06DiWGOcT02FJ0JsyKI9Jh2+9RiAY/vr6sZ3qUsAC4wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMmIN0/AIdcrsR8+g+XoYu8/Nt0CMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEveVlnM1Q4QWgxeXV4SHo2RDVlaGk3ejgyM1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAJTGSAwQA
JTGVAwQAXkqMAwQAbcugAwQAbcuiAwQBbcukAwQAbcunAwQAsC6AAwQAsC6DAwQC
uSKgMA0GCSqGSIb3DQEBCwUAA4IBAQArzJcBU9IW7ictKFg/dmVZ1no7E5Ka1AaG
M9XM+nD0zAHuvRCWMOzuhL6OvRC6q89Ge/X3UHN/Ot4Tv+EQjM6xH+EDWJYgLjO8
+nf0BrNSKzZ/UjGh2w1fthtj7K8r0zkr6nKIikS1IRwFodNlnCDi0Mbzu++qfPbP
2Nj3W5hgs1OcTKK5rLsdfOPrZ/OzLD7uHf77qiaPqlAUflWm8xa/AjAxR4gh2j5d
gFJd/kl4UMGQ19IWCoX7YsqhtEKQVInC3KEHLKzbtI/vEc/KXZj6+zewhOGWzCJT
xt3d/qIFlAoSp8AdWBgrRAEcIsXBGuryV3rU7xRt2ZABD0c51c4Y
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:57:39 2025 by rpki-client