Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/0a116f-5a0b-4566-9f44-b837bf9d4c5f/1/MkRHfjzdt_EmaRoZX6572cfDXKI.roa
File: MkRHfjzdt_EmaRoZX6572cfDXKI.roa (raw, json)
Hash identifier: fmnR5u3g21RNvJNynudhpstS09AfyiLUKjnwTJJzneE=
Subject key identifier: 32:44:47:7E:3C:DD:B7:F1:26:69:1A:19:5F:AE:7B:D9:C7:C3:5C:A2
Certificate issuer: /CN=cd9233f6a88d08f6559c2206b1bff2655b122231
Certificate serial: 018CC94E433AD21A3B69CC19F3BF4CBCC916
Authority key identifier: CD:92:33:F6:A8:8D:08:F6:55:9C:22:06:B1:BF:F2:65:5B:12:22:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zZIz9qiNCPZVnCIGsb_yZVsSIjE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/0a116f-5a0b-4566-9f44-b837bf9d4c5f/1/MkRHfjzdt_EmaRoZX6572cfDXKI.roa
Signing time: Tue 02 Jan 2024 08:33:18 +0000
ROA not before: Tue 02 Jan 2024 08:33:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41535
IP address blocks: 109.120.162.0/24 maxlen: 24
109.120.167.0/24 maxlen: 24
109.120.172.0/24 maxlen: 24
77.221.130.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4e:43:3a:d2:1a:3b:69:cc:19:f3:bf:4c:bc:c9:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd9233f6a88d08f6559c2206b1bff2655b122231
Validity
Not Before: Jan 2 08:33:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3244477e3cddb7f126691a195fae7bd9c7c35ca2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:ca:38:3d:42:28:a0:26:d1:23:86:9c:d9:06:
d0:29:70:bd:15:12:02:a3:ea:76:ac:0f:eb:5a:68:
19:a2:0b:bf:59:98:10:6c:1f:04:c1:3a:9f:ba:6d:
d0:76:3c:a2:bb:fd:ba:27:b3:89:f6:c5:0f:6c:c1:
bb:3d:fd:d0:96:15:f8:5e:39:ae:e6:c4:47:95:77:
a4:e6:cf:b6:e7:8a:2e:7f:70:cf:61:c3:35:3d:24:
39:ba:d8:69:27:74:5e:85:fb:a2:69:52:f9:c2:62:
69:25:db:2c:e5:e9:1a:8a:fb:96:ef:9a:66:e1:2c:
1d:24:58:cf:a6:36:c1:67:09:6c:d0:f1:b5:69:49:
e1:ce:60:13:27:38:43:38:f2:fb:97:3e:7b:c5:35:
a1:a5:c9:d4:6e:0b:da:fc:9a:95:11:9a:a7:f2:9b:
b0:47:cc:30:f4:05:b2:b8:b3:28:9c:cf:20:02:c5:
a2:cf:c8:14:54:5b:a3:31:42:66:d7:83:dc:dd:75:
59:f9:51:83:01:73:d9:84:ab:d9:fe:5e:1d:a8:1b:
31:95:25:e2:42:81:a8:88:36:6a:cc:13:b6:b4:1a:
23:67:3f:3a:a3:cf:1f:33:f1:8a:5a:e1:b8:06:7f:
03:9a:ea:b8:67:03:ba:4d:34:04:62:f6:ef:6d:6b:
3e:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:44:47:7E:3C:DD:B7:F1:26:69:1A:19:5F:AE:7B:D9:C7:C3:5C:A2
X509v3 Authority Key Identifier:
keyid:CD:92:33:F6:A8:8D:08:F6:55:9C:22:06:B1:BF:F2:65:5B:12:22:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zZIz9qiNCPZVnCIGsb_yZVsSIjE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/0a116f-5a0b-4566-9f44-b837bf9d4c5f/1/MkRHfjzdt_EmaRoZX6572cfDXKI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/0a116f-5a0b-4566-9f44-b837bf9d4c5f/1/zZIz9qiNCPZVnCIGsb_yZVsSIjE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.221.130.0/24
109.120.162.0/24
109.120.167.0/24
109.120.172.0/24
Signature Algorithm: sha256WithRSAEncryption
2d:ad:4f:d8:7c:c1:4b:83:9c:3f:ca:c4:17:e6:96:de:b5:50:
36:b5:d5:f6:20:4b:9a:aa:ed:b2:41:56:1c:50:70:d4:76:5b:
73:2e:54:c0:b4:90:dd:28:e0:86:33:06:62:a3:8d:f0:ab:c3:
48:40:9c:ed:57:e1:6a:66:78:be:b2:38:35:4b:15:97:dd:5d:
b4:72:05:86:21:94:80:fb:77:3c:f8:e8:a9:cb:91:f2:01:96:
53:43:ad:3a:e3:bf:4a:e7:9c:af:bf:7d:3e:99:55:4b:a4:92:
38:c5:00:bc:e8:77:cd:6b:4b:d4:46:73:d2:b7:a1:ec:5e:f1:
20:81:88:e0:3a:bb:d1:07:6a:f7:1b:8f:46:3c:57:66:76:4c:
6e:95:44:b3:12:78:c4:ad:bc:2c:8b:3f:3b:78:70:7e:e4:82:
9e:06:5b:9e:b0:15:9a:15:d2:82:3f:c8:a7:78:df:b7:f0:ea:
43:6a:96:ab:db:dc:ed:4f:b5:2b:67:b8:fd:31:94:f6:28:13:
e7:4c:1a:32:f1:a8:01:b4:3a:3c:30:61:e5:da:a8:43:cf:3b:
c2:82:73:27:6d:17:53:0d:de:07:eb:a7:be:b2:58:cd:87:0a:
db:06:52:20:07:80:59:b9:a4:e8:96:75:c0:c4:45:4b:07:5f:
1c:b3:71:ca
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzJTkM60ho7acwZ879MvMkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkOTIzM2Y2YTg4ZDA4ZjY1NTljMjIwNmIxYmZmMjY1NWIx
MjIyMzEwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ0NDc3ZTNjZGRiN2YxMjY2OTFhMTk1ZmFlN2JkOWM3YzM1Y2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgso4PUIooCbRI4ac2QbQKXC9FRIC
o+p2rA/rWmgZogu/WZgQbB8EwTqfum3Qdjyiu/26J7OJ9sUPbMG7Pf3QlhX4Xjmu
5sRHlXek5s+254ouf3DPYcM1PSQ5uthpJ3RehfuiaVL5wmJpJdss5ekaivuW75pm
4SwdJFjPpjbBZwls0PG1aUnhzmATJzhDOPL7lz57xTWhpcnUbgva/JqVEZqn8puw
R8ww9AWyuLMonM8gAsWiz8gUVFujMUJm14Pc3XVZ+VGDAXPZhKvZ/l4dqBsxlSXi
QoGoiDZqzBO2tBojZz86o88fM/GKWuG4Bn8Dmuq4ZwO6TTQEYvbvbWs+hwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDJER3483bfxJmkaGV+ue9nHw1yiMB8GA1UdIwQY
MBaAFM2SM/aojQj2VZwiBrG/8mVbEiIxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelpJejlxaU5DUFpWbkNJR3NiX3laVnNTSWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8wYTExNmYtNWEwYi00NTY2LTlmNDQt
YjgzN2JmOWQ0YzVmLzEvTWtSSGZqemR0X0VtYVJvWlg2NTcyY2ZEWEtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8wYTExNmYtNWEwYi00NTY2LTlmNDQtYjgzN2JmOWQ0YzVm
LzEvelpJejlxaU5DUFpWbkNJR3NiX3laVnNTSWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQATd2CAwQA
bXiiAwQAbXinAwQAbXisMA0GCSqGSIb3DQEBCwUAA4IBAQAtrU/YfMFLg5w/ysQX
5pbetVA2tdX2IEuaqu2yQVYcUHDUdltzLlTAtJDdKOCGMwZio43wq8NIQJztV+Fq
Zni+sjg1SxWX3V20cgWGIZSA+3c8+Oipy5HyAZZTQ606479K55yvv30+mVVLpJI4
xQC86HfNa0vURnPSt6HsXvEggYjgOrvRB2r3G49GPFdmdkxulUSzEnjErbwsiz87
eHB+5IKeBluesBWaFdKCP8ineN+38OpDapar29ztT7UrZ7j9MZT2KBPnTBoy8agB
tDo8MGHl2qhDzzvCgnMnbRdTDd4H66e+sljNhwrbBlIgB4BZuaTolnXAxEVLB18c
s3HK
-----END CERTIFICATE-----