Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/3cqGH6ZdXOe0OcqxDoO4NW7F17w.roa
File: 3cqGH6ZdXOe0OcqxDoO4NW7F17w.roa (raw, json)
Hash identifier: Nt31i60bPIGlZyaGxnJVt8mbPX8vGb5q3T66vexLV6E=
Subject key identifier: DD:CA:86:1F:A6:5D:5C:E7:B4:39:CA:B1:0E:83:B8:35:6E:C5:D7:BC
Certificate issuer: /CN=be8c0a74f47312df298a46095e47525d515854a1
Certificate serial: 018CCA98FE5FBEB87F1DA7583644DD22B898
Authority key identifier: BE:8C:0A:74:F4:73:12:DF:29:8A:46:09:5E:47:52:5D:51:58:54:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vowKdPRzEt8pikYJXkdSXVFYVKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/3cqGH6ZdXOe0OcqxDoO4NW7F17w.roa
Signing time: Tue 02 Jan 2024 14:34:33 +0000
ROA not before: Tue 02 Jan 2024 14:34:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12963
IP address blocks: 94.232.211.0/24 maxlen: 24
94.232.212.0/24 maxlen: 24
94.232.213.0/24 maxlen: 24
94.232.208.0/24 maxlen: 24
94.232.209.0/24 maxlen: 24
94.232.210.0/24 maxlen: 24
94.232.208.0/21 maxlen: 21
176.97.3.0/24 maxlen: 24
176.97.4.0/22 maxlen: 22
176.97.0.0/23 maxlen: 23
176.97.2.0/24 maxlen: 24
91.218.72.0/24 maxlen: 24
91.218.73.0/24 maxlen: 24
91.218.74.0/24 maxlen: 24
91.218.75.0/24 maxlen: 24
94.232.214.0/24 maxlen: 24
94.232.215.0/24 maxlen: 24
91.197.168.0/24 maxlen: 24
91.197.169.0/24 maxlen: 24
91.197.170.0/24 maxlen: 24
91.197.171.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:98:fe:5f:be:b8:7f:1d:a7:58:36:44:dd:22:b8:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be8c0a74f47312df298a46095e47525d515854a1
Validity
Not Before: Jan 2 14:34:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ddca861fa65d5ce7b439cab10e83b8356ec5d7bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:c5:7e:72:81:7e:a0:79:c5:8e:54:3f:a7:31:
f9:81:0c:bf:7b:82:a0:6f:7f:48:48:63:c2:95:44:
2b:36:e6:82:3b:08:eb:e0:4c:ed:42:59:b6:b5:fd:
ab:90:c7:72:27:14:23:d2:49:74:94:38:e0:b2:40:
78:44:88:f6:e7:48:c5:29:ff:39:1e:31:c7:7e:cc:
0c:a5:8a:64:53:8a:9a:72:33:5d:74:52:02:63:aa:
bb:b9:67:f4:b4:90:b4:4d:54:74:54:80:84:a6:99:
45:2e:a8:1b:17:c5:c0:a1:ed:77:61:cc:3f:c3:89:
5c:5b:87:0f:6c:90:ca:36:c6:e8:5d:ba:35:0d:1e:
85:f5:91:7f:75:a3:38:ec:6b:4f:7c:1e:33:09:a7:
e6:49:54:e3:06:e5:26:d5:4d:2f:de:a4:94:a0:15:
37:d3:75:3f:7a:a0:91:53:81:ad:02:36:af:54:9e:
2a:40:69:48:f2:5f:3b:0d:b2:b2:50:74:17:96:10:
73:39:5e:c2:40:32:ca:ba:50:0b:59:32:fb:89:74:
80:28:3c:ec:cd:09:d0:3a:b3:44:fe:2f:c1:f5:a7:
72:d3:47:64:37:8e:ac:13:01:d5:d8:5a:a1:8b:7a:
24:a7:c7:2f:8f:9b:0c:78:03:21:29:d8:23:26:92:
73:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:CA:86:1F:A6:5D:5C:E7:B4:39:CA:B1:0E:83:B8:35:6E:C5:D7:BC
X509v3 Authority Key Identifier:
keyid:BE:8C:0A:74:F4:73:12:DF:29:8A:46:09:5E:47:52:5D:51:58:54:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vowKdPRzEt8pikYJXkdSXVFYVKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/3cqGH6ZdXOe0OcqxDoO4NW7F17w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/fc80f0-5c27-4898-84ac-28e416cf11cf/1/vowKdPRzEt8pikYJXkdSXVFYVKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.197.168.0/22
91.218.72.0/22
94.232.208.0/21
176.97.0.0/21
Signature Algorithm: sha256WithRSAEncryption
17:50:95:b1:07:da:94:49:cb:a8:e1:a0:89:e2:ab:ec:9b:d1:
30:c0:ef:1b:7d:c0:99:f4:9d:2b:56:28:aa:1d:1f:4f:30:91:
13:03:6f:36:9c:15:07:46:c9:3b:94:8d:b2:25:71:73:c5:58:
a0:67:e8:fc:b2:97:4c:30:59:86:e8:5b:80:24:aa:59:ce:3e:
42:0c:28:95:00:5f:42:99:a1:83:cc:f4:be:7c:e5:09:66:d0:
25:54:9d:19:ca:c8:11:87:7c:14:57:f3:0d:a7:a1:77:20:9b:
2c:76:76:45:68:2a:a2:19:00:e2:8d:10:fd:09:13:89:1a:21:
bc:37:e8:0d:d0:60:68:0f:cb:05:50:fa:ef:78:8c:a9:03:cc:
cc:02:bd:59:56:2e:8c:1f:d5:ab:6e:d1:ce:cd:2b:dc:6c:44:
4d:23:b0:5f:b9:8f:9d:9d:e4:88:aa:be:51:7d:16:5f:d6:2f:
a2:9e:b1:c5:ce:32:55:49:fd:49:f1:8f:13:60:62:9a:2f:95:
35:15:91:f7:ff:4a:49:16:32:3c:35:a7:ff:35:07:c7:a7:89:
bb:60:23:74:0b:39:5a:b6:2c:26:7e:bf:ea:0f:bd:35:8e:cc:
41:c1:5c:3a:c8:b7:e1:4c:f7:b8:da:ba:49:2d:c3:d1:58:68:
86:79:36:fc
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzKmP5fvrh/HadYNkTdIriYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlOGMwYTc0ZjQ3MzEyZGYyOThhNDYwOTVlNDc1MjVkNTE1
ODU0YTEwHhcNMjQwMTAyMTQzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGNhODYxZmE2NWQ1Y2U3YjQzOWNhYjEwZTgzYjgzNTZlYzVkN2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MV+coF+oHnFjlQ/pzH5gQy/e4Kg
b39ISGPClUQrNuaCOwjr4EztQlm2tf2rkMdyJxQj0kl0lDjgskB4RIj250jFKf85
HjHHfswMpYpkU4qacjNddFICY6q7uWf0tJC0TVR0VICEpplFLqgbF8XAoe13Ycw/
w4lcW4cPbJDKNsboXbo1DR6F9ZF/daM47GtPfB4zCafmSVTjBuUm1U0v3qSUoBU3
03U/eqCRU4GtAjavVJ4qQGlI8l87DbKyUHQXlhBzOV7CQDLKulALWTL7iXSAKDzs
zQnQOrNE/i/B9ady00dkN46sEwHV2Fqhi3okp8cvj5sMeAMhKdgjJpJzuwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN3Khh+mXVzntDnKsQ6DuDVuxde8MB8GA1UdIwQY
MBaAFL6MCnT0cxLfKYpGCV5HUl1RWFShMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm93S2RQUnpFdDhwaWtZSlhrZFNYVkZZVktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9mYzgwZjAtNWMyNy00ODk4LTg0YWMt
MjhlNDE2Y2YxMWNmLzEvM2NxR0g2WmRYT2UwT2NxeERvTzROVzdGMTd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9mYzgwZjAtNWMyNy00ODk4LTg0YWMtMjhlNDE2Y2YxMWNm
LzEvdm93S2RQUnpFdDhwaWtZSlhrZFNYVkZZVktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8WoAwQC
W9pIAwQDXujQAwQDsGEAMA0GCSqGSIb3DQEBCwUAA4IBAQAXUJWxB9qUScuo4aCJ
4qvsm9EwwO8bfcCZ9J0rViiqHR9PMJETA282nBUHRsk7lI2yJXFzxVigZ+j8spdM
MFmG6FuAJKpZzj5CDCiVAF9CmaGDzPS+fOUJZtAlVJ0ZysgRh3wUV/MNp6F3IJss
dnZFaCqiGQDijRD9CROJGiG8N+gN0GBoD8sFUPrveIypA8zMAr1ZVi6MH9WrbtHO
zSvcbERNI7BfuY+dneSIqr5RfRZf1i+inrHFzjJVSf1J8Y8TYGKaL5U1FZH3/0pJ
FjI8Naf/NQfHp4m7YCN0Czlatiwmfr/qD701jsxBwVw6yLfhTPe42rpJLcPRWGiG
eTb8
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:46:34 2025 by rpki-client