Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/bnhnwGtxHINXcM631Yss2WLwBb0.roa
File: bnhnwGtxHINXcM631Yss2WLwBb0.roa (raw, json)
Hash identifier: vy0q+FDPe1MhIaUoThi0JFBnA0yafPxZ75/c6oik+Pc=
Subject key identifier: 6E:78:67:C0:6B:71:1C:83:57:70:CE:B7:D5:8B:2C:D9:62:F0:05:BD
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0194258F8DFF41A8A9FB02A6BBDDF2E00E4D
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/bnhnwGtxHINXcM631Yss2WLwBb0.roa
Signing time: Thu 02 Jan 2025 05:49:12 +0000
ROA not before: Thu 02 Jan 2025 05:49:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56871
IP address blocks: 86.104.132.0/23 maxlen: 23
89.42.232.0/24 maxlen: 24
89.42.233.0/24 maxlen: 24
89.44.100.0/23 maxlen: 23
89.45.92.0/24 maxlen: 24
89.45.93.0/24 maxlen: 24
185.104.196.0/22 maxlen: 22
188.213.233.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:8d:ff:41:a8:a9:fb:02:a6:bb:dd:f2:e0:0e:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Jan 2 05:49:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6e7867c06b711c835770ceb7d58b2cd962f005bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:24:1f:d0:0a:95:49:80:1e:c6:50:d5:5f:d6:
52:33:0f:31:59:55:27:d7:16:68:48:e2:4d:82:f1:
d8:47:e7:3b:60:94:ee:6b:db:aa:82:ad:f3:5b:1d:
e7:48:74:9c:6c:d6:6a:6a:c3:80:2a:fd:e4:70:5c:
0f:e4:42:1f:44:94:43:fa:40:61:d6:10:06:50:19:
31:b7:ca:78:38:fc:a5:a0:34:f5:83:4c:0c:2f:82:
58:73:a9:e9:64:0d:79:a4:52:09:30:32:d0:e6:19:
21:d0:a6:68:af:15:e9:2c:5a:8c:34:e0:3f:e9:46:
31:4e:f7:f5:fa:df:34:63:95:08:03:c6:7f:1e:5b:
52:5d:82:19:e9:b8:34:85:8f:b0:d3:65:04:75:f9:
06:02:56:24:a8:93:c3:0d:5b:fe:9f:a5:45:5b:5c:
d9:f8:e3:81:60:87:7c:ed:12:ae:3b:0d:33:26:7d:
f0:37:b9:f1:4a:ee:84:79:51:f4:2d:57:3a:44:a6:
5a:14:4d:d6:a8:82:f9:57:7b:6b:43:58:52:d6:f5:
3b:77:e2:dc:0b:70:23:62:b2:dc:1a:9f:11:60:1b:
5d:1d:1f:65:af:57:79:13:1a:a6:4c:7e:86:39:5c:
6c:6a:b1:8d:78:d7:49:ac:c6:f9:92:4b:6d:57:b3:
91:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:78:67:C0:6B:71:1C:83:57:70:CE:B7:D5:8B:2C:D9:62:F0:05:BD
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/bnhnwGtxHINXcM631Yss2WLwBb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.132.0/23
89.42.232.0/23
89.44.100.0/23
89.45.92.0/23
185.104.196.0/22
188.213.233.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:59:4f:b6:d0:cb:6f:e6:a8:d6:7a:c9:9d:6f:97:95:28:cb:
5b:c8:cb:a5:a2:b6:88:20:db:a0:07:7e:05:80:bd:47:52:ab:
9a:8a:a5:b4:17:9b:a9:00:fd:03:b5:81:e3:f9:26:81:ab:96:
0c:5f:42:15:b9:f9:e3:d3:1c:1e:e3:ed:16:b1:a9:0d:dd:5c:
f5:ee:c4:c8:78:ee:f2:31:95:bb:dd:0a:d8:25:c8:6f:2b:9b:
01:21:68:d6:36:b1:a0:fa:47:de:f1:df:be:67:9b:5f:7d:23:
9b:2f:44:89:d3:71:93:05:eb:cf:8e:c6:cf:60:d2:9c:87:76:
57:f5:2a:8a:f9:fd:2a:de:af:cb:98:6a:74:9f:2c:5f:79:db:
05:b4:cf:bf:bc:61:62:fb:2d:79:6f:ce:12:56:21:57:2d:27:
76:8b:27:05:8b:34:20:42:38:a6:b3:78:9a:6c:b8:11:a1:bd:
0c:9c:ff:57:8d:e9:d8:83:4d:0a:29:a8:03:52:25:bf:81:e9:
b3:c6:4a:93:2c:8b:ba:d4:27:e8:04:89:c2:09:82:f6:51:f8:
3f:32:8e:42:7f:17:49:6d:dc:0d:78:f6:53:92:c3:2f:8d:c3:
83:4a:5d:41:68:e1:7d:58:4a:a1:b2:b1:6c:41:75:65:f6:cc:
76:ae:c3:9e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQlj43/Qaip+wKmu93y4A5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc4NjdjMDZiNzExYzgzNTc3MGNlYjdkNThiMmNkOTYyZjAwNWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriQf0AqVSYAexlDVX9ZSMw8xWVUn
1xZoSOJNgvHYR+c7YJTua9uqgq3zWx3nSHScbNZqasOAKv3kcFwP5EIfRJRD+kBh
1hAGUBkxt8p4OPyloDT1g0wML4JYc6npZA15pFIJMDLQ5hkh0KZorxXpLFqMNOA/
6UYxTvf1+t80Y5UIA8Z/HltSXYIZ6bg0hY+w02UEdfkGAlYkqJPDDVv+n6VFW1zZ
+OOBYId87RKuOw0zJn3wN7nxSu6EeVH0LVc6RKZaFE3WqIL5V3trQ1hS1vU7d+Lc
C3AjYrLcGp8RYBtdHR9lr1d5ExqmTH6GOVxsarGNeNdJrMb5kkttV7OR/wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFG54Z8BrcRyDV3DOt9WLLNli8AW9MB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvYm5obndHdHhISU5YY002MzFZc3MyV0x3QmIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBVmiEAwQB
WSroAwQBWSxkAwQBWS1cAwQCuWjEAwQAvNXpMA0GCSqGSIb3DQEBCwUAA4IBAQBf
WU+20Mtv5qjWesmdb5eVKMtbyMuloraIINugB34FgL1HUquaiqW0F5upAP0DtYHj
+SaBq5YMX0IVufnj0xwe4+0WsakN3Vz17sTIeO7yMZW73QrYJchvK5sBIWjWNrGg
+kfe8d++Z5tffSObL0SJ03GTBevPjsbPYNKch3ZX9SqK+f0q3q/LmGp0nyxfedsF
tM+/vGFi+y15b84SViFXLSd2iycFizQgQjims3iabLgRob0MnP9XjenYg00KKagD
UiW/gemzxkqTLIu61CfoBInCCYL2Ufg/Mo5CfxdJbdwNePZTksMvjcODSl1BaOF9
WEqhsrFsQXVl9sx2rsOe
-----END CERTIFICATE-----
Generated at Sat Apr 5 04:39:25 2025 by rpki-client