Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/DOtwGbtfl6s-x4f6aE2W8WlzVNw.roa
File: DOtwGbtfl6s-x4f6aE2W8WlzVNw.roa (raw, json)
Hash identifier: ZfbdXBQ4B0vsaA9tpmB6Y8tzcJv8ZqF7FOHdCGM+Zl4=
Subject key identifier: 0C:EB:70:19:BB:5F:97:AB:3E:C7:87:FA:68:4D:96:F1:69:73:54:DC
Certificate issuer: /CN=321ec4626ecde25335aff088b04c71395ae6bc24
Certificate serial: 019427B497CB56AA3B4A637FC4262A6FD6AB
Authority key identifier: 32:1E:C4:62:6E:CD:E2:53:35:AF:F0:88:B0:4C:71:39:5A:E6:BC:24
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mh7EYm7N4lM1r_CIsExxOVrmvCQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/DOtwGbtfl6s-x4f6aE2W8WlzVNw.roa
Signing time: Thu 02 Jan 2025 15:48:54 +0000
ROA not before: Thu 02 Jan 2025 15:48:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 62217
IP address blocks: 91.212.182.0/24 maxlen: 24
91.216.93.0/24 maxlen: 24
91.220.127.0/24 maxlen: 24
91.227.220.0/22 maxlen: 22
185.43.108.0/22 maxlen: 24
194.0.252.0/24 maxlen: 24
2a01:6c60::/32 maxlen: 48
2a01:6c61::/32 maxlen: 32
2a01:6c62::/32 maxlen: 32
2a01:6c63::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b4:97:cb:56:aa:3b:4a:63:7f:c4:26:2a:6f:d6:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=321ec4626ecde25335aff088b04c71395ae6bc24
Validity
Not Before: Jan 2 15:48:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0ceb7019bb5f97ab3ec787fa684d96f1697354dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:cc:99:3b:1e:a5:cb:da:f2:1a:d2:e8:41:66:
34:d6:75:e9:c8:d2:61:01:af:16:ab:a8:7f:09:fc:
a6:89:96:6d:86:fb:08:6d:d0:df:87:12:de:40:e1:
66:70:d7:3a:23:cd:4a:1a:58:1c:8e:75:66:8f:a5:
07:10:96:17:7e:2d:b1:cb:1c:23:fb:a2:e4:3d:dc:
b0:74:0b:6d:6f:83:1c:a5:22:81:58:0d:c7:d8:2a:
15:11:ad:37:39:4a:e8:6b:71:ac:32:ea:fc:cc:10:
5d:03:a6:bf:67:ee:49:b0:51:29:7e:23:5a:29:17:
e3:ae:b6:33:37:30:29:52:fb:51:17:19:13:ff:89:
7a:8a:9a:90:df:9f:a5:b1:8c:0d:83:95:5c:75:b9:
2d:82:6f:aa:13:20:62:f8:c8:02:14:21:5a:73:d0:
c4:22:19:09:e9:d2:53:c0:df:73:72:1b:70:fb:d0:
bc:42:19:e5:6c:63:93:e3:a1:5a:bf:e7:4e:6f:c7:
f7:86:fd:a0:43:2d:cf:6b:ad:a6:34:ae:3c:0d:ab:
64:31:c3:82:60:97:7a:41:df:f2:7a:11:5f:a3:e7:
bf:74:ba:6b:31:20:ab:56:a5:38:35:63:94:d8:fd:
27:de:1b:7e:5d:b3:af:f3:2d:53:85:9c:76:52:e8:
13:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:EB:70:19:BB:5F:97:AB:3E:C7:87:FA:68:4D:96:F1:69:73:54:DC
X509v3 Authority Key Identifier:
keyid:32:1E:C4:62:6E:CD:E2:53:35:AF:F0:88:B0:4C:71:39:5A:E6:BC:24
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7EYm7N4lM1r_CIsExxOVrmvCQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/DOtwGbtfl6s-x4f6aE2W8WlzVNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/Mh7EYm7N4lM1r_CIsExxOVrmvCQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.212.182.0/24
91.216.93.0/24
91.220.127.0/24
91.227.220.0/22
185.43.108.0/22
194.0.252.0/24
IPv6:
2a01:6c60::/30
Signature Algorithm: sha256WithRSAEncryption
57:9c:b8:9e:7e:12:dc:ea:66:99:72:9c:b8:8e:ed:91:98:17:
0a:2e:d5:9b:bf:06:e2:df:4f:32:d3:73:e9:20:0a:ca:ad:1a:
cf:da:7d:e3:af:ff:3e:00:43:65:82:26:b2:ba:c0:a6:d6:db:
2d:bb:5e:10:a9:dc:75:19:6a:23:40:38:56:e1:49:51:9d:f6:
33:e9:9d:63:3d:ef:38:62:a8:97:1f:27:6c:4f:e5:44:30:b3:
87:ba:b7:dd:ca:4e:9b:70:66:c0:5d:dd:f9:3b:bb:05:2b:03:
21:08:c9:4a:1c:34:b1:7d:96:69:87:f9:2a:23:40:64:be:23:
dc:a8:ac:ee:0e:37:5b:96:dd:96:4b:fc:78:dc:4d:1c:54:f1:
88:ca:87:be:06:19:8c:b2:5c:d7:f0:e4:e9:4d:de:6f:0c:66:
12:2e:48:96:de:7b:16:6b:86:c8:e2:f2:31:16:ed:b4:01:82:
93:b0:c9:d6:ea:f5:cc:8c:19:af:2d:c9:03:24:1f:f4:c8:ac:
f5:c2:19:f3:e7:8d:33:6e:a8:f4:38:dc:cd:da:d6:4c:6a:bd:
59:99:2e:e2:56:99:50:48:d4:9a:a3:6c:d6:f9:33:af:75:2a:
c0:37:05:97:5e:6e:9b:0b:e9:14:d5:82:e8:03:20:52:fc:0c:
de:5d:8c:e1
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQntJfLVqo7SmN/xCYqb9arMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjNDYyNmVjZGUyNTMzNWFmZjA4OGIwNGM3MTM5NWFl
NmJjMjQwHhcNMjUwMTAyMTU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2ViNzAxOWJiNWY5N2FiM2VjNzg3ZmE2ODRkOTZmMTY5NzM1NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cyZOx6ly9ryGtLoQWY01nXpyNJh
Aa8Wq6h/CfymiZZthvsIbdDfhxLeQOFmcNc6I81KGlgcjnVmj6UHEJYXfi2xyxwj
+6LkPdywdAttb4McpSKBWA3H2CoVEa03OUroa3GsMur8zBBdA6a/Z+5JsFEpfiNa
KRfjrrYzNzApUvtRFxkT/4l6ipqQ35+lsYwNg5Vcdbktgm+qEyBi+MgCFCFac9DE
IhkJ6dJTwN9zchtw+9C8QhnlbGOT46Fav+dOb8f3hv2gQy3Pa62mNK48DatkMcOC
YJd6Qd/yehFfo+e/dLprMSCrVqU4NWOU2P0n3ht+XbOv8y1ThZx2UugTaQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFAzrcBm7X5erPseH+mhNlvFpc1TcMB8GA1UdIwQY
MBaAFDIexGJuzeJTNa/wiLBMcTla5rwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3RVltN040bE0xcl9DSXNFeHhPVnJtdkNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84ZTA4YjMtNDg3Yy00ODVhLTk0Nzkt
YjA4NGM3Mzg2MWI4LzEvRE90d0didGZsNnMteDRmNmFFMlc4V2x6Vk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84ZTA4YjMtNDg3Yy00ODVhLTk0NzktYjA4NGM3Mzg2MWI4
LzEvTWg3RVltN040bE0xcl9DSXNFeHhPVnJtdkNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAW9S2AwQA
W9hdAwQAW9x/AwQCW+PcAwQCuStsAwQAwgD8MA0EAgACMAcDBQIqAWxgMA0GCSqG
SIb3DQEBCwUAA4IBAQBXnLiefhLc6maZcpy4ju2RmBcKLtWbvwbi308y03PpIArK
rRrP2n3jr/8+AENlgiayusCm1tstu14Qqdx1GWojQDhW4UlRnfYz6Z1jPe84YqiX
HydsT+VEMLOHurfdyk6bcGbAXd35O7sFKwMhCMlKHDSxfZZph/kqI0BkviPcqKzu
Djdblt2WS/x43E0cVPGIyoe+BhmMslzX8OTpTd5vDGYSLkiW3nsWa4bI4vIxFu20
AYKTsMnW6vXMjBmvLckDJB/0yKz1whnz540zbqj0ONzN2tZMar1ZmS7iVplQSNSa
o2zW+TOvdSrANwWXXm6bC+kU1YLoAyBS/AzeXYzh
-----END CERTIFICATE-----
Generated at Wed Apr 9 19:58:00 2025 by rpki-client