Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/BeWEnnSEh64jMD9SPmAtdMbC9LI.roa
File: BeWEnnSEh64jMD9SPmAtdMbC9LI.roa (raw, json)
Hash identifier: z0vUo64gFx+VexkKh+iuzjaU1rJCUWc6oQyDYRDt8hQ=
Subject key identifier: 05:E5:84:9E:74:84:87:AE:23:30:3F:52:3E:60:2D:74:C6:C2:F4:B2
Certificate issuer: /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial: 018E4F4DD6A842AD35196D509DA191B4E2F1
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/BeWEnnSEh64jMD9SPmAtdMbC9LI.roa
Signing time: Mon 18 Mar 2024 02:04:45 +0000
ROA not before: Mon 18 Mar 2024 02:04:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 37.128.248.0/22 maxlen: 24
95.82.0.0/20 maxlen: 20
95.82.0.0/21 maxlen: 24
95.82.8.0/21 maxlen: 24
95.82.32.0/21 maxlen: 21
109.111.32.0/20 maxlen: 24
109.111.52.0/22 maxlen: 24
176.221.16.0/21 maxlen: 21
176.221.20.0/22 maxlen: 24
176.221.20.0/23 maxlen: 24
176.221.24.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:4f:4d:d6:a8:42:ad:35:19:6d:50:9d:a1:91:b4:e2:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Validity
Not Before: Mar 18 02:04:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=05e5849e748487ae23303f523e602d74c6c2f4b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:23:e5:6e:cd:32:cd:53:a3:bf:10:97:74:d6:
16:86:c6:84:c4:16:2e:44:bc:3b:cf:e2:a0:ed:7b:
ab:85:aa:c9:3e:1d:95:78:86:1c:89:44:0e:d8:1d:
0b:f7:83:df:d3:d8:40:27:8e:82:68:58:13:9e:7f:
85:cf:81:74:5d:4a:15:0a:eb:d7:a3:0c:ee:40:00:
40:6a:98:36:1d:64:22:7a:83:94:b1:5a:e0:d8:3a:
e8:49:33:14:9c:52:68:3a:42:93:98:fc:c4:c9:91:
cf:61:21:51:57:7e:48:83:c5:86:ac:99:65:48:bd:
5b:e9:66:25:a6:63:b0:e0:cc:b5:10:ce:8d:94:83:
6c:5a:b4:18:54:9e:a8:e8:05:98:2f:dc:97:36:8c:
fd:9e:34:fc:19:b5:3f:63:c8:cb:b0:f9:10:f9:57:
42:68:e2:e6:f9:31:70:a7:ec:54:ba:f9:a8:c7:2b:
7e:dd:96:0a:d5:16:09:17:71:6b:cd:95:5c:2f:bd:
21:1b:ca:b6:a2:db:94:5d:f7:10:a6:85:d6:5e:f3:
bb:91:e5:aa:95:13:dd:1d:7e:dd:00:09:9e:35:a1:
97:8a:44:56:6c:7d:2d:3a:80:14:63:c3:0a:5d:6f:
44:0a:76:aa:fe:65:5c:77:99:45:78:15:30:cb:5a:
f9:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:E5:84:9E:74:84:87:AE:23:30:3F:52:3E:60:2D:74:C6:C2:F4:B2
X509v3 Authority Key Identifier:
keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/BeWEnnSEh64jMD9SPmAtdMbC9LI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.248.0/22
95.82.0.0/20
95.82.32.0/21
109.111.32.0/20
109.111.52.0/22
176.221.16.0-176.221.27.255
Signature Algorithm: sha256WithRSAEncryption
24:c7:5b:71:16:e1:26:41:83:55:f1:30:25:72:45:ce:7d:d1:
24:f8:01:d4:08:cc:57:30:df:2a:86:a8:7f:d6:93:0d:3e:90:
11:b0:9a:9f:95:9e:0d:a3:84:5f:b7:0b:e6:f1:d2:97:f9:78:
66:bc:5f:f6:85:f9:cc:43:15:18:89:c5:b0:58:bd:a8:7a:1e:
3c:96:4f:ce:97:27:d3:04:c4:1a:e4:0d:10:3e:2c:39:b4:eb:
9b:3b:a2:5c:e2:6e:af:f8:59:31:19:c4:25:31:e3:73:7b:20:
42:31:46:f3:f2:8e:c3:f3:bc:91:ca:87:67:d3:cf:89:7a:fb:
63:fe:87:a2:bb:54:f3:87:1f:28:2f:48:2e:d6:a0:f2:3a:3a:
07:a7:7b:95:bb:4e:6f:82:2e:16:08:a0:2c:30:f0:a6:23:e2:
bc:ad:02:59:fe:1b:3e:e4:e3:38:05:1f:15:e8:5e:08:7f:38:
9f:cc:0a:b3:e6:03:85:be:cc:6e:18:bd:a1:0d:24:cb:e7:4d:
09:e5:87:9b:c4:d3:58:92:9e:a3:bb:33:e6:6d:cc:12:82:d5:
c3:f7:9f:23:1b:9b:23:54:30:41:fa:a7:b7:2d:43:d0:ec:0a:
09:f4:55:fe:ab:5f:68:93:75:12:f3:25:69:f6:cd:79:35:e0:
52:40:8f:cb
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY5PTdaoQq01GW1QnaGRtOLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMzE4MDIwNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWU1ODQ5ZTc0ODQ4N2FlMjMzMDNmNTIzZTYwMmQ3NGM2YzJmNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCPlbs0yzVOjvxCXdNYWhsaExBYu
RLw7z+Kg7XurharJPh2VeIYciUQO2B0L94Pf09hAJ46CaFgTnn+Fz4F0XUoVCuvX
owzuQABAapg2HWQieoOUsVrg2DroSTMUnFJoOkKTmPzEyZHPYSFRV35Ig8WGrJll
SL1b6WYlpmOw4My1EM6NlINsWrQYVJ6o6AWYL9yXNoz9njT8GbU/Y8jLsPkQ+VdC
aOLm+TFwp+xUuvmoxyt+3ZYK1RYJF3FrzZVcL70hG8q2otuUXfcQpoXWXvO7keWq
lRPdHX7dAAmeNaGXikRWbH0tOoAUY8MKXW9ECnaq/mVcd5lFeBUwy1r5JQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFAXlhJ50hIeuIzA/Uj5gLXTGwvSyMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvQmVXRW5uU0VoNjRqTUQ5U1BtQXRkTWJDOUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQCJYD4AwQE
X1IAAwQDX1IgAwQEbW8gAwQCbW80MAwDBASw3RADBAKw3RgwDQYJKoZIhvcNAQEL
BQADggEBACTHW3EW4SZBg1XxMCVyRc590ST4AdQIzFcw3yqGqH/Wkw0+kBGwmp+V
ng2jhF+3C+bx0pf5eGa8X/aF+cxDFRiJxbBYvah6HjyWT86XJ9MExBrkDRA+LDm0
65s7olzibq/4WTEZxCUx43N7IEIxRvPyjsPzvJHKh2fTz4l6+2P+h6K7VPOHHygv
SC7WoPI6Ogene5W7Tm+CLhYIoCww8KYj4rytAln+Gz7k4zgFHxXoXgh/OJ/MCrPm
A4W+zG4YvaENJMvnTQnlh5vE01iSnqO7M+ZtzBKC1cP3nyMbmyNUMEH6p7ctQ9Ds
Cgn0Vf6rX2iTdRLzJWn2zXk14FJAj8s=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:25:39 2025 by rpki-client