Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/CGIluw5b3rFNq3TYcrDu-mJjjcY.roa
File: CGIluw5b3rFNq3TYcrDu-mJjjcY.roa (raw, json)
Hash identifier: 7XYO0sh+h2BXkgYXdxURNA8WGt1oRVxjTX46cE0gy/o=
Subject key identifier: 08:62:25:BB:0E:5B:DE:B1:4D:AB:74:D8:72:B0:EE:FA:62:63:8D:C6
Certificate issuer: /CN=b194f0304eedd363c6622fd91c59b10871aa3044
Certificate serial: 0194221F74D0D2D9487CEC159E1B17ADFCD8
Authority key identifier: B1:94:F0:30:4E:ED:D3:63:C6:62:2F:D9:1C:59:B1:08:71:AA:30:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/CGIluw5b3rFNq3TYcrDu-mJjjcY.roa
Signing time: Wed 01 Jan 2025 13:47:54 +0000
ROA not before: Wed 01 Jan 2025 13:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30870
IP address blocks: 87.101.8.0/21 maxlen: 21
171.25.179.0/24 maxlen: 24
185.40.56.0/22 maxlen: 24
185.108.116.0/22 maxlen: 24
194.30.160.0/24 maxlen: 24
2a01:4d60::/32 maxlen: 48
2a06:4a80::/29 maxlen: 40
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:74:d0:d2:d9:48:7c:ec:15:9e:1b:17:ad:fc:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b194f0304eedd363c6622fd91c59b10871aa3044
Validity
Not Before: Jan 1 13:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=086225bb0e5bdeb14dab74d872b0eefa62638dc6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:9e:21:8b:ba:48:6f:8f:e0:72:e1:12:4f:27:
67:a5:04:ab:18:d4:d6:4c:46:38:21:5a:d9:11:cf:
65:b0:de:76:6c:13:3d:f3:97:8f:bf:39:b4:d4:34:
fe:87:31:22:67:3b:12:2d:f9:e2:14:01:c6:e5:24:
ea:d9:d5:a8:4f:a2:b7:df:49:52:5a:e5:d6:68:5e:
53:32:9c:2f:89:0c:aa:1f:3b:cd:85:a7:f3:d7:ee:
a4:bb:f5:bd:a9:8d:2d:00:31:7a:25:1d:49:f4:69:
dd:6a:b1:6c:ce:21:7c:53:17:9d:ae:8e:82:86:eb:
bc:d5:18:52:6e:92:5b:81:2d:be:84:3b:f9:56:71:
13:1d:ab:0e:b3:d6:57:50:66:ec:f6:d1:98:f5:24:
ac:e0:15:e1:80:d3:7b:bd:0c:44:a6:b8:9b:84:62:
da:19:9d:c3:72:e3:52:08:ef:08:5c:c7:59:13:2b:
a6:13:38:92:bb:a1:11:c5:45:f3:97:c4:28:15:06:
75:e8:e7:eb:6e:9d:38:04:0d:85:83:17:57:b3:8b:
5f:c2:72:96:cd:52:cf:68:be:62:75:22:da:de:ce:
cb:48:38:91:5d:3b:11:8f:4a:e3:df:96:b7:12:ab:
bc:99:ef:4d:45:02:f6:85:0a:f3:76:5d:2d:9e:66:
4a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:62:25:BB:0E:5B:DE:B1:4D:AB:74:D8:72:B0:EE:FA:62:63:8D:C6
X509v3 Authority Key Identifier:
keyid:B1:94:F0:30:4E:ED:D3:63:C6:62:2F:D9:1C:59:B1:08:71:AA:30:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/CGIluw5b3rFNq3TYcrDu-mJjjcY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/sZTwME7t02PGYi_ZHFmxCHGqMEQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.101.8.0/21
171.25.179.0/24
185.40.56.0/22
185.108.116.0/22
194.30.160.0/24
IPv6:
2a01:4d60::/32
2a06:4a80::/29
Signature Algorithm: sha256WithRSAEncryption
7a:b4:e1:d4:8d:a9:73:75:d8:7d:7e:39:f0:9c:dd:4b:b6:80:
37:89:4c:01:aa:4e:10:11:fb:36:94:67:79:07:49:d5:a0:90:
bb:2b:ae:ad:c3:08:48:c6:31:fd:d8:8a:20:70:8e:c0:06:be:
a3:01:11:89:09:f2:d8:12:32:a2:5f:a1:ff:81:e8:2d:0c:a6:
59:41:e4:a5:23:ee:b7:fc:b6:dd:13:15:a9:50:30:81:ff:20:
a1:a3:e8:80:74:79:30:65:d3:82:6c:f8:a3:de:82:e6:13:db:
c1:a4:b4:f7:e3:87:9d:4b:1f:ff:12:f2:e2:d7:4a:dc:72:7e:
84:d5:b5:96:66:d7:15:a8:2f:65:ef:46:de:fa:68:56:61:27:
fe:fa:5d:82:d0:c3:f1:29:09:b1:b0:37:08:06:ae:02:71:0b:
ce:f8:b7:02:f0:7f:5d:cf:d5:cf:78:a4:f5:89:86:28:f8:8e:
16:6d:65:c3:b9:30:5a:35:f6:df:54:49:b9:7a:96:2d:9f:69:
3f:b5:e1:c9:66:0c:5f:e6:f8:66:89:09:eb:d2:68:3d:46:2a:
a1:c0:70:e8:86:d5:e3:23:df:96:23:ab:b8:89:a9:b7:ed:b0:
90:63:9c:cc:b8:d2:5a:0c:1e:bb:bf:fa:1b:5d:f1:c2:5a:d6:
77:a6:5b:6b
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQiH3TQ0tlIfOwVnhsXrfzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOTRmMDMwNGVlZGQzNjNjNjYyMmZkOTFjNTliMTA4NzFh
YTMwNDQwHhcNMjUwMTAxMTM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYyMjViYjBlNWJkZWIxNGRhYjc0ZDg3MmIwZWVmYTYyNjM4ZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZ4hi7pIb4/gcuESTydnpQSrGNTW
TEY4IVrZEc9lsN52bBM985ePvzm01DT+hzEiZzsSLfniFAHG5STq2dWoT6K330lS
WuXWaF5TMpwviQyqHzvNhafz1+6ku/W9qY0tADF6JR1J9GndarFsziF8Uxedro6C
huu81RhSbpJbgS2+hDv5VnETHasOs9ZXUGbs9tGY9SSs4BXhgNN7vQxEpribhGLa
GZ3DcuNSCO8IXMdZEyumEziSu6ERxUXzl8QoFQZ16Ofrbp04BA2FgxdXs4tfwnKW
zVLPaL5idSLa3s7LSDiRXTsRj0rj35a3Equ8me9NRQL2hQrzdl0tnmZK8QIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFAhiJbsOW96xTat02HKw7vpiY43GMB8GA1UdIwQY
MBaAFLGU8DBO7dNjxmIv2RxZsQhxqjBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1pUd01FN3QwMlBHWWlfWkhGbXhDSEdxTUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kZjg0YTctNzJjOS00YTJmLTgxMTUt
YWZiZGJkYWQ1OGE1LzEvQ0dJbHV3NWIzckZOcTNUWWNyRHUtbUpqamNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kZjg0YTctNzJjOS00YTJmLTgxMTUtYWZiZGJkYWQ1OGE1
LzEvc1pUd01FN3QwMlBHWWlfWkhGbXhDSEdxTUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDV2UIAwQA
qxmzAwQCuSg4AwQCuWx0AwQAwh6gMBQEAgACMA4DBQAqAU1gAwUDKgZKgDANBgkq
hkiG9w0BAQsFAAOCAQEAerTh1I2pc3XYfX458JzdS7aAN4lMAapOEBH7NpRneQdJ
1aCQuyuurcMISMYx/diKIHCOwAa+owERiQny2BIyol+h/4HoLQymWUHkpSPut/y2
3RMVqVAwgf8goaPogHR5MGXTgmz4o96C5hPbwaS09+OHnUsf/xLy4tdK3HJ+hNW1
lmbXFagvZe9G3vpoVmEn/vpdgtDD8SkJsbA3CAauAnELzvi3AvB/Xc/Vz3ik9YmG
KPiOFm1lw7kwWjX231RJuXqWLZ9pP7XhyWYMX+b4ZokJ69JoPUYqocBw6IbV4yPf
liOruImpt+2wkGOczLjSWgweu7/6G13xwlrWd6Zbaw==
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:33:41 2025 by rpki-client