Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/EbmghPiY3DXYZME-xIQNiga0R84.roa
File: EbmghPiY3DXYZME-xIQNiga0R84.roa (raw, json)
Hash identifier: UTtSJZ6oj51KkIimfn4IsaPhHQ8VlsBi9kFsu/Fbu/g=
Subject key identifier: 11:B9:A0:84:F8:98:DC:35:D8:64:C1:3E:C4:84:0D:8A:06:B4:47:CE
Certificate issuer: /CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Certificate serial: 0194DD2AA39B1E40B625AC59D68F3EAD99EC
Authority key identifier: 5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/EbmghPiY3DXYZME-xIQNiga0R84.roa
Signing time: Thu 06 Feb 2025 21:29:06 +0000
ROA not before: Thu 06 Feb 2025 21:29:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42908
IP address blocks: 5.102.48.0/20 maxlen: 20
31.10.56.0/21 maxlen: 21
45.159.116.0/22 maxlen: 22
46.183.56.0/21 maxlen: 21
46.231.72.0/21 maxlen: 21
77.95.192.0/21 maxlen: 21
78.136.128.0/18 maxlen: 18
80.78.136.0/22 maxlen: 22
80.79.0.0/22 maxlen: 22
80.90.128.0/20 maxlen: 20
80.243.236.0/22 maxlen: 22
80.243.236.0/24 maxlen: 24
80.243.237.0/24 maxlen: 24
80.243.238.0/24 maxlen: 24
80.243.239.0/24 maxlen: 24
80.251.240.0/20 maxlen: 20
88.81.64.0/19 maxlen: 19
91.187.32.0/19 maxlen: 19
92.61.80.0/20 maxlen: 20
93.92.48.0/21 maxlen: 21
93.93.32.0/21 maxlen: 21
94.241.64.0/18 maxlen: 18
109.108.96.0/19 maxlen: 19
176.102.128.0/19 maxlen: 19
178.17.80.0/20 maxlen: 20
185.78.12.0/22 maxlen: 22
185.82.236.0/22 maxlen: 22
185.108.60.0/22 maxlen: 22
185.157.240.0/22 maxlen: 22
188.119.96.0/22 maxlen: 22
193.42.128.0/22 maxlen: 22
193.107.252.0/22 maxlen: 22
213.19.0.0/17 maxlen: 17
213.155.32.0/19 maxlen: 19
213.250.192.0/18 maxlen: 18
217.170.96.0/20 maxlen: 20
217.196.112.0/20 maxlen: 20
217.197.144.0/20 maxlen: 20
2001:67c:13c4::/48 maxlen: 48
2a00:e4c0::/32 maxlen: 32
2a01:9f40::/29 maxlen: 29
2a02:2088::/32 maxlen: 32
2a02:2428::/32 maxlen: 32
2a02:2588::/29 maxlen: 29
2a03:1600::/32 maxlen: 32
2a03:7a00::/32 maxlen: 32
2a03:a820::/32 maxlen: 32
2a07:cc80::/29 maxlen: 29
2a0c:8b40::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:dd:2a:a3:9b:1e:40:b6:25:ac:59:d6:8f:3e:ad:99:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d39d15bd2fcc84771ba6aa29aa54428b21cef60
Validity
Not Before: Feb 6 21:29:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=11b9a084f898dc35d864c13ec4840d8a06b447ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:28:cd:f6:c4:c0:4e:70:82:e9:54:9e:ae:9d:
de:0f:07:a5:ab:9f:c2:d8:54:da:30:ef:3d:b0:50:
b4:00:62:5a:67:00:53:40:1b:f6:a6:76:e8:30:27:
f3:cd:f7:82:aa:bb:56:bc:07:49:df:f8:52:24:93:
55:ed:3a:d0:64:d5:e6:a8:55:bd:d3:2d:bd:af:c3:
31:6f:bd:25:96:d0:37:89:5e:52:46:e4:51:4f:5e:
d8:78:a7:23:0a:95:d1:ec:f8:c7:9d:ff:69:89:95:
0f:20:69:e3:ec:2a:06:ca:2d:4e:87:3b:c7:76:98:
cb:c8:69:7a:05:8e:65:d1:2f:48:21:6c:85:69:84:
d3:c0:fe:d0:af:1c:4c:d0:4d:a6:8d:41:72:d0:ad:
a4:9e:22:dc:ab:1b:3a:f5:9b:7c:c8:2a:4a:43:d3:
88:29:88:11:d8:e3:11:9e:25:60:52:ca:20:67:e6:
9a:40:ac:7c:9b:f7:77:fd:bd:4c:e5:84:75:2e:4c:
97:c2:ea:81:46:d5:99:2d:11:c0:3e:41:0c:7d:2b:
19:82:88:48:73:bf:3b:20:76:98:8e:f2:30:c0:6e:
d2:e5:c7:dd:80:4a:97:d1:dc:02:a2:94:49:45:f1:
fa:7b:2c:0d:28:ce:0f:df:78:5e:42:c2:45:42:8a:
88:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:B9:A0:84:F8:98:DC:35:D8:64:C1:3E:C4:84:0D:8A:06:B4:47:CE
X509v3 Authority Key Identifier:
keyid:5D:39:D1:5B:D2:FC:C8:47:71:BA:6A:A2:9A:A5:44:28:B2:1C:EF:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XTnRW9L8yEdxumqimqVEKLIc72A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/EbmghPiY3DXYZME-xIQNiga0R84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/c8092e-9f8c-4718-b770-c29b44de53a8/1/XTnRW9L8yEdxumqimqVEKLIc72A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.48.0/20
31.10.56.0/21
45.159.116.0/22
46.183.56.0/21
46.231.72.0/21
77.95.192.0/21
78.136.128.0/18
80.78.136.0/22
80.79.0.0/22
80.90.128.0/20
80.243.236.0/22
80.251.240.0/20
88.81.64.0/19
91.187.32.0/19
92.61.80.0/20
93.92.48.0/21
93.93.32.0/21
94.241.64.0/18
109.108.96.0/19
176.102.128.0/19
178.17.80.0/20
185.78.12.0/22
185.82.236.0/22
185.108.60.0/22
185.157.240.0/22
188.119.96.0/22
193.42.128.0/22
193.107.252.0/22
213.19.0.0/17
213.155.32.0/19
213.250.192.0/18
217.170.96.0/20
217.196.112.0/20
217.197.144.0/20
IPv6:
2001:67c:13c4::/48
2a00:e4c0::/32
2a01:9f40::/29
2a02:2088::/32
2a02:2428::/32
2a02:2588::/29
2a03:1600::/32
2a03:7a00::/32
2a03:a820::/32
2a07:cc80::/29
2a0c:8b40::/29
Signature Algorithm: sha256WithRSAEncryption
5e:5c:d2:32:fc:9d:0f:60:5e:aa:2f:7d:66:d3:0c:9c:53:f0:
e1:a7:b7:09:fc:93:66:e7:d3:ea:c6:62:aa:ec:f7:f0:ce:02:
50:63:a2:d2:61:bf:25:c6:96:2a:23:5b:41:f5:86:11:93:b8:
9e:05:03:d7:c7:2d:67:d2:43:ae:5c:e8:5e:0c:22:51:42:59:
fa:b7:83:b8:83:b0:74:ca:45:6e:37:2f:36:29:bf:12:7b:d3:
ab:8c:a7:ef:39:2d:4a:f4:68:f9:4d:bf:01:d5:bd:89:90:27:
75:60:7d:b2:b3:d5:e9:60:3a:94:2b:57:7c:47:f6:77:af:61:
92:dd:5a:b3:d5:3f:69:55:ff:b0:71:3f:27:b6:19:96:7a:b9:
10:b2:66:64:3e:17:9c:87:ae:7a:4c:dd:90:e8:09:78:29:16:
22:b7:07:67:d3:68:e7:6f:19:20:90:4e:a3:10:76:32:5b:26:
6d:4f:88:fc:04:fe:4b:40:4f:6d:2f:cf:f2:ef:49:b4:b4:15:
f6:3b:bf:bf:ec:a0:ac:00:b2:e7:77:9e:68:9d:bc:e1:74:d6:
0c:44:15:db:17:15:07:35:5f:f0:64:09:a0:8c:78:02:37:73:
c1:bd:b9:98:ac:0a:8d:78:34:0f:86:8e:0a:94:cf:82:4a:98:
0d:97:ba:da
-----BEGIN CERTIFICATE-----
MIIGIjCCBQqgAwIBAgISAZTdKqObHkC2JaxZ1o8+rZnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMzlkMTViZDJmY2M4NDc3MWJhNmFhMjlhYTU0NDI4YjIx
Y2VmNjAwHhcNMjUwMjA2MjEyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI5YTA4NGY4OThkYzM1ZDg2NGMxM2VjNDg0MGQ4YTA2YjQ0N2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSjN9sTATnCC6VSerp3eDwelq5/C
2FTaMO89sFC0AGJaZwBTQBv2pnboMCfzzfeCqrtWvAdJ3/hSJJNV7TrQZNXmqFW9
0y29r8Mxb70lltA3iV5SRuRRT17YeKcjCpXR7PjHnf9piZUPIGnj7CoGyi1OhzvH
dpjLyGl6BY5l0S9IIWyFaYTTwP7QrxxM0E2mjUFy0K2kniLcqxs69Zt8yCpKQ9OI
KYgR2OMRniVgUsogZ+aaQKx8m/d3/b1M5YR1LkyXwuqBRtWZLRHAPkEMfSsZgohI
c787IHaYjvIwwG7S5cfdgEqX0dwCopRJRfH6eywNKM4P33heQsJFQoqIEwIDAQAB
o4IDLjCCAyowHQYDVR0OBBYEFBG5oIT4mNw12GTBPsSEDYoGtEfOMB8GA1UdIwQY
MBaAFF050VvS/MhHcbpqopqlRCiyHO9gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAt
YzI5YjQ0ZGU1M2E4LzEvRWJtZ2hQaVkzRFhZWk1FLXhJUU5pZ2EwUjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jODA5MmUtOWY4Yy00NzE4LWI3NzAtYzI5YjQ0ZGU1M2E4
LzEvWFRuUlc5TDh5RWR4dW1xaW1xVkVLTEljNzJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQgYIKwYBBQUHAQcBAf8EggExMIIBLTCB0wQCAAEwgcwD
BAQFZjADBAMfCjgDBAItn3QDBAMutzgDBAMu50gDBANNX8ADBAZOiIADBAJQTogD
BAJQTwADBARQWoADBAJQ8+wDBARQ+/ADBAVYUUADBAVbuyADBARcPVADBANdXDAD
BANdXSADBAZe8UADBAVtbGADBAWwZoADBASyEVADBAK5TgwDBAK5UuwDBAK5bDwD
BAK5nfADBAK8d2ADBALBKoADBALBa/wDBAfVEwADBAXVmyADBAbV+sADBATZqmAD
BATZxHADBATZxZAwVQQCAAIwTwMHACABBnwTxAMFACoA5MADBQMqAZ9AAwUAKgIg
iAMFACoCJCgDBQMqAiWIAwUAKgMWAAMFACoDegADBQAqA6ggAwUDKgfMgAMFAyoM
i0AwDQYJKoZIhvcNAQELBQADggEBAF5c0jL8nQ9gXqovfWbTDJxT8OGntwn8k2bn
0+rGYqrs9/DOAlBjotJhvyXGliojW0H1hhGTuJ4FA9fHLWfSQ65c6F4MIlFCWfq3
g7iDsHTKRW43LzYpvxJ706uMp+85LUr0aPlNvwHVvYmQJ3VgfbKz1elgOpQrV3xH
9nevYZLdWrPVP2lV/7BxPye2GZZ6uRCyZmQ+F5yHrnpM3ZDoCXgpFiK3B2fTaOdv
GSCQTqMQdjJbJm1PiPwE/ktAT20vz/LvSbS0FfY7v7/soKwAsud3nmidvOF01gxE
FdsXFQc1X/BkCaCMeAI3c8G9uZisCo14NA+GjgqUz4JKmA2Xuto=
-----END CERTIFICATE-----
Generated at Thu Apr 17 08:57:06 2025 by rpki-client