Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/NCPzn1GpZq4vT4gRDeBcmpEUhRQ.roa
File: NCPzn1GpZq4vT4gRDeBcmpEUhRQ.roa (raw, json)
Hash identifier: Vq8Q1+OKJnlcLx/yX0O6NcYNdeQRXSpw2T1WMWL6+Zw=
Subject key identifier: 34:23:F3:9F:51:A9:66:AE:2F:4F:88:11:0D:E0:5C:9A:91:14:85:14
Certificate issuer: /CN=9c67ea34a011a4773871583ec3954e791d8c028d
Certificate serial: 01942444C5EFA17B44732A24221D71669361
Authority key identifier: 9C:67:EA:34:A0:11:A4:77:38:71:58:3E:C3:95:4E:79:1D:8C:02:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/NCPzn1GpZq4vT4gRDeBcmpEUhRQ.roa
Signing time: Wed 01 Jan 2025 23:47:54 +0000
ROA not before: Wed 01 Jan 2025 23:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205314
IP address blocks: 91.224.164.0/24 maxlen: 24
185.138.20.0/22 maxlen: 22
2a12:ddc0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:c5:ef:a1:7b:44:73:2a:24:22:1d:71:66:93:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c67ea34a011a4773871583ec3954e791d8c028d
Validity
Not Before: Jan 1 23:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3423f39f51a966ae2f4f88110de05c9a91148514
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:f9:2b:b0:9e:44:d0:e9:76:b8:58:e3:53:00:
2b:63:98:a3:73:88:e5:15:14:8c:fe:1e:f7:20:22:
67:f2:d4:46:e4:ef:c9:b9:6d:80:e9:43:c3:b0:f5:
d5:7b:87:c0:b9:06:04:10:5f:28:80:31:78:54:28:
2e:ba:d6:26:b4:73:44:6c:a1:a1:d4:31:44:38:81:
5f:cf:0d:de:e1:e2:9b:8f:65:6b:23:59:5c:9b:31:
7c:0b:80:e6:99:f8:6a:43:cd:86:58:d2:cb:a0:40:
29:b4:d4:ed:b7:9a:bd:22:fc:af:2b:5e:2b:76:cd:
75:29:63:0d:11:2e:be:5f:9d:5b:7a:e7:74:e4:a7:
57:7f:d5:6b:b8:52:fb:4f:9e:f5:5f:cf:74:29:c5:
46:d0:55:39:a0:aa:49:96:74:8f:49:85:b4:3f:51:
ea:f5:3f:e7:e3:9b:35:f5:10:ae:e0:71:00:f8:04:
cb:2a:37:18:33:0e:33:d8:34:3f:32:31:eb:cc:c8:
f9:7e:af:61:6c:d0:3b:27:9e:6e:3e:8f:92:84:e2:
76:d0:2d:68:aa:36:15:a7:1f:f5:26:11:b4:f7:52:
1a:30:fa:fe:1f:02:89:1a:ea:6b:eb:d3:36:64:2f:
9d:ee:33:d1:3a:80:c7:90:19:4c:0b:04:6c:57:f5:
10:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:23:F3:9F:51:A9:66:AE:2F:4F:88:11:0D:E0:5C:9A:91:14:85:14
X509v3 Authority Key Identifier:
keyid:9C:67:EA:34:A0:11:A4:77:38:71:58:3E:C3:95:4E:79:1D:8C:02:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/NCPzn1GpZq4vT4gRDeBcmpEUhRQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/nGfqNKARpHc4cVg-w5VOeR2MAo0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.224.164.0/24
185.138.20.0/22
IPv6:
2a12:ddc0::/29
Signature Algorithm: sha256WithRSAEncryption
17:a9:c1:17:4d:4c:6b:79:d0:b6:60:f7:1e:dd:e6:2a:53:1f:
1b:e8:ec:41:07:60:d8:ac:6f:a2:90:48:96:39:eb:66:4b:0c:
12:f2:01:99:bc:b6:74:11:a9:92:5d:d2:9c:84:18:9f:38:b5:
e0:74:b5:29:55:60:bb:08:dd:9e:64:c6:56:70:67:9f:00:26:
e8:1d:30:59:92:38:9c:aa:e1:40:f1:af:a6:6e:4c:a6:c7:0d:
3a:ef:63:a4:b5:35:b0:a3:eb:37:38:88:6c:1b:e9:f5:47:40:
7d:dc:8b:12:f6:5d:84:3c:0a:0e:f5:8f:43:2b:c6:91:d8:08:
6a:b1:25:b4:94:fd:dc:96:5f:df:bc:45:8d:5d:95:56:76:88:
d9:13:6f:be:49:5a:e5:d7:20:2f:52:99:a6:89:0b:bb:c2:17:
86:e7:12:59:13:b9:b9:bb:99:8e:35:e6:d9:71:04:4b:41:a3:
c7:8c:4f:73:0f:72:d9:66:6e:0b:bd:7c:80:29:ea:23:64:8f:
30:0c:77:3f:0d:65:aa:e9:85:33:90:73:0a:2b:65:6a:43:5a:
d4:63:ca:e7:cc:38:79:ff:80:01:cc:b8:ef:fa:13:85:f5:f2:
8d:c9:c7:8d:59:18:37:3d:d3:ac:b1:e4:ec:11:59:12:36:c1:
30:4e:1b:c2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRMXvoXtEcyokIh1xZpNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNjdlYTM0YTAxMWE0NzczODcxNTgzZWMzOTU0ZTc5MWQ4
YzAyOGQwHhcNMjUwMTAxMjM0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDIzZjM5ZjUxYTk2NmFlMmY0Zjg4MTEwZGUwNWM5YTkxMTQ4NTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvkrsJ5E0Ol2uFjjUwArY5ijc4jl
FRSM/h73ICJn8tRG5O/JuW2A6UPDsPXVe4fAuQYEEF8ogDF4VCguutYmtHNEbKGh
1DFEOIFfzw3e4eKbj2VrI1lcmzF8C4DmmfhqQ82GWNLLoEAptNTtt5q9IvyvK14r
ds11KWMNES6+X51beud05KdXf9VruFL7T571X890KcVG0FU5oKpJlnSPSYW0P1Hq
9T/n45s19RCu4HEA+ATLKjcYMw4z2DQ/MjHrzMj5fq9hbNA7J55uPo+ShOJ20C1o
qjYVpx/1JhG091IaMPr+HwKJGupr69M2ZC+d7jPROoDHkBlMCwRsV/UQ1wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDQj859RqWauL0+IEQ3gXJqRFIUUMB8GA1UdIwQY
MBaAFJxn6jSgEaR3OHFYPsOVTnkdjAKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkdmcU5LQVJwSGM0Y1ZnLXc1Vk9lUjJNQW8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84NjY5ZDMtNzZjZC00Y2IwLTgyNzgt
ODJjNjdjNjllOTIzLzEvTkNQem4xR3BacTR2VDRnUkRlQmNtcEVVaFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84NjY5ZDMtNzZjZC00Y2IwLTgyNzgtODJjNjdjNjllOTIz
LzEvbkdmcU5LQVJwSGM0Y1ZnLXc1Vk9lUjJNQW8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+CkAwQC
uYoUMA0EAgACMAcDBQMqEt3AMA0GCSqGSIb3DQEBCwUAA4IBAQAXqcEXTUxredC2
YPce3eYqUx8b6OxBB2DYrG+ikEiWOetmSwwS8gGZvLZ0EamSXdKchBifOLXgdLUp
VWC7CN2eZMZWcGefACboHTBZkjicquFA8a+mbkymxw0672OktTWwo+s3OIhsG+n1
R0B93IsS9l2EPAoO9Y9DK8aR2AhqsSW0lP3cll/fvEWNXZVWdojZE2++SVrl1yAv
UpmmiQu7wheG5xJZE7m5u5mONebZcQRLQaPHjE9zD3LZZm4LvXyAKeojZI8wDHc/
DWWq6YUzkHMKK2VqQ1rUY8rnzDh5/4ABzLjv+hOF9fKNyceNWRg3PdOsseTsEVkS
NsEwThvC
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:48:54 2025 by rpki-client