Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/d97287-fd01-4a10-909e-c3f257eb20cc/1/bnsQj5mqVs-TVW7cq9w3IqgqbNU.roa
File: bnsQj5mqVs-TVW7cq9w3IqgqbNU.roa (raw, json)
Hash identifier: tDs7JjbcozWgUNWdayGssmSfPQQcIrdPlIm4fCpaU9w=
Subject key identifier: 6E:7B:10:8F:99:AA:56:CF:93:55:6E:DC:AB:DC:37:22:A8:2A:6C:D5
Certificate issuer: /CN=c08d735f346c4fc42a4792ce33808a2210a82bb5
Certificate serial: 0184657786D3526C3EB7B1CEB92C7FB36979
Authority key identifier: C0:8D:73:5F:34:6C:4F:C4:2A:47:92:CE:33:80:8A:22:10:A8:2B:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wI1zXzRsT8QqR5LOM4CKIhCoK7U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/d97287-fd01-4a10-909e-c3f257eb20cc/1/bnsQj5mqVs-TVW7cq9w3IqgqbNU.roa
Signing time: Fri 11 Nov 2022 06:54:02 +0000
ROA not before: Fri 11 Nov 2022 06:54:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60721
IP address blocks: 77.37.92.0/24 maxlen: 24
77.37.95.0/24 maxlen: 24
93.127.164.0/24 maxlen: 24
93.127.169.0/24 maxlen: 24
93.127.171.0/24 maxlen: 24
77.37.40.0/24 maxlen: 24
93.127.179.0/24 maxlen: 24
77.37.58.0/24 maxlen: 24
93.127.191.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:65:77:86:d3:52:6c:3e:b7:b1:ce:b9:2c:7f:b3:69:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c08d735f346c4fc42a4792ce33808a2210a82bb5
Validity
Not Before: Nov 11 06:54:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6e7b108f99aa56cf93556edcabdc3722a82a6cd5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:ce:c0:78:6a:69:a1:26:13:f4:f6:af:da:1f:
ba:f1:7b:f7:d7:3a:4f:9a:cf:f2:90:4d:78:aa:03:
c8:80:13:33:3f:02:ff:19:fa:d3:8a:d2:50:8a:23:
b8:87:1a:01:01:99:91:a5:e9:fa:ba:17:df:33:ce:
36:43:3c:02:b6:80:8b:f0:9d:e0:d0:b4:34:85:cd:
8b:db:e7:3a:85:ab:b0:97:dd:09:4d:eb:3c:ba:22:
c2:e3:4a:ec:6d:7a:d2:2e:d3:83:0a:95:ac:62:5c:
e1:b4:d3:3d:da:95:e6:d5:7a:fb:01:47:88:a7:bd:
ff:5a:62:f8:94:68:0a:5f:a6:ad:88:26:77:cd:61:
2f:a2:a6:ee:12:18:12:13:e8:f9:9a:f5:11:81:e3:
c0:d6:1e:82:08:b4:fa:6b:80:9c:30:01:e4:fc:ed:
c4:43:d4:d2:4e:8e:c6:0d:c0:a7:0d:93:c6:b0:9b:
57:ae:8d:3b:b9:cf:b7:b2:85:23:a1:71:4b:ff:e5:
9e:1f:00:a3:8b:21:b7:68:20:a3:4d:22:13:95:bb:
ba:9d:9f:4c:f5:39:ff:a5:eb:22:c4:5b:d8:14:60:
13:f8:8b:b5:55:ef:9a:69:78:a0:c4:78:ce:d2:f1:
ac:87:e0:1d:c6:98:a2:da:dc:25:98:5b:24:d1:9b:
60:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:7B:10:8F:99:AA:56:CF:93:55:6E:DC:AB:DC:37:22:A8:2A:6C:D5
X509v3 Authority Key Identifier:
keyid:C0:8D:73:5F:34:6C:4F:C4:2A:47:92:CE:33:80:8A:22:10:A8:2B:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wI1zXzRsT8QqR5LOM4CKIhCoK7U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d97287-fd01-4a10-909e-c3f257eb20cc/1/bnsQj5mqVs-TVW7cq9w3IqgqbNU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d97287-fd01-4a10-909e-c3f257eb20cc/1/wI1zXzRsT8QqR5LOM4CKIhCoK7U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.37.40.0/24
77.37.58.0/24
77.37.92.0/24
77.37.95.0/24
93.127.164.0/24
93.127.169.0/24
93.127.171.0/24
93.127.179.0/24
93.127.191.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:30:4a:27:f7:d7:06:10:a6:9d:35:6b:87:8c:5c:98:ab:55:
ef:8b:4a:8d:e6:e0:c5:15:af:49:36:23:c7:c7:c2:1c:52:6c:
4f:7e:66:84:27:1f:15:31:55:66:61:e5:83:cc:8e:e5:e0:ef:
6d:08:ad:ac:d9:1c:b4:3c:b9:42:f8:6d:9f:99:0d:8e:4c:29:
63:63:56:d4:b7:a9:b4:89:5d:02:c9:91:36:6d:bc:7b:4f:cf:
29:14:1c:19:13:dc:a8:6d:e1:ec:96:51:d9:40:d5:7f:ae:a5:
73:d7:61:e3:f0:03:2c:df:c4:42:68:28:39:d9:3c:04:20:47:
6b:9d:95:40:fb:5f:4c:58:6c:35:a4:0f:6d:0d:12:b8:c5:b0:
34:20:f1:47:18:e8:28:83:3e:51:a8:bf:4a:19:38:ce:bb:42:
aa:b0:75:3c:63:30:ec:d2:69:ca:d2:c4:ce:26:c0:2d:16:d0:
d1:cc:20:72:4a:19:8b:00:99:c9:61:e2:ce:c2:89:3c:51:f7:
0a:ab:cd:36:b6:27:a9:14:03:3f:20:67:c5:0e:95:8c:0e:e8:
8a:e1:d9:22:8e:42:a4:8d:25:09:df:ec:5b:cf:64:f5:b2:c5:
3d:e9:2f:80:25:82:42:4b:5e:63:2e:f6:49:87:8f:f2:2a:64:
ae:f8:39:10
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYRld4bTUmw+t7HOuSx/s2l5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwOGQ3MzVmMzQ2YzRmYzQyYTQ3OTJjZTMzODA4YTIyMTBh
ODJiYjUwHhcNMjIxMTExMDY1NDAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTdiMTA4Zjk5YWE1NmNmOTM1NTZlZGNhYmRjMzcyMmE4MmE2Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc7AeGppoSYT9Pav2h+68Xv31zpP
ms/ykE14qgPIgBMzPwL/GfrTitJQiiO4hxoBAZmRpen6uhffM842QzwCtoCL8J3g
0LQ0hc2L2+c6hauwl90JTes8uiLC40rsbXrSLtODCpWsYlzhtNM92pXm1Xr7AUeI
p73/WmL4lGgKX6atiCZ3zWEvoqbuEhgSE+j5mvURgePA1h6CCLT6a4CcMAHk/O3E
Q9TSTo7GDcCnDZPGsJtXro07uc+3soUjoXFL/+WeHwCjiyG3aCCjTSITlbu6nZ9M
9Tn/pesixFvYFGAT+Iu1Ve+aaXigxHjO0vGsh+Adxpii2twlmFsk0ZtgsQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFG57EI+ZqlbPk1Vu3KvcNyKoKmzVMB8GA1UdIwQY
MBaAFMCNc180bE/EKkeSzjOAiiIQqCu1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0kxelh6UnNUOFFxUjVMT000Q0tJaENvSzdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9kOTcyODctZmQwMS00YTEwLTkwOWUt
YzNmMjU3ZWIyMGNjLzEvYm5zUWo1bXFWcy1UVlc3Y3E5dzNJcWdxYk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9kOTcyODctZmQwMS00YTEwLTkwOWUtYzNmMjU3ZWIyMGNj
LzEvd0kxelh6UnNUOFFxUjVMT000Q0tJaENvSzdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQATSUoAwQA
TSU6AwQATSVcAwQATSVfAwQAXX+kAwQAXX+pAwQAXX+rAwQAXX+zAwQAXX+/MA0G
CSqGSIb3DQEBCwUAA4IBAQCMMEon99cGEKadNWuHjFyYq1Xvi0qN5uDFFa9JNiPH
x8IcUmxPfmaEJx8VMVVmYeWDzI7l4O9tCK2s2Ry0PLlC+G2fmQ2OTCljY1bUt6m0
iV0CyZE2bbx7T88pFBwZE9yobeHsllHZQNV/rqVz12Hj8AMs38RCaCg52TwEIEdr
nZVA+19MWGw1pA9tDRK4xbA0IPFHGOgogz5RqL9KGTjOu0KqsHU8YzDs0mnK0sTO
JsAtFtDRzCByShmLAJnJYeLOwok8UfcKq802tiepFAM/IGfFDpWMDuiK4dkijkKk
jSUJ3+xbz2T1ssU96S+AJYJCS15jLvZJh4/yKmSu+DkQ
-----END CERTIFICATE-----
Generated at Fri Apr 18 23:36:58 2025 by rpki-client