Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/5uKI5JLH003sFHhAPh2Z85D_7AI.roa
File: 5uKI5JLH003sFHhAPh2Z85D_7AI.roa (raw, json)
Hash identifier: Cf90RwaWkw0kToRTqOzMbSSaLqubw6CWP7hfe3aTWxs=
Subject key identifier: E6:E2:88:E4:92:C7:D3:4D:EC:14:78:40:3E:1D:99:F3:90:FF:EC:02
Certificate issuer: /CN=2f8e83eefe7f14b9e4490a36eebd881e163ccc1b
Certificate serial: 018CC26CFE54B73FFCCC6DA14773AEF06686
Authority key identifier: 2F:8E:83:EE:FE:7F:14:B9:E4:49:0A:36:EE:BD:88:1E:16:3C:CC:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L46D7v5_FLnkSQo27r2IHhY8zBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/5uKI5JLH003sFHhAPh2Z85D_7AI.roa
Signing time: Mon 01 Jan 2024 00:29:31 +0000
ROA not before: Mon 01 Jan 2024 00:29:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43415
IP address blocks: 176.56.156.0/24 maxlen: 24
176.56.156.0/22 maxlen: 22
176.56.156.0/23 maxlen: 23
176.56.158.0/24 maxlen: 24
176.56.158.0/23 maxlen: 23
176.56.157.0/24 maxlen: 24
176.56.159.0/24 maxlen: 24
185.185.240.0/24 maxlen: 24
185.185.240.0/22 maxlen: 22
185.185.241.0/24 maxlen: 24
185.185.242.0/24 maxlen: 24
185.185.243.0/24 maxlen: 24
2a0e:8300::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6c:fe:54:b7:3f:fc:cc:6d:a1:47:73:ae:f0:66:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f8e83eefe7f14b9e4490a36eebd881e163ccc1b
Validity
Not Before: Jan 1 00:29:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e6e288e492c7d34dec1478403e1d99f390ffec02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:06:be:a4:f6:a8:87:ee:35:b6:49:4d:8f:be:
39:ce:f4:ce:f4:76:ff:b7:52:23:73:ea:94:ae:94:
d2:9b:d0:06:8a:56:75:7e:1f:bb:8e:41:f7:f2:84:
f2:10:f1:14:31:d7:ff:c1:32:8a:1d:5d:15:4b:51:
8d:ed:61:17:03:b6:25:f8:2a:4d:30:3c:f1:07:bc:
0d:55:9d:29:4e:d2:88:07:9e:a0:6d:70:72:eb:46:
71:df:05:e2:c0:69:ed:7c:f9:ca:2e:0a:ca:4d:fa:
57:c8:3b:c9:59:0c:d2:64:db:3b:ac:02:08:d8:9c:
46:fe:84:95:aa:01:2f:e0:c5:34:01:de:1f:e2:92:
7b:c2:34:4d:70:d1:65:67:5e:5b:64:71:67:f7:1f:
20:0e:96:30:ec:df:f4:46:73:95:d6:5d:71:f2:1f:
7b:af:48:a9:5a:86:af:1f:20:7d:1d:15:40:a1:1b:
d3:8c:dc:2f:51:ca:37:70:d0:6d:9b:e6:b3:f7:03:
32:5d:14:ad:60:48:e6:ff:bd:69:28:83:a4:b8:d8:
32:2a:0b:06:34:ce:0d:e6:1b:8b:19:bc:10:c0:24:
0c:e9:9b:6d:1f:5e:7f:4c:49:07:fd:49:1a:43:75:
d2:3b:e2:cf:b5:84:2f:2d:c6:21:cb:49:31:a2:50:
25:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:E2:88:E4:92:C7:D3:4D:EC:14:78:40:3E:1D:99:F3:90:FF:EC:02
X509v3 Authority Key Identifier:
keyid:2F:8E:83:EE:FE:7F:14:B9:E4:49:0A:36:EE:BD:88:1E:16:3C:CC:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L46D7v5_FLnkSQo27r2IHhY8zBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/5uKI5JLH003sFHhAPh2Z85D_7AI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/L46D7v5_FLnkSQo27r2IHhY8zBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.56.156.0/22
185.185.240.0/22
IPv6:
2a0e:8300::/29
Signature Algorithm: sha256WithRSAEncryption
77:32:ee:c7:72:1b:68:88:59:7b:97:0b:a8:0a:08:37:fe:6e:
35:02:1d:03:08:e4:42:67:c8:2f:72:5e:0b:84:df:29:15:9f:
6d:7d:fc:97:09:6f:db:95:a0:86:5a:70:74:96:37:fc:97:b3:
f7:ce:6a:00:b9:58:c1:aa:13:b0:de:52:50:d6:0e:db:f4:71:
19:54:f0:8d:c3:1d:55:95:04:e4:9a:c1:0d:1d:7e:b1:18:f8:
88:b5:2a:3b:82:80:95:e1:75:77:0f:ed:0c:48:2f:5b:75:06:
36:1b:7f:d5:8d:05:2b:31:96:2b:ea:73:a3:c8:10:fb:83:79:
ec:39:eb:37:1b:33:97:c8:ec:e8:ae:cb:f4:04:68:d9:33:ed:
a4:70:95:44:f1:0e:28:3f:f8:fd:ab:84:65:ed:8f:bd:a2:52:
a5:a3:5e:f4:6f:4a:af:40:b3:98:2a:06:4b:25:cd:1a:85:11:
f6:21:cd:9a:75:4e:66:c8:a5:99:04:76:a4:4e:02:e0:31:ea:
c5:eb:76:28:e5:ab:e7:a7:a0:68:1d:26:36:1c:4c:1e:28:39:
3a:51:50:53:24:b3:6c:eb:b8:52:21:b6:28:f4:12:69:0e:18:
c2:46:f8:10:df:87:ad:f4:1c:af:cf:d2:06:84:fe:a9:22:2b:
59:ca:b5:65
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzCbP5Utz/8zG2hR3Ou8GaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOGU4M2VlZmU3ZjE0YjllNDQ5MGEzNmVlYmQ4ODFlMTYz
Y2NjMWIwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmUyODhlNDkyYzdkMzRkZWMxNDc4NDAzZTFkOTlmMzkwZmZlYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAa+pPaoh+41tklNj745zvTO9Hb/
t1Ijc+qUrpTSm9AGilZ1fh+7jkH38oTyEPEUMdf/wTKKHV0VS1GN7WEXA7Yl+CpN
MDzxB7wNVZ0pTtKIB56gbXBy60Zx3wXiwGntfPnKLgrKTfpXyDvJWQzSZNs7rAII
2JxG/oSVqgEv4MU0Ad4f4pJ7wjRNcNFlZ15bZHFn9x8gDpYw7N/0RnOV1l1x8h97
r0ipWoavHyB9HRVAoRvTjNwvUco3cNBtm+az9wMyXRStYEjm/71pKIOkuNgyKgsG
NM4N5huLGbwQwCQM6ZttH15/TEkH/UkaQ3XSO+LPtYQvLcYhy0kxolAl8wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFObiiOSSx9NN7BR4QD4dmfOQ/+wCMB8GA1UdIwQY
MBaAFC+Og+7+fxS55EkKNu69iB4WPMwbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDQ2RDd2NV9GTG5rU1FvMjdyMklIaFk4ekJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lYjI2ZjctMTMwMy00MjEwLWE5ZDgt
MWViM2I4YTk0MWY3LzEvNXVLSTVKTEgwMDNzRkhoQVBoMlo4NURfN0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lYjI2ZjctMTMwMy00MjEwLWE5ZDgtMWViM2I4YTk0MWY3
LzEvTDQ2RDd2NV9GTG5rU1FvMjdyMklIaFk4ekJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCsDicAwQC
ubnwMA0EAgACMAcDBQMqDoMAMA0GCSqGSIb3DQEBCwUAA4IBAQB3Mu7HchtoiFl7
lwuoCgg3/m41Ah0DCORCZ8gvcl4LhN8pFZ9tffyXCW/blaCGWnB0ljf8l7P3zmoA
uVjBqhOw3lJQ1g7b9HEZVPCNwx1VlQTkmsENHX6xGPiItSo7goCV4XV3D+0MSC9b
dQY2G3/VjQUrMZYr6nOjyBD7g3nsOes3GzOXyOzorsv0BGjZM+2kcJVE8Q4oP/j9
q4Rl7Y+9olKlo170b0qvQLOYKgZLJc0ahRH2Ic2adU5myKWZBHakTgLgMerF63Yo
5avnp6BoHSY2HEweKDk6UVBTJLNs67hSIbYo9BJpDhjCRvgQ34et9Byvz9IGhP6p
IitZyrVl
-----END CERTIFICATE-----
Generated at Tue Apr 8 09:36:15 2025 by rpki-client