Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/cmkgGNwAjlwl-nXBDnQsuZkaQjk.roa
File: cmkgGNwAjlwl-nXBDnQsuZkaQjk.roa (raw, json)
Hash identifier: GH4mAasSrVefCL06doAPOCgwr9kOuVQg7pmr2jmaWv0=
Subject key identifier: 72:69:20:18:DC:00:8E:5C:25:FA:75:C1:0E:74:2C:B9:99:1A:42:39
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 0195B8E377D881272F1879FA1F9B8FAAB11E
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/cmkgGNwAjlwl-nXBDnQsuZkaQjk.roa
Signing time: Fri 21 Mar 2025 13:27:49 +0000
ROA not before: Fri 21 Mar 2025 13:27:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 2914
IP address blocks: 84.46.203.0/24 maxlen: 24
84.46.208.0/24 maxlen: 24
84.46.211.0/24 maxlen: 24
84.46.212.0/24 maxlen: 24
84.46.214.0/24 maxlen: 24
84.46.215.0/24 maxlen: 24
84.46.222.0/24 maxlen: 24
86.38.128.0/24 maxlen: 24
86.38.129.0/24 maxlen: 24
86.38.158.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b8:e3:77:d8:81:27:2f:18:79:fa:1f:9b:8f:aa:b1:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Mar 21 13:27:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72692018dc008e5c25fa75c10e742cb9991a4239
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:39:d1:fc:75:29:5d:a3:e1:47:c8:5a:c2:84:
a2:b3:09:ec:ea:84:3a:15:0f:9a:ff:a2:f4:dc:21:
34:c0:73:f8:44:5b:69:98:50:90:22:63:b9:29:1e:
07:cb:42:33:ab:03:75:a8:ea:3c:36:62:35:90:7f:
f2:2e:b3:ee:c2:89:24:f1:35:5c:eb:00:84:21:1b:
c3:5c:0c:0e:df:21:47:9d:98:02:cc:e4:48:58:4d:
d2:e1:85:ad:66:d7:ea:90:2f:24:72:eb:74:34:0a:
29:d3:e2:aa:b2:08:fd:42:f6:61:9b:a8:6e:09:1a:
a3:5e:88:87:b6:a5:b7:fe:0c:cb:5c:e5:e5:7a:97:
b2:af:10:c7:4b:0a:21:e5:01:3b:ee:f2:61:79:09:
99:97:5b:45:d4:40:6c:0a:71:c2:59:ce:f0:d0:0a:
77:76:83:5f:73:4d:b8:5f:6e:ec:28:be:4a:f7:9e:
e9:89:26:b9:97:ac:65:04:66:e2:57:26:2a:82:0c:
f3:91:01:48:9f:35:f6:3f:ef:f5:e3:a9:b2:0b:e2:
ef:68:e4:1f:4e:fc:a1:0d:cd:08:f5:fc:56:8d:c9:
61:35:c3:07:39:a2:3d:4b:98:9f:88:03:4d:ac:3a:
e8:f3:2e:33:34:11:10:19:14:7c:15:be:13:20:f9:
62:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:69:20:18:DC:00:8E:5C:25:FA:75:C1:0E:74:2C:B9:99:1A:42:39
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/cmkgGNwAjlwl-nXBDnQsuZkaQjk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.46.203.0/24
84.46.208.0/24
84.46.211.0-84.46.212.255
84.46.214.0/23
84.46.222.0/24
86.38.128.0/23
86.38.158.0/24
Signature Algorithm: sha256WithRSAEncryption
49:66:83:f0:4c:63:9d:5c:51:6c:a4:ca:d8:b8:50:e9:f8:9c:
fb:5c:69:2e:55:98:d9:74:c3:4b:72:82:87:bb:71:91:2b:f3:
a2:53:cc:a6:f9:c0:86:dd:4f:ff:20:98:3b:03:64:e1:d9:7f:
87:8f:c5:e0:e5:30:b6:23:f7:18:44:41:43:41:86:8b:77:a7:
72:77:6d:2b:59:ce:dc:26:f8:ab:af:0b:5d:d7:34:13:1a:3e:
50:8b:5f:1d:95:35:c2:60:6c:51:50:27:03:b3:12:fa:f1:03:
e5:8d:29:ce:0a:ef:75:48:27:6e:ae:7f:50:56:bb:08:30:c9:
08:49:98:68:48:ce:b9:8b:25:5a:a6:42:73:a4:18:52:c7:53:
5b:4a:e0:dc:4b:72:5f:e0:6f:d4:0e:7a:ba:a8:a5:05:d8:5b:
93:ec:04:9b:bb:47:af:44:cc:f3:36:77:77:26:c1:23:5c:c0:
f7:ea:b6:95:9d:6a:51:09:d1:4b:c0:32:3c:42:82:88:93:8d:
56:7b:3d:3a:a7:98:6c:ee:a9:bd:8d:11:94:21:ac:ba:fa:ee:
cd:e0:bc:c2:3f:aa:4d:dc:bb:23:dd:c8:e7:b6:1e:1b:b1:af:
f9:1c:ff:98:5a:4d:fd:db:a4:5e:b6:1c:d4:c9:2e:1c:94:6c:
c7:6b:19:e0
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZW443fYgScvGHn6H5uPqrEeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMzIxMTMyNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjY5MjAxOGRjMDA4ZTVjMjVmYTc1YzEwZTc0MmNiOTk5MWE0MjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDnR/HUpXaPhR8hawoSiswns6oQ6
FQ+a/6L03CE0wHP4RFtpmFCQImO5KR4Hy0IzqwN1qOo8NmI1kH/yLrPuwokk8TVc
6wCEIRvDXAwO3yFHnZgCzORIWE3S4YWtZtfqkC8kcut0NAop0+Kqsgj9QvZhm6hu
CRqjXoiHtqW3/gzLXOXlepeyrxDHSwoh5QE77vJheQmZl1tF1EBsCnHCWc7w0Ap3
doNfc024X27sKL5K957piSa5l6xlBGbiVyYqggzzkQFInzX2P+/146myC+LvaOQf
TvyhDc0I9fxWjclhNcMHOaI9S5ifiANNrDro8y4zNBEQGRR8Fb4TIPli/wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHJpIBjcAI5cJfp1wQ50LLmZGkI5MB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvY21rZ0dOd0FqbHdsLW5YQkRuUXN1WmthUWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAVC7LAwQA
VC7QMAwDBABULtMDBABULtQDBAFULtYDBABULt4DBAFWJoADBABWJp4wDQYJKoZI
hvcNAQELBQADggEBAElmg/BMY51cUWykyti4UOn4nPtcaS5VmNl0w0tygoe7cZEr
86JTzKb5wIbdT/8gmDsDZOHZf4ePxeDlMLYj9xhEQUNBhot3p3J3bStZztwm+Kuv
C13XNBMaPlCLXx2VNcJgbFFQJwOzEvrxA+WNKc4K73VIJ26uf1BWuwgwyQhJmGhI
zrmLJVqmQnOkGFLHU1tK4NxLcl/gb9QOerqopQXYW5PsBJu7R69EzPM2d3cmwSNc
wPfqtpWdalEJ0UvAMjxCgoiTjVZ7PTqnmGzuqb2NEZQhrLr67s3gvMI/qk3cuyPd
yOe2Hhuxr/kc/5haTf3bpF62HNTJLhyUbMdrGeA=
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:30:01 2025 by rpki-client