Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Qg7YRAm5mzDF88r95rLP78GgSr8.roa
File: Qg7YRAm5mzDF88r95rLP78GgSr8.roa (raw, json)
Hash identifier: mWW99hX2DywiuWdo27sg/nYSe3OqMGkXa5/1syY9LvI=
Subject key identifier: 42:0E:D8:44:09:B9:9B:30:C5:F3:CA:FD:E6:B2:CF:EF:C1:A0:4A:BF
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 01954D1473418D9EF15F58A8125F3E1C5103
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Qg7YRAm5mzDF88r95rLP78GgSr8.roa
Signing time: Fri 28 Feb 2025 15:02:20 +0000
ROA not before: Fri 28 Feb 2025 15:02:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6762
IP address blocks: 2.16.19.0/24 maxlen: 24
2.16.70.0/23 maxlen: 23
2.16.146.0/23 maxlen: 23
2.16.220.0/22 maxlen: 22
2.18.0.0/22 maxlen: 22
2.18.31.0/24 maxlen: 24
2.19.16.0/20 maxlen: 20
2.20.4.0/22 maxlen: 22
2.20.109.0/24 maxlen: 24
2.20.110.0/24 maxlen: 24
2.20.112.0/22 maxlen: 22
2.20.242.0/24 maxlen: 24
2.20.252.0/24 maxlen: 24
2.21.2.0/24 maxlen: 24
2.21.14.0/24 maxlen: 24
2.21.100.0/22 maxlen: 22
2.22.216.0/22 maxlen: 22
2.22.234.0/24 maxlen: 24
88.221.28.0/22 maxlen: 22
88.221.100.0/22 maxlen: 22
92.122.68.0/22 maxlen: 22
92.122.225.0/24 maxlen: 24
92.122.248.0/22 maxlen: 22
92.123.48.0/24 maxlen: 24
92.123.106.0/24 maxlen: 24
92.123.208.0/22 maxlen: 22
95.100.136.0/22 maxlen: 22
95.101.35.0/24 maxlen: 24
95.101.68.0/22 maxlen: 22
95.101.78.0/24 maxlen: 24
95.101.114.0/24 maxlen: 24
95.101.156.0/22 maxlen: 22
2a02:26f0:b00::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:4d:14:73:41:8d:9e:f1:5f:58:a8:12:5f:3e:1c:51:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Feb 28 15:02:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=420ed84409b99b30c5f3cafde6b2cfefc1a04abf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:00:9e:35:d5:c0:d7:f5:fe:8e:60:fa:1d:73:
7b:17:d9:b5:e8:1a:2c:55:93:11:e4:7c:ef:a6:9c:
a5:f9:ae:67:44:a9:05:d8:1d:d2:73:8b:47:34:19:
ef:8e:e3:a0:50:ff:e6:21:10:e3:30:75:67:58:4c:
8f:ff:db:2b:e9:87:aa:83:97:e1:01:c2:4e:33:9c:
c8:f7:a8:3b:50:83:67:e6:1e:7e:f9:cc:02:10:c4:
92:26:ad:14:11:fe:7b:02:d5:37:f4:91:7f:2b:b3:
37:61:f2:2d:af:f7:c1:5a:6c:02:b8:bf:49:7a:a2:
68:64:63:b2:9f:7b:dc:b9:5d:a0:60:0b:68:f3:81:
2b:07:f4:73:c5:d8:ec:60:37:87:2f:12:2d:56:46:
7b:dd:64:2e:06:14:0c:e2:ba:cd:d9:71:4d:80:5a:
9a:28:66:5d:f8:a8:f6:7a:0e:d7:fd:d9:de:57:73:
e0:a2:8e:21:69:a3:c9:fc:a1:28:a1:ab:a6:ce:67:
88:c2:da:c3:88:1d:bd:54:e1:2c:52:83:57:64:64:
f5:90:1e:7d:01:32:f4:2f:34:9d:82:2b:9f:29:ce:
be:ea:2c:f9:be:1a:f1:40:98:a7:09:01:6c:24:37:
ad:8c:c9:dc:e5:d6:bb:08:f8:82:44:8b:61:05:60:
06:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:0E:D8:44:09:B9:9B:30:C5:F3:CA:FD:E6:B2:CF:EF:C1:A0:4A:BF
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/Qg7YRAm5mzDF88r95rLP78GgSr8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.16.19.0/24
2.16.70.0/23
2.16.146.0/23
2.16.220.0/22
2.18.0.0/22
2.18.31.0/24
2.19.16.0/20
2.20.4.0/22
2.20.109.0-2.20.110.255
2.20.112.0/22
2.20.242.0/24
2.20.252.0/24
2.21.2.0/24
2.21.14.0/24
2.21.100.0/22
2.22.216.0/22
2.22.234.0/24
88.221.28.0/22
88.221.100.0/22
92.122.68.0/22
92.122.225.0/24
92.122.248.0/22
92.123.48.0/24
92.123.106.0/24
92.123.208.0/22
95.100.136.0/22
95.101.35.0/24
95.101.68.0/22
95.101.78.0/24
95.101.114.0/24
95.101.156.0/22
IPv6:
2a02:26f0:b00::/48
Signature Algorithm: sha256WithRSAEncryption
62:07:b4:ce:5e:9d:03:b2:20:0f:2b:e6:d3:67:5b:a9:7e:f5:
62:b8:91:4e:20:02:46:43:24:e7:24:4c:5e:a0:6a:b5:30:7e:
58:18:ce:6b:fe:61:c8:13:c6:10:26:b8:c7:88:6c:c4:b4:84:
b5:e8:1c:08:f9:4c:fe:58:1e:8c:74:52:51:d3:a0:bc:52:29:
9a:26:94:02:bf:18:1b:38:fd:46:6e:f1:06:5f:2a:1c:74:91:
73:58:ef:6d:64:17:a8:c1:ef:0c:de:e2:6b:87:df:a9:77:58:
3f:51:99:39:07:28:5b:ea:80:09:de:33:d2:f0:e5:58:19:d2:
18:f9:73:68:bb:4e:80:5d:7e:0b:99:56:d8:d4:ea:05:df:94:
7c:c1:12:24:ab:41:93:98:27:46:2d:1f:a7:c7:63:5e:05:7f:
5d:ed:ca:e3:ce:da:da:b0:5e:8c:fe:dd:37:e9:35:b0:c1:47:
ed:00:11:62:70:a3:d5:38:69:75:d6:ce:2e:62:8d:c9:5a:6b:
c4:a3:db:bd:d4:3c:95:cf:cc:9f:f1:bc:6d:92:3a:2f:cb:35:
1a:67:68:0b:88:ba:b9:09:fc:a8:ad:26:d2:4e:e8:3d:5f:75:
1a:33:1d:ea:85:e9:d8:d8:ce:18:21:e5:93:a5:37:29:cc:94:
24:c8:9c:88
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgISAZVNFHNBjZ7xX1ioEl8+HFEDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMjI4MTUwMjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjBlZDg0NDA5Yjk5YjMwYzVmM2NhZmRlNmIyY2ZlZmMxYTA0YWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvACeNdXA1/X+jmD6HXN7F9m16Bos
VZMR5Hzvppyl+a5nRKkF2B3Sc4tHNBnvjuOgUP/mIRDjMHVnWEyP/9sr6Yeqg5fh
AcJOM5zI96g7UINn5h5++cwCEMSSJq0UEf57AtU39JF/K7M3YfItr/fBWmwCuL9J
eqJoZGOyn3vcuV2gYAto84ErB/RzxdjsYDeHLxItVkZ73WQuBhQM4rrN2XFNgFqa
KGZd+Kj2eg7X/dneV3Pgoo4haaPJ/KEooaumzmeIwtrDiB29VOEsUoNXZGT1kB59
ATL0LzSdgiufKc6+6iz5vhrxQJinCQFsJDetjMnc5da7CPiCRIthBWAGpwIDAQAB
o4IC2zCCAtcwHQYDVR0OBBYEFEIO2EQJuZswxfPK/eayz+/BoEq/MB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvUWc3WVJBbTVtekRGODhyOTVyTFA3OEdnU3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHwBggrBgEFBQcBBwEB/wSB4DCB3TCByQQCAAEwgcIDBAAC
EBMDBAECEEYDBAECEJIDBAICENwDBAICEgADBAACEh8DBAQCExADBAICFAQwDAME
AAIUbQMEAAIUbgMEAgIUcAMEAAIU8gMEAAIU/AMEAAIVAgMEAAIVDgMEAgIVZAME
AgIW2AMEAAIW6gMEAljdHAMEAljdZAMEAlx6RAMEAFx64QMEAlx6+AMEAFx7MAME
AFx7agMEAlx70AMEAl9kiAMEAF9lIwMEAl9lRAMEAF9lTgMEAF9lcgMEAl9lnDAP
BAIAAjAJAwcAKgIm8AsAMA0GCSqGSIb3DQEBCwUAA4IBAQBiB7TOXp0DsiAPK+bT
Z1upfvViuJFOIAJGQyTnJExeoGq1MH5YGM5r/mHIE8YQJrjHiGzEtIS16BwI+Uz+
WB6MdFJR06C8UimaJpQCvxgbOP1GbvEGXyocdJFzWO9tZBeowe8M3uJrh9+pd1g/
UZk5Byhb6oAJ3jPS8OVYGdIY+XNou06AXX4LmVbY1OoF35R8wRIkq0GTmCdGLR+n
x2NeBX9d7crjztrasF6M/t036TWwwUftABFicKPVOGl11s4uYo3JWmvEo9u91DyV
z8yf8bxtkjovyzUaZ2gLiLq5CfyorSbSTug9X3UaMx3qhenY2M4YIeWTpTcpzJQk
yJyI
-----END CERTIFICATE-----
Generated at Thu Apr 10 02:04:26 2025 by rpki-client