Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/ykpJWlvbCAsS5Nrcv2UJjHtjxtg.roa
File: ykpJWlvbCAsS5Nrcv2UJjHtjxtg.roa (raw, json)
Hash identifier: /5vQzusq7elMTLZ7mv2aahhpZk2Hwd/zONbLq7M+/eY=
Subject key identifier: CA:4A:49:5A:5B:DB:08:0B:12:E4:DA:DC:BF:65:09:8C:7B:63:C6:D8
Certificate issuer: /CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Certificate serial: 018737243CF29BDCDC896005CD5C6443FE98
Authority key identifier: D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/ykpJWlvbCAsS5Nrcv2UJjHtjxtg.roa
Signing time: Fri 31 Mar 2023 10:08:54 +0000
ROA not before: Fri 31 Mar 2023 10:08:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49544
IP address blocks: 185.41.140.0/22 maxlen: 22
213.179.192.0/19 maxlen: 19
213.179.192.0/22 maxlen: 22
213.179.196.0/22 maxlen: 22
91.216.207.0/24 maxlen: 24
188.122.64.0/19 maxlen: 24
91.198.152.0/24 maxlen: 24
185.52.12.0/22 maxlen: 24
213.163.64.0/19 maxlen: 24
185.50.104.0/22 maxlen: 22
162.245.204.0/22 maxlen: 22
5.200.0.0/19 maxlen: 24
185.179.202.0/23 maxlen: 24
213.179.204.0/22 maxlen: 22
213.179.200.0/22 maxlen: 22
185.179.200.0/23 maxlen: 24
213.179.210.0/23 maxlen: 23
213.179.209.0/24 maxlen: 24
213.179.212.0/22 maxlen: 22
213.179.216.0/22 maxlen: 22
213.179.220.0/22 maxlen: 22
212.19.224.0/22 maxlen: 22
146.247.76.0/22 maxlen: 22
109.200.192.0/19 maxlen: 24
109.200.194.0/23 maxlen: 23
109.200.208.0/22 maxlen: 22
162.244.52.0/22 maxlen: 23
185.197.24.0/22 maxlen: 23
193.43.218.0/23 maxlen: 23
104.153.84.0/22 maxlen: 22
31.204.132.0/22 maxlen: 22
31.204.128.0/19 maxlen: 24
31.204.136.0/23 maxlen: 23
31.204.156.0/23 maxlen: 23
138.128.136.0/22 maxlen: 22
91.195.234.0/23 maxlen: 23
138.128.140.0/22 maxlen: 22
2a01:9580::/32 maxlen: 34
2a01:9580:c000::/34 maxlen: 34
2a04:c600::/29 maxlen: 34
2a00:1630::/29 maxlen: 32
2a00:1631::/32 maxlen: 32
2a00:1637::/32 maxlen: 32
2a00:1d26::/32 maxlen: 34
2a00:1630::/32 maxlen: 48
2a00:1632::/32 maxlen: 32
2a00:1d20::/29 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:37:24:3c:f2:9b:dc:dc:89:60:05:cd:5c:64:43:fe:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d41703db3020cc1ef2fd71091a468f4a649c238f
Validity
Not Before: Mar 31 10:08:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ca4a495a5bdb080b12e4dadcbf65098c7b63c6d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:b2:53:20:b9:f6:4b:37:5f:a1:74:f8:6d:84:
98:9f:a1:de:ff:47:ec:9d:e5:7d:80:b1:54:80:74:
d9:c4:b0:56:3a:29:a6:7c:ee:56:d6:20:cd:9d:62:
a4:a6:9d:b4:9a:da:ce:b7:94:4c:dc:2b:52:e4:a9:
f2:4d:17:07:78:dd:04:be:d1:ea:0b:4b:b7:3d:03:
2e:dd:7d:4c:d2:a7:14:32:62:6a:95:47:e8:78:e2:
97:d2:e4:07:50:60:4e:46:45:f3:18:e6:bf:0b:3a:
6e:cf:af:1b:a8:15:cc:11:6c:45:e1:8c:f9:08:2d:
a9:7d:db:47:6b:ca:23:a4:7e:a9:f5:37:b0:08:91:
c6:19:c1:17:39:0a:b6:30:fc:6d:54:16:56:a9:a4:
31:bb:ed:fa:ae:2f:36:6b:d5:18:9e:71:fc:31:ed:
16:e4:10:35:ff:e0:0e:a3:5f:8e:4f:93:e1:b1:fd:
8e:c8:44:c8:5a:ac:a4:22:9f:21:51:6a:e6:aa:86:
29:0d:b6:ee:84:b2:6c:bf:60:24:8c:ee:d8:ba:96:
82:14:aa:65:f4:75:c5:35:cd:60:75:c6:56:89:57:
db:1b:7c:80:29:66:6e:26:37:9d:38:19:03:3e:46:
a9:a1:b5:33:30:cd:3e:46:b8:c6:a2:d3:08:bf:1d:
e3:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:4A:49:5A:5B:DB:08:0B:12:E4:DA:DC:BF:65:09:8C:7B:63:C6:D8
X509v3 Authority Key Identifier:
keyid:D4:17:03:DB:30:20:CC:1E:F2:FD:71:09:1A:46:8F:4A:64:9C:23:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1BcD2zAgzB7y_XEJGkaPSmScI48.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/ykpJWlvbCAsS5Nrcv2UJjHtjxtg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/68554b-4f97-406c-90a6-48d31c75f31e/1/1BcD2zAgzB7y_XEJGkaPSmScI48.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.200.0.0/19
31.204.128.0/19
91.195.234.0/23
91.198.152.0/24
91.216.207.0/24
104.153.84.0/22
109.200.192.0/19
138.128.136.0/21
146.247.76.0/22
162.244.52.0/22
162.245.204.0/22
185.41.140.0/22
185.50.104.0/22
185.52.12.0/22
185.179.200.0/22
185.197.24.0/22
188.122.64.0/19
193.43.218.0/23
212.19.224.0/22
213.163.64.0/19
213.179.192.0/19
IPv6:
2a00:1630::/29
2a00:1d20::/29
2a01:9580::/32
2a04:c600::/29
Signature Algorithm: sha256WithRSAEncryption
69:20:2d:b2:66:cc:e5:fa:d5:ad:33:14:95:25:1d:0a:3c:67:
54:e0:92:56:1f:c0:2b:d2:57:47:75:99:5a:20:99:e2:7b:58:
59:ed:10:b4:01:9e:79:58:60:0f:34:14:2d:27:b4:30:87:02:
e9:f7:e0:d3:ec:66:20:b0:4b:4a:69:7e:23:82:d1:99:e9:c3:
e7:63:5e:c3:ce:fa:f2:29:cf:3a:59:4f:f2:de:78:41:b8:29:
bb:ee:0e:1e:f1:72:a2:cf:33:bc:46:09:70:26:a0:53:6b:1d:
da:ae:88:0a:5d:09:b1:18:35:55:63:9d:dd:0a:df:f5:82:f9:
72:cd:eb:af:a7:c7:23:2e:c0:5f:7c:37:10:73:a7:ec:b9:7a:
44:ab:46:8f:97:7a:e9:94:dc:ff:17:20:9d:fc:d3:b3:f4:49:
2f:43:aa:5d:eb:d7:cb:5c:f2:e8:f4:1b:5d:ad:c4:94:a6:34:
dd:36:68:e7:d5:ef:d7:08:f9:35:69:e8:6b:e5:73:69:cf:1b:
a9:46:56:55:2f:15:a4:7f:02:5b:2b:31:12:59:e8:b7:32:22:
e6:9e:ad:1b:10:2c:40:a9:b8:61:19:a0:cb:db:fc:bb:f6:d2:
ea:93:cf:b1:14:0d:23:13:00:13:f1:7c:d5:5b:24:79:f7:3b:
b5:8f:bb:c0
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgISAYc3JDzym9zciWAFzVxkQ/6YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MTcwM2RiMzAyMGNjMWVmMmZkNzEwOTFhNDY4ZjRhNjQ5
YzIzOGYwHhcNMjMwMzMxMTAwODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRhNDk1YTViZGIwODBiMTJlNGRhZGNiZjY1MDk4YzdiNjNjNmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07JTILn2SzdfoXT4bYSYn6He/0fs
neV9gLFUgHTZxLBWOimmfO5W1iDNnWKkpp20mtrOt5RM3CtS5KnyTRcHeN0EvtHq
C0u3PQMu3X1M0qcUMmJqlUfoeOKX0uQHUGBORkXzGOa/Czpuz68bqBXMEWxF4Yz5
CC2pfdtHa8ojpH6p9TewCJHGGcEXOQq2MPxtVBZWqaQxu+36ri82a9UYnnH8Me0W
5BA1/+AOo1+OT5Phsf2OyETIWqykIp8hUWrmqoYpDbbuhLJsv2AkjO7YupaCFKpl
9HXFNc1gdcZWiVfbG3yAKWZuJjedOBkDPkapobUzMM0+RrjGotMIvx3jlwIDAQAB
o4ICqTCCAqUwHQYDVR0OBBYEFMpKSVpb2wgLEuTa3L9lCYx7Y8bYMB8GA1UdIwQY
MBaAFNQXA9swIMwe8v1xCRpGj0pknCOPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYt
NDhkMzFjNzVmMzFlLzEveWtwSldsdmJDQXNTNU5yY3YyVUpqSHRqeHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ODU1NGItNGY5Ny00MDZjLTkwYTYtNDhkMzFjNzVmMzFl
LzEvMUJjRDJ6QWd6Qjd5X1hFSkdrYVBTbVNjSTQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG+BggrBgEFBQcBBwEB/wSBrjCBqzCBhAQCAAEwfgMEBQXI
AAMEBR/MgAMEAVvD6gMEAFvGmAMEAFvYzwMEAmiZVAMEBW3IwAMEA4qAiAMEApL3
TAMEAqL0NAMEAqL1zAMEArkpjAMEArkyaAMEArk0DAMEArmzyAMEArnFGAMEBbx6
QAMEAcEr2gMEAtQT4AMEBdWjQAMEBdWzwDAiBAIAAjAcAwUDKgAWMAMFAyoAHSAD
BQAqAZWAAwUDKgTGADANBgkqhkiG9w0BAQsFAAOCAQEAaSAtsmbM5frVrTMUlSUd
CjxnVOCSVh/AK9JXR3WZWiCZ4ntYWe0QtAGeeVhgDzQULSe0MIcC6ffg0+xmILBL
Sml+I4LRmenD52New8768inPOllP8t54Qbgpu+4OHvFyos8zvEYJcCagU2sd2q6I
Cl0JsRg1VWOd3Qrf9YL5cs3rr6fHIy7AX3w3EHOn7Ll6RKtGj5d66ZTc/xcgnfzT
s/RJL0OqXevXy1zy6PQbXa3ElKY03TZo59Xv1wj5NWnoa+Vzac8bqUZWVS8VpH8C
WysxElnotzIi5p6tGxAsQKm4YRmgy9v8u/bS6pPPsRQNIxMAE/F81Vskefc7tY+7
wA==
-----END CERTIFICATE-----
Generated at Tue Apr 8 17:23:06 2025 by rpki-client