Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/rHfF7qdYMYkIEjqJPBDOaXebEf0.roa
File: rHfF7qdYMYkIEjqJPBDOaXebEf0.roa (raw, json)
Hash identifier: P0aBQMtyJt0CjcoQ0RWfWtjHju57iTgw6JSMTWTBUj0=
Subject key identifier: AC:77:C5:EE:A7:58:31:89:08:12:3A:89:3C:10:CE:69:77:9B:11:FD
Certificate issuer: /CN=cb20606de730456edd7335cc882cbdf4396f3460
Certificate serial: 019425FD68B405558932DEA1CD14006B99C6
Authority key identifier: CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/rHfF7qdYMYkIEjqJPBDOaXebEf0.roa
Signing time: Thu 02 Jan 2025 07:49:11 +0000
ROA not before: Thu 02 Jan 2025 07:49:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43679
IP address blocks: 78.28.0.0/24 maxlen: 24
93.94.16.0/21 maxlen: 21
93.94.16.0/22 maxlen: 22
93.94.17.0/24 maxlen: 24
93.94.20.0/23 maxlen: 23
93.94.22.0/24 maxlen: 24
93.94.23.0/24 maxlen: 24
2a02:e88::/32 maxlen: 32
2a02:e88::/33 maxlen: 33
2a02:e88::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:68:b4:05:55:89:32:de:a1:cd:14:00:6b:99:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb20606de730456edd7335cc882cbdf4396f3460
Validity
Not Before: Jan 2 07:49:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ac77c5eea758318908123a893c10ce69779b11fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:47:8a:ed:8e:38:32:06:5e:ac:b2:8d:f9:f1:
36:f1:4a:ac:5d:cc:5a:0a:b2:5c:11:7c:ca:a7:57:
03:5b:e9:58:8a:8b:e4:3b:17:1f:29:f0:37:4e:e9:
37:a9:59:49:da:5f:49:61:a7:55:1b:db:cc:da:e1:
2e:ce:d4:83:46:a5:a7:8d:bc:3f:52:26:2f:1e:53:
df:9b:45:e1:c6:9a:23:6b:2e:2d:2f:2b:b7:af:67:
a0:3d:d0:fa:59:11:d3:91:5b:1c:80:84:28:4c:21:
1c:4d:6b:76:38:ea:2b:e3:7f:0d:e9:37:f0:bf:c3:
ec:66:ba:8b:a5:18:80:59:54:b2:cf:b6:2e:7d:32:
46:e2:57:dd:3c:ec:ec:75:fa:73:14:4a:a3:a4:0a:
6a:b4:17:e2:ee:25:36:56:12:67:e5:29:71:2c:5d:
a3:72:f6:94:6c:12:76:1c:96:ae:68:ab:11:c0:a4:
56:e1:d2:78:fb:6d:3c:61:9e:76:6d:a0:a1:8a:43:
82:2f:ff:33:7d:e9:b0:02:94:c4:1b:bf:a9:89:3d:
72:f9:73:e1:9f:d8:50:c5:8b:1b:82:4f:59:38:9a:
24:1c:4c:0b:88:58:cb:4f:78:52:a5:c7:61:28:b4:
3c:12:5c:e8:21:6b:a4:ee:de:de:db:5f:7a:bc:a4:
f9:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:77:C5:EE:A7:58:31:89:08:12:3A:89:3C:10:CE:69:77:9B:11:FD
X509v3 Authority Key Identifier:
keyid:CB:20:60:6D:E7:30:45:6E:DD:73:35:CC:88:2C:BD:F4:39:6F:34:60
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yyBgbecwRW7dczXMiCy99DlvNGA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/rHfF7qdYMYkIEjqJPBDOaXebEf0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/94/bf7a28-bf1e-4835-beed-b3d86aa43bc5/1/yyBgbecwRW7dczXMiCy99DlvNGA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.28.0.0/24
93.94.16.0/21
IPv6:
2a02:e88::/32
Signature Algorithm: sha256WithRSAEncryption
47:c8:6f:ed:6a:5b:fa:ac:f2:7a:4e:7e:95:6c:2a:77:0a:89:
83:a6:a3:f7:78:ea:8b:94:46:3c:a7:b1:80:43:85:cb:05:25:
1c:d3:d8:f3:b9:40:e9:6a:6a:d2:cb:0a:00:94:eb:5c:31:a1:
6b:7a:c9:4c:32:62:22:d0:16:52:9c:0d:c8:e3:f6:7e:2f:59:
14:19:c1:ef:1c:57:34:60:80:a5:56:ab:57:d3:20:32:ad:0e:
36:2f:2e:76:d2:f0:5b:f9:0c:36:a1:82:db:c2:c7:bc:8d:f7:
55:47:14:1a:57:24:13:80:3d:14:f8:5e:e6:cf:f8:1a:39:6f:
13:39:e5:f7:22:4b:0d:48:f1:4d:8a:e4:82:6e:35:35:9b:25:
3c:24:24:c4:9e:03:49:c7:c8:a9:7d:b0:f4:8c:84:9b:49:4d:
34:e0:7d:66:bf:f1:84:b8:27:a1:3b:e5:66:a1:b6:34:17:c6:
31:87:f4:48:94:ff:a6:bf:92:7a:17:2a:97:ed:4d:ed:6e:c9:
c5:96:31:0e:d7:1c:37:34:a9:f5:05:41:7e:cb:86:42:3e:8e:
da:fe:ae:0f:fb:73:9f:13:3a:eb:49:5f:e2:83:00:d0:06:22:
25:30:e8:77:f1:f9:53:bd:3e:6a:60:35:2f:e0:98:78:02:b2:
20:14:df:5f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/Wi0BVWJMt6hzRQAa5nGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMjA2MDZkZTczMDQ1NmVkZDczMzVjYzg4MmNiZGY0Mzk2
ZjM0NjAwHhcNMjUwMTAyMDc0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzc3YzVlZWE3NTgzMTg5MDgxMjNhODkzYzEwY2U2OTc3OWIxMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0eK7Y44MgZerLKN+fE28UqsXcxa
CrJcEXzKp1cDW+lYiovkOxcfKfA3Tuk3qVlJ2l9JYadVG9vM2uEuztSDRqWnjbw/
UiYvHlPfm0Xhxpojay4tLyu3r2egPdD6WRHTkVscgIQoTCEcTWt2OOor438N6Tfw
v8PsZrqLpRiAWVSyz7YufTJG4lfdPOzsdfpzFEqjpApqtBfi7iU2VhJn5SlxLF2j
cvaUbBJ2HJauaKsRwKRW4dJ4+208YZ52baChikOCL/8zfemwApTEG7+piT1y+XPh
n9hQxYsbgk9ZOJokHEwLiFjLT3hSpcdhKLQ8ElzoIWuk7t7e2196vKT5GwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKx3xe6nWDGJCBI6iTwQzml3mxH9MB8GA1UdIwQY
MBaAFMsgYG3nMEVu3XM1zIgsvfQ5bzRgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQt
YjNkODZhYTQzYmM1LzEvckhmRjdxZFlNWWtJRWpxSlBCRE9hWGViRWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iZjdhMjgtYmYxZS00ODM1LWJlZWQtYjNkODZhYTQzYmM1
LzEveXlCZ2JlY3dSVzdkY3pYTWlDeTk5RGx2TkdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAThwAAwQD
XV4QMA0EAgACMAcDBQAqAg6IMA0GCSqGSIb3DQEBCwUAA4IBAQBHyG/talv6rPJ6
Tn6VbCp3ComDpqP3eOqLlEY8p7GAQ4XLBSUc09jzuUDpamrSywoAlOtcMaFreslM
MmIi0BZSnA3I4/Z+L1kUGcHvHFc0YIClVqtX0yAyrQ42Ly520vBb+Qw2oYLbwse8
jfdVRxQaVyQTgD0U+F7mz/gaOW8TOeX3IksNSPFNiuSCbjU1myU8JCTEngNJx8ip
fbD0jISbSU004H1mv/GEuCehO+VmobY0F8Yxh/RIlP+mv5J6FyqX7U3tbsnFljEO
1xw3NKn1BUF+y4ZCPo7a/q4P+3OfEzrrSV/igwDQBiIlMOh38flTvT5qYDUv4Jh4
ArIgFN9f
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:47:10 2025 by rpki-client