Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/raSmxoHnzmzGBzTkG0MLkl3VZgs.roa
File: raSmxoHnzmzGBzTkG0MLkl3VZgs.roa (raw, json)
Hash identifier: lXV0TrwdE+JtNBRnmGgOqwwu3Hr9XSo7ebZyvtagFuc=
Subject key identifier: AD:A4:A6:C6:81:E7:CE:6C:C6:07:34:E4:1B:43:0B:92:5D:D5:66:0B
Certificate issuer: /CN=34962ec776462b76e63ae8155bb27b9d8c7e7fde
Certificate serial: 019421B254A8D9C55F35AD5603E8678FD874
Authority key identifier: 34:96:2E:C7:76:46:2B:76:E6:3A:E8:15:5B:B2:7B:9D:8C:7E:7F:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJYux3ZGK3bmOugVW7J7nYx-f94.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/raSmxoHnzmzGBzTkG0MLkl3VZgs.roa
Signing time: Wed 01 Jan 2025 11:48:42 +0000
ROA not before: Wed 01 Jan 2025 11:48:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197522
IP address blocks: 2.57.204.0/22 maxlen: 22
2.57.204.0/24 maxlen: 24
2.57.205.0/24 maxlen: 24
2.57.206.0/24 maxlen: 24
2.57.207.0/24 maxlen: 24
46.149.176.0/20 maxlen: 20
46.149.176.0/24 maxlen: 24
46.149.177.0/24 maxlen: 24
46.149.178.0/24 maxlen: 24
46.149.179.0/24 maxlen: 24
46.149.180.0/24 maxlen: 24
46.149.181.0/24 maxlen: 24
46.149.182.0/24 maxlen: 24
46.149.183.0/24 maxlen: 24
46.149.184.0/24 maxlen: 24
46.149.185.0/24 maxlen: 24
46.149.186.0/24 maxlen: 24
46.149.187.0/24 maxlen: 24
46.149.188.0/24 maxlen: 24
46.149.189.0/24 maxlen: 24
46.149.190.0/24 maxlen: 24
46.149.191.0/24 maxlen: 24
2a09:dc40::/32 maxlen: 32
2a09:dc41::/32 maxlen: 32
2a09:dc42::/32 maxlen: 32
2a09:dc43::/32 maxlen: 32
2a09:dc44::/32 maxlen: 32
2a09:dc45::/32 maxlen: 32
2a09:dc46::/32 maxlen: 32
2a09:dc47::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:54:a8:d9:c5:5f:35:ad:56:03:e8:67:8f:d8:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34962ec776462b76e63ae8155bb27b9d8c7e7fde
Validity
Not Before: Jan 1 11:48:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ada4a6c681e7ce6cc60734e41b430b925dd5660b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:be:c0:64:ad:bd:84:5f:33:47:c0:9e:47:d1:
d9:17:2d:6d:ca:80:91:20:2c:3b:8a:95:6e:41:75:
64:66:83:d6:da:d8:b3:62:a6:cf:da:8a:0b:69:ef:
f0:44:4a:87:fa:ef:7c:2d:0d:0e:fe:3d:45:92:fa:
fc:fa:fb:47:92:82:e8:c1:e8:49:4e:0b:a2:59:c7:
00:7c:2b:d7:68:13:cf:35:42:bd:77:74:e1:3f:57:
51:3f:fd:4d:fb:e3:d7:55:12:4b:fd:97:bb:60:d6:
00:83:6f:17:58:b2:74:af:85:32:00:7b:cf:d6:40:
41:c0:10:f0:3d:e5:2a:95:2a:39:50:ef:4c:20:e6:
2d:d6:df:2d:26:c5:25:7a:00:f1:1f:43:64:58:7e:
7f:c1:7d:16:64:6e:b2:83:c3:44:e2:b2:6d:21:39:
1a:a5:ad:e0:6c:89:72:69:1c:1e:06:17:c4:3e:f3:
e3:62:11:bb:de:3f:47:2e:5f:74:85:e2:56:a3:cd:
c4:b5:6c:cb:40:91:ed:63:a6:51:c9:ba:2f:dc:34:
9f:86:2d:03:0f:ed:28:94:b1:45:af:fd:4c:fa:21:
36:6e:ac:e7:82:11:72:0a:fb:a2:c5:31:82:c3:ca:
e6:28:5a:ab:26:25:36:cd:22:1b:59:cb:2e:2a:e7:
86:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:A4:A6:C6:81:E7:CE:6C:C6:07:34:E4:1B:43:0B:92:5D:D5:66:0B
X509v3 Authority Key Identifier:
keyid:34:96:2E:C7:76:46:2B:76:E6:3A:E8:15:5B:B2:7B:9D:8C:7E:7F:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJYux3ZGK3bmOugVW7J7nYx-f94.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/raSmxoHnzmzGBzTkG0MLkl3VZgs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/82af7c-8606-4f9b-a052-4f3bea9fb95c/1/NJYux3ZGK3bmOugVW7J7nYx-f94.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.204.0/22
46.149.176.0/20
IPv6:
2a09:dc40::/29
Signature Algorithm: sha256WithRSAEncryption
32:9d:d6:8f:cb:df:b8:40:f2:c4:93:80:d1:a9:b4:88:42:c1:
4a:e2:b2:bc:fd:9b:fe:fc:95:ae:ec:ef:38:94:c8:27:d5:44:
d7:76:07:49:8f:8c:75:74:f8:04:ef:d1:62:b1:cf:49:02:a7:
fc:9c:e3:08:b4:92:ee:e5:42:17:d0:18:0f:6f:84:41:aa:c0:
f9:90:bc:2b:96:1d:41:d2:0e:cd:26:5b:48:21:b5:a4:7c:82:
41:6e:8b:d5:a8:e7:b8:dc:55:2b:2d:e0:8f:26:1e:5b:e3:07:
d4:c6:bd:6a:2a:7a:f3:33:3c:3a:bd:04:53:ee:ba:b1:8b:02:
b5:69:80:77:b6:78:8b:05:c5:58:fe:4f:90:07:b4:49:cd:c7:
59:48:db:25:e6:1c:bc:18:ee:60:1d:07:43:33:3f:23:05:bd:
30:09:d9:44:08:35:09:cc:78:30:66:35:0e:fe:98:89:5f:92:
92:1e:dd:02:62:5a:d1:e3:5e:b4:71:61:98:90:fd:6e:1d:68:
4c:27:6f:31:8c:53:58:c0:14:64:17:c0:c4:d7:d7:6d:37:78:
f6:11:b1:c7:67:4a:aa:2d:66:5a:f6:fa:4d:a2:73:8f:78:2c:
bb:cb:d7:89:b5:90:ca:79:97:0b:ef:12:bf:a9:d4:23:09:24:
51:0d:b0:a3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhslSo2cVfNa1WA+hnj9h0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OTYyZWM3NzY0NjJiNzZlNjNhZTgxNTViYjI3YjlkOGM3
ZTdmZGUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGE0YTZjNjgxZTdjZTZjYzYwNzM0ZTQxYjQzMGI5MjVkZDU2NjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjr7AZK29hF8zR8CeR9HZFy1tyoCR
ICw7ipVuQXVkZoPW2tizYqbP2ooLae/wREqH+u98LQ0O/j1Fkvr8+vtHkoLowehJ
TguiWccAfCvXaBPPNUK9d3ThP1dRP/1N++PXVRJL/Ze7YNYAg28XWLJ0r4UyAHvP
1kBBwBDwPeUqlSo5UO9MIOYt1t8tJsUlegDxH0NkWH5/wX0WZG6yg8NE4rJtITka
pa3gbIlyaRweBhfEPvPjYhG73j9HLl90heJWo83EtWzLQJHtY6ZRybov3DSfhi0D
D+0olLFFr/1M+iE2bqznghFyCvuixTGCw8rmKFqrJiU2zSIbWcsuKueGhQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK2kpsaB585sxgc05BtDC5Jd1WYLMB8GA1UdIwQY
MBaAFDSWLsd2Rit25jroFVuye52Mfn/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkpZdXgzWkdLM2JtT3VnVlc3SjduWXgtZjk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84MmFmN2MtODYwNi00ZjliLWEwNTIt
NGYzYmVhOWZiOTVjLzEvcmFTbXhvSG56bXpHQnpUa0cwTUxrbDNWWmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84MmFmN2MtODYwNi00ZjliLWEwNTItNGYzYmVhOWZiOTVj
LzEvTkpZdXgzWkdLM2JtT3VnVlc3SjduWXgtZjk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCAjnMAwQE
LpWwMA0EAgACMAcDBQMqCdxAMA0GCSqGSIb3DQEBCwUAA4IBAQAyndaPy9+4QPLE
k4DRqbSIQsFK4rK8/Zv+/JWu7O84lMgn1UTXdgdJj4x1dPgE79Fisc9JAqf8nOMI
tJLu5UIX0BgPb4RBqsD5kLwrlh1B0g7NJltIIbWkfIJBbovVqOe43FUrLeCPJh5b
4wfUxr1qKnrzMzw6vQRT7rqxiwK1aYB3tniLBcVY/k+QB7RJzcdZSNsl5hy8GO5g
HQdDMz8jBb0wCdlECDUJzHgwZjUO/piJX5KSHt0CYlrR4160cWGYkP1uHWhMJ28x
jFNYwBRkF8DE19dtN3j2EbHHZ0qqLWZa9vpNonOPeCy7y9eJtZDKeZcL7xK/qdQj
CSRRDbCj
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:17:20 2025 by rpki-client