Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/AhNFbFbTDT6CkY5DJPEVNczd2fE.roa
File: AhNFbFbTDT6CkY5DJPEVNczd2fE.roa (raw, json)
Hash identifier: IpQ4YXgtCGVmI2isRiUKNC+jbolK/EBPDrF6CZ03Low=
Subject key identifier: 02:13:45:6C:56:D3:0D:3E:82:91:8E:43:24:F1:15:35:CC:DD:D9:F1
Certificate issuer: /CN=7dd1b5b42dc3d846c2ad2549664e34f72d1cb4a6
Certificate serial: 0249EFC9
Authority key identifier: 7D:D1:B5:B4:2D:C3:D8:46:C2:AD:25:49:66:4E:34:F7:2D:1C:B4:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fdG1tC3D2EbCrSVJZk409y0ctKY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/AhNFbFbTDT6CkY5DJPEVNczd2fE.roa
Signing time: Sat 01 Jan 2022 13:05:01 +0000
ROA not before: Sat 01 Jan 2022 13:05:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 42336
IP address blocks: 185.203.40.0/22 maxlen: 22
176.121.24.0/21 maxlen: 21
87.239.224.0/21 maxlen: 21
94.177.140.0/22 maxlen: 22
94.177.100.0/22 maxlen: 22
89.46.116.0/22 maxlen: 22
91.245.160.0/20 maxlen: 20
193.33.118.0/23 maxlen: 23
2a0b:cd40::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 38399945 (0x249efc9)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7dd1b5b42dc3d846c2ad2549664e34f72d1cb4a6
Validity
Not Before: Jan 1 13:05:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0213456c56d30d3e82918e4324f11535ccddd9f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e1:4c:9b:48:4c:51:19:72:47:e0:5a:e5:80:
8f:2c:21:5c:08:ad:92:e2:a6:3e:65:d8:d6:15:10:
d2:22:06:09:38:ae:67:e5:8a:4a:7a:ce:d9:46:60:
e2:23:86:d8:7f:ad:55:70:df:60:49:fd:68:40:ac:
04:d3:2a:9c:03:58:b1:22:23:d9:03:84:e6:e1:8d:
ed:bc:02:56:aa:b1:66:98:b0:37:42:e1:cb:0d:43:
81:a0:ae:c7:25:26:59:39:96:b6:6a:87:3e:f2:2e:
c6:14:71:41:c4:47:06:f9:20:87:20:ad:f1:a7:a2:
ca:18:99:dc:f2:e0:59:56:91:1b:a7:8b:af:46:28:
59:3f:d7:36:d4:8d:5e:d5:6b:b3:40:0f:b4:b3:8f:
89:2e:6c:24:f4:a1:27:22:e0:a8:a4:d4:8d:cc:50:
0c:3e:9d:80:c6:b3:9d:a1:93:01:1e:ee:08:a8:45:
cf:b6:60:a2:ec:7e:0e:21:ef:5d:d5:a3:5f:7f:ce:
ca:18:39:1e:1d:aa:8c:c2:90:22:e5:eb:1b:a2:25:
24:b9:c2:3b:c9:21:ed:37:86:d2:f3:0b:d1:90:08:
8c:55:97:66:8e:ce:92:a1:e3:5f:08:81:17:1f:79:
6d:ad:a2:a3:5c:f7:91:65:47:da:db:26:67:50:71:
43:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:13:45:6C:56:D3:0D:3E:82:91:8E:43:24:F1:15:35:CC:DD:D9:F1
X509v3 Authority Key Identifier:
keyid:7D:D1:B5:B4:2D:C3:D8:46:C2:AD:25:49:66:4E:34:F7:2D:1C:B4:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fdG1tC3D2EbCrSVJZk409y0ctKY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/AhNFbFbTDT6CkY5DJPEVNczd2fE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/5f5d8f-332b-42d6-a9bb-2f405d7f1d8f/1/fdG1tC3D2EbCrSVJZk409y0ctKY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.239.224.0/21
89.46.116.0/22
91.245.160.0/20
94.177.100.0/22
94.177.140.0/22
176.121.24.0/21
185.203.40.0/22
193.33.118.0/23
IPv6:
2a0b:cd40::/29
Signature Algorithm: sha256WithRSAEncryption
06:fa:5e:07:d2:01:c9:6e:e2:e9:38:2b:83:c5:70:08:55:5e:
13:7f:14:10:bd:76:8b:4e:18:c3:a9:db:40:36:b8:02:2c:b5:
3b:42:91:03:14:79:ee:df:0f:2d:e4:4a:28:23:54:48:c4:19:
ea:9b:54:b4:b9:b9:ab:3a:2d:d1:7b:58:ad:a7:e0:a9:b5:62:
51:56:fa:8e:72:16:8c:c1:bd:e1:e3:eb:87:34:d2:61:00:01:
fb:e9:cc:98:08:82:fb:5e:2e:44:b0:73:b1:51:d2:f4:21:95:
ef:07:9f:cd:d5:3f:56:2b:83:24:6f:8b:a8:88:d4:a2:83:bb:
60:22:d7:a0:1e:c7:ba:05:c0:c2:47:e7:2e:a1:02:d9:09:e7:
76:c4:01:c8:ec:09:e9:d1:a2:5a:be:e3:cb:8a:56:1e:b5:90:
15:6b:9f:16:ab:c6:dc:a6:ff:3c:b0:4a:91:91:37:fa:b9:d2:
5a:13:cb:02:e1:9b:d6:bb:15:c6:67:a8:68:0e:bd:f5:3e:23:
89:ac:4a:22:4f:40:12:63:97:36:3f:bc:d8:3e:6a:9f:f7:21:
1c:1c:35:af:94:ed:3c:1f:12:71:82:e2:b0:34:d6:8a:9b:ac:
ed:ac:d8:a9:da:8a:41:da:81:b3:cd:4c:6c:75:44:9d:d5:fe:
b1:91:3c:97
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIEAknvyTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZGQxYjViNDJkYzNkODQ2YzJhZDI1NDk2NjRlMzRmNzJkMWNiNGE2MB4XDTIyMDEw
MTEzMDUwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDIxMzQ1NmM1NmQz
MGQzZTgyOTE4ZTQzMjRmMTE1MzVjY2RkZDlmMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALLhTJtITFEZckfgWuWAjywhXAitkuKmPmXY1hUQ0iIGCTiu
Z+WKSnrO2UZg4iOG2H+tVXDfYEn9aECsBNMqnANYsSIj2QOE5uGN7bwCVqqxZpiw
N0Lhyw1DgaCuxyUmWTmWtmqHPvIuxhRxQcRHBvkghyCt8aeiyhiZ3PLgWVaRG6eL
r0YoWT/XNtSNXtVrs0APtLOPiS5sJPShJyLgqKTUjcxQDD6dgMaznaGTAR7uCKhF
z7Zgoux+DiHvXdWjX3/Oyhg5Hh2qjMKQIuXrG6IlJLnCO8kh7TeG0vML0ZAIjFWX
Zo7OkqHjXwiBFx95ba2io1z3kWVH2tsmZ1BxQ4kCAwEAAaOCAkIwggI+MB0GA1Ud
DgQWBBQCE0VsVtMNPoKRjkMk8RU1zN3Z8TAfBgNVHSMEGDAWgBR90bW0LcPYRsKt
JUlmTjT3LRy0pjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZkRzF0QzNEMkViQ3JTVkpaazQwOXkwY3RLWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOWMvNWY1ZDhmLTMzMmItNDJkNi1hOWJiLTJmNDA1ZDdmMWQ4Zi8x
L0FoTkZiRmJURFQ2Q2tZNURKUEVWTmN6ZDJmRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWMv
NWY1ZDhmLTMzMmItNDJkNi1hOWJiLTJmNDA1ZDdmMWQ4Zi8xL2ZkRzF0QzNEMkVi
Q3JTVkpaazQwOXkwY3RLWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBY
BggrBgEFBQcBBwEB/wRJMEcwNgQCAAEwMAMEA1fv4AMEAlkudAMEBFv1oAMEAl6x
ZAMEAl6xjAMEA7B5GAMEArnLKAMEAcEhdjANBAIAAjAHAwUDKgvNQDANBgkqhkiG
9w0BAQsFAAOCAQEABvpeB9IByW7i6Tgrg8VwCFVeE38UEL12i04Yw6nbQDa4Aiy1
O0KRAxR57t8PLeRKKCNUSMQZ6ptUtLm5qzot0XtYrafgqbViUVb6jnIWjMG94ePr
hzTSYQAB++nMmAiC+14uRLBzsVHS9CGV7wefzdU/ViuDJG+LqIjUooO7YCLXoB7H
ugXAwkfnLqEC2QnndsQByOwJ6dGiWr7jy4pWHrWQFWufFqvG3Kb/PLBKkZE3+rnS
WhPLAuGb1rsVxmeoaA699T4jiaxKIk9AEmOXNj+82D5qn/chHBw1r5TtPB8ScYLi
sDTWipus7azYqdqKQdqBs81MbHVEndX+sZE8lw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:23 2025 by rpki-client