Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/zK1LIZGeSSnaNXNW0qcn6w1MLCU.roa
File: zK1LIZGeSSnaNXNW0qcn6w1MLCU.roa (raw, json)
Hash identifier: e8RwpvlrpxWqEOoeavX1Cyz9aTwhsZ8GdJGcHGa5+Eg=
Subject key identifier: CC:AD:4B:21:91:9E:49:29:DA:35:73:56:D2:A7:27:EB:0D:4C:2C:25
Certificate issuer: /CN=2a36d678c4bbcac24ae6bea9a24c995c48d593f0
Certificate serial: 019426D8B0CC0093EFE93637D89069C0F359
Authority key identifier: 2A:36:D6:78:C4:BB:CA:C2:4A:E6:BE:A9:A2:4C:99:5C:48:D5:93:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KjbWeMS7ysJK5r6pokyZXEjVk_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/zK1LIZGeSSnaNXNW0qcn6w1MLCU.roa
Signing time: Thu 02 Jan 2025 11:48:42 +0000
ROA not before: Thu 02 Jan 2025 11:48:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204028
IP address blocks: 185.118.196.0/22 maxlen: 24
185.118.196.0/24 maxlen: 24
185.118.197.0/24 maxlen: 24
185.118.198.0/24 maxlen: 24
185.118.199.0/24 maxlen: 24
213.170.142.0/24 maxlen: 24
2a06:9500::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d8:b0:cc:00:93:ef:e9:36:37:d8:90:69:c0:f3:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a36d678c4bbcac24ae6bea9a24c995c48d593f0
Validity
Not Before: Jan 2 11:48:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ccad4b21919e4929da357356d2a727eb0d4c2c25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:dc:20:67:9d:81:f6:12:ec:7d:4e:9c:c7:2d:
42:8d:8f:13:17:6c:dd:d2:98:9e:16:c3:a4:c0:24:
fb:0b:cb:82:f8:8d:e2:ce:fb:87:3b:70:ed:87:7a:
cf:4d:e4:fb:58:95:8f:86:f1:90:5e:77:75:32:8d:
c3:97:3f:a2:30:10:94:6b:88:a6:69:df:c3:91:32:
2d:44:8c:3c:86:fc:ab:05:23:7a:d9:43:68:e2:09:
d2:03:86:e6:d8:88:aa:a3:52:fa:75:74:ba:0e:a1:
bb:47:90:b0:93:61:16:ee:d0:31:e9:b8:5e:50:5c:
79:a9:ec:7a:a3:69:ae:b9:cf:0c:07:67:c9:00:dc:
28:b4:73:23:09:27:68:6a:c9:2f:b6:c1:b4:36:8c:
d9:e5:c9:6d:4a:79:55:8b:7e:72:51:cc:c3:17:b4:
51:dd:1a:7b:2c:62:b2:9c:22:e9:5f:69:6a:34:b7:
4a:d3:db:7c:f1:77:6a:2a:d9:1c:c3:a7:8a:c1:ac:
ee:67:1a:55:4b:a5:fb:2f:b3:ee:a7:9b:ee:a4:59:
fd:3d:91:94:76:cd:b2:4a:63:20:7e:47:6e:a8:7e:
4b:28:8f:5a:6b:6e:4e:45:61:bb:6e:08:e0:75:a5:
3b:0a:60:d9:74:33:94:71:c9:94:c4:79:b5:14:b2:
47:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:AD:4B:21:91:9E:49:29:DA:35:73:56:D2:A7:27:EB:0D:4C:2C:25
X509v3 Authority Key Identifier:
keyid:2A:36:D6:78:C4:BB:CA:C2:4A:E6:BE:A9:A2:4C:99:5C:48:D5:93:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KjbWeMS7ysJK5r6pokyZXEjVk_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/zK1LIZGeSSnaNXNW0qcn6w1MLCU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/KjbWeMS7ysJK5r6pokyZXEjVk_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.118.196.0/22
213.170.142.0/24
IPv6:
2a06:9500::/29
Signature Algorithm: sha256WithRSAEncryption
27:64:46:24:b5:08:a3:0b:39:8d:39:de:35:83:7a:09:ba:7b:
fe:13:05:53:bc:2a:2b:b3:ef:0a:3d:0e:d3:47:4e:43:7b:7f:
c6:dd:83:df:4c:5e:44:94:d4:7f:b1:02:3a:15:7f:9b:11:13:
fb:e9:ab:84:57:e9:4f:1c:ae:b7:c3:e2:ae:1b:68:46:c2:8d:
81:27:7b:5e:9c:1f:26:18:06:13:56:c0:59:89:86:7f:c0:de:
be:e3:c9:fc:3d:75:6c:d4:03:c9:e1:23:21:f2:fb:7d:76:30:
41:ad:a9:da:61:8d:a0:c8:e9:f0:99:0f:50:56:28:99:b6:37:
79:e0:cb:46:0a:00:16:52:91:b2:51:3f:aa:67:56:ee:93:21:
5b:20:57:5b:58:f8:1a:87:c2:e8:f8:61:a5:58:27:f9:9c:43:
01:be:25:27:c3:80:34:f7:c9:93:58:94:c0:e4:a2:2b:fa:18:
12:d9:a0:06:4c:ce:c0:54:78:56:9d:73:0b:12:72:96:04:68:
aa:e2:e8:b1:b8:d3:8a:f2:4c:9e:ec:59:bd:3b:2b:d4:6a:2f:
a7:0b:2e:7d:59:83:6c:75:05:03:7b:44:25:c4:09:25:bd:74:
d7:47:5a:66:a9:98:83:0c:ee:73:34:e5:5c:58:54:ae:32:52:
db:6c:be:dc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQm2LDMAJPv6TY32JBpwPNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMzZkNjc4YzRiYmNhYzI0YWU2YmVhOWEyNGM5OTVjNDhk
NTkzZjAwHhcNMjUwMTAyMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2FkNGIyMTkxOWU0OTI5ZGEzNTczNTZkMmE3MjdlYjBkNGMyYzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldwgZ52B9hLsfU6cxy1CjY8TF2zd
0pieFsOkwCT7C8uC+I3izvuHO3Dth3rPTeT7WJWPhvGQXnd1Mo3Dlz+iMBCUa4im
ad/DkTItRIw8hvyrBSN62UNo4gnSA4bm2Iiqo1L6dXS6DqG7R5Cwk2EW7tAx6bhe
UFx5qex6o2muuc8MB2fJANwotHMjCSdoaskvtsG0NozZ5cltSnlVi35yUczDF7RR
3Rp7LGKynCLpX2lqNLdK09t88XdqKtkcw6eKwazuZxpVS6X7L7Pup5vupFn9PZGU
ds2ySmMgfkduqH5LKI9aa25ORWG7bgjgdaU7CmDZdDOUccmUxHm1FLJHbQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMytSyGRnkkp2jVzVtKnJ+sNTCwlMB8GA1UdIwQY
MBaAFCo21njEu8rCSua+qaJMmVxI1ZPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2piV2VNUzd5c0pLNXI2cG9reVpYRWpWa19BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9hMDFmZDMtYTg2Ny00MmM2LTlhMGUt
ZGY2NTFiOTY2YjJiLzEveksxTElaR2VTU25hTlhOVzBxY242dzFNTENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9hMDFmZDMtYTg2Ny00MmM2LTlhMGUtZGY2NTFiOTY2YjJi
LzEvS2piV2VNUzd5c0pLNXI2cG9reVpYRWpWa19BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuXbEAwQA
1aqOMA0EAgACMAcDBQMqBpUAMA0GCSqGSIb3DQEBCwUAA4IBAQAnZEYktQijCzmN
Od41g3oJunv+EwVTvCors+8KPQ7TR05De3/G3YPfTF5ElNR/sQI6FX+bERP76auE
V+lPHK63w+KuG2hGwo2BJ3tenB8mGAYTVsBZiYZ/wN6+48n8PXVs1APJ4SMh8vt9
djBBranaYY2gyOnwmQ9QViiZtjd54MtGCgAWUpGyUT+qZ1bukyFbIFdbWPgah8Lo
+GGlWCf5nEMBviUnw4A098mTWJTA5KIr+hgS2aAGTM7AVHhWnXMLEnKWBGiq4uix
uNOK8kye7Fm9OyvUai+nCy59WYNsdQUDe0QlxAklvXTXR1pmqZiDDO5zNOVcWFSu
MlLbbL7c
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:14:05 2025 by rpki-client