Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/4b2e49-f667-494a-afe9-6df3e4a4eeb1/1/zMBNnU414lgd-NbPPxv6LfAwsv0.roa
File: zMBNnU414lgd-NbPPxv6LfAwsv0.roa (raw, json)
Hash identifier: a4j1fjgcVTUDMcw7oEdiVT0gcdKWNK33wBEmeJ+tzqw=
Subject key identifier: CC:C0:4D:9D:4E:35:E2:58:1D:F8:D6:CF:3F:1B:FA:2D:F0:30:B2:FD
Certificate issuer: /CN=8324c5df19789d5259104e0ae0dcd4672a8e2bab
Certificate serial: 019424B27EC22304A572A78D028F505BFA23
Authority key identifier: 83:24:C5:DF:19:78:9D:52:59:10:4E:0A:E0:DC:D4:67:2A:8E:2B:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gyTF3xl4nVJZEE4K4NzUZyqOK6s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/4b2e49-f667-494a-afe9-6df3e4a4eeb1/1/zMBNnU414lgd-NbPPxv6LfAwsv0.roa
Signing time: Thu 02 Jan 2025 01:47:45 +0000
ROA not before: Thu 02 Jan 2025 01:47:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8680
IP address blocks: 5.42.128.0/21 maxlen: 24
46.254.248.0/21 maxlen: 24
83.137.248.0/21 maxlen: 24
93.191.200.0/21 maxlen: 24
93.191.200.0/22 maxlen: 22
93.191.200.0/23 maxlen: 23
93.191.202.0/23 maxlen: 23
93.191.204.0/23 maxlen: 23
93.191.206.0/23 maxlen: 23
185.48.60.0/22 maxlen: 24
2a01:94a0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b2:7e:c2:23:04:a5:72:a7:8d:02:8f:50:5b:fa:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8324c5df19789d5259104e0ae0dcd4672a8e2bab
Validity
Not Before: Jan 2 01:47:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ccc04d9d4e35e2581df8d6cf3f1bfa2df030b2fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d8:38:03:d2:1a:ca:57:14:f3:2f:89:59:63:
cb:d7:ba:58:05:e4:d3:b1:19:82:1d:90:c0:6c:e6:
57:d5:67:06:5e:b8:fb:9e:fb:0e:d0:95:a2:00:d7:
84:82:46:ae:2e:c5:d4:18:62:18:cb:9c:92:43:b5:
ae:27:5c:93:a0:5d:b2:f5:40:83:ac:19:7d:9c:8c:
cf:ca:81:2a:1a:f0:92:44:d7:5e:48:6c:23:aa:19:
26:00:b5:ce:9c:33:38:ec:46:20:9e:0e:5c:c9:9f:
57:ba:00:f9:7a:39:45:b1:0e:8a:fb:1e:f6:63:d5:
b8:7e:88:76:b2:11:3a:38:53:c2:b8:e4:aa:02:a0:
71:86:ae:a7:5d:6d:99:ff:83:91:77:56:88:4e:68:
87:38:b9:d3:48:92:9e:e5:1a:8a:ee:49:ca:2e:4d:
8f:b7:b4:e8:17:ce:96:be:72:6d:a4:14:3e:f5:bb:
25:7f:63:03:a5:a5:25:67:3b:a9:9f:46:99:8c:1c:
e4:07:82:1b:2e:3b:ce:fa:54:73:08:78:f4:1f:14:
5a:c0:88:3b:45:8b:de:44:62:5e:9b:4a:d5:26:33:
08:b6:49:53:bc:62:2c:60:ca:eb:05:6e:a5:48:2e:
ae:da:78:23:95:60:04:65:0c:e0:e8:fb:66:05:4d:
21:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:C0:4D:9D:4E:35:E2:58:1D:F8:D6:CF:3F:1B:FA:2D:F0:30:B2:FD
X509v3 Authority Key Identifier:
keyid:83:24:C5:DF:19:78:9D:52:59:10:4E:0A:E0:DC:D4:67:2A:8E:2B:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gyTF3xl4nVJZEE4K4NzUZyqOK6s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/4b2e49-f667-494a-afe9-6df3e4a4eeb1/1/zMBNnU414lgd-NbPPxv6LfAwsv0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/4b2e49-f667-494a-afe9-6df3e4a4eeb1/1/gyTF3xl4nVJZEE4K4NzUZyqOK6s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.128.0/21
46.254.248.0/21
83.137.248.0/21
93.191.200.0/21
185.48.60.0/22
IPv6:
2a01:94a0::/32
Signature Algorithm: sha256WithRSAEncryption
b4:43:0c:68:7b:fe:ff:dc:b1:28:4c:f9:c1:92:a3:9d:d2:62:
66:8f:49:e9:5c:6b:84:2f:8e:0c:55:e7:84:a1:00:00:e1:5c:
77:6d:d8:e4:eb:9f:4c:27:dd:dc:14:5b:20:59:2a:1e:d0:19:
ab:fb:f1:0a:22:3e:a6:dd:15:b0:ae:fa:17:3f:4c:18:4d:c1:
31:73:4d:a4:d4:68:49:47:02:c3:14:ce:31:2e:0a:00:6c:ba:
23:ab:7d:21:40:73:75:12:ad:08:9f:c5:92:67:46:cd:ba:3b:
cd:2b:44:bc:fe:6d:41:0d:60:ad:95:58:26:c6:bd:28:56:e8:
df:86:b0:52:99:ba:0c:da:37:b9:ea:48:cd:6f:6b:c4:13:3a:
e5:61:35:14:7b:b1:f9:de:85:9d:aa:95:e3:8e:d0:6f:ea:a1:
65:88:01:d3:15:fc:2b:68:20:f3:28:97:96:7a:97:c1:bf:28:
52:d1:1a:b9:c5:1f:18:45:39:cb:19:3b:0d:0c:72:74:10:ad:
51:c0:24:18:9c:a5:c7:c5:a9:13:08:b1:31:c4:e4:33:fb:1e:
53:4a:bd:30:d7:14:d9:0c:e9:00:82:f3:e0:f8:90:2b:0c:77:
d5:ee:18:0b:3c:1c:ec:f3:77:c3:32:98:90:77:f8:c3:2f:3d:
9c:03:99:e1
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQksn7CIwSlcqeNAo9QW/ojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMjRjNWRmMTk3ODlkNTI1OTEwNGUwYWUwZGNkNDY3MmE4
ZTJiYWIwHhcNMjUwMTAyMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2MwNGQ5ZDRlMzVlMjU4MWRmOGQ2Y2YzZjFiZmEyZGYwMzBiMmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNg4A9IaylcU8y+JWWPL17pYBeTT
sRmCHZDAbOZX1WcGXrj7nvsO0JWiANeEgkauLsXUGGIYy5ySQ7WuJ1yToF2y9UCD
rBl9nIzPyoEqGvCSRNdeSGwjqhkmALXOnDM47EYgng5cyZ9XugD5ejlFsQ6K+x72
Y9W4foh2shE6OFPCuOSqAqBxhq6nXW2Z/4ORd1aITmiHOLnTSJKe5RqK7knKLk2P
t7ToF86WvnJtpBQ+9bslf2MDpaUlZzupn0aZjBzkB4IbLjvO+lRzCHj0HxRawIg7
RYveRGJem0rVJjMItklTvGIsYMrrBW6lSC6u2ngjlWAEZQzg6PtmBU0hwwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFMzATZ1ONeJYHfjWzz8b+i3wMLL9MB8GA1UdIwQY
MBaAFIMkxd8ZeJ1SWRBOCuDc1GcqjiurMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3lURjN4bDRuVkpaRUU0SzROelVaeXFPSzZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80YjJlNDktZjY2Ny00OTRhLWFmZTkt
NmRmM2U0YTRlZWIxLzEvek1CTm5VNDE0bGdkLU5iUFB4djZMZkF3c3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80YjJlNDktZjY2Ny00OTRhLWFmZTktNmRmM2U0YTRlZWIx
LzEvZ3lURjN4bDRuVkpaRUU0SzROelVaeXFPSzZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDBSqAAwQD
Lv74AwQDU4n4AwQDXb/IAwQCuTA8MA0EAgACMAcDBQAqAZSgMA0GCSqGSIb3DQEB
CwUAA4IBAQC0Qwxoe/7/3LEoTPnBkqOd0mJmj0npXGuEL44MVeeEoQAA4Vx3bdjk
659MJ93cFFsgWSoe0Bmr+/EKIj6m3RWwrvoXP0wYTcExc02k1GhJRwLDFM4xLgoA
bLojq30hQHN1Eq0In8WSZ0bNujvNK0S8/m1BDWCtlVgmxr0oVujfhrBSmboM2je5
6kjNb2vEEzrlYTUUe7H53oWdqpXjjtBv6qFliAHTFfwraCDzKJeWepfBvyhS0Rq5
xR8YRTnLGTsNDHJ0EK1RwCQYnKXHxakTCLExxOQz+x5TSr0w1xTZDOkAgvPg+JAr
DHfV7hgLPBzs83fDMpiQd/jDLz2cA5nh
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:06:03 2025 by rpki-client