Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/pbTTnCLOLIjCLVBstBODbiFmGmw.roa
File: pbTTnCLOLIjCLVBstBODbiFmGmw.roa (raw, json)
Hash identifier: 8YkIamAbQU3NMaTjWNl+EcrwO/p3qlC0IxQhIIQUrsg=
Subject key identifier: A5:B4:D3:9C:22:CE:2C:88:C2:2D:50:6C:B4:13:83:6E:21:66:1A:6C
Certificate issuer: /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial: 0194266B585E60796413163E98DBC7B606BB
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/pbTTnCLOLIjCLVBstBODbiFmGmw.roa
Signing time: Thu 02 Jan 2025 09:49:16 +0000
ROA not before: Thu 02 Jan 2025 09:49:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44247
IP address blocks: 46.35.176.0/22 maxlen: 24
95.158.160.0/22 maxlen: 24
95.158.176.0/21 maxlen: 24
212.21.128.0/24 maxlen: 24
212.21.136.0/23 maxlen: 24
212.21.138.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:58:5e:60:79:64:13:16:3e:98:db:c7:b6:06:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Validity
Not Before: Jan 2 09:49:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a5b4d39c22ce2c88c22d506cb413836e21661a6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:58:8e:b6:ba:f7:12:20:a6:53:e2:8e:f4:06:
ae:14:36:7f:c8:c3:62:ee:c6:c5:35:19:41:85:ca:
a0:75:0c:56:63:ad:8b:d7:ae:84:48:d8:dd:f7:1f:
d4:bf:5d:48:05:e4:6f:16:ab:ca:59:c7:37:d1:81:
44:f8:4b:d1:58:59:2d:99:0d:e1:7a:c4:0c:90:28:
c8:67:9a:bf:41:a4:fe:bf:4a:c8:72:a4:32:d1:85:
70:7b:9c:96:37:19:82:f1:ba:85:0c:3f:c3:67:06:
51:ae:7d:b5:a9:ff:e4:b8:c8:41:84:fe:89:56:9c:
76:44:57:cf:f2:f6:4a:ea:39:72:dd:81:65:aa:9e:
97:c5:e4:ae:48:15:98:d1:4e:38:72:6b:dc:0f:13:
4c:ff:33:67:6e:f3:d7:45:80:5a:6b:e1:b1:3f:69:
16:a1:33:30:6e:13:ce:ed:06:71:9d:e4:8d:c2:6f:
65:90:f8:e3:8a:89:12:f8:42:9a:90:11:fd:5b:75:
ab:a2:ee:eb:c0:49:18:13:7e:1d:95:95:49:8c:0f:
83:f9:a4:06:d4:95:f4:ab:d1:f7:96:2f:2a:a7:47:
aa:7b:da:64:86:ca:ec:aa:2c:a9:ec:49:29:40:77:
e8:21:98:16:a6:40:f7:82:0f:8e:f5:f1:e0:af:ae:
72:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:B4:D3:9C:22:CE:2C:88:C2:2D:50:6C:B4:13:83:6E:21:66:1A:6C
X509v3 Authority Key Identifier:
keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/pbTTnCLOLIjCLVBstBODbiFmGmw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.35.176.0/22
95.158.160.0/22
95.158.176.0/21
212.21.128.0/24
212.21.136.0-212.21.138.255
Signature Algorithm: sha256WithRSAEncryption
41:1d:68:8d:d6:40:31:43:52:09:22:08:c8:25:fe:19:c6:af:
c3:7a:de:8c:e9:10:91:54:cf:43:87:e7:0d:7d:0a:16:81:b4:
6c:f6:bd:c5:f3:76:08:0b:37:64:8d:ae:52:fd:84:a7:21:cb:
2a:8b:b7:f8:2b:35:27:e0:51:04:35:9a:a2:24:a2:6a:b6:58:
ab:b6:15:26:2a:88:e8:5c:be:b4:97:6b:bf:ad:ae:1e:0a:96:
7b:4a:06:11:46:95:44:c2:24:a7:21:ec:31:39:e3:55:90:a0:
49:ad:03:a4:24:c6:fb:8d:2a:cf:29:0b:53:4e:18:4f:58:49:
14:47:f8:c3:26:55:43:57:d0:38:1f:26:91:4d:2a:40:2e:c5:
6c:13:90:1d:85:ee:bf:c3:1c:14:5e:25:1e:9b:95:b8:69:9e:
40:58:d0:e7:70:46:ba:a6:86:f8:f8:69:ca:27:6b:58:28:0a:
02:c5:09:75:1b:97:d9:c3:4b:e4:bb:5b:b1:b6:ad:da:2f:f9:
dc:3f:ae:53:14:0a:db:c2:49:10:19:10:6d:7b:56:54:cd:2f:
67:8c:dc:aa:88:bb:aa:ee:f3:f6:f8:9a:dd:96:3c:16:b6:3d:
d3:3d:af:71:7c:1d:95:56:30:87:8b:e9:4d:c3:12:d5:0d:b8:
48:b6:40:99
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZQma1heYHlkExY+mNvHtga7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjUwMTAyMDk0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWI0ZDM5YzIyY2UyYzg4YzIyZDUwNmNiNDEzODM2ZTIxNjYxYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1iOtrr3EiCmU+KO9AauFDZ/yMNi
7sbFNRlBhcqgdQxWY62L166ESNjd9x/Uv11IBeRvFqvKWcc30YFE+EvRWFktmQ3h
esQMkCjIZ5q/QaT+v0rIcqQy0YVwe5yWNxmC8bqFDD/DZwZRrn21qf/kuMhBhP6J
Vpx2RFfP8vZK6jly3YFlqp6XxeSuSBWY0U44cmvcDxNM/zNnbvPXRYBaa+GxP2kW
oTMwbhPO7QZxneSNwm9lkPjjiokS+EKakBH9W3Wrou7rwEkYE34dlZVJjA+D+aQG
1JX0q9H3li8qp0eqe9pkhsrsqiyp7EkpQHfoIZgWpkD3gg+O9fHgr65ylQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFKW005wiziyIwi1QbLQTg24hZhpsMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvcGJUVG5DTE9MSWpDTFZCc3RCT0RiaUZtR213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCLiOwAwQC
X56gAwQDX56wAwQA1BWAMAwDBAPUFYgDBADUFYowDQYJKoZIhvcNAQELBQADggEB
AEEdaI3WQDFDUgkiCMgl/hnGr8N63ozpEJFUz0OH5w19ChaBtGz2vcXzdggLN2SN
rlL9hKchyyqLt/grNSfgUQQ1mqIkomq2WKu2FSYqiOhcvrSXa7+trh4KlntKBhFG
lUTCJKch7DE541WQoEmtA6QkxvuNKs8pC1NOGE9YSRRH+MMmVUNX0DgfJpFNKkAu
xWwTkB2F7r/DHBReJR6blbhpnkBY0OdwRrqmhvj4acona1goCgLFCXUbl9nDS+S7
W7G2rdov+dw/rlMUCtvCSRAZEG17VlTNL2eM3KqIu6ru8/b4mt2WPBa2PdM9r3F8
HZVWMIeL6U3DEtUNuEi2QJk=
-----END CERTIFICATE-----
Generated at Mon Apr 7 17:53:18 2025 by rpki-client