Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/qMUUhW1iC-XMKPgcY2-u4nUNHXY.roa
File: qMUUhW1iC-XMKPgcY2-u4nUNHXY.roa (raw, json)
Hash identifier: 8IGWcOXBDlPGcQOckJ+GtmlbDYmD6/HkpFAja/aKolM=
Subject key identifier: A8:C5:14:85:6D:62:0B:E5:CC:28:F8:1C:63:6F:AE:E2:75:0D:1D:76
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 0194266BEAEC77168A6C42F9983B69DDCC4D
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/qMUUhW1iC-XMKPgcY2-u4nUNHXY.roa
Signing time: Thu 02 Jan 2025 09:49:54 +0000
ROA not before: Thu 02 Jan 2025 09:49:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3301
IP address blocks: 2.248.0.0/14 maxlen: 14
2.252.0.0/15 maxlen: 15
2.254.0.0/16 maxlen: 16
2.255.0.0/17 maxlen: 17
2.255.128.0/18 maxlen: 18
2.255.190.0/24 maxlen: 24
2.255.191.0/24 maxlen: 24
62.20.0.0/16 maxlen: 16
77.110.0.0/18 maxlen: 18
78.64.0.0/12 maxlen: 12
81.224.0.0/12 maxlen: 12
81.228.4.0/23 maxlen: 23
81.228.4.0/24 maxlen: 24
81.228.5.0/24 maxlen: 24
82.214.0.0/18 maxlen: 18
85.11.0.0/18 maxlen: 18
90.224.0.0/12 maxlen: 12
92.254.128.0/17 maxlen: 17
95.109.0.0/17 maxlen: 17
95.192.0.0/12 maxlen: 12
185.103.208.0/22 maxlen: 22
185.103.208.0/24 maxlen: 24
188.126.224.0/19 maxlen: 19
188.126.233.0/24 maxlen: 24
188.126.240.0/23 maxlen: 23
192.16.152.0/23 maxlen: 23
192.16.153.0/24 maxlen: 24
192.150.58.0/23 maxlen: 23
192.150.60.0/22 maxlen: 22
192.150.64.0/22 maxlen: 22
192.150.68.0/23 maxlen: 23
192.150.78.0/23 maxlen: 23
192.150.80.0/23 maxlen: 23
193.44.0.0/15 maxlen: 15
194.16.0.0/15 maxlen: 15
194.18.0.0/16 maxlen: 16
194.22.0.0/15 maxlen: 15
194.218.0.0/16 maxlen: 16
194.236.0.0/15 maxlen: 15
195.67.0.0/16 maxlen: 16
195.198.0.0/16 maxlen: 16
195.252.32.0/19 maxlen: 19
212.28.192.0/19 maxlen: 19
212.181.0.0/16 maxlen: 16
213.64.0.0/14 maxlen: 14
217.208.0.0/13 maxlen: 13
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:ea:ec:77:16:8a:6c:42:f9:98:3b:69:dd:cc:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Jan 2 09:49:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8c514856d620be5cc28f81c636faee2750d1d76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:19:cb:96:a4:c0:f1:a3:30:a4:a7:da:84:39:
e1:33:da:00:a1:cb:a1:0a:39:c3:5a:65:fa:25:4e:
2a:11:f6:48:51:21:01:26:a8:41:38:61:9e:de:5e:
16:4a:90:a1:47:c5:4f:f5:7c:03:15:91:23:ea:3b:
e3:7b:72:e8:44:17:01:40:cd:3d:ba:74:07:38:59:
ed:59:16:bb:ea:01:17:be:4e:24:81:0c:83:24:d8:
c2:ea:90:c2:cb:28:74:d2:7b:c0:23:03:d7:03:f4:
93:25:9c:44:71:4f:e4:21:30:af:c0:54:7d:d6:25:
e2:da:9c:a0:15:03:03:44:e1:5b:40:76:18:d8:b0:
f2:08:72:3f:03:f3:25:98:d1:a4:73:9e:d1:50:08:
bc:6b:f4:4d:91:7c:63:9b:b4:e0:f1:e2:ba:a6:02:
46:a9:9c:db:e9:85:dd:e9:92:01:4b:8c:14:74:ce:
b7:5f:26:97:05:1a:85:74:bf:5c:1e:43:0f:0a:6d:
71:e2:09:11:43:4c:d1:54:f8:92:b9:76:72:3c:d4:
73:f8:6a:d6:6d:23:71:57:79:92:88:df:6d:29:dd:
c0:8e:48:0d:4e:5a:26:4f:a8:b5:0d:5d:fa:47:ed:
8e:c2:8a:0b:f1:cd:b0:56:bd:cd:d8:09:e2:62:19:
dc:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:C5:14:85:6D:62:0B:E5:CC:28:F8:1C:63:6F:AE:E2:75:0D:1D:76
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/qMUUhW1iC-XMKPgcY2-u4nUNHXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.248.0.0-2.255.191.255
62.20.0.0/16
77.110.0.0/18
78.64.0.0/12
81.224.0.0/12
82.214.0.0/18
85.11.0.0/18
90.224.0.0/12
92.254.128.0/17
95.109.0.0/17
95.192.0.0/12
185.103.208.0/22
188.126.224.0/19
192.16.152.0/23
192.150.58.0-192.150.69.255
192.150.78.0-192.150.81.255
193.44.0.0/15
194.16.0.0-194.18.255.255
194.22.0.0/15
194.218.0.0/16
194.236.0.0/15
195.67.0.0/16
195.198.0.0/16
195.252.32.0/19
212.28.192.0/19
212.181.0.0/16
213.64.0.0/14
217.208.0.0/13
Signature Algorithm: sha256WithRSAEncryption
c5:bd:3e:9d:9e:d1:67:41:20:20:b8:99:fb:4a:29:fc:6b:ae:
a0:b5:c0:d8:c8:46:cc:80:81:76:dd:e4:17:aa:3d:32:85:47:
4d:9b:f1:b7:85:da:60:ad:76:d5:b0:a1:71:91:3a:e8:57:bd:
8a:76:0a:66:92:ab:42:43:10:1b:71:aa:00:90:11:53:e9:66:
1b:37:d6:69:b0:45:94:3a:94:2f:8e:6b:19:f0:67:f8:3b:98:
f3:ae:ef:d5:83:80:e1:6f:d0:e2:46:af:f9:14:7a:58:5c:c8:
b0:4e:0f:3f:2e:67:24:b7:3c:46:74:23:a5:da:06:e6:00:ee:
c3:1b:65:e2:1e:56:bd:f3:11:21:73:6e:4c:30:87:cc:5d:ac:
ad:89:e1:66:50:29:8b:80:e8:ad:95:4a:f7:6d:d6:49:18:d0:
b6:40:c6:57:ab:16:18:1a:fe:5c:ce:67:e1:c8:51:01:e0:e4:
97:ed:2f:76:13:2b:74:0e:0a:d1:46:43:4a:65:a1:c7:56:a4:
85:27:07:cc:b7:d2:ca:8e:78:27:ff:88:25:49:98:84:f8:a1:
77:df:05:f0:98:f0:04:01:40:6c:b7:0c:e6:07:8d:40:41:c4:
3f:9e:d7:3d:ab:cd:06:9b:ec:f8:d6:bd:ef:1c:14:b2:c2:32:
2b:5d:68:e8
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgISAZQma+rsdxaKbEL5mDtp3cxNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGM1MTQ4NTZkNjIwYmU1Y2MyOGY4MWM2MzZmYWVlMjc1MGQxZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhnLlqTA8aMwpKfahDnhM9oAocuh
CjnDWmX6JU4qEfZIUSEBJqhBOGGe3l4WSpChR8VP9XwDFZEj6jvje3LoRBcBQM09
unQHOFntWRa76gEXvk4kgQyDJNjC6pDCyyh00nvAIwPXA/STJZxEcU/kITCvwFR9
1iXi2pygFQMDROFbQHYY2LDyCHI/A/MlmNGkc57RUAi8a/RNkXxjm7Tg8eK6pgJG
qZzb6YXd6ZIBS4wUdM63XyaXBRqFdL9cHkMPCm1x4gkRQ0zRVPiSuXZyPNRz+GrW
bSNxV3mSiN9tKd3AjkgNTlomT6i1DV36R+2OwooL8c2wVr3N2AniYhncPQIDAQAB
o4ICvzCCArswHQYDVR0OBBYEFKjFFIVtYgvlzCj4HGNvruJ1DR12MB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvcU1VVWhXMWlDLVhNS1BnY1kyLXU0blVOSFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHUBggrBgEFBQcBBwEB/wSBxDCBwTCBvgQCAAEwgbcwCwMD
AwL4AwQGAv+AAwMAPhQDBAZNbgADAwROQAMDBFHgAwQGUtYAAwQGVQsAAwMEWuAD
BAdc/oADBAdfbQADAwRfwAMEArln0AMEBbx+4AMEAcAQmDAMAwQBwJY6AwQBwJZE
MAwDBAHAlk4DBAHAllADAwHBLDAKAwMEwhADAwDCEgMDAcIWAwMAwtoDAwHC7AMD
AMNDAwMAw8YDBAXD/CADBAXUHMADAwDUtQMDAtVAAwMD2dAwDQYJKoZIhvcNAQEL
BQADggEBAMW9Pp2e0WdBICC4mftKKfxrrqC1wNjIRsyAgXbd5BeqPTKFR02b8beF
2mCtdtWwoXGROuhXvYp2CmaSq0JDEBtxqgCQEVPpZhs31mmwRZQ6lC+OaxnwZ/g7
mPOu79WDgOFv0OJGr/kUelhcyLBODz8uZyS3PEZ0I6XaBuYA7sMbZeIeVr3zESFz
bkwwh8xdrK2J4WZQKYuA6K2VSvdt1kkY0LZAxlerFhga/lzOZ+HIUQHg5JftL3YT
K3QOCtFGQ0plocdWpIUnB8y30sqOeCf/iCVJmIT4oXffBfCY8AQBQGy3DOYHjUBB
xD+e1z2rzQab7PjWve8cFLLCMitdaOg=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:03:45 2025 by rpki-client