Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/znHrAZm_EwJFzSlzHUBaDIb6T_c.roa
File: znHrAZm_EwJFzSlzHUBaDIb6T_c.roa (raw, json)
Hash identifier: 8+CSmVuv7oNvnmW3AJMftQvBT3ExE6lD+2YKqmYy4aI=
Subject key identifier: CE:71:EB:01:99:BF:13:02:45:CD:29:73:1D:40:5A:0C:86:FA:4F:F7
Certificate issuer: /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial: 01942369707B5B909ED2F9534F92013EB0AA
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/znHrAZm_EwJFzSlzHUBaDIb6T_c.roa
Signing time: Wed 01 Jan 2025 19:48:20 +0000
ROA not before: Wed 01 Jan 2025 19:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31034
IP address blocks: 5.249.128.0/19 maxlen: 24
31.11.32.0/21 maxlen: 24
31.14.128.0/20 maxlen: 24
46.37.0.0/19 maxlen: 24
62.149.128.0/17 maxlen: 24
66.71.128.0/18 maxlen: 24
66.71.128.0/19 maxlen: 24
66.71.176.0/20 maxlen: 24
77.81.224.0/20 maxlen: 24
80.73.224.0/21 maxlen: 24
80.211.0.0/16 maxlen: 24
82.192.128.0/19 maxlen: 24
89.36.208.0/22 maxlen: 24
89.46.64.0/20 maxlen: 24
89.46.104.0/21 maxlen: 24
89.46.192.0/21 maxlen: 24
94.177.160.0/19 maxlen: 24
94.177.192.0/18 maxlen: 24
95.110.128.0/17 maxlen: 24
176.107.144.0/21 maxlen: 24
185.56.8.0/22 maxlen: 24
185.58.116.0/22 maxlen: 24
188.213.160.0/20 maxlen: 24
194.182.110.0/23 maxlen: 24
195.231.0.0/17 maxlen: 24
195.231.64.0/20 maxlen: 24
195.231.80.0/21 maxlen: 24
195.231.88.0/21 maxlen: 24
209.227.224.0/20 maxlen: 24
217.61.0.0/18 maxlen: 24
217.61.56.0/21 maxlen: 24
2a00:6d40::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:70:7b:5b:90:9e:d2:f9:53:4f:92:01:3e:b0:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Validity
Not Before: Jan 1 19:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ce71eb0199bf130245cd29731d405a0c86fa4ff7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:80:b2:7e:8b:72:6a:7c:37:e5:d6:3d:0c:fe:
e2:60:c3:e1:c8:c8:ff:f1:c5:29:42:44:3b:b7:9f:
3a:90:62:4a:e5:18:34:f9:32:d8:d3:66:c4:d3:0e:
9a:98:91:8b:1b:ba:13:2e:01:93:ee:bb:5b:b6:a0:
56:ee:de:cd:dc:62:29:5b:81:61:ab:e1:72:08:df:
f7:31:c8:16:a2:0e:e8:6f:e5:1f:3f:be:85:7e:81:
cb:d2:d4:0c:85:10:66:1d:eb:a6:2e:3f:42:51:5c:
0a:64:60:a5:3e:11:d3:3f:40:2b:93:b5:e6:d5:5d:
86:ac:3b:c9:20:a5:8d:47:fa:ab:e9:cd:de:c5:25:
0c:43:97:01:dd:ef:3d:57:d5:65:83:d2:68:60:cf:
54:0b:dc:88:51:ac:3b:87:ae:b6:12:66:50:34:d3:
f4:fc:6f:ff:1c:36:79:c1:c1:71:67:be:b0:21:ae:
b2:52:8a:30:ba:21:5e:a9:03:0b:4c:07:6c:45:b7:
6a:10:b6:8a:0f:bb:9e:bc:38:5f:55:97:49:24:ec:
8f:0f:94:7f:f8:9d:19:b1:85:89:5a:1a:09:15:9c:
93:04:4d:e7:54:57:1e:55:b0:5d:c2:b1:b9:0f:66:
5d:5e:03:7b:7d:e6:6c:a0:95:b6:fc:46:d8:e8:45:
88:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:71:EB:01:99:BF:13:02:45:CD:29:73:1D:40:5A:0C:86:FA:4F:F7
X509v3 Authority Key Identifier:
keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/znHrAZm_EwJFzSlzHUBaDIb6T_c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.249.128.0/19
31.11.32.0/21
31.14.128.0/20
46.37.0.0/19
62.149.128.0/17
66.71.128.0/18
77.81.224.0/20
80.73.224.0/21
80.211.0.0/16
82.192.128.0/19
89.36.208.0/22
89.46.64.0/20
89.46.104.0/21
89.46.192.0/21
94.177.160.0-94.177.255.255
95.110.128.0/17
176.107.144.0/21
185.56.8.0/22
185.58.116.0/22
188.213.160.0/20
194.182.110.0/23
195.231.0.0/17
209.227.224.0/20
217.61.0.0/18
IPv6:
2a00:6d40::/29
Signature Algorithm: sha256WithRSAEncryption
24:54:d7:c1:28:7f:3e:09:45:e5:d3:ce:1d:7d:4a:51:0a:31:
32:ea:bf:26:f2:d6:5f:10:41:39:ea:ca:d9:4c:7b:9c:98:d7:
93:30:bc:bc:f7:f3:a2:12:61:3d:72:5e:9c:13:5a:d6:01:60:
80:bf:7c:32:8f:6b:71:77:00:d2:e1:66:db:21:b7:65:72:0f:
84:db:89:93:73:37:67:0d:67:72:42:b6:f1:91:bc:36:89:f3:
ae:3e:1c:9f:57:e7:43:0d:5c:6a:2d:df:1a:ae:c5:a4:f4:f5:
fc:00:96:ac:91:78:da:2c:29:31:f8:36:9e:69:2d:e7:51:f5:
ea:80:0c:bb:2d:72:e4:3d:7d:40:9f:2b:b3:54:2f:02:4c:4b:
64:a2:65:fa:60:df:47:43:70:01:5e:8e:b4:5a:14:e4:52:56:
09:60:9e:cd:22:a8:f4:3a:a6:26:6a:bf:6a:08:ca:6d:5b:02:
89:92:31:2f:05:74:df:7c:7e:0b:38:41:48:c0:87:f6:37:d5:
0e:7c:9f:5f:ea:3e:ed:c3:a3:06:7a:2e:7c:71:14:34:be:2a:
a7:37:67:ce:da:49:a0:a3:72:f9:89:a1:7b:e0:8e:3f:f0:aa:
c3:2b:f5:67:9b:aa:98:2d:e4:98:b1:f1:fd:32:25:6e:59:95:
8d:14:a5:45
-----BEGIN CERTIFICATE-----
MIIFoTCCBImgAwIBAgISAZQjaXB7W5Ce0vlTT5IBPrCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjUwMTAxMTk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTcxZWIwMTk5YmYxMzAyNDVjZDI5NzMxZDQwNWEwYzg2ZmE0ZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oCyfotyanw35dY9DP7iYMPhyMj/
8cUpQkQ7t586kGJK5Rg0+TLY02bE0w6amJGLG7oTLgGT7rtbtqBW7t7N3GIpW4Fh
q+FyCN/3McgWog7ob+UfP76FfoHL0tQMhRBmHeumLj9CUVwKZGClPhHTP0Ark7Xm
1V2GrDvJIKWNR/qr6c3exSUMQ5cB3e89V9Vlg9JoYM9UC9yIUaw7h662EmZQNNP0
/G//HDZ5wcFxZ76wIa6yUoowuiFeqQMLTAdsRbdqELaKD7uevDhfVZdJJOyPD5R/
+J0ZsYWJWhoJFZyTBE3nVFceVbBdwrG5D2ZdXgN7feZsoJW2/EbY6EWIyQIDAQAB
o4ICrTCCAqkwHQYDVR0OBBYEFM5x6wGZvxMCRc0pcx1AWgyG+k/3MB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvem5IckFabV9Fd0pGelNsekhVQmFESWI2VF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHCBggrBgEFBQcBBwEB/wSBsjCBrzCBnQQCAAEwgZYDBAUF
+YADBAMfCyADBAQfDoADBAUuJQADBAc+lYADBAZCR4ADBARNUeADBANQSeADAwBQ
0wMEBVLAgAMEAlkk0AMEBFkuQAMEA1kuaAMEA1kuwDALAwQFXrGgAwMBXrADBAdf
boADBAOwa5ADBAK5OAgDBAK5OnQDBAS81aADBAHCtm4DBAfD5wADBATR4+ADBAbZ
PQAwDQQCAAIwBwMFAyoAbUAwDQYJKoZIhvcNAQELBQADggEBACRU18Eofz4JReXT
zh19SlEKMTLqvyby1l8QQTnqytlMe5yY15MwvLz386ISYT1yXpwTWtYBYIC/fDKP
a3F3ANLhZtsht2VyD4TbiZNzN2cNZ3JCtvGRvDaJ864+HJ9X50MNXGot3xquxaT0
9fwAlqyReNosKTH4Np5pLedR9eqADLstcuQ9fUCfK7NULwJMS2SiZfpg30dDcAFe
jrRaFORSVglgns0iqPQ6piZqv2oIym1bAomSMS8FdN98fgs4QUjAh/Y31Q58n1/q
Pu3DowZ6LnxxFDS+Kqc3Z87aSaCjcvmJoXvgjj/wqsMr9Webqpgt5Jix8f0yJW5Z
lY0UpUU=
-----END CERTIFICATE-----
Generated at Wed Apr 9 17:14:44 2025 by rpki-client