Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/r1a39mxsRlx0owzlXWSMBMFGGXA.roa
File: r1a39mxsRlx0owzlXWSMBMFGGXA.roa (raw, json)
Hash identifier: GDq7XGC4+bz0Kc/Um/YRhBORqymDAQb3kXwao5AESSc=
Subject key identifier: AF:56:B7:F6:6C:6C:46:5C:74:A3:0C:E5:5D:64:8C:04:C1:46:19:70
Certificate issuer: /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial: 01856F26E57818D18BEB99DAE60B7D4954E8
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/r1a39mxsRlx0owzlXWSMBMFGGXA.roa
Signing time: Sun 01 Jan 2023 21:04:58 +0000
ROA not before: Sun 01 Jan 2023 21:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31400
IP address blocks: 37.114.96.0/19 maxlen: 24
185.171.204.0/22 maxlen: 22
84.200.0.0/16 maxlen: 24
82.211.0.0/18 maxlen: 24
84.201.0.0/18 maxlen: 24
2001:1608::/32 maxlen: 48
2001:1638::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:26:e5:78:18:d1:8b:eb:99:da:e6:0b:7d:49:54:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Validity
Not Before: Jan 1 21:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=af56b7f66c6c465c74a30ce55d648c04c1461970
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:75:bb:d0:12:b9:d9:59:91:8b:83:65:f7:32:
78:26:5d:9a:5b:54:f8:a2:a5:e1:c3:05:49:59:50:
fe:f1:14:2a:91:7b:7b:13:aa:6c:e3:81:42:b4:2e:
c4:1e:5f:ea:1a:74:9c:6b:9f:b2:14:8c:4e:43:eb:
ad:59:92:20:7d:18:7d:9f:43:f0:15:26:88:f9:d3:
93:7f:26:69:74:50:3b:57:bd:90:e9:bd:c1:68:d6:
26:03:1d:03:97:95:12:94:84:3b:ea:53:0a:3d:79:
c3:14:b5:7c:fa:ba:84:31:79:4f:dc:7c:87:18:87:
84:c0:13:f7:15:1b:ff:38:3a:20:a5:92:38:f7:2c:
0f:d2:88:76:b7:cc:07:95:6b:ac:64:5c:b1:18:b4:
02:bc:9a:93:93:df:78:5c:2d:5b:42:65:37:8e:1a:
bd:75:0e:62:84:48:f5:cd:73:4f:ae:75:35:13:cc:
b6:14:a2:90:b1:cc:f9:76:4e:4a:61:69:1c:98:a5:
5c:36:92:4a:2c:bd:bc:de:23:ac:63:34:01:7e:73:
16:cc:d6:ea:96:31:90:72:02:b1:24:d2:1c:6d:f4:
24:99:80:f3:e6:06:96:fd:0c:7c:14:77:ea:4a:c3:
46:b5:e2:78:35:d9:b8:00:ed:40:01:ff:db:fa:e2:
c6:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:56:B7:F6:6C:6C:46:5C:74:A3:0C:E5:5D:64:8C:04:C1:46:19:70
X509v3 Authority Key Identifier:
keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/r1a39mxsRlx0owzlXWSMBMFGGXA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.114.96.0/19
82.211.0.0/18
84.200.0.0-84.201.63.255
185.171.204.0/22
IPv6:
2001:1608::/32
2001:1638::/32
Signature Algorithm: sha256WithRSAEncryption
04:01:04:21:62:ed:3e:42:10:7a:13:80:8c:81:98:72:30:ca:
a1:16:cb:38:49:b7:82:b4:ff:86:04:1a:01:41:53:fe:51:57:
fb:f9:78:7e:ad:b1:ac:a5:20:5b:ab:b4:44:34:f3:99:89:84:
73:da:72:10:9b:4a:1e:38:2c:d3:67:b2:eb:cb:d1:89:88:8f:
b6:a5:f4:5a:f2:c8:fe:5d:7e:bd:d7:41:63:8f:ce:24:ac:6d:
ca:91:da:58:ef:e7:66:8b:d4:f3:ac:e0:be:cf:3c:92:c1:b4:
38:de:e8:02:f7:b6:6b:33:78:82:96:93:a4:ce:dd:43:48:b8:
a5:8c:12:e8:b4:43:ea:1f:92:e8:46:15:1d:d4:59:9a:42:5d:
52:68:d7:d2:58:1d:7f:8f:74:e6:a6:8f:63:60:c7:30:cb:1c:
d8:46:ed:02:09:20:16:a1:9a:90:ab:de:b5:fa:21:c4:ee:ef:
4a:12:7b:23:6b:14:e9:39:5d:7c:52:ff:e4:7a:1e:26:cd:8a:
3e:81:b2:68:99:2a:b8:b2:71:52:bb:83:76:7b:2e:a7:15:98:
3b:4a:ec:2f:e8:a7:9d:a0:fa:90:4c:50:f1:dc:28:f8:9f:7a:
f5:0c:59:de:ed:8a:7b:06:3d:80:d6:8c:fd:5e:34:c8:31:26:
21:04:cd:19
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVvJuV4GNGL65na5gt9SVToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjMwMTAxMjEwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjU2YjdmNjZjNmM0NjVjNzRhMzBjZTU1ZDY0OGMwNGMxNDYxOTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXW70BK52VmRi4Nl9zJ4Jl2aW1T4
oqXhwwVJWVD+8RQqkXt7E6ps44FCtC7EHl/qGnSca5+yFIxOQ+utWZIgfRh9n0Pw
FSaI+dOTfyZpdFA7V72Q6b3BaNYmAx0Dl5USlIQ76lMKPXnDFLV8+rqEMXlP3HyH
GIeEwBP3FRv/ODogpZI49ywP0oh2t8wHlWusZFyxGLQCvJqTk994XC1bQmU3jhq9
dQ5ihEj1zXNPrnU1E8y2FKKQscz5dk5KYWkcmKVcNpJKLL283iOsYzQBfnMWzNbq
ljGQcgKxJNIcbfQkmYDz5gaW/Qx8FHfqSsNGteJ4Ndm4AO1AAf/b+uLGRwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFK9Wt/ZsbEZcdKMM5V1kjATBRhlwMB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvcjFhMzlteHNSbHgwb3d6bFhXU01CTUZHR1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAlBAIAATAfAwQFJXJgAwQG
UtMAMAsDAwNUyAMEBlTJAAMEArmrzDAUBAIAAjAOAwUAIAEWCAMFACABFjgwDQYJ
KoZIhvcNAQELBQADggEBAAQBBCFi7T5CEHoTgIyBmHIwyqEWyzhJt4K0/4YEGgFB
U/5RV/v5eH6tsaylIFurtEQ085mJhHPachCbSh44LNNnsuvL0YmIj7al9FryyP5d
fr3XQWOPziSsbcqR2ljv52aL1POs4L7PPJLBtDje6AL3tmszeIKWk6TO3UNIuKWM
Eui0Q+ofkuhGFR3UWZpCXVJo19JYHX+PdOamj2NgxzDLHNhG7QIJIBahmpCr3rX6
IcTu70oSeyNrFOk5XXxS/+R6HibNij6BsmiZKriycVK7g3Z7LqcVmDtK7C/op52g
+pBMUPHcKPifevUMWd7tinsGPYDWjP1eNMgxJiEEzRk=
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:53:36 2025 by rpki-client