Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/3qkZ4s3eBOcx0H2ZPnP206dxuDQ.roa
File: 3qkZ4s3eBOcx0H2ZPnP206dxuDQ.roa (raw, json)
Hash identifier: tdc75yq6GLDvxNkugQ7DWPYHzlA3GpjOIQQfoGWVX5U=
Subject key identifier: DE:A9:19:E2:CD:DE:04:E7:31:D0:7D:99:3E:73:F6:D3:A7:71:B8:34
Certificate issuer: /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial: 019423D76808E8DA8F88802CA39DE3C3FAD7
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/3qkZ4s3eBOcx0H2ZPnP206dxuDQ.roa
Signing time: Wed 01 Jan 2025 21:48:26 +0000
ROA not before: Wed 01 Jan 2025 21:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200462
IP address blocks: 2.58.52.0/23 maxlen: 32
5.180.192.0/23 maxlen: 24
5.180.195.0/24 maxlen: 24
45.86.124.0/23 maxlen: 24
94.247.43.0/24 maxlen: 32
2a00:f826:8::/48 maxlen: 48
2a07:6fc0:10::/44 maxlen: 48
2a09:e1c0::/32 maxlen: 128
2a0c:8900::/29 maxlen: 128
2a0e:de80::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:68:08:e8:da:8f:88:80:2c:a3:9d:e3:c3:fa:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Validity
Not Before: Jan 1 21:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dea919e2cdde04e731d07d993e73f6d3a771b834
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:f2:bd:70:2f:da:9e:88:7e:11:87:69:3b:06:
6e:d9:41:1f:c1:61:c4:9f:3f:cc:0e:f6:e4:e1:0c:
6c:1d:f4:6a:04:4e:d3:63:ec:5f:47:0b:ba:de:92:
07:dc:9b:89:c8:f2:5f:f7:d3:1e:66:5c:62:b3:f0:
b3:f8:e5:bc:6a:2f:a5:1e:95:32:fc:6a:36:7d:67:
60:fa:20:c6:94:32:2a:9b:c4:30:70:b3:89:a1:b3:
96:ae:43:42:f8:f0:5a:a4:6c:7a:15:a2:a3:fc:13:
bc:a1:2a:36:04:c6:d8:51:eb:0d:67:3b:01:95:35:
30:8b:42:9e:a8:f0:88:a7:4f:2a:d3:a2:e9:98:fc:
74:f3:5d:2c:24:49:4c:a6:66:87:2e:13:2c:88:43:
c7:01:7a:7e:15:9a:50:a2:9c:ad:01:6b:47:89:a8:
4c:ab:48:96:f1:49:52:5d:97:36:5e:40:03:5f:06:
07:e3:b7:e4:2c:fd:03:28:0c:c0:cb:29:75:5e:90:
ae:e2:08:f2:30:f7:7c:36:2a:0a:cf:18:33:b9:2a:
02:67:ce:92:67:a6:d5:2e:97:44:ad:30:08:9e:67:
ff:e9:52:eb:43:94:f3:6f:23:18:17:1d:9c:6f:1e:
0a:e2:7a:e6:86:29:ea:98:c7:a4:fe:6e:bf:fa:01:
c9:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:A9:19:E2:CD:DE:04:E7:31:D0:7D:99:3E:73:F6:D3:A7:71:B8:34
X509v3 Authority Key Identifier:
keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/3qkZ4s3eBOcx0H2ZPnP206dxuDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.52.0/23
5.180.192.0/23
5.180.195.0/24
45.86.124.0/23
94.247.43.0/24
IPv6:
2a00:f826:8::/48
2a07:6fc0:10::/44
2a09:e1c0::/32
2a0c:8900::/29
2a0e:de80::/29
Signature Algorithm: sha256WithRSAEncryption
96:36:60:b2:0e:1c:2d:1b:e2:4a:d1:b7:35:d2:7d:b3:b7:c4:
e6:e8:a4:ff:d7:cc:de:da:21:fe:d6:46:37:ff:ba:38:b8:08:
44:52:8c:cb:f5:d1:0a:f1:0a:f0:2b:d7:07:b6:95:b5:0f:3c:
f3:e1:ce:97:70:da:b0:ea:32:09:c6:ec:ac:03:a2:01:30:59:
8d:65:4f:7a:29:6e:2b:4e:fb:20:df:26:58:72:fa:93:ad:ad:
72:4b:71:fe:68:b8:df:2e:43:67:f8:ae:1d:48:cf:e3:5e:f8:
a5:af:49:1f:ba:c7:e8:a3:c7:5b:50:0a:41:d4:66:e4:cc:68:
e8:4b:f3:50:e7:c4:8f:e1:e2:5c:cb:6f:2a:17:8c:f9:28:22:
f1:a9:d8:ca:4b:30:1a:8d:db:d6:f3:c6:74:52:64:fc:a4:da:
e8:c3:db:96:0d:09:bb:40:d3:ea:39:7f:82:00:84:1c:fa:e3:
21:83:8f:ad:26:4f:e3:12:ac:24:6c:35:8f:93:8c:be:ec:61:
dd:00:2a:c6:99:cb:aa:21:84:22:41:d3:73:30:83:bc:50:82:
04:bd:5e:46:6a:39:8a:1f:27:e3:f7:4d:bb:c4:28:1e:d3:67:
d8:e7:3d:4c:b8:80:26:8f:3e:49:c4:f9:9f:0e:03:2f:6e:04:
e0:cb:ed:99
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZQj12gI6NqPiIAso53jw/rXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjUwMTAxMjE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWE5MTllMmNkZGUwNGU3MzFkMDdkOTkzZTczZjZkM2E3NzFiODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fK9cC/anoh+EYdpOwZu2UEfwWHE
nz/MDvbk4QxsHfRqBE7TY+xfRwu63pIH3JuJyPJf99MeZlxis/Cz+OW8ai+lHpUy
/Go2fWdg+iDGlDIqm8QwcLOJobOWrkNC+PBapGx6FaKj/BO8oSo2BMbYUesNZzsB
lTUwi0KeqPCIp08q06LpmPx0810sJElMpmaHLhMsiEPHAXp+FZpQopytAWtHiahM
q0iW8UlSXZc2XkADXwYH47fkLP0DKAzAyyl1XpCu4gjyMPd8NioKzxgzuSoCZ86S
Z6bVLpdErTAInmf/6VLrQ5TzbyMYFx2cbx4K4nrmhinqmMek/m6/+gHJlwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFN6pGeLN3gTnMdB9mT5z9tOncbg0MB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvM3FrWjRzM2VCT2N4MEgyWlBuUDIwNmR4dURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTAkBAIAATAeAwQBAjo0AwQB
BbTAAwQABbTDAwQBLVZ8AwQAXvcrMC0EAgACMCcDBwAqAPgmAAgDBwQqB2/AABAD
BQAqCeHAAwUDKgyJAAMFAyoO3oAwDQYJKoZIhvcNAQELBQADggEBAJY2YLIOHC0b
4krRtzXSfbO3xObopP/XzN7aIf7WRjf/uji4CERSjMv10QrxCvAr1we2lbUPPPPh
zpdw2rDqMgnG7KwDogEwWY1lT3opbitO+yDfJlhy+pOtrXJLcf5ouN8uQ2f4rh1I
z+Ne+KWvSR+6x+ijx1tQCkHUZuTMaOhL81DnxI/h4lzLbyoXjPkoIvGp2MpLMBqN
29bzxnRSZPyk2ujD25YNCbtA0+o5f4IAhBz64yGDj60mT+MSrCRsNY+TjL7sYd0A
KsaZy6ohhCJB03Mwg7xQggS9XkZqOYofJ+P3TbvEKB7TZ9jnPUy4gCaPPknE+Z8O
Ay9uBODL7Zk=
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:06:42 2025 by rpki-client