Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/c27cd1-570b-47d1-b256-1814223d92ce/1/Ucxp5G5fcwQeBwzPAWP_Msn5xak.roa
File: Ucxp5G5fcwQeBwzPAWP_Msn5xak.roa (raw, json)
Hash identifier: fAZoWFkmBM6hbewrF+NKZdtcPX0ZUqxgQUAKkR+4p6A=
Subject key identifier: 51:CC:69:E4:6E:5F:73:04:1E:07:0C:CF:01:63:FF:32:C9:F9:C5:A9
Certificate issuer: /CN=391a0ecc2b9beaba9eb76d5519fe787b4033fc12
Certificate serial: 019426D8FB7D847BC0958B6DA91CDCEA4AF7
Authority key identifier: 39:1A:0E:CC:2B:9B:EA:BA:9E:B7:6D:55:19:FE:78:7B:40:33:FC:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ORoOzCub6rqet21VGf54e0Az_BI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/c27cd1-570b-47d1-b256-1814223d92ce/1/Ucxp5G5fcwQeBwzPAWP_Msn5xak.roa
Signing time: Thu 02 Jan 2025 11:49:01 +0000
ROA not before: Thu 02 Jan 2025 11:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212221
IP address blocks: 89.45.200.0/21 maxlen: 21
89.45.200.0/23 maxlen: 23
89.45.202.0/23 maxlen: 23
89.45.203.0/24 maxlen: 24
89.45.204.0/23 maxlen: 23
89.45.206.0/23 maxlen: 23
91.132.4.0/23 maxlen: 23
212.102.106.0/24 maxlen: 24
2a09:b780::/48 maxlen: 48
2a09:b780:1::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d8:fb:7d:84:7b:c0:95:8b:6d:a9:1c:dc:ea:4a:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=391a0ecc2b9beaba9eb76d5519fe787b4033fc12
Validity
Not Before: Jan 2 11:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=51cc69e46e5f73041e070ccf0163ff32c9f9c5a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:b2:56:ed:2d:69:40:7f:86:b9:53:1d:c0:44:
07:9a:b7:7e:f6:91:e3:4a:4a:d3:15:db:22:e5:79:
01:e2:c8:27:49:81:bb:b1:2a:d1:e0:18:93:9c:f1:
38:bd:a9:83:36:9a:b4:b2:d6:2c:24:4b:31:0c:b9:
98:61:e0:cf:42:55:01:14:6a:e9:e0:d7:77:61:b9:
25:0c:2d:6e:3f:76:de:22:43:5a:25:85:d6:5b:ab:
36:b1:c3:04:27:75:40:1a:fd:c4:f4:58:d2:7f:0a:
48:45:dc:08:b0:31:96:80:f9:f9:5e:98:36:15:cd:
b4:b9:11:40:47:d4:8c:d9:58:59:e2:0b:17:16:6c:
43:2f:39:3e:ac:25:7b:99:19:d7:e9:f8:d4:15:19:
5d:a4:dd:33:b0:a9:58:6a:9b:dd:e8:05:3c:c7:68:
e7:16:5c:70:90:2f:64:ca:c4:3b:2e:d9:e3:f9:7b:
44:c4:fa:fd:fc:21:5e:5a:a8:06:05:1e:82:1b:a6:
fe:f3:f0:70:d5:14:c6:81:9b:73:74:b8:5d:86:5a:
ce:14:86:76:15:50:8f:a3:1d:8a:fb:6a:46:6d:5f:
ab:fa:47:0c:2a:2f:6a:c6:06:10:16:31:c5:1c:69:
23:ab:d1:40:20:b8:89:b7:53:73:45:93:0a:da:ba:
5b:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:CC:69:E4:6E:5F:73:04:1E:07:0C:CF:01:63:FF:32:C9:F9:C5:A9
X509v3 Authority Key Identifier:
keyid:39:1A:0E:CC:2B:9B:EA:BA:9E:B7:6D:55:19:FE:78:7B:40:33:FC:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ORoOzCub6rqet21VGf54e0Az_BI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c27cd1-570b-47d1-b256-1814223d92ce/1/Ucxp5G5fcwQeBwzPAWP_Msn5xak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/c27cd1-570b-47d1-b256-1814223d92ce/1/ORoOzCub6rqet21VGf54e0Az_BI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.45.200.0/21
91.132.4.0/23
212.102.106.0/24
IPv6:
2a09:b780::/47
Signature Algorithm: sha256WithRSAEncryption
61:fa:66:3e:bc:71:e5:42:dc:25:58:6f:ca:6d:f3:d1:96:0a:
81:57:92:78:cd:38:44:44:13:80:5e:ea:e2:19:29:81:07:15:
3f:65:d9:c2:6f:ef:f7:a6:5d:9d:f1:3f:73:e1:55:40:ca:7c:
71:58:75:06:cf:49:d4:26:f8:03:6b:56:82:da:1a:07:3c:8f:
bd:9e:83:cb:24:56:5e:eb:93:e8:93:44:1c:97:b5:8e:b2:a2:
51:d4:95:da:6e:18:13:ae:de:4e:24:2e:3a:f8:9c:ba:e8:be:
ae:64:1e:32:92:71:2f:f1:e6:2e:71:5f:30:17:44:fa:6c:d5:
c8:06:ce:a1:1f:9f:ac:89:1e:73:c9:1b:dc:b3:ea:42:a5:82:
91:27:9b:8a:ae:ed:19:80:4e:f7:b9:00:32:9f:14:c7:91:29:
d4:5f:d6:a8:85:28:ba:40:23:e3:7b:2e:8c:b6:fd:33:69:8d:
17:8c:c1:f2:2e:47:ef:8e:80:71:a2:ba:89:22:1f:a0:ba:d0:
c8:cf:2e:e9:ea:87:08:2e:f5:ef:5c:bd:bc:ae:80:c2:5f:eb:
bd:39:7f:07:07:50:23:1b:d9:a8:d1:de:a1:34:96:d1:6c:b3:
3f:fe:f7:d3:88:fb:55:86:c5:ff:28:57:42:ce:5e:24:99:96:
9a:7a:87:18
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQm2Pt9hHvAlYttqRzc6kr3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MWEwZWNjMmI5YmVhYmE5ZWI3NmQ1NTE5ZmU3ODdiNDAz
M2ZjMTIwHhcNMjUwMTAyMTE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWNjNjllNDZlNWY3MzA0MWUwNzBjY2YwMTYzZmYzMmM5ZjljNWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbJW7S1pQH+GuVMdwEQHmrd+9pHj
SkrTFdsi5XkB4sgnSYG7sSrR4BiTnPE4vamDNpq0stYsJEsxDLmYYeDPQlUBFGrp
4Nd3YbklDC1uP3beIkNaJYXWW6s2scMEJ3VAGv3E9FjSfwpIRdwIsDGWgPn5Xpg2
Fc20uRFAR9SM2VhZ4gsXFmxDLzk+rCV7mRnX6fjUFRldpN0zsKlYapvd6AU8x2jn
FlxwkC9kysQ7Ltnj+XtExPr9/CFeWqgGBR6CG6b+8/Bw1RTGgZtzdLhdhlrOFIZ2
FVCPox2K+2pGbV+r+kcMKi9qxgYQFjHFHGkjq9FAILiJt1NzRZMK2rpbywIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFFHMaeRuX3MEHgcMzwFj/zLJ+cWpMB8GA1UdIwQY
MBaAFDkaDswrm+q6nrdtVRn+eHtAM/wSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1JvT3pDdWI2cnFldDIxVkdmNTRlMEF6X0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9jMjdjZDEtNTcwYi00N2QxLWIyNTYt
MTgxNDIyM2Q5MmNlLzEvVWN4cDVHNWZjd1FlQnd6UEFXUF9Nc241eGFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9jMjdjZDEtNTcwYi00N2QxLWIyNTYtMTgxNDIyM2Q5MmNl
LzEvT1JvT3pDdWI2cnFldDIxVkdmNTRlMEF6X0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQDWS3IAwQB
W4QEAwQA1GZqMA8EAgACMAkDBwEqCbeAAAAwDQYJKoZIhvcNAQELBQADggEBAGH6
Zj68ceVC3CVYb8pt89GWCoFXknjNOEREE4Be6uIZKYEHFT9l2cJv7/emXZ3xP3Ph
VUDKfHFYdQbPSdQm+ANrVoLaGgc8j72eg8skVl7rk+iTRByXtY6yolHUldpuGBOu
3k4kLjr4nLrovq5kHjKScS/x5i5xXzAXRPps1cgGzqEfn6yJHnPJG9yz6kKlgpEn
m4qu7RmATve5ADKfFMeRKdRf1qiFKLpAI+N7Loy2/TNpjReMwfIuR++OgHGiuoki
H6C60MjPLunqhwgu9e9cvbyugMJf6705fwcHUCMb2ajR3qE0ltFssz/+99OI+1WG
xf8oV0LOXiSZlpp6hxg=
-----END CERTIFICATE-----
Generated at Tue Apr 8 06:23:28 2025 by rpki-client