Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/f98bd4-de07-42cd-9848-944ca1a80b18/1/MjzHW04MNpWP93ktfKv3g1wY_yY.roa
File: MjzHW04MNpWP93ktfKv3g1wY_yY.roa (raw, json)
Hash identifier: sTUqFaDMKCqi+ntmnIAR8vXErg/0YN5V/YZHZNxvcNw=
Subject key identifier: 32:3C:C7:5B:4E:0C:36:95:8F:F7:79:2D:7C:AB:F7:83:5C:18:FF:26
Certificate issuer: /CN=abf0a84ff8f5057f9491defbe6ad55eeae98cc06
Certificate serial: 0194214439677523EE7AD5D1FFE136B5C6A9
Authority key identifier: AB:F0:A8:4F:F8:F5:05:7F:94:91:DE:FB:E6:AD:55:EE:AE:98:CC:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/q_CoT_j1BX-Ukd775q1V7q6YzAY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/f98bd4-de07-42cd-9848-944ca1a80b18/1/MjzHW04MNpWP93ktfKv3g1wY_yY.roa
Signing time: Wed 01 Jan 2025 09:48:26 +0000
ROA not before: Wed 01 Jan 2025 09:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197663
IP address blocks: 91.225.96.0/22 maxlen: 22
91.240.52.0/24 maxlen: 24
91.240.53.0/24 maxlen: 24
91.240.54.0/24 maxlen: 24
91.240.55.0/24 maxlen: 24
193.35.111.0/24 maxlen: 24
195.47.243.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:39:67:75:23:ee:7a:d5:d1:ff:e1:36:b5:c6:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=abf0a84ff8f5057f9491defbe6ad55eeae98cc06
Validity
Not Before: Jan 1 09:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=323cc75b4e0c36958ff7792d7cabf7835c18ff26
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:95:ab:37:29:63:fb:4b:9d:9e:e5:b7:0e:3c:
4a:78:f6:09:a6:5d:e6:ad:78:85:72:2e:e4:f5:5a:
9c:45:2f:9a:6f:1b:e5:c2:fe:70:ba:86:5b:e2:76:
11:d5:53:d9:56:de:d8:08:e1:39:d3:d7:f1:de:96:
45:1d:1d:82:00:20:e2:d9:5a:f7:8d:39:bf:b7:5e:
a0:16:85:dc:31:65:17:2f:e4:b5:e1:af:64:d5:95:
9a:50:41:10:67:a6:df:d1:01:84:e3:b4:0f:4e:d9:
a4:94:a4:a8:ef:c4:7d:4d:ff:fa:6e:ca:77:39:64:
6d:4c:be:ce:a0:ff:70:9e:84:d5:62:a4:86:2c:86:
fa:46:d5:2f:aa:e1:18:b1:16:bd:bb:a9:c9:c0:44:
79:85:f6:f4:e8:47:c2:9c:ae:4e:71:b0:b7:79:43:
f0:71:aa:4d:27:f3:d8:ac:0f:dc:a6:b4:f2:2e:ec:
3e:39:e7:3b:d7:f8:3b:9c:fc:53:ea:3c:ec:32:bf:
0b:20:c1:db:d3:eb:e1:3d:90:0b:e4:43:ec:f9:61:
ca:34:27:9e:1a:76:b1:7a:b7:ea:fc:4f:15:a3:19:
d9:73:f9:4e:fa:a9:90:64:0d:74:3b:ee:cf:c8:b9:
5e:02:ae:1d:3f:83:aa:8b:5b:4a:f2:81:2e:d1:b9:
0b:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:3C:C7:5B:4E:0C:36:95:8F:F7:79:2D:7C:AB:F7:83:5C:18:FF:26
X509v3 Authority Key Identifier:
keyid:AB:F0:A8:4F:F8:F5:05:7F:94:91:DE:FB:E6:AD:55:EE:AE:98:CC:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q_CoT_j1BX-Ukd775q1V7q6YzAY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f98bd4-de07-42cd-9848-944ca1a80b18/1/MjzHW04MNpWP93ktfKv3g1wY_yY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/f98bd4-de07-42cd-9848-944ca1a80b18/1/q_CoT_j1BX-Ukd775q1V7q6YzAY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.225.96.0/22
91.240.52.0/22
193.35.111.0/24
195.47.243.0/24
Signature Algorithm: sha256WithRSAEncryption
34:d2:0f:e4:8a:47:3c:6b:ba:f3:17:4a:de:78:16:d9:e3:b7:
36:af:66:67:18:5c:a9:42:39:35:c0:ff:bf:d3:c7:de:94:c5:
91:f2:a4:82:49:9f:25:b2:49:45:c8:2c:4c:b8:0a:ce:1b:51:
4b:b4:57:d0:1c:f4:e2:59:e1:c2:1f:49:ca:ac:f7:45:a8:12:
cd:6e:97:d4:92:27:72:9b:ca:85:97:c6:38:8a:5c:5c:8a:49:
20:4d:40:d6:bd:29:e7:78:cb:8a:7d:24:55:a9:d7:7a:91:98:
eb:05:b9:fd:17:af:a7:9b:0c:8e:08:31:49:65:b1:51:c0:8b:
bf:f7:ba:25:b0:cd:8d:cc:a3:95:ae:4b:cb:09:93:0f:a4:bb:
58:03:ec:26:89:ec:43:5b:36:74:83:69:84:58:b8:cc:4d:78:
6f:50:9e:2d:c4:c4:d0:69:11:51:cf:c4:ab:43:cd:14:6e:47:
f4:1e:fe:cb:ca:51:4e:8a:4b:4f:98:97:ee:02:b6:20:ff:95:
9b:a9:5b:bc:9b:00:a2:04:92:37:40:dc:a6:28:ba:0f:81:21:
35:6c:92:66:35:70:c1:cd:c7:72:4e:ec:44:c8:d9:8b:98:86:
ac:b7:52:ff:d4:ad:29:97:ab:7c:31:22:4d:72:a7:4a:15:b8:
c8:0a:08:47
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhRDlndSPuetXR/+E2tcapMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZjBhODRmZjhmNTA1N2Y5NDkxZGVmYmU2YWQ1NWVlYWU5
OGNjMDYwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNjYzc1YjRlMGMzNjk1OGZmNzc5MmQ3Y2FiZjc4MzVjMThmZjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5WrNylj+0udnuW3DjxKePYJpl3m
rXiFci7k9VqcRS+abxvlwv5wuoZb4nYR1VPZVt7YCOE509fx3pZFHR2CACDi2Vr3
jTm/t16gFoXcMWUXL+S14a9k1ZWaUEEQZ6bf0QGE47QPTtmklKSo78R9Tf/6bsp3
OWRtTL7OoP9wnoTVYqSGLIb6RtUvquEYsRa9u6nJwER5hfb06EfCnK5OcbC3eUPw
capNJ/PYrA/cprTyLuw+Oec71/g7nPxT6jzsMr8LIMHb0+vhPZAL5EPs+WHKNCee
Gnaxerfq/E8VoxnZc/lO+qmQZA10O+7PyLleAq4dP4Oqi1tK8oEu0bkLWQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDI8x1tODDaVj/d5LXyr94NcGP8mMB8GA1UdIwQY
MBaAFKvwqE/49QV/lJHe++atVe6umMwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcV9Db1RfajFCWC1Va2Q3NzVxMVY3cTZZekFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mOThiZDQtZGUwNy00MmNkLTk4NDgt
OTQ0Y2ExYTgwYjE4LzEvTWp6SFcwNE1OcFdQOTNrdGZLdjNnMXdZX3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mOThiZDQtZGUwNy00MmNkLTk4NDgtOTQ0Y2ExYTgwYjE4
LzEvcV9Db1RfajFCWC1Va2Q3NzVxMVY3cTZZekFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW+FgAwQC
W/A0AwQAwSNvAwQAwy/zMA0GCSqGSIb3DQEBCwUAA4IBAQA00g/kikc8a7rzF0re
eBbZ47c2r2ZnGFypQjk1wP+/08felMWR8qSCSZ8lsklFyCxMuArOG1FLtFfQHPTi
WeHCH0nKrPdFqBLNbpfUkidym8qFl8Y4ilxcikkgTUDWvSnneMuKfSRVqdd6kZjr
Bbn9F6+nmwyOCDFJZbFRwIu/97olsM2NzKOVrkvLCZMPpLtYA+wmiexDWzZ0g2mE
WLjMTXhvUJ4txMTQaRFRz8SrQ80Ubkf0Hv7LylFOiktPmJfuArYg/5WbqVu8mwCi
BJI3QNymKLoPgSE1bJJmNXDBzcdyTuxEyNmLmIast1L/1K0pl6t8MSJNcqdKFbjI
CghH
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:52:09 2025 by rpki-client