Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/6f3269-587d-4b87-8d3a-e6679e7b795a/1/MTrzAX_D8XgoMN3mTBa0ASkLO-s.roa
File: MTrzAX_D8XgoMN3mTBa0ASkLO-s.roa (raw, json)
Hash identifier: 5xLIJUhiZ8b7rVLgmWHwi35aSAKsu4l83lIArXRkd8w=
Subject key identifier: 31:3A:F3:01:7F:C3:F1:78:28:30:DD:E6:4C:16:B4:01:29:0B:3B:EB
Certificate issuer: /CN=68637081ca7c2eba41010abeaad64a7c61f6a113
Certificate serial: 019422FAF2EA4AFB394F95FE443F35C72A11
Authority key identifier: 68:63:70:81:CA:7C:2E:BA:41:01:0A:BE:AA:D6:4A:7C:61:F6:A1:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aGNwgcp8LrpBAQq-qtZKfGH2oRM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/6f3269-587d-4b87-8d3a-e6679e7b795a/1/MTrzAX_D8XgoMN3mTBa0ASkLO-s.roa
Signing time: Wed 01 Jan 2025 17:47:39 +0000
ROA not before: Wed 01 Jan 2025 17:47:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29684
IP address blocks: 91.202.248.0/22 maxlen: 24
91.202.248.0/24 maxlen: 24
91.202.249.0/24 maxlen: 24
91.202.250.0/24 maxlen: 24
91.202.251.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fa:f2:ea:4a:fb:39:4f:95:fe:44:3f:35:c7:2a:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68637081ca7c2eba41010abeaad64a7c61f6a113
Validity
Not Before: Jan 1 17:47:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=313af3017fc3f1782830dde64c16b401290b3beb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:f4:29:53:15:c2:9a:da:e9:a1:5a:2d:a9:4a:
92:39:c7:09:be:71:26:fc:ac:89:92:56:55:33:5d:
d0:5b:93:b3:ae:d4:89:1c:9c:9f:b3:ac:d0:77:0c:
17:b0:cd:7f:9d:86:4c:c6:55:77:c1:0d:a5:1a:fd:
3b:37:1a:35:33:96:ea:bc:9c:15:40:15:16:b2:21:
6c:fc:a7:24:3b:19:3d:92:83:44:50:46:97:dd:b3:
55:f7:df:05:e6:8a:39:ca:bc:71:66:c2:52:32:0c:
43:ef:f4:6c:7d:57:b8:bc:1a:fd:08:97:65:cc:2c:
03:40:03:e3:08:ed:fc:ad:ab:b4:46:36:60:02:e1:
f5:2a:d4:9e:b5:b9:b8:d0:b1:a6:70:d0:72:6a:c1:
54:8d:32:70:06:dc:10:98:71:2f:b1:60:e5:d7:4f:
e0:f4:36:4d:17:58:32:cb:f8:4d:60:84:cf:c0:93:
20:6e:66:45:6c:f4:7a:cf:32:c3:f6:78:ef:ef:56:
cb:4c:09:2e:5b:06:d7:1b:ef:40:13:45:e9:76:b7:
62:13:f9:9e:df:cc:d2:bc:3d:89:70:14:3e:a1:9d:
6e:00:26:bb:0d:61:a4:32:3d:48:f4:12:d4:f6:8f:
da:ad:12:f6:4d:dd:dc:f7:83:3b:f0:72:ef:90:9c:
86:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:3A:F3:01:7F:C3:F1:78:28:30:DD:E6:4C:16:B4:01:29:0B:3B:EB
X509v3 Authority Key Identifier:
keyid:68:63:70:81:CA:7C:2E:BA:41:01:0A:BE:AA:D6:4A:7C:61:F6:A1:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aGNwgcp8LrpBAQq-qtZKfGH2oRM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6f3269-587d-4b87-8d3a-e6679e7b795a/1/MTrzAX_D8XgoMN3mTBa0ASkLO-s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/6f3269-587d-4b87-8d3a-e6679e7b795a/1/aGNwgcp8LrpBAQq-qtZKfGH2oRM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.202.248.0/22
Signature Algorithm: sha256WithRSAEncryption
28:7e:33:42:cc:d1:5b:a9:bb:38:b2:87:df:1f:82:11:19:d1:
fc:e4:99:ea:46:10:ba:08:af:14:91:82:9c:74:b9:2f:2b:d7:
d0:2c:b0:13:98:b5:7d:ff:a9:f1:7e:4b:0c:9e:d2:a3:09:f6:
a0:15:8d:14:ad:32:4b:ba:50:a0:a5:42:c6:da:f9:43:58:df:
e4:88:ea:60:d6:2f:1f:b7:9c:2c:69:d9:28:25:f6:6c:69:00:
d9:f1:b6:5b:8b:da:5e:24:e5:61:8d:db:1e:04:22:08:b4:44:
36:ee:16:c1:92:34:2b:d4:83:a3:62:78:66:89:70:fc:89:29:
ca:75:ca:e6:79:90:8f:dd:0b:ca:9f:d5:04:46:0d:51:85:47:
a8:1e:e2:40:75:dc:04:09:be:34:40:d3:1c:26:74:9e:d9:c0:
b3:f4:f6:f8:c5:f5:14:8e:2c:de:48:f1:af:6c:b6:58:f8:55:
e5:e6:e5:50:1f:94:67:e8:d9:66:97:1f:3f:fd:05:fe:8d:d4:
2e:b1:06:c5:e7:2d:39:1b:d6:ac:99:5e:12:df:7b:81:a7:9f:
59:61:cb:bc:8a:04:0d:9b:5d:09:6c:d2:31:68:28:1f:0e:19:
61:48:a6:c6:6c:72:4d:81:4d:d4:71:66:53:a7:b2:f6:90:33:
b9:00:aa:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+vLqSvs5T5X+RD81xyoRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NjM3MDgxY2E3YzJlYmE0MTAxMGFiZWFhZDY0YTdjNjFm
NmExMTMwHhcNMjUwMTAxMTc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTNhZjMwMTdmYzNmMTc4MjgzMGRkZTY0YzE2YjQwMTI5MGIzYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvQpUxXCmtrpoVotqUqSOccJvnEm
/KyJklZVM13QW5OzrtSJHJyfs6zQdwwXsM1/nYZMxlV3wQ2lGv07Nxo1M5bqvJwV
QBUWsiFs/KckOxk9koNEUEaX3bNV998F5oo5yrxxZsJSMgxD7/RsfVe4vBr9CJdl
zCwDQAPjCO38rau0RjZgAuH1KtSetbm40LGmcNByasFUjTJwBtwQmHEvsWDl10/g
9DZNF1gyy/hNYITPwJMgbmZFbPR6zzLD9njv71bLTAkuWwbXG+9AE0XpdrdiE/me
38zSvD2JcBQ+oZ1uACa7DWGkMj1I9BLU9o/arRL2Td3c94M78HLvkJyGNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDE68wF/w/F4KDDd5kwWtAEpCzvrMB8GA1UdIwQY
MBaAFGhjcIHKfC66QQEKvqrWSnxh9qETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUdOd2djcDhMcnBCQVFxLXF0WktmR0gyb1JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC82ZjMyNjktNTg3ZC00Yjg3LThkM2Et
ZTY2NzllN2I3OTVhLzEvTVRyekFYX0Q4WGdvTU4zbVRCYTBBU2tMTy1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC82ZjMyNjktNTg3ZC00Yjg3LThkM2EtZTY2NzllN2I3OTVh
LzEvYUdOd2djcDhMcnBCQVFxLXF0WktmR0gyb1JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8r4MA0G
CSqGSIb3DQEBCwUAA4IBAQAofjNCzNFbqbs4soffH4IRGdH85JnqRhC6CK8UkYKc
dLkvK9fQLLATmLV9/6nxfksMntKjCfagFY0UrTJLulCgpULG2vlDWN/kiOpg1i8f
t5wsadkoJfZsaQDZ8bZbi9peJOVhjdseBCIItEQ27hbBkjQr1IOjYnhmiXD8iSnK
dcrmeZCP3QvKn9UERg1RhUeoHuJAddwECb40QNMcJnSe2cCz9Pb4xfUUjizeSPGv
bLZY+FXl5uVQH5Rn6Nlmlx8//QX+jdQusQbF5y05G9asmV4S33uBp59ZYcu8igQN
m10JbNIxaCgfDhlhSKbGbHJNgU3UcWZTp7L2kDO5AKry
-----END CERTIFICATE-----
Generated at Sat Apr 12 05:24:08 2025 by rpki-client