Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/yAQLvR2REqCYEITifDYxhFTzX4k.roa
File: yAQLvR2REqCYEITifDYxhFTzX4k.roa (raw, json)
Hash identifier: uZgm/9JfNjYwGkoXS3hlL76KCjtvK/3swtvi79WEUbo=
Subject key identifier: C8:04:0B:BD:1D:91:12:A0:98:10:84:E2:7C:36:31:84:54:F3:5F:89
Certificate issuer: /CN=becec531e5c37756b828663f9cc20ad6217713ac
Certificate serial: 0194266AB3CD89BF2768EE81D3253C8FCEA7
Authority key identifier: BE:CE:C5:31:E5:C3:77:56:B8:28:66:3F:9C:C2:0A:D6:21:77:13:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vs7FMeXDd1a4KGY_nMIK1iF3E6w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/yAQLvR2REqCYEITifDYxhFTzX4k.roa
Signing time: Thu 02 Jan 2025 09:48:34 +0000
ROA not before: Thu 02 Jan 2025 09:48:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3320
IP address blocks: 164.133.4.0/24 maxlen: 24
164.133.10.0/24 maxlen: 24
164.133.11.0/24 maxlen: 24
164.133.91.0/24 maxlen: 24
164.133.98.0/24 maxlen: 24
164.133.99.0/24 maxlen: 24
164.133.150.0/24 maxlen: 24
164.133.154.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6a:b3:cd:89:bf:27:68:ee:81:d3:25:3c:8f:ce:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=becec531e5c37756b828663f9cc20ad6217713ac
Validity
Not Before: Jan 2 09:48:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c8040bbd1d9112a0981084e27c36318454f35f89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:6c:4f:e4:30:be:b3:55:7b:30:58:dd:88:e8:
0d:ce:9a:ea:85:d9:0a:c5:a5:e8:f3:b2:69:97:59:
68:a4:58:e4:87:9a:cf:37:17:0f:68:dd:42:60:c8:
93:9a:53:15:f3:4b:f5:fc:37:b0:14:04:52:a9:cc:
69:34:34:f2:ca:a4:47:67:eb:cc:b9:db:a5:fc:dd:
6a:cf:f4:fc:ab:b6:26:a0:53:d4:20:1c:a3:2c:8a:
69:4e:83:32:ac:cf:d7:f7:a2:53:b2:8e:f2:ac:d3:
10:a0:89:31:44:da:99:71:66:61:10:e8:05:12:62:
c2:23:17:28:32:f0:90:c0:16:9a:3d:89:3b:63:e4:
64:13:c3:6f:0b:9e:7e:26:bc:55:2f:81:f1:07:5b:
df:9d:df:f6:92:3d:f4:aa:07:0a:4a:ee:72:b5:5c:
f4:7d:f6:7b:26:44:64:1c:a5:44:0b:2a:f7:d6:ae:
45:56:6b:f7:a2:5b:e2:34:ac:8b:59:7d:53:56:d3:
49:d3:59:87:b3:73:dc:e4:b0:6c:3c:3f:af:9e:5a:
88:35:51:bd:bd:06:19:4c:3b:76:29:7a:9e:25:57:
23:a4:af:14:99:1a:74:77:f9:fe:23:18:07:fd:c2:
31:a2:25:66:7f:74:c2:23:8e:5d:65:fa:fd:af:88:
b3:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:04:0B:BD:1D:91:12:A0:98:10:84:E2:7C:36:31:84:54:F3:5F:89
X509v3 Authority Key Identifier:
keyid:BE:CE:C5:31:E5:C3:77:56:B8:28:66:3F:9C:C2:0A:D6:21:77:13:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vs7FMeXDd1a4KGY_nMIK1iF3E6w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/yAQLvR2REqCYEITifDYxhFTzX4k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/vs7FMeXDd1a4KGY_nMIK1iF3E6w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
164.133.4.0/24
164.133.10.0/23
164.133.91.0/24
164.133.98.0/23
164.133.150.0/24
164.133.154.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:e9:99:4e:b3:68:97:e4:a4:bc:19:8b:e1:28:5c:31:18:4d:
6d:17:b7:2f:ef:00:f3:e4:e8:53:e9:97:f6:5a:0b:d1:17:48:
c3:f5:5d:7b:49:74:b3:1c:14:63:29:75:29:25:9e:58:1d:4d:
e7:e2:b7:e5:56:8b:e3:74:ef:60:05:04:e8:e0:40:0d:ac:ab:
13:e2:ca:b9:50:3c:50:ea:e7:85:2b:c9:76:ef:13:bb:72:1c:
1d:eb:78:03:a6:5b:80:79:70:1e:90:59:ad:25:85:d3:75:aa:
3a:e0:86:4f:3c:eb:c8:fe:c1:5c:b4:1a:26:b3:15:f2:a9:ef:
49:65:f6:4d:ee:ee:67:ff:ce:da:24:f3:82:47:df:8b:23:36:
6d:49:6e:ec:3a:67:12:98:01:ea:b4:7c:b8:c1:84:15:b7:7a:
0a:05:dc:16:33:97:2c:00:40:b6:26:af:89:47:ee:be:fb:82:
8c:00:96:f4:a0:6b:17:5f:8d:5f:df:b1:aa:fe:8c:0a:50:0f:
e5:f6:7b:ac:a6:48:d1:82:85:67:36:95:98:c9:7e:fc:1d:c1:
2b:b1:21:40:cc:7b:d4:66:fc:6c:62:34:d9:e2:63:14:76:ba:
8a:e1:44:9b:b1:01:7f:3a:d5:ee:78:45:2b:5a:92:db:03:a2:
a0:02:dd:26
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQmarPNib8naO6B0yU8j86nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlY2VjNTMxZTVjMzc3NTZiODI4NjYzZjljYzIwYWQ2MjE3
NzEzYWMwHhcNMjUwMTAyMDk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA0MGJiZDFkOTExMmEwOTgxMDg0ZTI3YzM2MzE4NDU0ZjM1Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2xP5DC+s1V7MFjdiOgNzprqhdkK
xaXo87Jpl1lopFjkh5rPNxcPaN1CYMiTmlMV80v1/DewFARSqcxpNDTyyqRHZ+vM
udul/N1qz/T8q7YmoFPUIByjLIppToMyrM/X96JTso7yrNMQoIkxRNqZcWZhEOgF
EmLCIxcoMvCQwBaaPYk7Y+RkE8NvC55+JrxVL4HxB1vfnd/2kj30qgcKSu5ytVz0
ffZ7JkRkHKVECyr31q5FVmv3olviNKyLWX1TVtNJ01mHs3Pc5LBsPD+vnlqINVG9
vQYZTDt2KXqeJVcjpK8UmRp0d/n+IxgH/cIxoiVmf3TCI45dZfr9r4izIwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMgEC70dkRKgmBCE4nw2MYRU81+JMB8GA1UdIwQY
MBaAFL7OxTHlw3dWuChmP5zCCtYhdxOsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnM3Rk1lWERkMWE0S0dZX25NSUsxaUYzRTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xYmNiOGItYTNmOC00OGNjLThkYjkt
M2RmOWUyMWY0YmNjLzEveUFRTHZSMlJFcUNZRUlUaWZEWXhoRlR6WDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xYmNiOGItYTNmOC00OGNjLThkYjktM2RmOWUyMWY0YmNj
LzEvdnM3Rk1lWERkMWE0S0dZX25NSUsxaUYzRTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQApIUEAwQB
pIUKAwQApIVbAwQBpIViAwQApIWWAwQApIWaMA0GCSqGSIb3DQEBCwUAA4IBAQCe
6ZlOs2iX5KS8GYvhKFwxGE1tF7cv7wDz5OhT6Zf2WgvRF0jD9V17SXSzHBRjKXUp
JZ5YHU3n4rflVovjdO9gBQTo4EANrKsT4sq5UDxQ6ueFK8l27xO7chwd63gDpluA
eXAekFmtJYXTdao64IZPPOvI/sFctBomsxXyqe9JZfZN7u5n/87aJPOCR9+LIzZt
SW7sOmcSmAHqtHy4wYQVt3oKBdwWM5csAEC2Jq+JR+6++4KMAJb0oGsXX41f37Gq
/owKUA/l9nuspkjRgoVnNpWYyX78HcErsSFAzHvUZvxsYjTZ4mMUdrqK4USbsQF/
OtXueEUrWpLbA6KgAt0m
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:41:53 2025 by rpki-client