Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/1df8e5-705b-4425-8b47-f553000227bd/1/MufPs85CSiFaqIykRd2XZEeRUmY.roa
File: MufPs85CSiFaqIykRd2XZEeRUmY.roa (raw, json)
Hash identifier: SDo3Rsrht5D08ne41KuHTw/96JInj8OLxwyQdiBoUSI=
Subject key identifier: 32:E7:CF:B3:CE:42:4A:21:5A:A8:8C:A4:45:DD:97:64:47:91:52:66
Certificate issuer: /CN=aa7fa1d876d6c9cf57584456b2094daac5f3f519
Certificate serial: 01856F14AFEC0CA022A243D09A5835910E03
Authority key identifier: AA:7F:A1:D8:76:D6:C9:CF:57:58:44:56:B2:09:4D:AA:C5:F3:F5:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qn-h2HbWyc9XWERWsglNqsXz9Rk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/1df8e5-705b-4425-8b47-f553000227bd/1/MufPs85CSiFaqIykRd2XZEeRUmY.roa
Signing time: Sun 01 Jan 2023 20:45:04 +0000
ROA not before: Sun 01 Jan 2023 20:45:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197637
IP address blocks: 185.8.86.0/23 maxlen: 23
109.75.96.0/24 maxlen: 24
109.75.96.0/22 maxlen: 22
109.75.98.0/24 maxlen: 24
109.75.97.0/24 maxlen: 24
37.99.200.0/21 maxlen: 21
109.75.104.0/24 maxlen: 24
109.75.99.0/24 maxlen: 24
109.75.106.0/24 maxlen: 24
109.75.107.0/24 maxlen: 24
109.75.108.0/22 maxlen: 22
185.65.198.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:14:af:ec:0c:a0:22:a2:43:d0:9a:58:35:91:0e:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa7fa1d876d6c9cf57584456b2094daac5f3f519
Validity
Not Before: Jan 1 20:45:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=32e7cfb3ce424a215aa88ca445dd976447915266
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:50:0f:6f:45:d0:82:9e:05:33:ad:fa:79:fc:
ac:4b:b1:e3:1f:cb:93:c9:f9:68:1d:92:59:5e:7f:
50:34:11:4a:4e:9a:60:04:ec:95:08:60:f0:52:a9:
03:ba:4d:5b:a2:b4:fa:4d:70:c4:a7:70:9b:57:7a:
d0:d4:27:af:3f:72:4f:6a:3e:2f:92:2a:fa:3c:06:
cc:7a:25:8d:50:2c:0e:8b:17:6a:23:15:23:14:04:
7c:f8:5e:4c:40:cb:5c:dd:bb:b7:de:36:df:d8:d4:
5b:2d:5b:20:a5:8e:ba:4c:2f:56:d9:8e:c4:86:6b:
08:4c:d3:73:a3:82:6b:fb:d1:6d:76:2f:72:52:3f:
d8:e4:37:44:84:39:ef:51:b7:60:9e:d9:2e:8b:7f:
69:1a:83:1f:75:65:5b:4e:52:af:23:ce:97:d5:ad:
76:f4:08:38:0b:f4:40:5a:33:fa:9d:0e:0c:7a:26:
c7:04:61:c8:35:eb:65:fb:c8:35:1f:d8:e2:7d:8b:
3c:10:a8:81:a1:52:18:2b:9e:8a:4f:42:98:a4:b6:
9d:d7:af:43:39:9b:03:b8:88:98:e3:d4:8f:f1:98:
0d:89:9c:16:e4:6e:f9:1c:51:73:ad:04:2a:f4:b5:
26:7b:c0:c2:51:32:3b:b5:e7:57:8f:56:a9:2e:70:
9d:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:E7:CF:B3:CE:42:4A:21:5A:A8:8C:A4:45:DD:97:64:47:91:52:66
X509v3 Authority Key Identifier:
keyid:AA:7F:A1:D8:76:D6:C9:CF:57:58:44:56:B2:09:4D:AA:C5:F3:F5:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qn-h2HbWyc9XWERWsglNqsXz9Rk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/1df8e5-705b-4425-8b47-f553000227bd/1/MufPs85CSiFaqIykRd2XZEeRUmY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/1df8e5-705b-4425-8b47-f553000227bd/1/qn-h2HbWyc9XWERWsglNqsXz9Rk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.99.200.0/21
109.75.96.0/22
109.75.104.0/24
109.75.106.0-109.75.111.255
185.8.86.0/23
185.65.198.0/23
Signature Algorithm: sha256WithRSAEncryption
20:a8:57:d6:07:e0:3d:89:24:7e:2b:12:18:ab:16:07:ac:cb:
d3:ef:dd:0a:84:0c:2f:7c:42:0c:19:22:8a:d4:4e:f9:2f:ec:
64:00:33:e0:8d:4e:42:c3:fa:ef:2f:85:7a:1f:c1:b3:15:ca:
b7:bb:b5:6e:09:7c:16:d1:87:05:fb:1c:7c:f5:89:68:6d:40:
8f:9d:74:86:a2:ef:1f:9f:f0:b9:0c:c0:6b:21:d6:f8:ae:33:
79:8c:88:b0:d5:0d:f6:1e:8b:4f:6c:76:df:ca:51:fe:43:48:
4b:5e:54:e0:dc:9f:5d:cf:70:dc:41:17:95:9b:bd:5e:5f:ad:
eb:24:92:24:8e:00:9e:07:9d:82:70:f6:aa:36:f2:9a:cb:f9:
ae:2d:b7:07:24:49:35:3a:ab:e3:a0:f2:fb:df:3c:7d:05:56:
9d:b1:3a:0b:bb:d6:ad:21:e6:f7:f5:a8:7b:bb:ce:6e:b2:00:
1e:72:06:4e:b7:77:87:86:64:37:fe:9c:d5:f9:2f:c4:15:ad:
94:21:d3:9c:47:8c:3b:3c:9c:da:7a:be:01:18:f2:71:64:45:
59:8d:5e:61:93:d3:b4:3c:94:ca:f6:ee:a4:47:0c:4b:fa:78:
bc:53:44:d5:17:32:df:3f:36:90:9c:c7:ec:ab:4c:6d:c4:73:
8e:6a:8b:12
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVvFK/sDKAiokPQmlg1kQ4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhN2ZhMWQ4NzZkNmM5Y2Y1NzU4NDQ1NmIyMDk0ZGFhYzVm
M2Y1MTkwHhcNMjMwMTAxMjA0NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmU3Y2ZiM2NlNDI0YTIxNWFhODhjYTQ0NWRkOTc2NDQ3OTE1MjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglAPb0XQgp4FM636efysS7HjH8uT
yfloHZJZXn9QNBFKTppgBOyVCGDwUqkDuk1borT6TXDEp3CbV3rQ1CevP3JPaj4v
kir6PAbMeiWNUCwOixdqIxUjFAR8+F5MQMtc3bu33jbf2NRbLVsgpY66TC9W2Y7E
hmsITNNzo4Jr+9Ftdi9yUj/Y5DdEhDnvUbdgntkui39pGoMfdWVbTlKvI86X1a12
9Ag4C/RAWjP6nQ4MeibHBGHINetl+8g1H9jifYs8EKiBoVIYK56KT0KYpLad169D
OZsDuIiY49SP8ZgNiZwW5G75HFFzrQQq9LUme8DCUTI7tedXj1apLnCdBwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDLnz7POQkohWqiMpEXdl2RHkVJmMB8GA1UdIwQY
MBaAFKp/odh21snPV1hEVrIJTarF8/UZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW4taDJIYld5YzlYV0VSV3NnbE5xc1h6OVJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS8xZGY4ZTUtNzA1Yi00NDI1LThiNDct
ZjU1MzAwMDIyN2JkLzEvTXVmUHM4NUNTaUZhcUl5a1JkMlhaRWVSVW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS8xZGY4ZTUtNzA1Yi00NDI1LThiNDctZjU1MzAwMDIyN2Jk
LzEvcW4taDJIYld5YzlYV0VSV3NnbE5xc1h6OVJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQDJWPIAwQC
bUtgAwQAbUtoMAwDBAFtS2oDBARtS2ADBAG5CFYDBAG5QcYwDQYJKoZIhvcNAQEL
BQADggEBACCoV9YH4D2JJH4rEhirFgesy9Pv3QqEDC98QgwZIorUTvkv7GQAM+CN
TkLD+u8vhXofwbMVyre7tW4JfBbRhwX7HHz1iWhtQI+ddIai7x+f8LkMwGsh1viu
M3mMiLDVDfYei09sdt/KUf5DSEteVODcn13PcNxBF5WbvV5freskkiSOAJ4HnYJw
9qo28prL+a4ttwckSTU6q+Og8vvfPH0FVp2xOgu71q0h5vf1qHu7zm6yAB5yBk63
d4eGZDf+nNX5L8QVrZQh05xHjDs8nNp6vgEY8nFkRVmNXmGT07Q8lMr27qRHDEv6
eLxTRNUXMt8/NpCcx+yrTG3Ec45qixI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:29 2024 by rpki-client on console-fra.rpki-client.org