Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/NSZ-yRR1cOw8cC_ppgQP49vBdas.roa
File: NSZ-yRR1cOw8cC_ppgQP49vBdas.roa (raw, json)
Hash identifier: 9LFVQ/B+qLXj4MM4W0vlrn4ujXF7+BJlLzV+ou3ngOo=
Subject key identifier: 35:26:7E:C9:14:75:70:EC:3C:70:2F:E9:A6:04:0F:E3:DB:C1:75:AB
Certificate issuer: /CN=220ab0d7ae01c7ba7da69d71a91472b390cd7091
Certificate serial: 0192DDAEEE46B84BA1D60286FDE31EDFF8AC
Authority key identifier: 22:0A:B0:D7:AE:01:C7:BA:7D:A6:9D:71:A9:14:72:B3:90:CD:70:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/NSZ-yRR1cOw8cC_ppgQP49vBdas.roa
Signing time: Wed 30 Oct 2024 13:48:01 +0000
ROA not before: Wed 30 Oct 2024 13:48:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50017
IP address blocks: 45.66.88.0/24 maxlen: 24
2a09:6644:2::/48 maxlen: 48
2a09:6644:3::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:dd:ae:ee:46:b8:4b:a1:d6:02:86:fd:e3:1e:df:f8:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=220ab0d7ae01c7ba7da69d71a91472b390cd7091
Validity
Not Before: Oct 30 13:48:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=35267ec9147570ec3c702fe9a6040fe3dbc175ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:62:32:39:25:5f:68:88:6a:be:18:50:1f:a7:
35:a6:45:33:a8:37:00:a7:b3:3e:2d:98:c6:32:3b:
8a:bd:53:d7:9c:4b:5e:f0:c4:43:da:b6:9b:bf:11:
51:e1:57:e1:d7:62:77:14:bf:0a:39:97:4c:3a:54:
f0:8f:19:bc:f0:42:07:42:eb:4b:37:cc:c9:e9:fa:
e3:68:64:e6:35:f8:d0:5d:52:be:a4:25:6e:7d:d8:
3f:d5:cc:2d:f8:78:6c:9c:34:0a:c8:83:66:57:38:
72:60:95:5a:23:93:33:24:16:59:00:82:8e:7c:2d:
05:d5:a5:06:d5:ee:9b:e8:fa:c3:ed:06:23:80:ca:
14:27:93:f8:f5:ef:07:64:d7:2f:1b:a5:24:25:7b:
d1:ac:ed:d9:06:85:51:68:d1:95:8a:03:eb:48:ee:
92:06:73:ac:de:a9:02:8c:6b:cb:4d:ff:95:9d:c5:
90:e7:b7:68:0f:e2:0e:08:89:0a:67:27:30:5c:ac:
4b:e3:40:71:43:6c:99:85:60:a4:75:2d:ce:be:76:
04:0f:ff:7f:7e:87:d8:73:db:01:3c:dd:c1:2b:63:
9e:ad:d6:9a:9e:73:fc:e6:e6:db:a5:cd:b3:ca:88:
ae:84:89:97:0a:d5:f3:fe:e9:56:c4:35:aa:7a:eb:
9a:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:26:7E:C9:14:75:70:EC:3C:70:2F:E9:A6:04:0F:E3:DB:C1:75:AB
X509v3 Authority Key Identifier:
keyid:22:0A:B0:D7:AE:01:C7:BA:7D:A6:9D:71:A9:14:72:B3:90:CD:70:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Igqw164Bx7p9pp1xqRRys5DNcJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/NSZ-yRR1cOw8cC_ppgQP49vBdas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f04658-fad7-423c-bb42-82fa3d260869/1/Igqw164Bx7p9pp1xqRRys5DNcJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.88.0/24
IPv6:
2a09:6644:2::/47
Signature Algorithm: sha256WithRSAEncryption
6d:af:b4:76:29:1e:a2:5f:e2:07:cc:94:e4:3d:cd:1c:4c:44:
e9:39:b0:44:41:bf:60:a1:5e:e6:d9:56:7c:ae:61:e6:9c:e9:
85:cc:5a:ff:e8:12:ce:a4:1c:76:8b:89:4b:bd:6b:94:4e:50:
f8:ec:4e:b7:02:a8:9e:f0:2d:22:e5:af:2d:eb:9c:87:cb:df:
ff:64:d2:af:a4:29:24:dd:11:85:94:7f:71:24:1b:a4:20:54:
6b:4a:46:5b:c8:3c:ce:3e:a0:cf:ee:d7:be:48:40:23:8f:9f:
46:03:da:81:ad:29:fb:a2:6c:ee:2a:7e:b8:9e:36:bd:b8:1e:
d5:d9:97:47:ae:29:45:f0:3b:29:9e:06:9e:5b:06:46:db:24:
64:61:26:45:5c:7c:b7:7e:f1:e4:90:bd:f0:d5:a3:53:86:0e:
22:36:bb:e8:46:1c:6e:b8:9b:78:d2:78:d2:0a:cc:be:1a:62:
f8:f7:1a:e2:6e:fe:89:bc:35:e3:be:1f:ec:5c:88:c6:8f:ee:
54:f8:82:dc:44:c2:76:84:e0:99:81:16:70:21:b4:87:34:b0:
c3:a7:a9:74:75:c7:b4:7b:54:dc:c5:bf:ea:35:4a:f9:1c:41:
fa:a4:33:e6:4f:12:2f:ae:19:b0:48:6f:f9:8f:31:29:eb:98:
f8:2a:c1:fd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZLdru5GuEuh1gKG/eMe3/isMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMGFiMGQ3YWUwMWM3YmE3ZGE2OWQ3MWE5MTQ3MmIzOTBj
ZDcwOTEwHhcNMjQxMDMwMTM0ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI2N2VjOTE0NzU3MGVjM2M3MDJmZTlhNjA0MGZlM2RiYzE3NWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2IyOSVfaIhqvhhQH6c1pkUzqDcA
p7M+LZjGMjuKvVPXnEte8MRD2rabvxFR4Vfh12J3FL8KOZdMOlTwjxm88EIHQutL
N8zJ6frjaGTmNfjQXVK+pCVufdg/1cwt+HhsnDQKyINmVzhyYJVaI5MzJBZZAIKO
fC0F1aUG1e6b6PrD7QYjgMoUJ5P49e8HZNcvG6UkJXvRrO3ZBoVRaNGVigPrSO6S
BnOs3qkCjGvLTf+VncWQ57doD+IOCIkKZycwXKxL40BxQ2yZhWCkdS3OvnYED/9/
fofYc9sBPN3BK2OerdaannP85ubbpc2zyoiuhImXCtXz/ulWxDWqeuua9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDUmfskUdXDsPHAv6aYED+PbwXWrMB8GA1UdIwQY
MBaAFCIKsNeuAce6faadcakUcrOQzXCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWdxdzE2NEJ4N3A5cHAxeHFSUnlzNUROY0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mMDQ2NTgtZmFkNy00MjNjLWJiNDIt
ODJmYTNkMjYwODY5LzEvTlNaLXlSUjFjT3c4Y0NfcHBnUVA0OXZCZGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mMDQ2NTgtZmFkNy00MjNjLWJiNDItODJmYTNkMjYwODY5
LzEvSWdxdzE2NEJ4N3A5cHAxeHFSUnlzNUROY0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALUJYMA8E
AgACMAkDBwEqCWZEAAIwDQYJKoZIhvcNAQELBQADggEBAG2vtHYpHqJf4gfMlOQ9
zRxMROk5sERBv2ChXubZVnyuYeac6YXMWv/oEs6kHHaLiUu9a5ROUPjsTrcCqJ7w
LSLlry3rnIfL3/9k0q+kKSTdEYWUf3EkG6QgVGtKRlvIPM4+oM/u175IQCOPn0YD
2oGtKfuibO4qfrieNr24HtXZl0euKUXwOymeBp5bBkbbJGRhJkVcfLd+8eSQvfDV
o1OGDiI2u+hGHG64m3jSeNIKzL4aYvj3GuJu/om8NeO+H+xciMaP7lT4gtxEwnaE
4JmBFnAhtIc0sMOnqXR1x7R7VNzFv+o1SvkcQfqkM+ZPEi+uGbBIb/mPMSnrmPgq
wf0=
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:12:21 2025 by rpki-client