Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/8c7EVJqrLsn9i1gcUfjF3casiG0.roa
File: 8c7EVJqrLsn9i1gcUfjF3casiG0.roa (raw, json)
Hash identifier: sr3cGcuKZCKxJOMM6TBVUlvpTIhZQNEYnDlx7vbwIVU=
Subject key identifier: F1:CE:C4:54:9A:AB:2E:C9:FD:8B:58:1C:51:F8:C5:DD:C6:AC:88:6D
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0187B44398DE0CEC109DC760716FE9B8CB9D
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/8c7EVJqrLsn9i1gcUfjF3casiG0.roa
Signing time: Mon 24 Apr 2023 17:15:41 +0000
ROA not before: Mon 24 Apr 2023 17:15:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 188.240.83.0/24 maxlen: 24
5.35.192.0/21 maxlen: 24
84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
62.112.0.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
91.232.136.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:b4:43:98:de:0c:ec:10:9d:c7:60:71:6f:e9:b8:cb:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 24 17:15:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f1cec4549aab2ec9fd8b581c51f8c5ddc6ac886d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:25:7e:65:1b:63:a1:4c:d5:65:40:6c:f7:4f:
77:b3:8a:7f:13:07:aa:c2:1b:92:63:2c:a6:00:cd:
75:88:83:96:3b:8f:73:4d:fb:04:e6:02:c1:20:ba:
c0:d2:04:22:0d:a4:6e:6f:4c:cd:eb:ea:2b:a5:ec:
33:a5:ca:a2:fc:bc:d8:03:7b:e6:06:b8:a9:59:d8:
39:e5:bb:d0:a6:ba:60:81:c8:e1:18:05:ab:51:48:
c6:05:3c:c1:91:ac:ea:e5:2c:d9:6e:68:f7:74:54:
39:e5:3d:07:56:c1:bd:da:66:ff:b4:27:48:26:51:
03:ad:d8:72:88:e0:3b:80:67:85:cd:87:ea:39:3b:
6c:7c:4e:d7:cc:9e:84:61:bf:0a:aa:b6:83:15:34:
d0:97:b5:27:f6:e1:ff:5e:96:c1:ad:1a:41:01:d6:
f5:42:3a:9b:0e:d4:8a:8a:d0:a2:a5:54:17:13:69:
e6:f8:28:14:12:6f:41:c1:b6:00:00:7b:c6:d5:3c:
e3:66:bd:5a:05:4d:5b:5d:f4:ac:3e:53:8b:a1:f1:
1c:3d:f6:02:69:e2:4b:ed:02:89:09:b3:65:b5:94:
16:0a:23:fc:39:9f:4b:d3:6a:0b:3d:50:7a:99:95:
32:ce:cb:a4:0c:49:3e:56:a0:4a:fa:32:fd:d2:1f:
3b:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:CE:C4:54:9A:AB:2E:C9:FD:8B:58:1C:51:F8:C5:DD:C6:AC:88:6D
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/8c7EVJqrLsn9i1gcUfjF3casiG0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.160.0/22
91.232.136.0/22
93.113.184.0/21
188.240.83.0/24
194.88.96.0/21
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
27:91:0c:26:b7:85:fb:ed:4d:31:16:5e:7f:56:56:43:1b:8a:
d9:4a:e7:5a:b8:22:d4:c5:56:37:4e:d8:1e:c9:56:83:d0:a3:
2e:82:bb:7d:56:12:58:c2:e2:cc:db:9b:9f:8f:c0:68:be:0b:
d0:4b:30:91:49:9a:09:09:65:a6:a9:c4:6c:72:d6:31:55:09:
46:10:6b:bb:00:23:a9:34:cd:5b:b8:89:ab:00:37:20:1e:53:
74:3a:47:51:9d:14:3c:4f:96:34:eb:03:d3:b2:39:b0:f6:ed:
84:92:b1:ae:e9:08:79:7c:a3:97:cf:b7:74:74:8a:9c:0b:98:
d3:5f:41:7f:39:73:c3:33:0f:69:67:c1:09:e0:46:d7:5a:87:
dd:13:64:28:cd:92:f8:54:96:47:ef:e5:ac:d3:bd:b6:41:c7:
e8:80:9f:e7:a0:70:d6:a5:17:c9:84:f1:84:85:ac:ce:55:23:
8e:35:e9:c8:3a:2e:ed:40:fe:e6:38:12:9a:81:1c:a4:af:47:
df:5d:9b:fb:0d:6f:3d:b0:87:a4:2f:26:29:61:ca:5d:62:ae:
58:57:c5:d6:c2:40:05:cc:bb:83:ed:73:8d:5d:35:88:a0:5f:
51:84:eb:e2:ee:e6:dc:47:f8:fe:b2:4e:6a:d8:63:4b:c3:85:
65:92:36:66
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYe0Q5jeDOwQncdgcW/puMudMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDI0MTcxNTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNlYzQ1NDlhYWIyZWM5ZmQ4YjU4MWM1MWY4YzVkZGM2YWM4ODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSV+ZRtjoUzVZUBs9093s4p/Eweq
whuSYyymAM11iIOWO49zTfsE5gLBILrA0gQiDaRub0zN6+orpewzpcqi/LzYA3vm
BripWdg55bvQprpggcjhGAWrUUjGBTzBkazq5SzZbmj3dFQ55T0HVsG92mb/tCdI
JlEDrdhyiOA7gGeFzYfqOTtsfE7XzJ6EYb8KqraDFTTQl7Un9uH/XpbBrRpBAdb1
QjqbDtSKitCipVQXE2nm+CgUEm9BwbYAAHvG1TzjZr1aBU1bXfSsPlOLofEcPfYC
aeJL7QKJCbNltZQWCiP8OZ9L02oLPVB6mZUyzsukDEk+VqBK+jL90h87HQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPHOxFSaqy7J/YtYHFH4xd3GrIhtMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvOGM3RVZKcXJMc245aTFnY1VmakYzY2FzaUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcygAwQCW+iIAwQDXXG4AwQAvPBTAwQDwlhgAwQEwlhwMA0G
CSqGSIb3DQEBCwUAA4IBAQAnkQwmt4X77U0xFl5/VlZDG4rZSudauCLUxVY3Ttge
yVaD0KMugrt9VhJYwuLM25ufj8BovgvQSzCRSZoJCWWmqcRsctYxVQlGEGu7ACOp
NM1buImrADcgHlN0OkdRnRQ8T5Y06wPTsjmw9u2EkrGu6Qh5fKOXz7d0dIqcC5jT
X0F/OXPDMw9pZ8EJ4EbXWofdE2QozZL4VJZH7+Ws0722QcfogJ/noHDWpRfJhPGE
hazOVSOONenIOi7tQP7mOBKagRykr0ffXZv7DW89sIekLyYpYcpdYq5YV8XWwkAF
zLuD7XONXTWIoF9RhOvi7ubcR/j+sk5q2GNLw4VlkjZm
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:25:08 2025 by rpki-client