Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/NZZp83GD9DMoLhn3D9M5XusFTxI.roa
File: NZZp83GD9DMoLhn3D9M5XusFTxI.roa (raw, json)
Hash identifier: OiMifk7R6FismqZrdc/pOMDrQLzXG34BDoHmuCJQZZM=
Subject key identifier: 35:96:69:F3:71:83:F4:33:28:2E:19:F7:0F:D3:39:5E:EB:05:4F:12
Certificate issuer: /CN=4afc7f0beac2260702d05b69dd7b7a3fb2ddd69e
Certificate serial: 019426D8986A511738C0F3194A258AD86F61
Authority key identifier: 4A:FC:7F:0B:EA:C2:26:07:02:D0:5B:69:DD:7B:7A:3F:B2:DD:D6:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/NZZp83GD9DMoLhn3D9M5XusFTxI.roa
Signing time: Thu 02 Jan 2025 11:48:36 +0000
ROA not before: Thu 02 Jan 2025 11:48:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31725
IP address blocks: 91.201.240.0/22 maxlen: 22
91.201.240.0/23 maxlen: 23
91.201.242.0/23 maxlen: 23
109.95.32.0/21 maxlen: 21
109.95.32.0/22 maxlen: 22
188.190.64.0/19 maxlen: 19
195.62.14.0/23 maxlen: 23
195.62.14.0/24 maxlen: 24
195.62.15.0/24 maxlen: 24
2001:67c:176c::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d8:98:6a:51:17:38:c0:f3:19:4a:25:8a:d8:6f:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4afc7f0beac2260702d05b69dd7b7a3fb2ddd69e
Validity
Not Before: Jan 2 11:48:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=359669f37183f433282e19f70fd3395eeb054f12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:0c:3f:47:b2:a7:8f:38:3e:31:25:59:4a:a8:
d9:36:0a:e2:2d:37:b8:de:af:49:db:b4:3e:ae:13:
b6:44:55:02:74:b3:90:07:f2:2e:57:09:5c:20:7c:
9c:4a:bc:6b:ae:48:98:e9:dd:e1:46:01:28:36:ae:
5a:b9:78:d4:d7:4c:0a:f7:62:ec:3f:e6:9d:89:c7:
0e:53:d5:96:38:bc:4f:05:bc:26:d2:ab:8a:c1:3c:
9d:91:05:1e:ea:2d:91:11:75:8a:3e:37:10:60:84:
8a:f8:53:6b:3e:54:a6:72:6c:a9:d6:6d:26:a5:cc:
25:68:28:fc:86:3d:90:b8:29:28:00:88:88:7a:43:
42:30:f1:50:fb:85:50:5e:d1:ed:0a:2c:52:86:08:
b0:e5:8e:18:8b:dc:09:ad:c2:1a:b4:c9:5a:d0:89:
09:4c:c7:0e:82:0f:6f:b0:99:8d:25:60:5f:a0:1f:
99:e7:0d:e6:1f:71:33:90:f8:d1:67:0d:eb:b7:4d:
1e:cf:5c:63:90:b2:90:6a:cb:fc:34:ac:f9:23:78:
d9:a6:ed:6a:09:cf:6a:4e:08:87:98:1f:1f:77:4f:
36:d8:84:cd:93:d5:09:c0:43:8c:9c:59:3d:da:75:
6c:7b:d0:bf:2b:38:25:6e:b3:a3:69:a3:d2:56:a5:
38:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:96:69:F3:71:83:F4:33:28:2E:19:F7:0F:D3:39:5E:EB:05:4F:12
X509v3 Authority Key Identifier:
keyid:4A:FC:7F:0B:EA:C2:26:07:02:D0:5B:69:DD:7B:7A:3F:B2:DD:D6:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/NZZp83GD9DMoLhn3D9M5XusFTxI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/4f406a-2981-4aaf-8b61-f4ce22ecae34/1/Svx_C-rCJgcC0Ftp3Xt6P7Ld1p4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.201.240.0/22
109.95.32.0/21
188.190.64.0/19
195.62.14.0/23
IPv6:
2001:67c:176c::/48
Signature Algorithm: sha256WithRSAEncryption
70:24:58:75:74:3a:08:aa:87:ed:0e:02:7f:b7:47:03:fe:14:
98:e3:dd:52:17:11:f7:56:48:7d:e5:89:ed:5b:38:10:bc:fc:
41:b2:ce:0b:be:c9:41:cf:2b:80:a1:b2:22:d9:35:de:e1:6d:
71:7b:f8:ae:07:cc:8c:ca:f4:bf:32:96:00:97:19:77:ae:7c:
d8:f1:f1:ad:28:2c:f0:c1:1f:71:e0:07:0b:61:1a:a9:ab:94:
c5:0a:2e:de:1b:c5:fa:60:8f:5e:ca:ce:b1:89:dd:58:6f:0d:
66:a3:73:85:27:71:6e:03:f6:74:f3:01:1c:ba:2b:49:47:b4:
96:b2:30:ef:c8:57:e5:e8:1f:26:09:1d:ca:3e:01:43:ee:b7:
c2:a7:70:a1:00:01:cf:79:bf:a3:e9:ad:96:eb:8b:7d:05:b4:
2c:1e:b5:17:2e:99:81:6e:91:51:66:38:37:ef:18:d5:0b:1c:
f6:c8:77:b2:49:2c:db:50:9a:34:c0:b9:b0:4a:bd:fe:20:21:
71:50:1e:9d:de:6f:9b:f7:7f:9c:5e:1f:a9:9d:d2:68:bc:17:
4a:bc:35:23:24:e6:d2:cf:07:94:94:a8:9e:19:c4:a0:86:90:
32:48:84:f4:16:40:1c:86:14:12:c7:aa:57:14:b6:c0:c7:09:
c5:b7:52:54
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZQm2JhqURc4wPMZSiWK2G9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZmM3ZjBiZWFjMjI2MDcwMmQwNWI2OWRkN2I3YTNmYjJk
ZGQ2OWUwHhcNMjUwMTAyMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk2NjlmMzcxODNmNDMzMjgyZTE5ZjcwZmQzMzk1ZWViMDU0ZjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQw/R7Knjzg+MSVZSqjZNgriLTe4
3q9J27Q+rhO2RFUCdLOQB/IuVwlcIHycSrxrrkiY6d3hRgEoNq5auXjU10wK92Ls
P+adiccOU9WWOLxPBbwm0quKwTydkQUe6i2REXWKPjcQYISK+FNrPlSmcmyp1m0m
pcwlaCj8hj2QuCkoAIiIekNCMPFQ+4VQXtHtCixShgiw5Y4Yi9wJrcIatMla0IkJ
TMcOgg9vsJmNJWBfoB+Z5w3mH3EzkPjRZw3rt00ez1xjkLKQasv8NKz5I3jZpu1q
Cc9qTgiHmB8fd0822ITNk9UJwEOMnFk92nVse9C/KzglbrOjaaPSVqU4+QIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFDWWafNxg/QzKC4Z9w/TOV7rBU8SMB8GA1UdIwQY
MBaAFEr8fwvqwiYHAtBbad17ej+y3daeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Z4X0MtckNKZ2NDMEZ0cDNYdDZQN0xkMXA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80ZjQwNmEtMjk4MS00YWFmLThiNjEt
ZjRjZTIyZWNhZTM0LzEvTlpacDgzR0Q5RE1vTGhuM0Q5TTVYdXNGVHhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80ZjQwNmEtMjk4MS00YWFmLThiNjEtZjRjZTIyZWNhZTM0
LzEvU3Z4X0MtckNKZ2NDMEZ0cDNYdDZQN0xkMXA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQCW8nwAwQD
bV8gAwQFvL5AAwQBwz4OMA8EAgACMAkDBwAgAQZ8F2wwDQYJKoZIhvcNAQELBQAD
ggEBAHAkWHV0Ogiqh+0OAn+3RwP+FJjj3VIXEfdWSH3lie1bOBC8/EGyzgu+yUHP
K4ChsiLZNd7hbXF7+K4HzIzK9L8ylgCXGXeufNjx8a0oLPDBH3HgBwthGqmrlMUK
Lt4bxfpgj17KzrGJ3VhvDWajc4UncW4D9nTzARy6K0lHtJayMO/IV+XoHyYJHco+
AUPut8KncKEAAc95v6PprZbri30FtCwetRcumYFukVFmODfvGNULHPbId7JJLNtQ
mjTAubBKvf4gIXFQHp3eb5v3f5xeH6md0mi8F0q8NSMk5tLPB5SUqJ4ZxKCGkDJI
hPQWQByGFBLHqlcUtsDHCcW3UlQ=
-----END CERTIFICATE-----
Generated at Sat Apr 26 00:54:21 2025 by rpki-client