Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/EeFrQoh3jQtKJMeag4hpJyiwDGw.roa
File: EeFrQoh3jQtKJMeag4hpJyiwDGw.roa (raw, json)
Hash identifier: mlC92xTYSop56qk5KpOKiOZu5+t0f3FZU33GKeD5VtY=
Subject key identifier: 11:E1:6B:42:88:77:8D:0B:4A:24:C7:9A:83:88:69:27:28:B0:0C:6C
Certificate issuer: /CN=c5e172872eb7bef0965df13b0fc5d65e75370a19
Certificate serial: 0194266C028C768682556BB3750CB4B85FCD
Authority key identifier: C5:E1:72:87:2E:B7:BE:F0:96:5D:F1:3B:0F:C5:D6:5E:75:37:0A:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xeFyhy63vvCWXfE7D8XWXnU3Chk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/EeFrQoh3jQtKJMeag4hpJyiwDGw.roa
Signing time: Thu 02 Jan 2025 09:50:00 +0000
ROA not before: Thu 02 Jan 2025 09:50:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60351
IP address blocks: 37.77.200.0/24 maxlen: 24
37.77.201.0/24 maxlen: 24
37.77.202.0/24 maxlen: 24
37.77.203.0/24 maxlen: 24
37.77.204.0/24 maxlen: 24
37.77.205.0/24 maxlen: 24
37.77.206.0/24 maxlen: 24
37.77.207.0/24 maxlen: 24
185.21.164.0/22 maxlen: 22
2a00:8140::/36 maxlen: 36
2a00:8140:1000::/36 maxlen: 36
2a00:8140:f000::/36 maxlen: 36
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:02:8c:76:86:82:55:6b:b3:75:0c:b4:b8:5f:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c5e172872eb7bef0965df13b0fc5d65e75370a19
Validity
Not Before: Jan 2 09:50:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=11e16b4288778d0b4a24c79a8388692728b00c6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:73:bc:50:fa:ae:f3:0a:52:8b:14:3c:dc:4f:
16:cf:64:4a:36:0b:18:50:a0:82:5c:8e:ad:ed:5a:
d5:87:49:ad:25:cf:c1:fa:ea:c8:53:b4:be:b7:d6:
2b:56:c7:d1:df:d3:8c:5a:57:9a:a4:5c:09:cc:3f:
6b:22:23:cb:80:05:14:c5:17:6c:e0:fd:b5:c0:91:
ac:e9:02:bb:6f:06:b1:fb:04:a4:4d:98:e8:33:85:
08:2b:6e:5a:9d:4a:7b:9b:29:b0:e3:d2:59:8d:d2:
1b:ce:ab:26:7d:bb:09:98:54:0e:f1:f9:ab:46:be:
d1:5c:31:b3:98:d0:c1:81:02:16:ee:70:6f:ae:22:
1b:d6:69:72:cb:d3:ad:61:57:de:0f:7f:b1:ab:5c:
5e:02:7a:d0:77:4c:6f:ab:69:01:28:9c:a8:a6:cb:
20:06:15:e1:18:86:45:33:65:56:38:4f:38:a9:35:
8c:77:df:d6:95:91:6d:26:6a:bf:1c:a0:15:c5:4e:
b7:02:b2:7c:a4:dd:36:c3:8b:ec:00:89:d0:13:74:
52:15:82:5a:88:3e:42:d2:e3:2b:ff:0f:ea:ce:28:
92:f3:0b:03:5a:0e:4f:74:27:df:69:74:d0:57:d8:
4d:a6:fb:3b:b7:8e:a7:51:98:96:f0:82:55:ca:3c:
db:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:E1:6B:42:88:77:8D:0B:4A:24:C7:9A:83:88:69:27:28:B0:0C:6C
X509v3 Authority Key Identifier:
keyid:C5:E1:72:87:2E:B7:BE:F0:96:5D:F1:3B:0F:C5:D6:5E:75:37:0A:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xeFyhy63vvCWXfE7D8XWXnU3Chk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/EeFrQoh3jQtKJMeag4hpJyiwDGw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/xeFyhy63vvCWXfE7D8XWXnU3Chk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.77.200.0/21
185.21.164.0/22
IPv6:
2a00:8140::/35
2a00:8140:f000::/36
Signature Algorithm: sha256WithRSAEncryption
24:eb:48:d6:40:3e:8d:db:ab:83:c3:8c:f8:70:fc:f1:ea:ee:
8c:ac:02:d5:e0:3a:a4:24:9d:b1:b8:d4:5c:26:9a:3c:d6:c2:
67:55:bf:df:f3:06:a1:8c:ac:bd:93:94:7e:88:5c:63:a9:13:
8c:cf:54:c7:67:bd:d4:66:46:12:ac:32:77:0d:ce:a6:f0:d0:
1d:4a:fa:4d:b9:2f:4b:50:b8:86:67:d3:6b:1c:9a:cc:6b:2d:
02:b2:9c:78:9a:45:ef:3f:6d:f5:c0:5f:d9:d3:ae:76:77:23:
95:a0:17:fb:d6:71:57:ac:22:e3:ba:fa:00:07:56:4a:37:fe:
ef:3b:4d:e3:44:1d:7c:28:aa:f1:36:10:a5:6c:36:9f:63:7b:
b8:3e:d5:03:bb:68:24:d2:7b:3e:3c:65:52:ef:1b:88:0e:14:
fb:eb:e7:48:13:be:a1:3c:0e:cd:20:7d:2d:28:fa:67:bf:5c:
83:cb:b5:3a:de:cc:ac:f9:39:1a:cc:34:57:01:da:65:5b:b5:
f2:b2:29:60:08:c7:07:2c:68:81:bb:04:48:ae:17:1e:e0:7a:
ee:8f:bd:7d:94:a0:21:c6:1e:67:6c:75:8f:56:91:6d:33:5b:
95:4c:04:47:3f:db:c5:cd:94:75:00:10:56:aa:e5:7a:fa:a8:
e4:4e:e9:76
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQmbAKMdoaCVWuzdQy0uF/NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZTE3Mjg3MmViN2JlZjA5NjVkZjEzYjBmYzVkNjVlNzUz
NzBhMTkwHhcNMjUwMTAyMDk1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWUxNmI0Mjg4Nzc4ZDBiNGEyNGM3OWE4Mzg4NjkyNzI4YjAwYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonO8UPqu8wpSixQ83E8Wz2RKNgsY
UKCCXI6t7VrVh0mtJc/B+urIU7S+t9YrVsfR39OMWleapFwJzD9rIiPLgAUUxRds
4P21wJGs6QK7bwax+wSkTZjoM4UIK25anUp7mymw49JZjdIbzqsmfbsJmFQO8fmr
Rr7RXDGzmNDBgQIW7nBvriIb1mlyy9OtYVfeD3+xq1xeAnrQd0xvq2kBKJyopssg
BhXhGIZFM2VWOE84qTWMd9/WlZFtJmq/HKAVxU63ArJ8pN02w4vsAInQE3RSFYJa
iD5C0uMr/w/qziiS8wsDWg5PdCffaXTQV9hNpvs7t46nUZiW8IJVyjzbpwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFBHha0KId40LSiTHmoOIaScosAxsMB8GA1UdIwQY
MBaAFMXhcocut77wll3xOw/F1l51NwoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGVGeWh5NjN2dkNXWGZFN0Q4WFdYblUzQ2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS83ZjBkM2MtYmJkOS00ZmVlLWI2MGIt
YzQ2NWQ4OTAyYzFiLzEvRWVGclFvaDNqUXRLSk1lYWc0aHBKeWl3REd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS83ZjBkM2MtYmJkOS00ZmVlLWI2MGItYzQ2NWQ4OTAyYzFi
LzEveGVGeWh5NjN2dkNXWGZFN0Q4WFdYblUzQ2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQDJU3IAwQC
uRWkMBYEAgACMBADBgUqAIFAAAMGBCoAgUDwMA0GCSqGSIb3DQEBCwUAA4IBAQAk
60jWQD6N26uDw4z4cPzx6u6MrALV4DqkJJ2xuNRcJpo81sJnVb/f8wahjKy9k5R+
iFxjqROMz1THZ73UZkYSrDJ3Dc6m8NAdSvpNuS9LULiGZ9NrHJrMay0Cspx4mkXv
P231wF/Z0652dyOVoBf71nFXrCLjuvoAB1ZKN/7vO03jRB18KKrxNhClbDafY3u4
PtUDu2gk0ns+PGVS7xuIDhT76+dIE76hPA7NIH0tKPpnv1yDy7U63sys+TkazDRX
AdplW7XysilgCMcHLGiBuwRIrhce4Hruj719lKAhxh5nbHWPVpFtM1uVTARHP9vF
zZR1ABBWquV6+qjkTul2
-----END CERTIFICATE-----
Generated at Fri Apr 25 10:28:09 2025 by rpki-client