Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/q0ZcAaJC0NdgaZbJABmMG3a-wuc.roa
File: q0ZcAaJC0NdgaZbJABmMG3a-wuc.roa (raw, json)
Hash identifier: SUYYeTh6yzkAt8ag+Tk4xijbvUF82bkEC5ALi/AihH0=
Subject key identifier: AB:46:5C:01:A2:42:D0:D7:60:69:96:C9:00:19:8C:1B:76:BE:C2:E7
Certificate issuer: /CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
Certificate serial: 019488F860F914FA278F23854E9D63D95B57
Authority key identifier: BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/q0ZcAaJC0NdgaZbJABmMG3a-wuc.roa
Signing time: Tue 21 Jan 2025 13:06:06 +0000
ROA not before: Tue 21 Jan 2025 13:06:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60976
IP address blocks: 91.232.73.0/24 maxlen: 24
185.222.121.0/24 maxlen: 24
185.222.122.0/24 maxlen: 24
185.222.123.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:88:f8:60:f9:14:fa:27:8f:23:85:4e:9d:63:d9:5b:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
Validity
Not Before: Jan 21 13:06:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab465c01a242d0d7606996c900198c1b76bec2e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:78:d3:be:8d:c2:45:5c:a4:18:48:f3:cc:f2:
ea:cd:66:d5:1d:5e:3f:49:b2:19:a9:26:71:43:bf:
d3:b0:27:7d:fe:53:04:ab:8d:72:b6:12:7d:41:2c:
18:de:e8:1b:d5:35:d4:ad:b8:25:60:e7:83:d0:8b:
93:4c:34:b1:5b:38:17:0e:bb:b8:fc:73:c8:f5:1c:
18:7a:6c:1c:59:c5:44:b0:3c:1a:b4:f7:45:ef:ed:
fc:9f:77:85:88:04:ff:7c:72:35:7a:ed:fe:d5:d6:
15:dd:f4:ff:86:f0:9c:64:16:46:0a:56:d8:54:b7:
20:42:c1:7a:52:67:29:93:f2:53:57:ce:be:80:e0:
27:82:d0:ca:53:76:05:93:9f:b4:55:fb:7a:0b:03:
be:b7:01:cc:c7:38:3e:b6:88:74:5f:70:08:bb:4a:
15:18:6c:86:1e:e3:b1:d9:19:eb:61:ca:35:5a:e0:
9a:7c:7a:ab:42:47:6c:93:aa:0f:6f:e4:1c:4c:e6:
b5:19:4c:f0:1f:c8:c6:c1:18:ea:20:5a:3e:cb:6a:
c7:7f:a4:04:4d:be:02:df:9e:06:4e:b7:58:e7:6a:
45:c6:52:f6:cf:95:e5:6c:bf:16:31:6a:22:c5:3f:
3e:41:46:b9:c8:25:c5:57:83:0f:73:73:e2:a9:e9:
03:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:46:5C:01:A2:42:D0:D7:60:69:96:C9:00:19:8C:1B:76:BE:C2:E7
X509v3 Authority Key Identifier:
keyid:BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/q0ZcAaJC0NdgaZbJABmMG3a-wuc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.232.73.0/24
185.222.121.0-185.222.123.255
Signature Algorithm: sha256WithRSAEncryption
5b:ac:4a:e5:58:da:69:61:bb:ae:53:a1:dd:dd:ea:df:2e:39:
49:14:ba:ca:f5:1c:45:3d:c4:b4:ce:03:8b:3e:86:15:e0:94:
7f:93:43:63:90:38:43:1a:0e:98:fa:c7:3e:e2:8a:f4:22:8e:
e1:f5:16:e3:33:9a:dc:19:38:ec:9c:8c:24:50:61:08:d7:3e:
99:71:ba:16:11:80:e0:9a:a9:d2:57:6c:40:c2:50:92:ae:f2:
9a:ac:4e:b1:43:5a:93:53:cf:ee:88:d4:be:31:83:da:ab:54:
d3:74:62:de:a7:03:d2:00:d0:ca:10:5a:c9:0c:28:3b:7a:4a:
7b:e3:02:4a:35:a7:2e:b9:b4:e1:df:8e:07:1d:b6:5a:86:94:
9d:c8:cc:f5:04:23:c3:1e:7c:9f:71:db:d4:40:bb:33:d1:88:
9c:e2:f5:3e:14:80:e0:09:d3:55:1e:86:4f:57:7b:3f:14:37:
20:d5:8d:69:5d:3d:9c:0d:b8:e3:19:e7:a6:a6:40:ae:df:6c:
9b:28:b3:15:41:19:de:b0:d8:a5:6d:ed:d9:ef:8d:3d:1b:44:
68:c2:9b:6d:df:11:66:85:0e:4b:ab:8b:24:ca:da:9e:86:1f:
ed:0d:a6:e8:9a:70:dd:6e:50:13:6d:2f:ad:5c:ae:39:44:32:
26:f2:f8:31
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZSI+GD5FPonjyOFTp1j2VtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOWI1NmQ4ZDk2ZWJjYjVmY2Y4N2RlMmVjMmI1MmMxOTRj
Y2Y5ZjkwHhcNMjUwMTIxMTMwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ2NWMwMWEyNDJkMGQ3NjA2OTk2YzkwMDE5OGMxYjc2YmVjMmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3jTvo3CRVykGEjzzPLqzWbVHV4/
SbIZqSZxQ7/TsCd9/lMEq41ythJ9QSwY3ugb1TXUrbglYOeD0IuTTDSxWzgXDru4
/HPI9RwYemwcWcVEsDwatPdF7+38n3eFiAT/fHI1eu3+1dYV3fT/hvCcZBZGClbY
VLcgQsF6Umcpk/JTV86+gOAngtDKU3YFk5+0Vft6CwO+twHMxzg+toh0X3AIu0oV
GGyGHuOx2RnrYco1WuCafHqrQkdsk6oPb+QcTOa1GUzwH8jGwRjqIFo+y2rHf6QE
Tb4C354GTrdY52pFxlL2z5XlbL8WMWoixT8+QUa5yCXFV4MPc3PiqekD6wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKtGXAGiQtDXYGmWyQAZjBt2vsLnMB8GA1UdIwQY
MBaAFLubVtjZbry1/Ph94uwrUsGUzPn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmIt
NGY0ZmU4MDNiMDE1LzEvcTBaY0FhSkMwTmRnYVpiSkFCbU1HM2Etd3VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmItNGY0ZmU4MDNiMDE1
LzEvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAW+hJMAwD
BAC53nkDBAK53ngwDQYJKoZIhvcNAQELBQADggEBAFusSuVY2mlhu65Tod3d6t8u
OUkUusr1HEU9xLTOA4s+hhXglH+TQ2OQOEMaDpj6xz7iivQijuH1FuMzmtwZOOyc
jCRQYQjXPplxuhYRgOCaqdJXbEDCUJKu8pqsTrFDWpNTz+6I1L4xg9qrVNN0Yt6n
A9IA0MoQWskMKDt6SnvjAko1py65tOHfjgcdtlqGlJ3IzPUEI8MefJ9x29RAuzPR
iJzi9T4UgOAJ01Uehk9Xez8UNyDVjWldPZwNuOMZ56amQK7fbJsosxVBGd6w2KVt
7dnvjT0bRGjCm23fEWaFDkuriyTK2p6GH+0NpuiacN1uUBNtL61crjlEMiby+DE=
-----END CERTIFICATE-----
Generated at Fri Apr 25 17:08:30 2025 by rpki-client