Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/bQzf2uMGkgXH3X2QS8uIrSp74eU.roa
File: bQzf2uMGkgXH3X2QS8uIrSp74eU.roa (raw, json)
Hash identifier: YLxBLk8jjfgkyujII1/AehF/PxCPTNN02Psu8lVMfcc=
Subject key identifier: 6D:0C:DF:DA:E3:06:92:05:C7:DD:7D:90:4B:CB:88:AD:2A:7B:E1:E5
Certificate issuer: /CN=0842759a04fcfd9dd386486f04820e4a060397f2
Certificate serial: 019424B3A8ECE53BE0780CEA2FF1E22E4A5B
Authority key identifier: 08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/bQzf2uMGkgXH3X2QS8uIrSp74eU.roa
Signing time: Thu 02 Jan 2025 01:49:01 +0000
ROA not before: Thu 02 Jan 2025 01:49:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35617
IP address blocks: 85.204.42.0/24 maxlen: 24
86.104.135.0/24 maxlen: 24
109.239.240.0/20 maxlen: 20
178.132.88.0/21 maxlen: 21
185.59.132.0/22 maxlen: 22
185.225.128.0/22 maxlen: 22
212.81.60.0/22 maxlen: 22
2a04:e240::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:a8:ec:e5:3b:e0:78:0c:ea:2f:f1:e2:2e:4a:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0842759a04fcfd9dd386486f04820e4a060397f2
Validity
Not Before: Jan 2 01:49:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6d0cdfdae3069205c7dd7d904bcb88ad2a7be1e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:25:00:d8:64:3f:e9:b5:0f:9c:21:6a:e4:29:
50:5e:b7:0d:4a:b4:ff:e7:a4:48:37:c4:78:93:3b:
0e:2b:26:be:cc:84:6a:e7:8a:b8:b6:bd:26:ab:41:
42:00:f5:f1:9e:3f:09:d4:03:5b:6e:d0:ad:52:3d:
12:37:1d:b1:0e:d4:6f:d4:d4:65:77:86:99:a3:6c:
80:81:d0:47:31:5e:ff:bc:3e:75:5f:af:a2:c8:47:
fe:f9:8d:45:03:79:5a:cf:98:fc:c9:5b:f6:5c:d9:
e8:ec:bc:4d:78:b5:76:66:49:40:f1:21:44:ed:31:
3a:5c:81:fe:07:d9:59:03:99:0a:80:f4:64:63:39:
2a:3b:15:4a:2a:67:62:60:1f:17:d4:36:eb:64:2c:
c2:d0:14:34:84:95:d7:02:28:f1:53:db:d0:21:65:
47:24:4a:90:1e:e4:de:d9:e9:4f:78:c0:73:ab:38:
b7:fe:87:7e:bb:cc:bf:83:e0:75:3e:18:ac:d4:17:
ef:93:ce:e2:8b:2c:d3:33:bd:4d:fa:ef:af:f6:42:
16:c8:d2:22:e3:d6:f8:31:e5:92:85:92:d0:79:5d:
df:51:2c:30:d8:27:e5:10:af:e1:b5:db:2f:99:01:
c4:78:e6:1f:42:ee:ab:22:ba:b1:9a:4c:83:ee:b3:
81:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:0C:DF:DA:E3:06:92:05:C7:DD:7D:90:4B:CB:88:AD:2A:7B:E1:E5
X509v3 Authority Key Identifier:
keyid:08:42:75:9A:04:FC:FD:9D:D3:86:48:6F:04:82:0E:4A:06:03:97:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/bQzf2uMGkgXH3X2QS8uIrSp74eU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/3dfe7f-57ae-450c-92e1-7025e188068c/1/CEJ1mgT8_Z3ThkhvBIIOSgYDl_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.42.0/24
86.104.135.0/24
109.239.240.0/20
178.132.88.0/21
185.59.132.0/22
185.225.128.0/22
212.81.60.0/22
IPv6:
2a04:e240::/29
Signature Algorithm: sha256WithRSAEncryption
87:09:6e:b6:90:e9:02:fc:e5:dc:71:44:cf:71:c8:68:cf:83:
fb:e8:51:e6:03:79:89:01:57:d8:de:52:a7:3b:d9:89:91:69:
07:d0:b6:bc:27:03:cc:76:b7:65:7f:bd:fc:1b:6f:8b:60:3e:
00:a1:c4:18:4a:ee:0c:ae:fd:2e:8d:f2:b0:25:4c:67:da:e8:
da:09:34:fb:ea:02:d7:8d:8f:40:9b:e8:89:a8:64:ab:d3:86:
5d:c5:ae:9c:76:88:94:3d:fc:59:1d:10:be:21:6a:c5:23:16:
96:5e:49:bf:64:1a:ee:57:40:8c:4b:d9:71:bf:8c:a1:0f:b4:
fc:cb:93:d8:88:32:93:74:81:f7:da:97:ae:05:30:98:54:88:
ea:3b:2b:da:44:d2:a6:55:18:55:7a:4a:0c:7c:d3:23:a2:0f:
94:26:1d:50:df:52:28:a8:89:00:55:8f:a0:9b:1a:95:f2:99:
41:74:d7:2a:05:c7:5b:46:ed:c7:7f:af:9b:00:cc:8c:c6:4b:
36:09:9e:ec:5c:7d:d1:d0:39:b5:b3:e0:ff:7d:12:cb:4f:9b:
a4:a2:c3:0a:89:2e:4e:0c:a7:79:1d:e9:1c:a7:48:37:0b:6d:
76:0b:a8:62:af:58:c9:e4:0b:aa:9b:35:9a:27:b8:57:62:9a:
77:40:ab:41
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZQks6js5TvgeAzqL/HiLkpbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDI3NTlhMDRmY2ZkOWRkMzg2NDg2ZjA0ODIwZTRhMDYw
Mzk3ZjIwHhcNMjUwMTAyMDE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDBjZGZkYWUzMDY5MjA1YzdkZDdkOTA0YmNiODhhZDJhN2JlMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiUA2GQ/6bUPnCFq5ClQXrcNSrT/
56RIN8R4kzsOKya+zIRq54q4tr0mq0FCAPXxnj8J1ANbbtCtUj0SNx2xDtRv1NRl
d4aZo2yAgdBHMV7/vD51X6+iyEf++Y1FA3laz5j8yVv2XNno7LxNeLV2ZklA8SFE
7TE6XIH+B9lZA5kKgPRkYzkqOxVKKmdiYB8X1DbrZCzC0BQ0hJXXAijxU9vQIWVH
JEqQHuTe2elPeMBzqzi3/od+u8y/g+B1Phis1Bfvk87iiyzTM71N+u+v9kIWyNIi
49b4MeWShZLQeV3fUSww2CflEK/htdsvmQHEeOYfQu6rIrqxmkyD7rOBswIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFG0M39rjBpIFx919kEvLiK0qe+HlMB8GA1UdIwQY
MBaAFAhCdZoE/P2d04ZIbwSCDkoGA5fyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEt
NzAyNWUxODgwNjhjLzEvYlF6ZjJ1TUdrZ1hIM1gyUVM4dUlyU3A3NGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8zZGZlN2YtNTdhZS00NTBjLTkyZTEtNzAyNWUxODgwNjhj
LzEvQ0VKMW1nVDhfWjNUaGtodkJJSU9TZ1lEbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAVcwqAwQA
VmiHAwQEbe/wAwQDsoRYAwQCuTuEAwQCueGAAwQC1FE8MA0EAgACMAcDBQMqBOJA
MA0GCSqGSIb3DQEBCwUAA4IBAQCHCW62kOkC/OXccUTPcchoz4P76FHmA3mJAVfY
3lKnO9mJkWkH0La8JwPMdrdlf738G2+LYD4AocQYSu4Mrv0ujfKwJUxn2ujaCTT7
6gLXjY9Am+iJqGSr04Zdxa6cdoiUPfxZHRC+IWrFIxaWXkm/ZBruV0CMS9lxv4yh
D7T8y5PYiDKTdIH32peuBTCYVIjqOyvaRNKmVRhVekoMfNMjog+UJh1Q31IoqIkA
VY+gmxqV8plBdNcqBcdbRu3Hf6+bAMyMxks2CZ7sXH3R0Dm1s+D/fRLLT5ukosMK
iS5ODKd5Hekcp0g3C212C6hir1jJ5AuqmzWaJ7hXYpp3QKtB
-----END CERTIFICATE-----
Generated at Fri Apr 25 06:45:49 2025 by rpki-client