Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/3cIXV4csicuxADT5Y7RuYu5cw_A.roa
File: 3cIXV4csicuxADT5Y7RuYu5cw_A.roa (raw, json)
Hash identifier: aqXrqzZnI9uqQYFm5g0PJLj9zhFVOcXILWRNYrHFA9c=
Subject key identifier: DD:C2:17:57:87:2C:89:CB:B1:00:34:F9:63:B4:6E:62:EE:5C:C3:F0
Certificate issuer: /CN=b05442c4ffe9c1d761e7c569360ead042438f903
Certificate serial: 019425FC3BEDE4FA3C914800A0A2F59BDBD7
Authority key identifier: B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/3cIXV4csicuxADT5Y7RuYu5cw_A.roa
Signing time: Thu 02 Jan 2025 07:47:54 +0000
ROA not before: Thu 02 Jan 2025 07:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33808
IP address blocks: 79.171.88.0/21 maxlen: 21
89.31.0.0/21 maxlen: 21
134.101.125.0/24 maxlen: 24
193.110.68.0/22 maxlen: 22
217.170.176.0/21 maxlen: 21
217.170.184.0/22 maxlen: 22
217.170.188.0/22 maxlen: 22
2a00:17f0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:3b:ed:e4:fa:3c:91:48:00:a0:a2:f5:9b:db:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b05442c4ffe9c1d761e7c569360ead042438f903
Validity
Not Before: Jan 2 07:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddc21757872c89cbb10034f963b46e62ee5cc3f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:7c:5b:c9:c8:dd:7d:86:dc:ae:c1:0d:5d:d6:
44:68:ad:65:f1:78:1b:b5:93:45:e1:f0:e7:fd:08:
eb:94:64:1e:ee:2c:5c:fa:cb:4a:bc:24:43:f7:a5:
3f:bf:01:b3:d2:a4:4a:f9:b2:5e:e2:4b:aa:d2:94:
72:df:a0:9f:6c:36:92:62:e4:ba:68:7d:64:4a:ad:
10:df:14:80:39:81:0a:3f:15:5a:34:0f:c5:ef:7b:
8a:3d:dc:99:b9:30:bf:e5:e2:8c:79:63:82:6e:61:
40:95:c7:cf:34:2e:2a:24:b3:27:ba:64:19:22:af:
39:0c:6c:16:86:76:63:2e:79:ca:12:22:64:3d:ea:
10:f6:fc:71:c6:10:c8:c4:c9:6a:a6:a4:b4:37:b6:
20:df:fb:a3:73:82:49:6c:20:6a:cd:39:41:ee:14:
31:3f:71:81:46:97:ad:62:f2:9e:d8:72:a9:40:cd:
3e:80:96:ed:05:82:7d:1d:98:8d:15:69:16:8f:bb:
b1:19:38:77:68:8f:09:be:15:57:89:2c:4e:29:28:
39:bb:1f:2a:2a:02:82:d9:99:b7:42:85:25:81:05:
86:6f:74:b2:3a:55:47:4b:e0:64:a2:dd:46:17:90:
77:56:9b:81:34:51:16:31:46:45:9a:98:b6:d2:d6:
5d:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C2:17:57:87:2C:89:CB:B1:00:34:F9:63:B4:6E:62:EE:5C:C3:F0
X509v3 Authority Key Identifier:
keyid:B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/3cIXV4csicuxADT5Y7RuYu5cw_A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/sFRCxP_pwddh58VpNg6tBCQ4-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.171.88.0/21
89.31.0.0/21
134.101.125.0/24
193.110.68.0/22
217.170.176.0/20
IPv6:
2a00:17f0::/32
Signature Algorithm: sha256WithRSAEncryption
35:5c:60:de:a2:df:cf:dd:d5:d8:a7:df:57:6a:4e:ba:22:65:
c1:9f:82:4c:d3:e0:f5:fd:e7:d6:f7:94:33:33:3d:9a:01:54:
da:fa:80:e9:6c:74:b3:7e:b8:6a:55:1e:1c:b7:09:2f:52:7b:
18:82:ca:e1:58:13:c1:71:c6:88:01:7d:ac:ea:1c:c0:7a:2a:
8e:df:83:56:34:72:9b:56:48:7a:cd:39:02:f4:64:9d:a8:85:
14:b1:60:74:ee:43:b2:81:df:e8:cd:02:86:73:83:ba:65:9f:
1d:77:d7:25:0c:31:da:3b:8d:4c:7b:0f:66:bc:a6:9f:95:de:
ad:c7:55:2d:8c:5d:fe:a2:b6:ca:79:7f:d2:a4:b2:e6:68:e0:
bf:51:cd:ee:5e:5d:7f:24:1b:b2:ac:4f:32:60:81:ac:97:3f:
5e:07:37:f6:b7:3f:4f:e5:66:4a:3b:57:8e:f3:a1:d4:c8:49:
d4:ba:d8:87:05:ad:fc:ca:39:d3:6e:c4:80:7e:25:bb:e4:68:
c3:3e:b8:fe:d1:56:7b:d3:ee:f6:06:79:aa:93:fe:9b:a4:48:
7f:10:c0:25:b0:91:f2:7e:c2:b0:2c:a7:fb:6d:89:5b:47:5b:
51:44:5e:ff:69:5b:d5:6e:ed:10:81:11:0a:55:16:a5:93:fe:
45:c1:92:67
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQl/Dvt5Po8kUgAoKL1m9vXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTQ0MmM0ZmZlOWMxZDc2MWU3YzU2OTM2MGVhZDA0MjQz
OGY5MDMwHhcNMjUwMTAyMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGMyMTc1Nzg3MmM4OWNiYjEwMDM0Zjk2M2I0NmU2MmVlNWNjM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXxbycjdfYbcrsENXdZEaK1l8Xgb
tZNF4fDn/QjrlGQe7ixc+stKvCRD96U/vwGz0qRK+bJe4kuq0pRy36CfbDaSYuS6
aH1kSq0Q3xSAOYEKPxVaNA/F73uKPdyZuTC/5eKMeWOCbmFAlcfPNC4qJLMnumQZ
Iq85DGwWhnZjLnnKEiJkPeoQ9vxxxhDIxMlqpqS0N7Yg3/ujc4JJbCBqzTlB7hQx
P3GBRpetYvKe2HKpQM0+gJbtBYJ9HZiNFWkWj7uxGTh3aI8JvhVXiSxOKSg5ux8q
KgKC2Zm3QoUlgQWGb3SyOlVHS+Bkot1GF5B3VpuBNFEWMUZFmpi20tZdYwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFN3CF1eHLInLsQA0+WO0bmLuXMPwMB8GA1UdIwQY
MBaAFLBUQsT/6cHXYefFaTYOrQQkOPkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGIt
NmVkMzMxZjMxZTA5LzEvM2NJWFY0Y3NpY3V4QURUNVk3UnVZdTVjd19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGItNmVkMzMxZjMxZTA5
LzEvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDT6tYAwQD
WR8AAwQAhmV9AwQCwW5EAwQE2aqwMA0EAgACMAcDBQAqABfwMA0GCSqGSIb3DQEB
CwUAA4IBAQA1XGDeot/P3dXYp99Xak66ImXBn4JM0+D1/efW95QzMz2aAVTa+oDp
bHSzfrhqVR4ctwkvUnsYgsrhWBPBccaIAX2s6hzAeiqO34NWNHKbVkh6zTkC9GSd
qIUUsWB07kOygd/ozQKGc4O6ZZ8dd9clDDHaO41Mew9mvKafld6tx1UtjF3+orbK
eX/SpLLmaOC/Uc3uXl1/JBuyrE8yYIGslz9eBzf2tz9P5WZKO1eO86HUyEnUutiH
Ba38yjnTbsSAfiW75GjDPrj+0VZ70+72Bnmqk/6bpEh/EMAlsJHyfsKwLKf7bYlb
R1tRRF7/aVvVbu0QgREKVRalk/5FwZJn
-----END CERTIFICATE-----
Generated at Fri Apr 25 00:46:40 2025 by rpki-client