Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/zbORAgVCBGdwMFpkpNpVU4F-JYE.roa
File: zbORAgVCBGdwMFpkpNpVU4F-JYE.roa (raw, json)
Hash identifier: bnmHuORo7L7E/r6zgTIFCwfAOxo5IKx9z46OH+yKYpI=
Subject key identifier: CD:B3:91:02:05:42:04:67:70:30:5A:64:A4:DA:55:53:81:7E:25:81
Certificate issuer: /CN=3474210c28413e26284822abe83ad6d7c0f764fa
Certificate serial: 019423D705F9AB5E99CB25A793D7D2395B0E
Authority key identifier: 34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/zbORAgVCBGdwMFpkpNpVU4F-JYE.roa
Signing time: Wed 01 Jan 2025 21:48:01 +0000
ROA not before: Wed 01 Jan 2025 21:48:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203
IP address blocks: 91.206.20.0/24 maxlen: 24
91.206.21.0/24 maxlen: 24
185.68.44.0/24 maxlen: 24
185.68.45.0/24 maxlen: 24
185.68.46.0/24 maxlen: 24
185.68.47.0/24 maxlen: 24
185.161.233.0/24 maxlen: 24
185.161.234.0/24 maxlen: 24
185.161.235.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:05:f9:ab:5e:99:cb:25:a7:93:d7:d2:39:5b:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3474210c28413e26284822abe83ad6d7c0f764fa
Validity
Not Before: Jan 1 21:48:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cdb391020542046770305a64a4da5553817e2581
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:6d:12:4b:43:ee:26:05:27:b6:e3:88:5d:e7:
df:cc:ab:33:10:25:37:9d:5b:7a:bd:74:a1:77:34:
90:fd:d7:6f:b8:fe:4f:53:ff:ef:19:98:cf:18:c6:
59:1b:d0:8c:b3:fb:18:20:29:f5:13:e1:77:4f:ca:
50:af:93:01:01:5a:ae:d6:90:eb:af:8c:b2:f1:32:
24:8c:7c:ff:53:01:63:85:c0:55:e4:90:a2:6a:56:
08:e6:7a:7f:1c:19:fa:f1:e9:1d:43:7c:1c:50:6f:
c5:57:e7:72:8b:7d:10:04:0c:70:6e:cf:e4:a2:2a:
78:ef:70:b6:cb:ea:68:47:c1:df:9e:34:5e:8f:5b:
59:c5:8e:c5:50:0f:d8:a2:66:00:96:8f:a1:e8:d5:
4c:a9:9c:1d:71:e5:f8:6c:a5:0c:9d:1e:38:23:3a:
9e:48:c0:9e:9f:a1:5e:ae:25:24:2c:28:30:61:ec:
47:1f:91:9e:eb:37:32:1a:50:81:b1:c7:61:8b:40:
0e:e6:48:31:42:0a:00:c8:5c:86:4d:e0:e6:08:d9:
57:90:02:b2:63:5b:81:2e:6a:6f:b1:6f:d2:f3:5d:
5e:74:eb:25:35:ba:88:2f:51:27:d1:03:c5:92:fb:
1a:ec:37:1d:49:f1:29:f4:86:9c:ff:71:dd:1f:71:
c7:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:B3:91:02:05:42:04:67:70:30:5A:64:A4:DA:55:53:81:7E:25:81
X509v3 Authority Key Identifier:
keyid:34:74:21:0C:28:41:3E:26:28:48:22:AB:E8:3A:D6:D7:C0:F7:64:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHQhDChBPiYoSCKr6DrW18D3ZPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/zbORAgVCBGdwMFpkpNpVU4F-JYE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/3e9916-4f8a-4b08-89c9-b0c74b76e182/1/NHQhDChBPiYoSCKr6DrW18D3ZPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.206.20.0/23
185.68.44.0/22
185.161.233.0-185.161.235.255
Signature Algorithm: sha256WithRSAEncryption
14:95:44:14:0a:7d:47:a2:b4:5c:01:0a:7f:a2:c2:a0:3f:08:
0e:a5:b3:c9:1e:17:36:9b:14:13:0d:3d:2f:0f:76:21:65:2f:
8d:c4:39:4c:94:70:dd:27:b3:80:36:f6:67:b4:86:85:78:3e:
a9:42:7a:35:0d:91:0c:ef:ab:ed:82:38:83:e2:04:c3:24:30:
72:08:4a:ee:5f:f9:7d:36:19:ed:a7:d0:8a:67:6a:8f:b5:b2:
82:dd:61:3c:7e:16:31:10:a7:32:a3:ea:f0:ba:d8:b6:84:30:
05:aa:c8:b9:39:5a:4a:03:11:af:4b:d6:bf:38:15:79:1b:9c:
bc:15:c7:d1:80:15:25:af:df:00:dc:a4:e5:43:86:ff:3a:b3:
82:22:57:59:fc:12:88:d9:ca:03:eb:66:ef:ad:8c:b4:c2:c2:
3c:23:82:7d:8e:9b:ce:b0:08:11:0e:2a:d2:9f:b7:14:8d:a6:
32:b9:d2:b2:a3:b5:21:1f:49:cf:61:fa:e8:c2:29:fe:b0:f2:
be:4e:d0:42:c6:3b:7d:1e:82:40:05:46:de:ea:72:2b:72:be:
0a:3f:58:f3:2d:c9:a2:89:05:7f:03:b6:19:6a:48:ec:82:72:
0e:34:13:de:b0:c7:ef:92:1a:6d:35:85:0d:28:57:2d:1d:8c:
c3:43:32:69
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQj1wX5q16ZyyWnk9fSOVsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NzQyMTBjMjg0MTNlMjYyODQ4MjJhYmU4M2FkNmQ3YzBm
NzY0ZmEwHhcNMjUwMTAxMjE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGIzOTEwMjA1NDIwNDY3NzAzMDVhNjRhNGRhNTU1MzgxN2UyNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0W0SS0PuJgUntuOIXeffzKszECU3
nVt6vXShdzSQ/ddvuP5PU//vGZjPGMZZG9CMs/sYICn1E+F3T8pQr5MBAVqu1pDr
r4yy8TIkjHz/UwFjhcBV5JCialYI5np/HBn68ekdQ3wcUG/FV+dyi30QBAxwbs/k
oip473C2y+poR8HfnjRej1tZxY7FUA/YomYAlo+h6NVMqZwdceX4bKUMnR44Izqe
SMCen6FeriUkLCgwYexHH5Ge6zcyGlCBscdhi0AO5kgxQgoAyFyGTeDmCNlXkAKy
Y1uBLmpvsW/S811edOslNbqIL1En0QPFkvsa7DcdSfEp9Iac/3HdH3HHNQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFM2zkQIFQgRncDBaZKTaVVOBfiWBMB8GA1UdIwQY
MBaAFDR0IQwoQT4mKEgiq+g61tfA92T6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5Yzkt
YjBjNzRiNzZlMTgyLzEvemJPUkFnVkNCR2R3TUZwa3BOcFZVNEYtSllFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My8zZTk5MTYtNGY4YS00YjA4LTg5YzktYjBjNzRiNzZlMTgy
LzEvTkhRaERDaEJQaVlvU0NLcjZEclcxOEQzWlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBW84UAwQC
uUQsMAwDBAC5oekDBAK5oegwDQYJKoZIhvcNAQELBQADggEBABSVRBQKfUeitFwB
Cn+iwqA/CA6ls8keFzabFBMNPS8PdiFlL43EOUyUcN0ns4A29me0hoV4PqlCejUN
kQzvq+2COIPiBMMkMHIISu5f+X02Ge2n0Ipnao+1soLdYTx+FjEQpzKj6vC62LaE
MAWqyLk5WkoDEa9L1r84FXkbnLwVx9GAFSWv3wDcpOVDhv86s4IiV1n8EojZygPr
Zu+tjLTCwjwjgn2Om86wCBEOKtKftxSNpjK50rKjtSEfSc9h+ujCKf6w8r5O0ELG
O30egkAFRt7qcityvgo/WPMtyaKJBX8DthlqSOyCcg40E96wx++SGm01hQ0oVy0d
jMNDMmk=
-----END CERTIFICATE-----
Generated at Fri Apr 25 13:43:57 2025 by rpki-client