Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/FoF8ZUBZ5kCu4oa83zINkMjWAYM.roa
File: FoF8ZUBZ5kCu4oa83zINkMjWAYM.roa (raw, json)
Hash identifier: RhcSxCtgICb2ZYm3ZoQOXVJ7hwELiIb6QSru+4BTc5o=
Subject key identifier: 16:81:7C:65:40:59:E6:40:AE:E2:86:BC:DF:32:0D:90:C8:D6:01:83
Certificate issuer: /CN=df3b82005fdbe961020f740ab43c554e5a38451f
Certificate serial: 019422FC494ECF283C0CAF5900897021867D
Authority key identifier: DF:3B:82:00:5F:DB:E9:61:02:0F:74:0A:B4:3C:55:4E:5A:38:45:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3zuCAF_b6WECD3QKtDxVTlo4RR8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/FoF8ZUBZ5kCu4oa83zINkMjWAYM.roa
Signing time: Wed 01 Jan 2025 17:49:06 +0000
ROA not before: Wed 01 Jan 2025 17:49:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34265
IP address blocks: 176.106.0.0/21 maxlen: 21
176.106.0.0/24 maxlen: 24
176.106.1.0/24 maxlen: 24
176.112.120.0/21 maxlen: 21
176.112.120.0/24 maxlen: 24
176.112.121.0/24 maxlen: 24
176.112.127.0/24 maxlen: 24
193.138.184.0/22 maxlen: 22
193.138.187.0/24 maxlen: 24
213.108.72.0/21 maxlen: 21
213.108.75.0/24 maxlen: 24
213.108.78.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:49:4e:cf:28:3c:0c:af:59:00:89:70:21:86:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3b82005fdbe961020f740ab43c554e5a38451f
Validity
Not Before: Jan 1 17:49:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=16817c654059e640aee286bcdf320d90c8d60183
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:77:02:4d:7a:f5:25:0e:c8:b4:7e:ba:97:b4:
1a:c9:ed:bf:58:4e:2c:f9:f2:b8:43:60:2b:87:7b:
e8:b0:35:3d:d5:1a:62:d1:d0:b5:ed:16:8a:77:2e:
1d:f1:0d:39:71:dc:6f:ba:80:17:ff:7f:a0:0c:06:
23:a1:e1:f0:b3:a9:cf:ca:8c:a1:19:2d:52:bb:08:
4d:bb:88:bc:4d:36:77:fa:e5:78:d6:2e:7b:0f:e7:
d3:9f:5e:17:ee:30:ee:5b:df:7e:c8:c7:db:5b:d9:
c6:2c:b4:29:1e:13:65:32:49:4f:42:2d:23:45:3c:
12:8c:9c:8d:cb:a6:57:ec:f4:f2:79:e0:44:b0:0c:
c0:f5:04:6f:00:cd:e0:7a:e9:a1:31:d5:30:6f:48:
c6:40:dc:89:47:d6:07:6e:f7:1e:17:d7:ed:f0:c5:
14:23:c9:21:05:90:cd:39:68:93:d9:72:20:98:45:
c4:7e:2d:85:e5:ad:85:6b:1a:1c:61:62:24:04:ad:
c3:76:51:10:f8:65:4c:41:22:ab:38:0e:95:6b:19:
80:da:49:e1:37:e0:2a:78:b7:cd:7b:60:c3:6f:70:
53:04:31:f4:ff:c2:f3:a9:95:75:c9:be:b6:56:53:
c5:62:16:70:0d:8a:2e:55:63:bd:ce:ca:42:d7:97:
d4:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:81:7C:65:40:59:E6:40:AE:E2:86:BC:DF:32:0D:90:C8:D6:01:83
X509v3 Authority Key Identifier:
keyid:DF:3B:82:00:5F:DB:E9:61:02:0F:74:0A:B4:3C:55:4E:5A:38:45:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3zuCAF_b6WECD3QKtDxVTlo4RR8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/FoF8ZUBZ5kCu4oa83zINkMjWAYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/38ff36-7d73-485c-8910-37c14092eb27/1/3zuCAF_b6WECD3QKtDxVTlo4RR8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.106.0.0/21
176.112.120.0/21
193.138.184.0/22
213.108.72.0/21
Signature Algorithm: sha256WithRSAEncryption
a7:91:ac:bb:ab:b3:74:85:96:be:67:8c:4c:46:5f:ca:58:cc:
25:fb:e3:73:8e:63:22:24:9f:18:5e:58:02:28:87:39:4d:bc:
a9:7d:3b:48:a4:fd:01:69:c6:89:5b:20:d4:a5:fe:dd:39:db:
6f:db:26:53:c1:5d:b7:28:82:2f:0b:6b:5e:2f:22:5a:43:18:
a4:ad:3b:ca:77:43:30:97:98:33:be:19:bf:07:29:bc:87:23:
a7:4c:1f:dd:d0:d2:6f:92:db:1f:e0:df:b7:b8:9a:b4:7a:36:
4d:75:d8:ea:c5:13:22:c7:ce:04:9a:a9:8c:0a:93:d4:c4:53:
4b:47:4e:b1:88:c9:b5:47:1e:e1:aa:06:ac:b1:6b:95:d9:46:
0a:51:f6:7a:31:c2:4b:40:d9:4e:53:ab:c1:92:7e:83:58:a9:
2d:2d:f4:40:bb:8c:75:e2:36:28:ba:63:46:63:10:4b:db:4d:
60:e0:ef:63:df:21:a4:f0:56:85:a3:a8:e6:36:2e:e9:c2:c2:
f5:5f:e6:42:fd:61:18:69:1b:50:31:59:06:36:5a:63:94:c9:
37:6f:90:e5:3e:de:66:a7:7f:48:58:cf:47:c0:eb:a2:c3:20:
83:4b:b6:c4:5c:fd:63:17:ca:70:b3:3e:43:63:62:2d:c1:af:
c1:27:57:41
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQi/ElOzyg8DK9ZAIlwIYZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2I4MjAwNWZkYmU5NjEwMjBmNzQwYWI0M2M1NTRlNWEz
ODQ1MWYwHhcNMjUwMTAxMTc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjgxN2M2NTQwNTllNjQwYWVlMjg2YmNkZjMyMGQ5MGM4ZDYwMTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuncCTXr1JQ7ItH66l7Qaye2/WE4s
+fK4Q2Arh3vosDU91Rpi0dC17RaKdy4d8Q05cdxvuoAX/3+gDAYjoeHws6nPyoyh
GS1SuwhNu4i8TTZ3+uV41i57D+fTn14X7jDuW99+yMfbW9nGLLQpHhNlMklPQi0j
RTwSjJyNy6ZX7PTyeeBEsAzA9QRvAM3geumhMdUwb0jGQNyJR9YHbvceF9ft8MUU
I8khBZDNOWiT2XIgmEXEfi2F5a2FaxocYWIkBK3DdlEQ+GVMQSKrOA6VaxmA2knh
N+AqeLfNe2DDb3BTBDH0/8LzqZV1yb62VlPFYhZwDYouVWO9zspC15fUxQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBaBfGVAWeZAruKGvN8yDZDI1gGDMB8GA1UdIwQY
MBaAFN87ggBf2+lhAg90CrQ8VU5aOEUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3p1Q0FGX2I2V0VDRDNRS3REeFZUbG80UlI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8zOGZmMzYtN2Q3My00ODVjLTg5MTAt
MzdjMTQwOTJlYjI3LzEvRm9GOFpVQlo1a0N1NG9hODN6SU5rTWpXQVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8zOGZmMzYtN2Q3My00ODVjLTg5MTAtMzdjMTQwOTJlYjI3
LzEvM3p1Q0FGX2I2V0VDRDNRS3REeFZUbG80UlI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDsGoAAwQD
sHB4AwQCwYq4AwQD1WxIMA0GCSqGSIb3DQEBCwUAA4IBAQCnkay7q7N0hZa+Z4xM
Rl/KWMwl++NzjmMiJJ8YXlgCKIc5TbypfTtIpP0BacaJWyDUpf7dOdtv2yZTwV23
KIIvC2teLyJaQxikrTvKd0Mwl5gzvhm/Bym8hyOnTB/d0NJvktsf4N+3uJq0ejZN
ddjqxRMix84EmqmMCpPUxFNLR06xiMm1Rx7hqgassWuV2UYKUfZ6McJLQNlOU6vB
kn6DWKktLfRAu4x14jYoumNGYxBL201g4O9j3yGk8FaFo6jmNi7pwsL1X+ZC/WEY
aRtQMVkGNlpjlMk3b5DlPt5mp39IWM9HwOuiwyCDS7bEXP1jF8pwsz5DY2Itwa/B
J1dB
-----END CERTIFICATE-----
Generated at Fri Apr 25 12:22:50 2025 by rpki-client