Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/2098ac-c2de-4362-a255-acd72d2c6cb6/1/CRyZWe4rqJ2qdiNWuAP-OJQeZow.roa
File: CRyZWe4rqJ2qdiNWuAP-OJQeZow.roa (raw, json)
Hash identifier: g+uZ3IirtTKelPa51RylP3yoQBkp1cF9hHY0LUNHp8g=
Subject key identifier: 09:1C:99:59:EE:2B:A8:9D:AA:76:23:56:B8:03:FE:38:94:1E:66:8C
Certificate issuer: /CN=400f942eb07335ca3e7fbd18f06c158db37cfd4b
Certificate serial: 01942143935325282F5AB776D5CC385B1C3F
Authority key identifier: 40:0F:94:2E:B0:73:35:CA:3E:7F:BD:18:F0:6C:15:8D:B3:7C:FD:4B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QA-ULrBzNco-f70Y8GwVjbN8_Us.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/2098ac-c2de-4362-a255-acd72d2c6cb6/1/CRyZWe4rqJ2qdiNWuAP-OJQeZow.roa
Signing time: Wed 01 Jan 2025 09:47:44 +0000
ROA not before: Wed 01 Jan 2025 09:47:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207697
IP address blocks: 91.209.97.0/24 maxlen: 24
193.22.136.0/24 maxlen: 24
193.22.137.0/24 maxlen: 24
193.22.138.0/24 maxlen: 24
193.22.139.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:93:53:25:28:2f:5a:b7:76:d5:cc:38:5b:1c:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=400f942eb07335ca3e7fbd18f06c158db37cfd4b
Validity
Not Before: Jan 1 09:47:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=091c9959ee2ba89daa762356b803fe38941e668c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:58:1b:28:19:e6:ca:7f:d7:1d:39:8f:ff:74:
8f:4b:41:00:8c:8f:91:08:71:ed:be:3e:e0:b6:5c:
4d:0a:46:2e:f0:b3:ce:80:3a:8f:28:9d:5f:df:64:
29:7a:e8:ec:fc:f0:d8:86:fa:8f:29:b2:3b:97:c5:
65:98:0a:c0:da:73:7e:b0:f2:c9:8b:f7:fb:2f:48:
83:3b:d5:b7:4b:8e:5e:c7:4f:76:6c:f1:4e:e1:5d:
f8:5b:ff:a4:88:7c:16:db:f9:d1:2f:38:4c:05:86:
8d:a3:fc:6a:35:e2:97:ba:66:19:42:c8:56:f7:66:
42:48:0e:e0:b9:69:4f:d7:ba:f4:23:b0:67:7c:71:
c3:d8:f9:c6:98:62:51:63:67:92:0d:3a:2c:61:fe:
f2:9f:11:a7:08:60:70:d8:3b:f1:95:ff:82:76:e1:
38:94:d4:38:4a:7a:f5:b0:47:ef:98:8b:f9:02:f0:
65:b8:a2:29:6e:75:ca:76:0c:47:f7:40:00:cb:ea:
91:0c:60:64:ab:95:b5:93:f4:02:d1:23:14:d8:af:
00:26:78:ef:78:0a:83:1b:44:3d:a0:a2:b3:c6:22:
13:a4:81:da:4c:4d:24:c5:b0:7e:38:c9:a4:de:07:
47:9f:c7:16:b5:e8:cf:03:cd:79:5b:1e:20:c2:47:
b9:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:1C:99:59:EE:2B:A8:9D:AA:76:23:56:B8:03:FE:38:94:1E:66:8C
X509v3 Authority Key Identifier:
keyid:40:0F:94:2E:B0:73:35:CA:3E:7F:BD:18:F0:6C:15:8D:B3:7C:FD:4B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QA-ULrBzNco-f70Y8GwVjbN8_Us.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/2098ac-c2de-4362-a255-acd72d2c6cb6/1/CRyZWe4rqJ2qdiNWuAP-OJQeZow.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/2098ac-c2de-4362-a255-acd72d2c6cb6/1/QA-ULrBzNco-f70Y8GwVjbN8_Us.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.209.97.0/24
193.22.136.0/22
Signature Algorithm: sha256WithRSAEncryption
4f:ce:a4:eb:f9:1a:29:0e:e8:b5:45:c8:24:f2:f9:72:52:a8:
3a:fb:00:e7:78:01:68:e3:f4:ce:bc:a1:30:fc:5c:61:20:f1:
e5:4b:71:e5:af:03:9d:e3:8d:7b:ee:8c:a0:f5:8e:35:e1:52:
81:45:d3:a5:91:da:d1:63:5d:11:62:cc:54:66:65:25:2c:2d:
f7:81:94:a3:04:2e:33:62:36:be:fa:6c:e3:4c:cf:6a:37:67:
34:2d:1b:a8:99:68:80:0d:cd:5e:68:79:c6:86:7c:5e:3b:cc:
72:a6:e4:10:48:b0:0b:85:c0:d6:fa:b7:5a:cb:c3:b6:f0:47:
6e:67:9e:77:f4:8e:d7:55:60:4e:35:e7:ca:99:38:95:36:f5:
72:4a:1a:a4:7e:61:e8:5f:d8:af:d7:da:c0:02:d9:75:db:67:
19:3f:c7:38:99:2c:48:19:b5:90:5c:8f:d1:5f:2c:6d:fd:86:
b2:66:c9:d8:11:b6:12:14:17:6c:d4:0d:33:c1:e5:51:1d:fa:
95:37:a6:b8:3d:ea:01:ac:b0:ea:0f:09:a3:c8:2a:71:f6:a9:
fb:2c:f6:31:46:7a:66:ef:e3:c5:4c:7e:0c:ea:15:2d:3e:96:
c7:f9:20:7e:24:6a:9e:7f:f2:66:81:08:08:a1:68:a1:ff:6a:
27:a9:80:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ5NTJSgvWrd21cw4Wxw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMGY5NDJlYjA3MzM1Y2EzZTdmYmQxOGYwNmMxNThkYjM3
Y2ZkNGIwHhcNMjUwMTAxMDk0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTFjOTk1OWVlMmJhODlkYWE3NjIzNTZiODAzZmUzODk0MWU2NjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplgbKBnmyn/XHTmP/3SPS0EAjI+R
CHHtvj7gtlxNCkYu8LPOgDqPKJ1f32Qpeujs/PDYhvqPKbI7l8VlmArA2nN+sPLJ
i/f7L0iDO9W3S45ex092bPFO4V34W/+kiHwW2/nRLzhMBYaNo/xqNeKXumYZQshW
92ZCSA7guWlP17r0I7BnfHHD2PnGmGJRY2eSDTosYf7ynxGnCGBw2Dvxlf+CduE4
lNQ4Snr1sEfvmIv5AvBluKIpbnXKdgxH90AAy+qRDGBkq5W1k/QC0SMU2K8AJnjv
eAqDG0Q9oKKzxiITpIHaTE0kxbB+OMmk3gdHn8cWtejPA815Wx4gwke5UwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAkcmVnuK6idqnYjVrgD/jiUHmaMMB8GA1UdIwQY
MBaAFEAPlC6wczXKPn+9GPBsFY2zfP1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUEtVUxyQnpOY28tZjcwWThHd1ZqYk44X1VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yMDk4YWMtYzJkZS00MzYyLWEyNTUt
YWNkNzJkMmM2Y2I2LzEvQ1J5WldlNHJxSjJxZGlOV3VBUC1PSlFlWm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yMDk4YWMtYzJkZS00MzYyLWEyNTUtYWNkNzJkMmM2Y2I2
LzEvUUEtVUxyQnpOY28tZjcwWThHd1ZqYk44X1VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9FhAwQC
wRaIMA0GCSqGSIb3DQEBCwUAA4IBAQBPzqTr+RopDui1Rcgk8vlyUqg6+wDneAFo
4/TOvKEw/FxhIPHlS3HlrwOd44177oyg9Y414VKBRdOlkdrRY10RYsxUZmUlLC33
gZSjBC4zYja++mzjTM9qN2c0LRuomWiADc1eaHnGhnxeO8xypuQQSLALhcDW+rda
y8O28EduZ5539I7XVWBONefKmTiVNvVyShqkfmHoX9iv19rAAtl122cZP8c4mSxI
GbWQXI/RXyxt/YayZsnYEbYSFBds1A0zweVRHfqVN6a4PeoBrLDqDwmjyCpx9qn7
LPYxRnpm7+PFTH4M6hUtPpbH+SB+JGqef/JmgQgIoWih/2onqYDE
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:52:39 2025 by rpki-client