Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/KZNT-sZZNOeQ3ZQO6BjaXLuoD9g.roa
File: KZNT-sZZNOeQ3ZQO6BjaXLuoD9g.roa (raw, json)
Hash identifier: +2sZTVLc367S2ob/w+tSdpZn/g4nvkTyjPLtfOVjhN8=
Subject key identifier: 29:93:53:FA:C6:59:34:E7:90:DD:94:0E:E8:18:DA:5C:BB:A8:0F:D8
Certificate issuer: /CN=e5503498ff185d0c607353f43f55e911f62a6802
Certificate serial: 019420D5DA42D19F68C9DF08C205B308227D
Authority key identifier: E5:50:34:98:FF:18:5D:0C:60:73:53:F4:3F:55:E9:11:F6:2A:68:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5VA0mP8YXQxgc1P0P1XpEfYqaAI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/KZNT-sZZNOeQ3ZQO6BjaXLuoD9g.roa
Signing time: Wed 01 Jan 2025 07:47:53 +0000
ROA not before: Wed 01 Jan 2025 07:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15943
IP address blocks: 2.57.116.0/22 maxlen: 24
31.29.32.0/19 maxlen: 24
31.172.104.0/21 maxlen: 24
37.122.136.0/21 maxlen: 24
45.82.192.0/22 maxlen: 24
45.131.16.0/22 maxlen: 24
45.157.100.0/22 maxlen: 24
45.159.176.0/22 maxlen: 24
46.22.0.0/20 maxlen: 24
46.59.128.0/17 maxlen: 24
77.223.8.0/21 maxlen: 24
77.223.16.0/20 maxlen: 24
80.245.104.0/22 maxlen: 24
81.25.160.0/20 maxlen: 24
84.46.0.0/17 maxlen: 24
84.242.16.0/20 maxlen: 24
94.72.128.0/21 maxlen: 24
94.72.168.0/21 maxlen: 24
94.72.184.0/21 maxlen: 24
95.81.0.0/19 maxlen: 24
95.129.0.0/21 maxlen: 24
95.163.160.0/20 maxlen: 24
109.230.96.0/20 maxlen: 24
134.101.128.0/17 maxlen: 24
149.224.0.0/16 maxlen: 24
149.233.128.0/17 maxlen: 24
149.249.16.0/20 maxlen: 24
149.249.248.0/22 maxlen: 24
176.109.192.0/19 maxlen: 24
185.23.224.0/22 maxlen: 24
185.29.240.0/22 maxlen: 24
185.82.16.0/22 maxlen: 24
185.207.4.0/22 maxlen: 24
185.215.236.0/22 maxlen: 24
185.220.216.0/22 maxlen: 24
185.232.32.0/22 maxlen: 24
188.136.224.0/19 maxlen: 24
192.119.48.0/20 maxlen: 24
192.196.192.0/20 maxlen: 24
193.178.56.0/22 maxlen: 24
193.218.16.0/20 maxlen: 24
195.123.96.0/20 maxlen: 24
195.250.0.0/20 maxlen: 24
212.127.32.0/19 maxlen: 24
212.146.136.0/21 maxlen: 24
212.146.144.0/20 maxlen: 24
213.21.32.0/20 maxlen: 24
213.195.24.0/21 maxlen: 24
213.209.64.0/18 maxlen: 24
216.83.208.0/20 maxlen: 24
2a02:2028::/32 maxlen: 32
2a04:4540::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d5:da:42:d1:9f:68:c9:df:08:c2:05:b3:08:22:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5503498ff185d0c607353f43f55e911f62a6802
Validity
Not Before: Jan 1 07:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=299353fac65934e790dd940ee818da5cbba80fd8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:9d:b9:2f:03:7c:3b:29:9f:b2:44:dc:44:3d:
f6:69:99:3d:84:92:f8:9d:82:86:0d:64:99:3e:d3:
0e:46:f6:ff:45:58:d2:6f:aa:73:b8:26:b5:da:a4:
83:cb:7a:1d:e1:c8:c2:08:56:9f:dc:71:86:66:46:
b4:91:d0:19:db:57:a2:83:79:a2:06:f3:15:b4:17:
cb:48:54:7f:54:0e:34:8c:e1:44:40:df:41:f1:fe:
39:4b:ea:97:4c:3c:d9:05:5e:83:44:04:5a:f6:92:
60:98:b7:9c:10:a2:b6:46:4f:7f:51:39:a1:4a:08:
c5:ed:9d:ca:c2:9a:0e:95:eb:ad:fa:42:37:c8:aa:
00:49:ef:f3:3f:f6:20:a6:f9:8b:ad:4b:85:82:bf:
e7:cd:fe:ff:5b:bd:27:a4:83:87:94:bd:0c:b3:25:
6c:9e:a9:9d:87:33:8b:10:c1:d9:e6:0d:11:44:1d:
f7:10:2e:7a:f3:61:a0:a8:a5:4e:82:df:5f:a8:cc:
65:7a:cd:83:44:03:2c:06:e6:d1:3d:08:cd:72:f9:
65:ec:04:81:b8:7a:26:3a:55:40:e0:0f:ed:d0:09:
6b:71:fd:7d:f3:ce:22:ae:dd:83:83:f6:8b:89:f1:
62:b0:81:f2:12:5d:0e:7c:5e:28:ae:ce:36:1a:d0:
17:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:93:53:FA:C6:59:34:E7:90:DD:94:0E:E8:18:DA:5C:BB:A8:0F:D8
X509v3 Authority Key Identifier:
keyid:E5:50:34:98:FF:18:5D:0C:60:73:53:F4:3F:55:E9:11:F6:2A:68:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5VA0mP8YXQxgc1P0P1XpEfYqaAI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/KZNT-sZZNOeQ3ZQO6BjaXLuoD9g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/97b0bc-f4f8-4f90-8554-1e279f7b6023/1/5VA0mP8YXQxgc1P0P1XpEfYqaAI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.116.0/22
31.29.32.0/19
31.172.104.0/21
37.122.136.0/21
45.82.192.0/22
45.131.16.0/22
45.157.100.0/22
45.159.176.0/22
46.22.0.0/20
46.59.128.0/17
77.223.8.0-77.223.31.255
80.245.104.0/22
81.25.160.0/20
84.46.0.0/17
84.242.16.0/20
94.72.128.0/21
94.72.168.0/21
94.72.184.0/21
95.81.0.0/19
95.129.0.0/21
95.163.160.0/20
109.230.96.0/20
134.101.128.0/17
149.224.0.0/16
149.233.128.0/17
149.249.16.0/20
149.249.248.0/22
176.109.192.0/19
185.23.224.0/22
185.29.240.0/22
185.82.16.0/22
185.207.4.0/22
185.215.236.0/22
185.220.216.0/22
185.232.32.0/22
188.136.224.0/19
192.119.48.0/20
192.196.192.0/20
193.178.56.0/22
193.218.16.0/20
195.123.96.0/20
195.250.0.0/20
212.127.32.0/19
212.146.136.0-212.146.159.255
213.21.32.0/20
213.195.24.0/21
213.209.64.0/18
216.83.208.0/20
IPv6:
2a02:2028::/32
2a04:4540::/29
Signature Algorithm: sha256WithRSAEncryption
b9:63:3e:34:cf:0a:09:e0:9a:5d:29:30:8a:b3:45:39:b9:14:
64:e0:7c:f1:42:0a:55:f7:30:16:51:b4:0a:1d:1b:79:f2:5a:
c0:25:ee:44:1e:20:90:3c:ac:75:b5:7f:52:b9:02:23:dd:0a:
67:66:10:32:66:c7:00:b8:aa:79:07:79:ac:05:17:f9:aa:d5:
c9:ff:8d:37:91:fa:08:c4:a8:b9:d4:3a:76:6e:cb:f5:27:4b:
22:5b:63:63:9b:71:c0:bc:05:da:93:e1:c2:b1:6c:30:c7:79:
2f:da:90:40:b6:b9:7c:51:c5:66:c6:cd:0d:33:8c:f6:a6:a7:
96:01:bd:e4:5d:54:30:b8:4f:84:57:e8:20:68:f7:7f:7f:c4:
bb:1f:9f:22:34:75:19:5b:31:58:2a:c0:20:26:8b:61:d2:85:
b8:5b:d0:86:52:70:95:65:e9:75:94:5b:fa:89:26:ee:ca:49:
c5:70:94:84:a1:d7:22:2f:de:f1:6c:e1:04:94:ba:79:4a:b3:
7d:e0:ad:37:92:d6:0e:4a:2e:14:89:19:3f:08:7b:37:d2:4d:
be:5f:72:e5:80:63:2f:27:13:1d:25:af:70:08:3b:1a:c5:4e:
6f:c5:83:e3:27:12:be:d0:9e:58:1e:9a:b1:e9:1e:fb:49:2f:
53:f9:1e:3b
-----BEGIN CERTIFICATE-----
MIIGRjCCBS6gAwIBAgISAZQg1dpC0Z9oyd8IwgWzCCJ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NTAzNDk4ZmYxODVkMGM2MDczNTNmNDNmNTVlOTExZjYy
YTY4MDIwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTkzNTNmYWM2NTkzNGU3OTBkZDk0MGVlODE4ZGE1Y2JiYTgwZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr525LwN8OymfskTcRD32aZk9hJL4
nYKGDWSZPtMORvb/RVjSb6pzuCa12qSDy3od4cjCCFaf3HGGZka0kdAZ21eig3mi
BvMVtBfLSFR/VA40jOFEQN9B8f45S+qXTDzZBV6DRARa9pJgmLecEKK2Rk9/UTmh
SgjF7Z3KwpoOleut+kI3yKoASe/zP/YgpvmLrUuFgr/nzf7/W70npIOHlL0MsyVs
nqmdhzOLEMHZ5g0RRB33EC5682GgqKVOgt9fqMxles2DRAMsBubRPQjNcvll7ASB
uHomOlVA4A/t0Alrcf19884irt2Dg/aLifFisIHyEl0OfF4ors42GtAXrwIDAQAB
o4IDUjCCA04wHQYDVR0OBBYEFCmTU/rGWTTnkN2UDugY2ly7qA/YMB8GA1UdIwQY
MBaAFOVQNJj/GF0MYHNT9D9V6RH2KmgCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVZBMG1QOFlYUXhnYzFQMFAxWHBFZllxYUFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC85N2IwYmMtZjRmOC00ZjkwLTg1NTQt
MWUyNzlmN2I2MDIzLzEvS1pOVC1zWlpOT2VRM1pRTzZCamFYTHVvRDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC85N2IwYmMtZjRmOC00ZjkwLTg1NTQtMWUyNzlmN2I2MDIz
LzEvNVZBMG1QOFlYUXhnYzFQMFAxWHBFZllxYUFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBZgYIKwYBBQUHAQcBAf8EggFVMIIBUTCCATcEAgABMIIB
LwMEAgI5dAMEBR8dIAMEAx+saAMEAyV6iAMEAi1SwAMEAi2DEAMEAi2dZAMEAi2f
sAMEBC4WAAMEBy47gDAMAwQDTd8IAwQFTd8AAwQCUPVoAwQEURmgAwQHVC4AAwQE
VPIQAwQDXkiAAwQDXkioAwQDXki4AwQFX1EAAwQDX4EAAwQEX6OgAwQEbeZgAwQH
hmWAAwMAleADBAeV6YADBASV+RADBAKV+fgDBAWwbcADBAK5F+ADBAK5HfADBAK5
UhADBAK5zwQDBAK51+wDBAK53NgDBAK56CADBAW8iOADBATAdzADBATAxMADBALB
sjgDBATB2hADBATDe2ADBATD+gADBAXUfyAwDAMEA9SSiAMEBdSSgAMEBNUVIAME
A9XDGAMEBtXRQAMEBNhT0DAUBAIAAjAOAwUAKgIgKAMFAyoERUAwDQYJKoZIhvcN
AQELBQADggEBALljPjTPCgngml0pMIqzRTm5FGTgfPFCClX3MBZRtAodG3nyWsAl
7kQeIJA8rHW1f1K5AiPdCmdmEDJmxwC4qnkHeawFF/mq1cn/jTeR+gjEqLnUOnZu
y/UnSyJbY2ObccC8BdqT4cKxbDDHeS/akEC2uXxRxWbGzQ0zjPamp5YBveRdVDC4
T4RX6CBo939/xLsfnyI0dRlbMVgqwCAmi2HShbhb0IZScJVl6XWUW/qJJu7KScVw
lISh1yIv3vFs4QSUunlKs33grTeS1g5KLhSJGT8IezfSTb5fcuWAYy8nEx0lr3AI
OxrFTm/Fg+MnEr7QnlgemrHpHvtJL1P5Hjs=
-----END CERTIFICATE-----
Generated at Fri Apr 25 13:13:55 2025 by rpki-client