Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/B0QQDZ5EDlwNZlrG14VkoOPycPo.roa
File: B0QQDZ5EDlwNZlrG14VkoOPycPo.roa (raw, json)
Hash identifier: 32CFzXZkkxK/nJ5OcB6NxztPl7kK01ssOEP59e4XC4w=
Subject key identifier: 07:44:10:0D:9E:44:0E:5C:0D:66:5A:C6:D7:85:64:A0:E3:F2:70:FA
Certificate issuer: /CN=ec9b0931118f08bf4a34b3e052fd8f8a5c1ecab0
Certificate serial: 01942143F97460CA1B6D694C79E820A8E331
Authority key identifier: EC:9B:09:31:11:8F:08:BF:4A:34:B3:E0:52:FD:8F:8A:5C:1E:CA:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/B0QQDZ5EDlwNZlrG14VkoOPycPo.roa
Signing time: Wed 01 Jan 2025 09:48:10 +0000
ROA not before: Wed 01 Jan 2025 09:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31621
IP address blocks: 91.194.188.0/23 maxlen: 24
178.21.152.0/21 maxlen: 24
185.31.24.0/22 maxlen: 24
193.23.48.0/24 maxlen: 24
194.0.251.0/24 maxlen: 24
2a02:dcc::/32 maxlen: 48
2a02:dcd::/32 maxlen: 48
2a02:dce::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:f9:74:60:ca:1b:6d:69:4c:79:e8:20:a8:e3:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec9b0931118f08bf4a34b3e052fd8f8a5c1ecab0
Validity
Not Before: Jan 1 09:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0744100d9e440e5c0d665ac6d78564a0e3f270fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:3b:3d:61:8a:c6:97:3a:8b:59:69:28:b4:88:
4f:ae:bb:ef:03:d9:30:3e:62:d5:9d:76:91:bb:99:
fd:05:42:55:b9:cc:98:df:b8:62:c8:5d:5b:35:6a:
00:41:f9:f4:9e:0e:bc:63:5c:d0:36:db:95:65:2a:
b1:03:60:dc:ac:18:4f:56:a2:18:1c:25:f6:37:27:
47:7e:a1:9f:87:bd:10:6d:14:e2:27:6d:57:4c:40:
9e:b7:3a:1a:e5:19:eb:4b:90:f9:c4:00:0f:dd:e1:
b8:b8:10:00:c7:5a:8c:a7:4a:9a:4a:f3:3d:bc:6a:
b1:a0:aa:6c:fd:59:4d:cc:25:7d:0c:26:c7:ab:58:
06:fb:12:05:11:3d:07:44:13:79:65:eb:d9:ce:61:
6d:01:29:d3:b7:13:e7:97:23:d1:ad:ca:56:dd:ce:
ac:9a:26:37:45:77:ef:fb:48:34:54:d1:1c:05:6e:
29:bb:1f:19:26:ae:24:94:45:cb:68:6f:1e:dc:80:
50:75:f4:c5:de:89:cf:a3:e1:03:9d:b6:ab:3d:d6:
43:40:9b:76:e4:e2:87:d8:07:64:cf:5f:2f:12:69:
72:07:ff:6e:6f:34:89:d9:31:c4:e0:f3:08:47:7a:
90:7e:d6:53:24:b4:63:70:8f:b9:f7:ba:e8:52:25:
e0:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:44:10:0D:9E:44:0E:5C:0D:66:5A:C6:D7:85:64:A0:E3:F2:70:FA
X509v3 Authority Key Identifier:
keyid:EC:9B:09:31:11:8F:08:BF:4A:34:B3:E0:52:FD:8F:8A:5C:1E:CA:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JsJMRGPCL9KNLPgUv2PilweyrA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/B0QQDZ5EDlwNZlrG14VkoOPycPo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/0776a2-5e89-4e2c-9370-5b304eec0025/1/7JsJMRGPCL9KNLPgUv2PilweyrA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.194.188.0/23
178.21.152.0/21
185.31.24.0/22
193.23.48.0/24
194.0.251.0/24
IPv6:
2a02:dcc::-2a02:dce:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
63:48:2e:57:10:7f:d2:c7:13:56:4e:0a:5d:d6:be:59:74:d2:
31:e6:46:59:ee:74:ea:30:43:ea:22:b0:5c:c6:87:25:67:c1:
cc:5d:d2:ea:e9:e8:87:50:44:60:8b:ea:1f:2d:71:26:d6:37:
47:92:cb:f3:4d:7f:0a:6a:9e:57:dd:91:7b:2d:11:98:56:be:
8c:92:af:e7:55:96:bd:48:06:cf:12:ac:c6:47:a2:c6:4a:9b:
de:79:88:31:a7:3f:d6:47:3d:8f:85:c1:b1:4c:df:67:35:66:
eb:88:81:54:46:1c:47:06:fe:14:e5:01:3d:1b:cf:a9:aa:c2:
08:a4:6c:b3:21:a5:d2:a1:75:1a:a7:cc:ec:c2:8a:6b:ee:44:
f4:ae:bb:3d:a5:e5:42:12:49:87:e8:e2:30:44:53:93:75:1a:
32:f8:3d:c9:98:4a:4a:6d:00:80:58:0a:da:45:9a:af:2e:3b:
7f:3f:77:78:0e:97:c1:ca:08:b6:07:01:2a:2b:78:7d:4c:9f:
5c:93:5c:fd:41:fa:dd:c5:ae:77:e1:bb:f5:a7:6d:fb:16:8f:
68:05:4c:bc:a8:31:1d:1d:c9:55:c7:7e:3b:87:fa:55:ff:9c:
9d:a4:19:ef:c8:74:a7:9f:2e:09:4b:a2:5b:3a:4b:03:e2:b7:
37:86:5a:2f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQhQ/l0YMobbWlMeeggqOMxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWIwOTMxMTE4ZjA4YmY0YTM0YjNlMDUyZmQ4ZjhhNWMx
ZWNhYjAwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQ0MTAwZDllNDQwZTVjMGQ2NjVhYzZkNzg1NjRhMGUzZjI3MGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDs9YYrGlzqLWWkotIhPrrvvA9kw
PmLVnXaRu5n9BUJVucyY37hiyF1bNWoAQfn0ng68Y1zQNtuVZSqxA2DcrBhPVqIY
HCX2NydHfqGfh70QbRTiJ21XTECetzoa5RnrS5D5xAAP3eG4uBAAx1qMp0qaSvM9
vGqxoKps/VlNzCV9DCbHq1gG+xIFET0HRBN5ZevZzmFtASnTtxPnlyPRrcpW3c6s
miY3RXfv+0g0VNEcBW4pux8ZJq4klEXLaG8e3IBQdfTF3onPo+EDnbarPdZDQJt2
5OKH2Adkz18vEmlyB/9ubzSJ2THE4PMIR3qQftZTJLRjcI+597roUiXgiQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFAdEEA2eRA5cDWZaxteFZKDj8nD6MB8GA1UdIwQY
MBaAFOybCTERjwi/SjSz4FL9j4pcHsqwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0pzSk1SR1BDTDlLTkxQZ1V2MlBpbHdleXJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8wNzc2YTItNWU4OS00ZTJjLTkzNzAt
NWIzMDRlZWMwMDI1LzEvQjBRUURaNUVEbHdOWmxyRzE0VmtvT1B5Y1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My8wNzc2YTItNWU4OS00ZTJjLTkzNzAtNWIzMDRlZWMwMDI1
LzEvN0pzSk1SR1BDTDlLTkxQZ1V2MlBpbHdleXJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQBW8K8AwQD
shWYAwQCuR8YAwQAwRcwAwQAwgD7MBYEAgACMBAwDgMFAioCDcwDBQAqAg3OMA0G
CSqGSIb3DQEBCwUAA4IBAQBjSC5XEH/SxxNWTgpd1r5ZdNIx5kZZ7nTqMEPqIrBc
xoclZ8HMXdLq6eiHUERgi+ofLXEm1jdHksvzTX8Kap5X3ZF7LRGYVr6Mkq/nVZa9
SAbPEqzGR6LGSpveeYgxpz/WRz2PhcGxTN9nNWbriIFURhxHBv4U5QE9G8+pqsII
pGyzIaXSoXUap8zswopr7kT0rrs9peVCEkmH6OIwRFOTdRoy+D3JmEpKbQCAWAra
RZqvLjt/P3d4DpfBygi2BwEqK3h9TJ9ck1z9Qfrdxa534bv1p237Fo9oBUy8qDEd
HclVx347h/pV/5ydpBnvyHSnny4JS6JbOksD4rc3hlov
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:47:25 2025 by rpki-client