Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/oKzbCL58HVtAnFWpHugzLfrJ8iY.roa
File: oKzbCL58HVtAnFWpHugzLfrJ8iY.roa (raw, json)
Hash identifier: SJH3c6VE4yqyIoy12Om89pergpbwGay6VY1wyMQ+Tyk=
Subject key identifier: A0:AC:DB:08:BE:7C:1D:5B:40:9C:55:A9:1E:E8:33:2D:FA:C9:F2:26
Certificate issuer: /CN=a3679bf4c627d85fee2ce13a53c44851b9df0563
Certificate serial: 019427B627956155CE6CFCF65F300D12CE85
Authority key identifier: A3:67:9B:F4:C6:27:D8:5F:EE:2C:E1:3A:53:C4:48:51:B9:DF:05:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/oKzbCL58HVtAnFWpHugzLfrJ8iY.roa
Signing time: Thu 02 Jan 2025 15:50:36 +0000
ROA not before: Thu 02 Jan 2025 15:50:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35807
IP address blocks: 87.248.224.0/19 maxlen: 24
88.201.128.0/17 maxlen: 24
93.100.0.0/16 maxlen: 24
94.19.0.0/16 maxlen: 24
185.37.128.0/22 maxlen: 24
185.88.156.0/22 maxlen: 24
185.123.64.0/22 maxlen: 24
188.242.0.0/15 maxlen: 24
2a05:3580::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:27:95:61:55:ce:6c:fc:f6:5f:30:0d:12:ce:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3679bf4c627d85fee2ce13a53c44851b9df0563
Validity
Not Before: Jan 2 15:50:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a0acdb08be7c1d5b409c55a91ee8332dfac9f226
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b0:03:bb:7d:0d:d8:6c:08:93:15:24:75:6b:
f4:75:2e:93:7e:9c:16:3c:b7:af:da:b2:de:7c:27:
6f:00:ab:13:23:78:ed:70:7a:f9:ec:f4:8e:43:2a:
49:e2:aa:72:d9:90:5f:fb:32:5d:d1:9f:5d:fd:3d:
b4:03:cb:2b:79:3e:56:e6:fb:6e:11:fd:05:47:5d:
76:7a:08:7e:21:38:83:b3:2d:fe:ff:19:ba:7d:94:
38:45:52:a9:10:b6:b5:7e:6d:2b:9e:3d:65:a4:5c:
aa:5d:d8:8d:e1:ab:dc:bd:80:84:9f:b6:e8:a3:6d:
ab:40:7a:3e:7b:73:d2:ca:6b:d0:77:c2:9d:0c:73:
42:c6:24:93:58:60:4a:1a:99:01:32:cc:3c:7c:e8:
71:70:25:d4:00:4b:a5:00:3d:54:02:1b:75:60:39:
ea:54:ff:55:2f:30:a5:ef:bf:98:06:2d:f4:25:5a:
66:3a:dc:4e:17:72:34:fb:b3:05:a6:d2:10:06:26:
81:06:1e:78:90:f3:be:f7:59:0e:20:c6:6b:08:67:
6c:9f:ed:77:0a:0c:ac:c1:d7:f1:5b:39:f6:ed:57:
5d:7b:c2:77:af:4f:8f:69:50:e0:c9:22:ef:79:47:
ac:23:ce:38:6c:c1:01:40:bd:10:cf:2f:3d:81:6f:
6d:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:AC:DB:08:BE:7C:1D:5B:40:9C:55:A9:1E:E8:33:2D:FA:C9:F2:26
X509v3 Authority Key Identifier:
keyid:A3:67:9B:F4:C6:27:D8:5F:EE:2C:E1:3A:53:C4:48:51:B9:DF:05:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2eb9MYn2F_uLOE6U8RIUbnfBWM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/oKzbCL58HVtAnFWpHugzLfrJ8iY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/b62e59-e2c5-4a76-8b67-55672634cbc1/1/o2eb9MYn2F_uLOE6U8RIUbnfBWM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.248.224.0/19
88.201.128.0/17
93.100.0.0/16
94.19.0.0/16
185.37.128.0/22
185.88.156.0/22
185.123.64.0/22
188.242.0.0/15
IPv6:
2a05:3580::/29
Signature Algorithm: sha256WithRSAEncryption
77:1a:c4:2a:fa:57:a8:e1:e3:c2:59:4b:b6:a3:a2:1b:b0:9d:
4c:d3:31:6a:4d:f5:87:ba:75:19:82:8d:db:1a:4c:ed:7b:54:
71:04:70:2e:3f:71:1c:db:12:33:1a:84:ac:5b:49:46:b6:89:
45:e9:89:2a:5e:03:08:3e:5c:de:8f:70:55:80:08:9a:6e:f0:
b2:ec:e9:e6:42:cb:d6:90:e9:ff:ab:37:ce:3d:ab:96:96:d9:
84:32:c0:9a:16:09:44:ce:b1:e5:52:e8:cb:ee:2f:3e:46:a9:
e0:04:70:b3:87:05:b5:0c:a0:db:89:50:85:a5:f1:cb:d6:fc:
54:d4:33:44:9d:33:1f:67:00:9f:4e:35:f5:cf:01:41:23:1e:
c9:26:34:cb:61:0a:75:6c:72:d1:e1:42:78:fd:f8:1b:2c:02:
34:2b:41:5e:b5:fa:62:2a:22:b7:f7:99:10:4a:a9:83:57:b1:
ef:a1:96:03:c3:ec:54:56:c7:1d:4f:2a:d2:77:e1:7a:ec:17:
8f:00:e4:cd:95:a3:2f:46:92:2b:30:dc:f9:6c:83:3b:54:34:
0c:02:c2:d5:91:68:d6:d8:50:67:1c:fe:aa:dc:b6:6f:92:a9:
d3:4a:0f:ed:6f:37:28:8d:66:8e:95:53:8b:80:c9:07:1d:9e:
48:66:3e:dc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZQntieVYVXObPz2XzANEs6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjc5YmY0YzYyN2Q4NWZlZTJjZTEzYTUzYzQ0ODUxYjlk
ZjA1NjMwHhcNMjUwMTAyMTU1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGFjZGIwOGJlN2MxZDViNDA5YzU1YTkxZWU4MzMyZGZhYzlmMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbADu30N2GwIkxUkdWv0dS6TfpwW
PLev2rLefCdvAKsTI3jtcHr57PSOQypJ4qpy2ZBf+zJd0Z9d/T20A8sreT5W5vtu
Ef0FR112egh+ITiDsy3+/xm6fZQ4RVKpELa1fm0rnj1lpFyqXdiN4avcvYCEn7bo
o22rQHo+e3PSymvQd8KdDHNCxiSTWGBKGpkBMsw8fOhxcCXUAEulAD1UAht1YDnq
VP9VLzCl77+YBi30JVpmOtxOF3I0+7MFptIQBiaBBh54kPO+91kOIMZrCGdsn+13
CgyswdfxWzn27Vdde8J3r0+PaVDgySLveUesI844bMEBQL0Qzy89gW9t5QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFKCs2wi+fB1bQJxVqR7oMy36yfImMB8GA1UdIwQY
MBaAFKNnm/TGJ9hf7izhOlPESFG53wVjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJlYjlNWW4yRl91TE9FNlU4UklVYm5mQldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9iNjJlNTktZTJjNS00YTc2LThiNjct
NTU2NzI2MzRjYmMxLzEvb0t6YkNMNThIVnRBbkZXcEh1Z3pMZnJKOGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9iNjJlNTktZTJjNS00YTc2LThiNjctNTU2NzI2MzRjYmMx
LzEvbzJlYjlNWW4yRl91TE9FNlU4UklVYm5mQldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAzBAIAATAtAwQFV/jgAwQH
WMmAAwMAXWQDAwBeEwMEArklgAMEArlYnAMEArl7QAMDAbzyMA0EAgACMAcDBQMq
BTWAMA0GCSqGSIb3DQEBCwUAA4IBAQB3GsQq+leo4ePCWUu2o6IbsJ1M0zFqTfWH
unUZgo3bGkzte1RxBHAuP3Ec2xIzGoSsW0lGtolF6YkqXgMIPlzej3BVgAiabvCy
7OnmQsvWkOn/qzfOPauWltmEMsCaFglEzrHlUujL7i8+RqngBHCzhwW1DKDbiVCF
pfHL1vxU1DNEnTMfZwCfTjX1zwFBIx7JJjTLYQp1bHLR4UJ4/fgbLAI0K0Fetfpi
KiK395kQSqmDV7HvoZYDw+xUVscdTyrSd+F67BePAOTNlaMvRpIrMNz5bIM7VDQM
AsLVkWjW2FBnHP6q3LZvkqnTSg/tbzcojWaOlVOLgMkHHZ5IZj7c
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:03:55 2025 by rpki-client