Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/42O1iZoBGp1jOHPAyMXxvPvoDeU.roa
File: 42O1iZoBGp1jOHPAyMXxvPvoDeU.roa (raw, json)
Hash identifier: ILpdVDwxdnANxNv1MRsqh9OtUODOvMq2wiyDKUplG4U=
Subject key identifier: E3:63:B5:89:9A:01:1A:9D:63:38:73:C0:C8:C5:F1:BC:FB:E8:0D:E5
Certificate issuer: /CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Certificate serial: 0194450EB5AAE559AA1E9D4E66A0D20072E3
Authority key identifier: 08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/42O1iZoBGp1jOHPAyMXxvPvoDeU.roa
Signing time: Wed 08 Jan 2025 08:36:19 +0000
ROA not before: Wed 08 Jan 2025 08:36:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21472
IP address blocks: 5.2.16.0/21 maxlen: 21
5.2.16.0/23 maxlen: 23
5.2.18.0/23 maxlen: 23
5.2.20.0/23 maxlen: 23
5.2.23.0/24 maxlen: 24
91.224.190.0/23 maxlen: 23
162.33.228.0/23 maxlen: 23
185.79.56.0/22 maxlen: 22
185.79.56.0/24 maxlen: 24
185.149.176.0/22 maxlen: 22
185.182.147.0/24 maxlen: 24
185.229.40.0/22 maxlen: 22
195.49.144.0/22 maxlen: 22
2a00:e740::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:45:0e:b5:aa:e5:59:aa:1e:9d:4e:66:a0:d2:00:72:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=08953a5f11a8279cdf8798960de1e22eb1227d95
Validity
Not Before: Jan 8 08:36:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e363b5899a011a9d633873c0c8c5f1bcfbe80de5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:92:35:75:ce:46:50:4b:6e:be:86:98:b3:0f:
76:6a:a2:85:ec:97:fb:7d:4c:f1:45:13:8c:4e:2d:
bd:5c:84:95:7a:36:12:00:66:3b:96:30:8f:f1:cf:
c3:22:91:74:90:ef:ac:8f:2f:b6:9e:85:72:10:27:
3e:4a:85:53:dc:3f:6a:6b:e8:71:10:86:73:a5:58:
92:eb:53:82:c4:7b:cd:e0:73:c3:27:6c:d5:26:78:
b3:80:23:69:c3:0a:ca:52:e6:36:de:ab:af:b8:c7:
16:5c:d1:01:1d:14:3a:71:71:17:fe:d0:64:b6:0d:
18:90:58:9e:34:99:54:87:fa:c1:eb:dd:ae:e5:ad:
bc:59:56:3c:12:69:78:ff:94:f3:93:97:f4:da:b8:
09:cb:ad:ff:fc:5a:7f:1c:fe:f4:47:dc:5c:49:90:
6e:11:16:e1:cc:51:f8:b6:1a:db:07:5a:ef:4d:88:
1c:4c:a2:6b:38:b1:ab:33:09:95:db:d0:7b:1f:63:
ff:96:b2:1f:2c:81:ce:f5:a4:d8:a5:2c:9e:60:f7:
4e:f4:d4:bd:b3:98:61:1a:6c:4f:f9:a9:aa:f0:27:
e8:2c:61:85:24:8b:c2:96:1d:be:c4:af:b6:fa:51:
e0:4a:f7:94:89:66:58:94:50:a1:eb:20:61:84:80:
8d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:63:B5:89:9A:01:1A:9D:63:38:73:C0:C8:C5:F1:BC:FB:E8:0D:E5
X509v3 Authority Key Identifier:
keyid:08:95:3A:5F:11:A8:27:9C:DF:87:98:96:0D:E1:E2:2E:B1:22:7D:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CJU6XxGoJ5zfh5iWDeHiLrEifZU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/42O1iZoBGp1jOHPAyMXxvPvoDeU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/cc94c8-72e4-4398-b37b-71169567e39c/1/CJU6XxGoJ5zfh5iWDeHiLrEifZU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.2.16.0/21
91.224.190.0/23
162.33.228.0/23
185.79.56.0/22
185.149.176.0/22
185.182.147.0/24
185.229.40.0/22
195.49.144.0/22
IPv6:
2a00:e740::/32
Signature Algorithm: sha256WithRSAEncryption
22:b0:fb:37:8d:b7:d0:e7:51:d4:00:d7:15:40:9b:8a:3c:1f:
ea:e9:8f:7b:2a:5f:57:0d:59:98:a0:46:10:77:8b:78:aa:8c:
9b:07:da:eb:12:28:73:50:df:be:9f:50:0d:ef:89:19:b0:5c:
e7:78:7b:5c:df:8a:56:9e:21:a7:e4:02:f9:57:a1:fd:ee:fe:
f2:a4:99:e2:18:24:ae:54:d2:9b:0a:da:c8:ca:90:9b:28:fc:
17:f2:ed:ed:18:5c:b6:2a:f8:9a:54:02:33:6b:4e:a9:fd:d8:
06:9f:61:95:bd:33:71:e6:ad:cc:22:ad:9e:df:8c:69:9b:fa:
00:0e:da:0c:2c:08:e4:e7:ba:27:34:e4:a1:cb:0d:51:be:04:
11:a6:df:c4:ca:70:33:c2:0d:37:7e:46:a4:98:48:52:fc:f6:
a3:83:c3:eb:9a:7d:32:67:cb:98:ee:29:7c:70:ce:5c:1e:d4:
10:e5:46:8f:3d:37:6d:e7:4d:99:48:03:26:3e:49:4d:21:77:
9a:1b:fe:20:ce:97:3d:6b:f0:84:48:0c:85:f0:0a:e4:91:d2:
76:16:58:26:80:e0:b3:ab:62:7b:45:57:57:46:e0:c0:7c:25:
b0:9e:d6:31:ec:60:b1:b4:43:5e:8a:a3:12:42:f5:82:f0:91:
11:b9:79:76
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZRFDrWq5VmqHp1OZqDSAHLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4OTUzYTVmMTFhODI3OWNkZjg3OTg5NjBkZTFlMjJlYjEy
MjdkOTUwHhcNMjUwMTA4MDgzNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYzYjU4OTlhMDExYTlkNjMzODczYzBjOGM1ZjFiY2ZiZTgwZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJI1dc5GUEtuvoaYsw92aqKF7Jf7
fUzxRROMTi29XISVejYSAGY7ljCP8c/DIpF0kO+sjy+2noVyECc+SoVT3D9qa+hx
EIZzpViS61OCxHvN4HPDJ2zVJnizgCNpwwrKUuY23quvuMcWXNEBHRQ6cXEX/tBk
tg0YkFieNJlUh/rB692u5a28WVY8Eml4/5Tzk5f02rgJy63//Fp/HP70R9xcSZBu
ERbhzFH4thrbB1rvTYgcTKJrOLGrMwmV29B7H2P/lrIfLIHO9aTYpSyeYPdO9NS9
s5hhGmxP+amq8CfoLGGFJIvClh2+xK+2+lHgSveUiWZYlFCh6yBhhICN5wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFONjtYmaARqdYzhzwMjF8bz76A3lMB8GA1UdIwQY
MBaAFAiVOl8RqCec34eYlg3h4i6xIn2VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2It
NzExNjk1NjdlMzljLzEvNDJPMWlab0JHcDFqT0hQQXlNWHh2UHZvRGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jYzk0YzgtNzJlNC00Mzk4LWIzN2ItNzExNjk1NjdlMzlj
LzEvQ0pVNlh4R29KNXpmaDVpV0RlSGlMckVpZlpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBQIQAwQB
W+C+AwQBoiHkAwQCuU84AwQCuZWwAwQAubaTAwQCueUoAwQCwzGQMA0EAgACMAcD
BQAqAOdAMA0GCSqGSIb3DQEBCwUAA4IBAQAisPs3jbfQ51HUANcVQJuKPB/q6Y97
Kl9XDVmYoEYQd4t4qoybB9rrEihzUN++n1AN74kZsFzneHtc34pWniGn5AL5V6H9
7v7ypJniGCSuVNKbCtrIypCbKPwX8u3tGFy2KviaVAIza06p/dgGn2GVvTNx5q3M
Iq2e34xpm/oADtoMLAjk57onNOShyw1RvgQRpt/EynAzwg03fkakmEhS/Pajg8Pr
mn0yZ8uY7il8cM5cHtQQ5UaPPTdt502ZSAMmPklNIXeaG/4gzpc9a/CESAyF8Ark
kdJ2FlgmgOCzq2J7RVdXRuDAfCWwntYx7GCxtENeiqMSQvWC8JERuXl2
-----END CERTIFICATE-----
Generated at Fri Apr 25 11:57:47 2025 by rpki-client