Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/MkZrEXKyhFwVvNuGV9aT6iA9e-E.roa
File: MkZrEXKyhFwVvNuGV9aT6iA9e-E.roa (raw, json)
Hash identifier: P+ppmdHA85AavE4SuC0r26COz1iZwYG4tMktUYoh6TQ=
Subject key identifier: 32:46:6B:11:72:B2:84:5C:15:BC:DB:86:57:D6:93:EA:20:3D:7B:E1
Certificate issuer: /CN=72633388a7a5cfe9a7ca19fd74c922dcb12569d3
Certificate serial: 019421B1DFE44D2F9934EC94201EB837F2C9
Authority key identifier: 72:63:33:88:A7:A5:CF:E9:A7:CA:19:FD:74:C9:22:DC:B1:25:69:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cmMziKelz-mnyhn9dMki3LEladM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/MkZrEXKyhFwVvNuGV9aT6iA9e-E.roa
Signing time: Wed 01 Jan 2025 11:48:12 +0000
ROA not before: Wed 01 Jan 2025 11:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197618
IP address blocks: 31.29.96.0/19 maxlen: 24
31.29.99.0/24 maxlen: 24
31.29.110.0/24 maxlen: 24
31.29.111.0/24 maxlen: 24
31.29.115.0/24 maxlen: 24
31.29.116.0/23 maxlen: 23
31.29.120.0/24 maxlen: 24
31.29.126.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:df:e4:4d:2f:99:34:ec:94:20:1e:b8:37:f2:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72633388a7a5cfe9a7ca19fd74c922dcb12569d3
Validity
Not Before: Jan 1 11:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=32466b1172b2845c15bcdb8657d693ea203d7be1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:0b:33:7b:21:0b:a9:dc:83:eb:1a:68:a8:d8:
e2:af:a5:b3:05:1b:27:48:da:ba:da:25:28:f4:cc:
09:f0:f8:3b:d9:8a:70:6b:b0:b7:c3:d8:f7:43:a6:
8f:0e:df:89:d8:b6:f2:39:b2:34:9f:5b:22:1c:20:
a7:cf:08:09:5e:2e:7f:9e:8a:8a:06:65:b3:0b:ca:
49:80:48:6e:59:66:3f:15:40:ec:63:04:17:55:42:
43:fb:1a:85:f0:97:60:91:ef:88:72:55:c0:e4:17:
6e:20:4e:35:00:af:60:ae:0f:ea:c9:74:84:1d:b4:
29:63:19:e8:73:b9:86:b0:21:95:f3:43:56:d7:c7:
8d:bc:90:e5:55:1c:49:9e:53:1c:b3:38:bd:d8:6f:
cf:4a:62:2f:c8:5d:84:0d:18:30:d6:7a:31:d8:04:
22:d2:56:65:12:5b:b6:f0:51:26:22:d4:a4:59:bc:
4a:b8:f3:ff:18:7e:33:a1:4e:d2:e0:ab:4e:17:9e:
bd:84:ac:56:7b:ad:6c:e2:f3:e8:6a:b7:8f:27:6a:
f9:6c:91:2d:fb:dc:57:65:5e:c0:a5:58:25:56:cb:
bc:6c:60:a2:1e:7d:37:f0:ac:26:62:48:10:01:57:
ba:05:7d:14:c4:34:1a:f6:a9:62:bd:23:81:cc:ce:
0a:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:46:6B:11:72:B2:84:5C:15:BC:DB:86:57:D6:93:EA:20:3D:7B:E1
X509v3 Authority Key Identifier:
keyid:72:63:33:88:A7:A5:CF:E9:A7:CA:19:FD:74:C9:22:DC:B1:25:69:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cmMziKelz-mnyhn9dMki3LEladM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/MkZrEXKyhFwVvNuGV9aT6iA9e-E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/8233f2-d3c0-4501-a9c7-138c8417ae93/1/cmMziKelz-mnyhn9dMki3LEladM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.29.96.0/19
Signature Algorithm: sha256WithRSAEncryption
46:7d:93:ea:25:1f:16:f4:4d:5c:85:07:00:95:9a:32:77:c2:
1b:1e:22:61:f5:6a:55:43:da:84:90:09:7a:a7:7c:87:bc:b9:
3e:d6:30:66:36:11:d0:3e:47:07:4b:72:8f:6c:8c:fd:2b:87:
75:28:0b:a0:75:c7:86:fc:a6:92:82:09:53:ae:c5:5d:8a:57:
20:3a:09:05:e9:d7:a2:52:60:e7:33:79:44:2b:a3:bc:87:52:
8e:e9:ad:35:97:7b:da:84:0d:f5:b4:8a:6b:8d:f0:d6:f0:5b:
77:b5:1f:4e:91:0e:6f:be:6c:d0:51:e8:2f:77:47:a4:3e:f9:
c4:cc:f5:80:eb:68:3c:57:c8:2f:fc:78:21:8c:d6:42:7c:c8:
0a:60:9b:72:9a:56:30:1a:f3:b1:da:d4:c0:ce:31:0c:a8:21:
58:c8:90:1b:f3:5b:0f:f5:d4:86:96:76:b9:44:cf:2e:77:61:
a8:94:04:6c:21:f6:9b:a7:c8:d5:96:a4:88:98:1a:c2:95:7b:
e1:82:a9:76:30:c5:66:f1:4e:66:f7:c3:63:23:0a:47:d0:1a:
b9:f9:d5:71:39:ce:88:5d:cd:a2:60:03:99:ef:64:1b:fa:ef:
ff:19:a6:da:0b:4e:6c:41:ad:6b:d4:bb:bd:58:ca:4f:ca:73:
5a:fc:ea:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsd/kTS+ZNOyUIB64N/LJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNjMzMzg4YTdhNWNmZTlhN2NhMTlmZDc0YzkyMmRjYjEy
NTY5ZDMwHhcNMjUwMTAxMTE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ2NmIxMTcyYjI4NDVjMTViY2RiODY1N2Q2OTNlYTIwM2Q3YmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQszeyELqdyD6xpoqNjir6WzBRsn
SNq62iUo9MwJ8Pg72Ypwa7C3w9j3Q6aPDt+J2LbyObI0n1siHCCnzwgJXi5/noqK
BmWzC8pJgEhuWWY/FUDsYwQXVUJD+xqF8Jdgke+IclXA5BduIE41AK9grg/qyXSE
HbQpYxnoc7mGsCGV80NW18eNvJDlVRxJnlMcszi92G/PSmIvyF2EDRgw1nox2AQi
0lZlElu28FEmItSkWbxKuPP/GH4zoU7S4KtOF569hKxWe61s4vPoarePJ2r5bJEt
+9xXZV7ApVglVsu8bGCiHn038KwmYkgQAVe6BX0UxDQa9qlivSOBzM4KGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJGaxFysoRcFbzbhlfWk+ogPXvhMB8GA1UdIwQY
MBaAFHJjM4inpc/pp8oZ/XTJItyxJWnTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY21NemlLZWx6LW1ueWhuOWRNa2kzTEVsYWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS84MjMzZjItZDNjMC00NTAxLWE5Yzct
MTM4Yzg0MTdhZTkzLzEvTWtackVYS3loRndWdk51R1Y5YVQ2aUE5ZS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS84MjMzZjItZDNjMC00NTAxLWE5YzctMTM4Yzg0MTdhZTkz
LzEvY21NemlLZWx6LW1ueWhuOWRNa2kzTEVsYWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFHx1gMA0G
CSqGSIb3DQEBCwUAA4IBAQBGfZPqJR8W9E1chQcAlZoyd8IbHiJh9WpVQ9qEkAl6
p3yHvLk+1jBmNhHQPkcHS3KPbIz9K4d1KAugdceG/KaSgglTrsVdilcgOgkF6dei
UmDnM3lEK6O8h1KO6a01l3vahA31tIprjfDW8Ft3tR9OkQ5vvmzQUegvd0ekPvnE
zPWA62g8V8gv/HghjNZCfMgKYJtymlYwGvOx2tTAzjEMqCFYyJAb81sP9dSGlna5
RM8ud2GolARsIfabp8jVlqSImBrClXvhgql2MMVm8U5m98NjIwpH0Bq5+dVxOc6I
Xc2iYAOZ72Qb+u//GabaC05sQa1r1Lu9WMpPynNa/Oph
-----END CERTIFICATE-----
Generated at Fri Apr 25 04:19:41 2025 by rpki-client