Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/MXST_7VxoAANhfz5HopBnTAfZfE.roa
File: MXST_7VxoAANhfz5HopBnTAfZfE.roa (raw, json)
Hash identifier: WwAleikgSWf+4k301L6Hz+MXSbtdCoBSAXsJKdsGXBk=
Subject key identifier: 31:74:93:FF:B5:71:A0:00:0D:85:FC:F9:1E:8A:41:9D:30:1F:65:F1
Certificate issuer: /CN=4866d4027de3c27e897d72adb2c86d87ab7e5ac2
Certificate serial: 01942144495682BBCAC293997592FE275F16
Authority key identifier: 48:66:D4:02:7D:E3:C2:7E:89:7D:72:AD:B2:C8:6D:87:AB:7E:5A:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SGbUAn3jwn6JfXKtsshth6t-WsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/MXST_7VxoAANhfz5HopBnTAfZfE.roa
Signing time: Wed 01 Jan 2025 09:48:30 +0000
ROA not before: Wed 01 Jan 2025 09:48:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208808
IP address blocks: 31.13.210.0/24 maxlen: 24
45.140.196.0/22 maxlen: 22
78.138.18.0/23 maxlen: 23
78.138.26.0/23 maxlen: 23
78.138.28.0/23 maxlen: 23
78.138.42.0/23 maxlen: 23
87.120.80.0/23 maxlen: 23
87.120.203.0/24 maxlen: 24
89.36.232.0/22 maxlen: 22
89.46.132.0/22 maxlen: 22
92.243.68.0/24 maxlen: 24
92.243.71.0/24 maxlen: 24
92.243.86.0/23 maxlen: 23
92.243.90.0/23 maxlen: 23
92.243.94.0/23 maxlen: 23
93.114.92.0/22 maxlen: 22
93.115.48.0/22 maxlen: 22
94.156.26.0/23 maxlen: 23
103.43.40.0/22 maxlen: 22
103.104.108.0/22 maxlen: 22
103.208.72.0/22 maxlen: 22
160.202.156.0/22 maxlen: 22
185.201.76.0/22 maxlen: 22
212.73.152.0/24 maxlen: 24
212.73.153.0/24 maxlen: 24
213.255.210.0/23 maxlen: 23
213.255.216.0/23 maxlen: 23
213.255.224.0/23 maxlen: 23
213.255.244.0/23 maxlen: 23
2a0a:bd40::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:49:56:82:bb:ca:c2:93:99:75:92:fe:27:5f:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4866d4027de3c27e897d72adb2c86d87ab7e5ac2
Validity
Not Before: Jan 1 09:48:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=317493ffb571a0000d85fcf91e8a419d301f65f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:8a:10:f6:fc:2e:8f:60:e0:e3:ab:08:4a:7f:
97:e5:2b:62:82:09:26:74:6e:87:a9:29:d7:89:be:
64:d0:28:de:9e:3d:4d:11:c4:b3:dc:31:09:48:53:
0e:4b:1b:c2:fb:5e:ba:3d:df:51:c7:df:9c:36:be:
9e:a9:56:d5:f5:03:81:4b:f6:74:d2:e2:1a:55:67:
39:fd:65:9a:9c:75:87:64:9a:f8:76:ed:eb:9e:b7:
f6:1c:48:3b:df:df:94:d1:95:a7:79:5f:ec:0a:00:
84:70:06:cb:78:fc:56:e4:62:32:b0:eb:00:63:8d:
07:c8:16:b1:55:9c:e2:24:73:f5:33:62:35:14:48:
00:48:a7:ec:db:60:9e:c2:ee:ab:e0:99:67:b8:80:
1d:2b:79:4a:bb:80:cf:ae:37:fd:6e:eb:dc:83:ae:
25:cf:8a:01:da:db:37:19:09:f9:8a:3c:7b:df:26:
e0:69:f8:a0:a8:e4:c6:41:3d:b7:cf:6a:99:9e:17:
1b:fc:ef:f0:8f:57:89:e7:07:0a:78:2b:f5:23:67:
dc:ca:a0:79:25:65:bf:19:ae:73:f4:53:9b:1b:93:
37:7b:ea:cd:04:c2:f5:9a:81:07:91:8f:79:cb:e7:
72:08:4f:65:11:db:d0:65:7e:fe:b6:88:e0:8a:34:
24:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:74:93:FF:B5:71:A0:00:0D:85:FC:F9:1E:8A:41:9D:30:1F:65:F1
X509v3 Authority Key Identifier:
keyid:48:66:D4:02:7D:E3:C2:7E:89:7D:72:AD:B2:C8:6D:87:AB:7E:5A:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SGbUAn3jwn6JfXKtsshth6t-WsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/MXST_7VxoAANhfz5HopBnTAfZfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/96/556ad5-2e6b-4d51-856c-61c9c29c275d/1/SGbUAn3jwn6JfXKtsshth6t-WsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.210.0/24
45.140.196.0/22
78.138.18.0/23
78.138.26.0-78.138.29.255
78.138.42.0/23
87.120.80.0/23
87.120.203.0/24
89.36.232.0/22
89.46.132.0/22
92.243.68.0/24
92.243.71.0/24
92.243.86.0/23
92.243.90.0/23
92.243.94.0/23
93.114.92.0/22
93.115.48.0/22
94.156.26.0/23
103.43.40.0/22
103.104.108.0/22
103.208.72.0/22
160.202.156.0/22
185.201.76.0/22
212.73.152.0/23
213.255.210.0/23
213.255.216.0/23
213.255.224.0/23
213.255.244.0/23
IPv6:
2a0a:bd40::/29
Signature Algorithm: sha256WithRSAEncryption
03:9d:04:fb:cf:22:97:69:d2:1c:d8:4d:b2:02:d9:93:a2:12:
76:78:d8:ce:9f:df:3a:b7:d9:6c:7c:1f:e3:f3:cc:db:0f:f3:
77:a1:d6:64:85:5f:a1:6e:d3:16:e9:b2:ce:da:9c:fc:57:ca:
6f:47:3a:2e:45:cc:d6:e2:b8:a1:63:31:33:ef:f2:98:53:6d:
ae:95:95:9c:2b:0f:e6:09:98:5b:79:9a:ae:99:5f:ee:89:45:
94:08:95:be:25:d8:0e:6e:47:8a:cc:11:82:c2:a2:99:3d:80:
3e:e7:bd:89:c4:07:c6:51:12:d4:f2:d6:c0:5f:a6:43:af:c4:
61:ba:ce:0b:20:13:eb:52:ad:45:9c:fe:79:32:92:70:78:0c:
e3:88:eb:f0:9f:f4:18:ba:ba:08:e8:58:87:71:1f:14:11:64:
71:74:e4:ae:3e:97:03:e5:7b:2c:be:72:d3:c5:94:24:dc:93:
55:03:6f:c8:85:43:8f:a0:f0:39:fe:fc:65:96:bc:43:2d:39:
d2:53:90:60:6f:3a:1d:d7:ac:af:1f:65:3e:34:ba:2d:7d:b0:
dd:fc:7c:f4:f0:c0:16:3e:8e:95:ac:86:1f:29:3e:d9:a5:85:
98:88:4c:a2:0c:c0:8f:f2:93:fc:bb:55:ab:26:24:a2:b6:61:
26:f8:5d:17
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAZQhRElWgrvKwpOZdZL+J18WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4NjZkNDAyN2RlM2MyN2U4OTdkNzJhZGIyYzg2ZDg3YWI3
ZTVhYzIwHhcNMjUwMTAxMDk0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc0OTNmZmI1NzFhMDAwMGQ4NWZjZjkxZThhNDE5ZDMwMWY2NWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnooQ9vwuj2Dg46sISn+X5Stiggkm
dG6HqSnXib5k0Cjenj1NEcSz3DEJSFMOSxvC+166Pd9Rx9+cNr6eqVbV9QOBS/Z0
0uIaVWc5/WWanHWHZJr4du3rnrf2HEg739+U0ZWneV/sCgCEcAbLePxW5GIysOsA
Y40HyBaxVZziJHP1M2I1FEgASKfs22Cewu6r4JlnuIAdK3lKu4DPrjf9buvcg64l
z4oB2ts3GQn5ijx73ybgafigqOTGQT23z2qZnhcb/O/wj1eJ5wcKeCv1I2fcyqB5
JWW/Ga5z9FObG5M3e+rNBML1moEHkY95y+dyCE9lEdvQZX7+tojgijQkBwIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFDF0k/+1caAADYX8+R6KQZ0wH2XxMB8GA1UdIwQY
MBaAFEhm1AJ948J+iX1yrbLIbYerflrCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0diVUFuM2p3bjZKZlhLdHNzaHRoNnQtV3NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni81NTZhZDUtMmU2Yi00ZDUxLTg1NmMt
NjFjOWMyOWMyNzVkLzEvTVhTVF83VnhvQUFOaGZ6NUhvcEJuVEFmWmZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni81NTZhZDUtMmU2Yi00ZDUxLTg1NmMtNjFjOWMyOWMyNzVk
LzEvU0diVUFuM2p3bjZKZlhLdHNzaHRoNnQtV3NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHWBggrBgEFBQcBBwEB/wSBxjCBwzCBsQQCAAEwgaoDBAAf
DdIDBAItjMQDBAFOihIwDAMEAU6KGgMEAU6KHAMEAU6KKgMEAVd4UAMEAFd4ywME
Alkk6AMEAlkuhAMEAFzzRAMEAFzzRwMEAVzzVgMEAVzzWgMEAVzzXgMEAl1yXAME
Al1zMAMEAV6cGgMEAmcrKAMEAmdobAMEAmfQSAMEAqDKnAMEArnJTAMEAdRJmAME
AdX/0gMEAdX/2AMEAdX/4AMEAdX/9DANBAIAAjAHAwUDKgq9QDANBgkqhkiG9w0B
AQsFAAOCAQEAA50E+88il2nSHNhNsgLZk6ISdnjYzp/fOrfZbHwf4/PM2w/zd6HW
ZIVfoW7TFumyztqc/FfKb0c6LkXM1uK4oWMxM+/ymFNtrpWVnCsP5gmYW3marplf
7olFlAiVviXYDm5HiswRgsKimT2APue9icQHxlES1PLWwF+mQ6/EYbrOCyAT61Kt
RZz+eTKScHgM44jr8J/0GLq6COhYh3EfFBFkcXTkrj6XA+V7LL5y08WUJNyTVQNv
yIVDj6DwOf78ZZa8Qy050lOQYG86Hdesrx9lPjS6LX2w3fx89PDAFj6OlayGHyk+
2aWFmIhMogzAj/KT/LtVqyYkorZhJvhdFw==
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:43:13 2025 by rpki-client