Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/BAFnA8E_-fRHFvJR66V5dNg4Xzc.roa
File: BAFnA8E_-fRHFvJR66V5dNg4Xzc.roa (raw, json)
Hash identifier: zli04q+UUFDZ6LvNlKF4wEZntdZy+cQL9il9Oh4rSZo=
Subject key identifier: 04:01:67:03:C1:3F:F9:F4:47:16:F2:51:EB:A5:79:74:D8:38:5F:37
Certificate issuer: /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial: 01941F8C43BDEF30A3580EC2EC8DB4E4E7FF
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/BAFnA8E_-fRHFvJR66V5dNg4Xzc.roa
Signing time: Wed 01 Jan 2025 01:47:53 +0000
ROA not before: Wed 01 Jan 2025 01:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200000
IP address blocks: 37.139.64.0/21 maxlen: 21
45.154.218.0/24 maxlen: 24
46.247.80.0/21 maxlen: 21
89.19.128.0/19 maxlen: 19
91.105.208.0/21 maxlen: 21
109.205.96.0/21 maxlen: 21
173.242.48.0/20 maxlen: 20
185.25.116.0/22 maxlen: 22
185.39.224.0/22 maxlen: 22
185.65.244.0/22 maxlen: 22
185.68.16.0/22 maxlen: 22
185.68.16.0/24 maxlen: 24
185.69.152.0/22 maxlen: 22
185.104.44.0/22 maxlen: 22
185.104.45.0/24 maxlen: 24
185.124.8.0/22 maxlen: 22
185.130.120.0/22 maxlen: 22
185.149.40.0/22 maxlen: 22
185.209.168.0/22 maxlen: 22
185.225.212.0/22 maxlen: 22
185.226.24.0/22 maxlen: 22
185.233.36.0/22 maxlen: 22
185.233.40.0/22 maxlen: 22
185.233.44.0/22 maxlen: 22
185.233.116.0/22 maxlen: 22
185.233.120.0/22 maxlen: 22
185.233.136.0/22 maxlen: 22
185.233.152.0/22 maxlen: 23
185.234.176.0/22 maxlen: 22
185.235.168.0/22 maxlen: 22
185.239.180.0/22 maxlen: 22
217.173.208.0/20 maxlen: 20
2a00:7a60::/32 maxlen: 32
2a04:8000::/29 maxlen: 29
2a05:480::/29 maxlen: 29
2a06:6440::/29 maxlen: 29
2a0c:680::/29 maxlen: 29
2a0c:681::/32 maxlen: 32
2a0c:682::/31 maxlen: 31
2a0c:684::/30 maxlen: 30
2a0c:780::/29 maxlen: 29
2a0c:880::/29 maxlen: 29
2a0c:a80::/29 maxlen: 29
2a0c:c80::/29 maxlen: 29
2a0c:d80::/29 maxlen: 29
2a0c:e80::/29 maxlen: 29
2a0c:6080::/29 maxlen: 29
2a0d:1100::/29 maxlen: 29
2a0d:6500::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:43:bd:ef:30:a3:58:0e:c2:ec:8d:b4:e4:e7:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Validity
Not Before: Jan 1 01:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04016703c13ff9f44716f251eba57974d8385f37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:3a:4e:45:1e:48:d6:3b:52:c1:9c:3b:92:c2:
a4:a4:5d:37:0b:e9:31:55:fe:0e:56:06:b5:d6:2e:
8c:e4:3a:24:ed:f1:d2:99:af:e9:ca:c9:ca:c9:c1:
cf:71:9a:59:1a:a5:7c:97:b1:c1:54:ea:fb:2b:b3:
1f:71:3d:50:fb:26:d7:01:a0:55:e5:13:ba:45:27:
fe:11:70:96:23:cf:9c:6f:1d:f5:d6:12:43:29:43:
b4:de:22:13:d7:1f:e5:d5:b9:ab:e3:14:ce:83:35:
89:e4:42:a1:bc:d1:00:66:eb:f1:a0:d0:09:37:cc:
44:87:a8:ac:f8:b9:d3:05:2c:7c:2f:86:82:7d:74:
a9:9a:c0:63:a2:02:45:1a:a0:d8:04:89:e6:1c:53:
56:6c:bb:d5:4f:f4:5f:33:22:72:69:54:f4:17:5f:
6b:a9:bd:95:55:de:2c:c8:25:27:54:69:31:a1:7e:
91:1a:42:2b:bb:f7:74:f4:03:35:76:80:78:e3:73:
5c:46:b7:d9:2e:42:2e:9d:58:40:3c:6e:3d:c2:39:
77:18:89:8a:3a:ee:cb:70:a7:73:04:0e:4c:a8:3a:
e9:00:69:b3:97:c8:9f:ae:7e:36:79:59:80:77:ca:
48:87:5a:37:8e:a2:10:21:21:92:f8:72:27:2f:bb:
c9:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:01:67:03:C1:3F:F9:F4:47:16:F2:51:EB:A5:79:74:D8:38:5F:37
X509v3 Authority Key Identifier:
keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/BAFnA8E_-fRHFvJR66V5dNg4Xzc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.64.0/21
45.154.218.0/24
46.247.80.0/21
89.19.128.0/19
91.105.208.0/21
109.205.96.0/21
173.242.48.0/20
185.25.116.0/22
185.39.224.0/22
185.65.244.0/22
185.68.16.0/22
185.69.152.0/22
185.104.44.0/22
185.124.8.0/22
185.130.120.0/22
185.149.40.0/22
185.209.168.0/22
185.225.212.0/22
185.226.24.0/22
185.233.36.0-185.233.47.255
185.233.116.0-185.233.123.255
185.233.136.0/22
185.233.152.0/22
185.234.176.0/22
185.235.168.0/22
185.239.180.0/22
217.173.208.0/20
IPv6:
2a00:7a60::/32
2a04:8000::/29
2a05:480::/29
2a06:6440::/29
2a0c:680::/29
2a0c:780::/29
2a0c:880::/29
2a0c:a80::/29
2a0c:c80::/29
2a0c:d80::/29
2a0c:e80::/29
2a0c:6080::/29
2a0d:1100::/29
2a0d:6500::/29
Signature Algorithm: sha256WithRSAEncryption
47:95:4c:a2:c9:d6:5c:94:b4:93:86:94:4f:b1:73:ad:f0:f2:
d4:f1:c9:f7:d2:ad:18:ba:8a:16:be:55:44:24:01:1a:0f:bf:
13:fe:01:3a:fc:69:81:19:3c:0d:ed:f9:c2:c8:31:16:d8:db:
ea:47:25:d6:53:99:8a:d1:05:b7:ac:e7:42:c5:b0:8f:9e:40:
09:0e:8b:0d:f1:b2:b3:21:e7:1d:5f:b3:9f:37:d2:21:ef:73:
a2:c0:73:34:49:38:d3:be:48:95:57:6b:cf:95:8b:bf:1c:ed:
e9:71:0b:fe:9b:05:ea:a1:89:cb:73:fd:de:8f:59:1e:3e:89:
5b:d6:33:b6:69:0f:19:65:85:e6:78:f7:4b:ef:e9:27:77:b2:
84:7d:18:78:93:48:d8:3a:e7:15:83:a9:05:6c:5a:8b:41:43:
84:a3:0a:45:df:2d:c6:36:47:c5:c8:8b:bb:ad:72:34:6a:49:
0c:c9:fc:6d:2a:84:34:32:00:d8:27:2e:66:c5:59:80:db:63:
d5:99:fc:7d:21:5e:ee:fe:5e:e3:b1:a1:65:ca:79:85:72:b0:
a2:a6:07:c4:7f:bc:1b:0a:12:87:b9:87:49:17:e6:59:4e:be:
a4:49:c5:a9:99:3f:ea:ac:83:97:81:10:39:b2:fd:e0:89:ca:
31:71:8d:18
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAZQfjEO97zCjWA7C7I205Of/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDAxNjcwM2MxM2ZmOWY0NDcxNmYyNTFlYmE1Nzk3NGQ4Mzg1ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DpORR5I1jtSwZw7ksKkpF03C+kx
Vf4OVga11i6M5Dok7fHSma/pysnKycHPcZpZGqV8l7HBVOr7K7MfcT1Q+ybXAaBV
5RO6RSf+EXCWI8+cbx311hJDKUO03iIT1x/l1bmr4xTOgzWJ5EKhvNEAZuvxoNAJ
N8xEh6is+LnTBSx8L4aCfXSpmsBjogJFGqDYBInmHFNWbLvVT/RfMyJyaVT0F19r
qb2VVd4syCUnVGkxoX6RGkIru/d09AM1doB443NcRrfZLkIunVhAPG49wjl3GImK
Ou7LcKdzBA5MqDrpAGmzl8ifrn42eVmAd8pIh1o3jqIQISGS+HInL7vJhQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFAQBZwPBP/n0RxbyUeuleXTYOF83MB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvQkFGbkE4RV8tZlJIRnZKUjY2VjVkTmc0WHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCBuQQCAAEwgbID
BAMli0ADBAAtmtoDBAMu91ADBAVZE4ADBANbadADBANtzWADBASt8jADBAK5GXQD
BAK5J+ADBAK5QfQDBAK5RBADBAK5RZgDBAK5aCwDBAK5fAgDBAK5gngDBAK5lSgD
BAK50agDBAK54dQDBAK54hgwDAMEArnpJAMEBLnpIDAMAwQCuel0AwQCuel4AwQC
uemIAwQCuemYAwQCueqwAwQCueuoAwQCue+0AwQE2a3QMGgEAgACMGIDBQAqAHpg
AwUDKgSAAAMFAyoFBIADBQMqBmRAAwUDKgwGgAMFAyoMB4ADBQMqDAiAAwUDKgwK
gAMFAyoMDIADBQMqDA2AAwUDKgwOgAMFAyoMYIADBQMqDREAAwUDKg1lADANBgkq
hkiG9w0BAQsFAAOCAQEAR5VMosnWXJS0k4aUT7FzrfDy1PHJ99KtGLqKFr5VRCQB
Gg+/E/4BOvxpgRk8De35wsgxFtjb6kcl1lOZitEFt6znQsWwj55ACQ6LDfGysyHn
HV+znzfSIe9zosBzNEk4075IlVdrz5WLvxzt6XEL/psF6qGJy3P93o9ZHj6JW9Yz
tmkPGWWF5nj3S+/pJ3eyhH0YeJNI2DrnFYOpBWxai0FDhKMKRd8txjZHxciLu61y
NGpJDMn8bSqENDIA2CcuZsVZgNtj1Zn8fSFe7v5e47GhZcp5hXKwoqYHxH+8GwoS
h7mHSRfmWU6+pEnFqZk/6qyDl4EQObL94InKMXGNGA==
-----END CERTIFICATE-----
Generated at Fri Apr 25 09:24:49 2025 by rpki-client