Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YbhAQsGZAXlqWtGIUO2Pnaghgo4.roa
File: YbhAQsGZAXlqWtGIUO2Pnaghgo4.roa (raw, json)
Hash identifier: ZUVNSvdQRbISFmCKecrqEnYfrSOFB3YD3rU3EGYEJAg=
Subject key identifier: 61:B8:40:42:C1:99:01:79:6A:5A:D1:88:50:ED:8F:9D:A8:21:82:8E
Certificate issuer: /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial: 01944A64ADC37940A70CFAF53F2E924505A9
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YbhAQsGZAXlqWtGIUO2Pnaghgo4.roa
Signing time: Thu 09 Jan 2025 09:28:19 +0000
ROA not before: Thu 09 Jan 2025 09:28:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42956
IP address blocks: 78.128.110.0/23 maxlen: 24
78.142.36.0/24 maxlen: 24
78.142.40.0/22 maxlen: 24
79.124.2.0/23 maxlen: 24
79.124.83.0/24 maxlen: 24
79.124.86.0/24 maxlen: 24
80.72.81.0/24 maxlen: 24
94.72.142.0/24 maxlen: 24
94.72.144.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4a:64:ad:c3:79:40:a7:0c:fa:f5:3f:2e:92:45:05:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Validity
Not Before: Jan 9 09:28:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=61b84042c19901796a5ad18850ed8f9da821828e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f7:27:2b:ce:14:62:c3:41:3f:23:fe:e1:a7:d8:
48:64:2a:14:48:42:22:a2:db:41:55:e9:fe:df:4e:
1b:59:7f:19:8d:68:c4:10:e7:a6:29:f2:80:58:21:
aa:5a:a4:c7:a4:da:ec:f7:78:08:09:57:73:a8:f4:
02:83:4a:0d:fe:ab:a5:4f:25:ac:58:b6:a8:71:3c:
a2:a1:e3:8d:65:89:2b:a8:3a:3e:fb:bb:f6:85:1d:
db:da:f0:a0:9b:92:80:5b:c9:ec:0b:24:8d:0a:0a:
c2:1d:5a:ab:6d:d1:e2:95:4d:fe:c1:aa:f7:ee:48:
bc:f4:af:c2:b6:8e:4f:65:82:6b:6e:99:a1:01:21:
f6:a8:56:3f:c5:e2:32:6c:32:cc:6c:32:9c:66:68:
c3:28:dd:a2:46:3a:f7:d6:a3:8c:50:da:d1:ed:12:
34:a7:10:cd:67:d2:63:1c:87:0a:52:ea:c5:9a:8c:
bd:d0:77:0e:5d:11:4b:b4:20:d0:7e:57:8c:e3:d3:
fd:d3:08:ef:da:65:85:57:00:99:7c:2b:0c:29:1b:
23:8a:5d:52:ef:56:bf:ca:24:de:ac:b5:5e:84:30:
77:29:2b:6f:ec:5e:e1:d6:4b:cb:ae:a6:68:95:7a:
f5:c5:a6:fa:52:66:62:4d:99:55:15:14:6b:3e:c9:
e6:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:B8:40:42:C1:99:01:79:6A:5A:D1:88:50:ED:8F:9D:A8:21:82:8E
X509v3 Authority Key Identifier:
keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/YbhAQsGZAXlqWtGIUO2Pnaghgo4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.128.110.0/23
78.142.36.0/24
78.142.40.0/22
79.124.2.0/23
79.124.83.0/24
79.124.86.0/24
80.72.81.0/24
94.72.142.0/24
94.72.144.0/24
Signature Algorithm: sha256WithRSAEncryption
c8:05:c0:79:d7:46:9f:cf:30:65:c4:90:71:79:8c:ec:80:88:
a3:cd:15:33:d4:a3:82:c4:8b:35:75:cf:12:e0:88:6b:df:dd:
19:b8:2b:b9:c7:f8:06:c0:ec:92:d0:1e:00:8f:d5:25:a0:6e:
ad:97:51:de:45:70:45:86:8c:00:9b:76:53:5f:4d:b4:09:ea:
70:5d:8d:01:17:70:fb:77:f7:16:c8:5c:22:c0:ee:b3:ef:d5:
35:3c:ba:8d:56:d9:87:2f:e6:07:3b:44:81:e4:1f:7b:30:cc:
d4:5f:7f:b5:27:04:bc:4e:60:60:ff:73:9d:27:9d:91:79:9a:
35:02:e2:12:31:ef:ff:9b:63:27:69:c0:8e:8d:2e:4c:9b:22:
43:b0:fe:e1:42:8c:3f:fc:da:6c:b8:f7:e7:16:44:0b:c6:bf:
8e:86:28:32:4d:fb:8a:66:92:5f:1c:45:82:53:42:af:8d:11:
ab:06:11:a2:a7:64:8d:e3:88:fc:56:73:13:9a:fb:be:0d:c4:
ae:46:1c:32:66:b2:4e:59:c2:c8:f9:9a:7b:f2:86:a8:93:5f:
eb:01:ed:09:b6:2d:8a:45:44:cd:f7:23:19:8c:7d:94:11:87:
1d:a6:bf:3b:cc:5d:32:36:38:d4:f5:16:45:f2:d4:cc:14:d7:
b7:4f:17:f3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZRKZK3DeUCnDPr1Py6SRQWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWI4NDA0MmMxOTkwMTc5NmE1YWQxODg1MGVkOGY5ZGE4MjE4MjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ycrzhRiw0E/I/7hp9hIZCoUSEIi
ottBVen+304bWX8ZjWjEEOemKfKAWCGqWqTHpNrs93gICVdzqPQCg0oN/qulTyWs
WLaocTyioeONZYkrqDo++7v2hR3b2vCgm5KAW8nsCySNCgrCHVqrbdHilU3+war3
7ki89K/Cto5PZYJrbpmhASH2qFY/xeIybDLMbDKcZmjDKN2iRjr31qOMUNrR7RI0
pxDNZ9JjHIcKUurFmoy90HcOXRFLtCDQfleM49P90wjv2mWFVwCZfCsMKRsjil1S
71a/yiTerLVehDB3KStv7F7h1kvLrqZolXr1xab6UmZiTZlVFRRrPsnmCQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGG4QELBmQF5alrRiFDtj52oIYKOMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvWWJoQVFzR1pBWGxxV3RHSVVPMlBuYWdoZ280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBToBuAwQA
To4kAwQCTo4oAwQBT3wCAwQAT3xTAwQAT3xWAwQAUEhRAwQAXkiOAwQAXkiQMA0G
CSqGSIb3DQEBCwUAA4IBAQDIBcB510afzzBlxJBxeYzsgIijzRUz1KOCxIs1dc8S
4Ihr390ZuCu5x/gGwOyS0B4Aj9UloG6tl1HeRXBFhowAm3ZTX020CepwXY0BF3D7
d/cWyFwiwO6z79U1PLqNVtmHL+YHO0SB5B97MMzUX3+1JwS8TmBg/3OdJ52ReZo1
AuISMe//m2MnacCOjS5MmyJDsP7hQow//NpsuPfnFkQLxr+OhigyTfuKZpJfHEWC
U0KvjRGrBhGip2SN44j8VnMTmvu+DcSuRhwyZrJOWcLI+Zp78oaok1/rAe0Jti2K
RUTN9yMZjH2UEYcdpr87zF0yNjjU9RZF8tTMFNe3Txfz
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:00:07 2025 by rpki-client