Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/exRb-rHcA90oTXk_rLfDmE2va0Q.roa
File: exRb-rHcA90oTXk_rLfDmE2va0Q.roa (raw, json)
Hash identifier: o03D8YYP7kHIc/dGF0EKjd2OHviH18SfZbezk98xob4=
Subject key identifier: 7B:14:5B:FA:B1:DC:03:DD:28:4D:79:3F:AC:B7:C3:98:4D:AF:6B:44
Certificate issuer: /CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Certificate serial: 019425FBFA078A00DDB8CDA812903C923589
Authority key identifier: BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/exRb-rHcA90oTXk_rLfDmE2va0Q.roa
Signing time: Thu 02 Jan 2025 07:47:38 +0000
ROA not before: Thu 02 Jan 2025 07:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49586
IP address blocks: 137.221.24.0/21 maxlen: 21
137.221.25.64/27 maxlen: 27
185.7.132.0/22 maxlen: 22
188.95.240.0/21 maxlen: 21
188.95.240.64/26 maxlen: 26
188.95.240.208/29 maxlen: 29
188.95.240.216/29 maxlen: 29
188.95.240.248/29 maxlen: 29
188.95.242.16/30 maxlen: 31
188.95.242.254/31 maxlen: 31
2a00:10b0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fb:fa:07:8a:00:dd:b8:cd:a8:12:90:3c:92:35:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Validity
Not Before: Jan 2 07:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7b145bfab1dc03dd284d793facb7c3984daf6b44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d5:f2:7e:45:5e:60:b9:53:bd:68:7a:52:d6:
5f:74:dd:f9:dc:82:d5:f8:44:6f:4c:cc:7c:47:e3:
e8:23:03:bf:e9:9d:fa:3c:99:b7:68:31:cc:d6:b0:
d4:bc:28:fc:33:98:5e:5d:46:be:c7:cf:b0:92:a7:
e0:10:59:19:28:c2:cf:e1:46:10:54:14:e7:cd:ac:
57:75:a2:22:d0:08:39:6b:73:2c:cc:cb:00:22:9f:
68:d3:d7:73:14:94:0e:89:10:fc:07:0f:b7:3d:4d:
6b:fe:11:b4:c4:f9:d3:a2:87:eb:cc:84:d4:2f:ce:
b0:ed:41:a5:da:ca:f9:89:46:d4:d3:67:52:e5:97:
87:f9:50:04:b3:b7:7c:32:b0:7a:f7:4f:7d:49:3d:
d0:70:0a:42:8c:e4:8f:ec:de:d4:47:c6:ab:a7:5e:
e9:f3:01:ce:d2:eb:f2:80:62:bb:7d:7f:27:a7:4e:
55:25:8b:6c:1a:a1:c7:1c:80:13:cf:04:f0:ea:2b:
d1:ad:8c:ad:4b:d3:93:5b:8a:0b:6f:96:f4:70:ea:
62:0c:7a:78:b4:3e:2f:45:64:a5:20:05:cd:91:39:
66:7e:e7:25:17:1d:0e:53:de:ca:10:e7:9a:32:56:
f0:68:66:fc:82:ae:1a:e2:51:ad:75:38:ec:63:44:
55:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:14:5B:FA:B1:DC:03:DD:28:4D:79:3F:AC:B7:C3:98:4D:AF:6B:44
X509v3 Authority Key Identifier:
keyid:BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/exRb-rHcA90oTXk_rLfDmE2va0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.221.24.0/21
185.7.132.0/22
188.95.240.0/21
IPv6:
2a00:10b0::/29
Signature Algorithm: sha256WithRSAEncryption
12:6b:5c:30:84:9c:46:8c:bf:a6:d4:9b:2d:53:3e:b1:96:c5:
9b:8c:ef:3f:ee:58:79:a8:b6:d2:42:ff:11:5c:b2:c4:52:5c:
31:c3:b2:78:0f:c7:37:2a:52:74:94:3a:35:6f:c3:01:6d:bb:
b5:82:ec:0a:11:86:b4:34:ad:08:05:16:80:0e:73:d8:d3:f2:
e0:3d:bd:c6:21:fb:38:db:1c:be:3b:31:43:d4:a3:c6:93:bc:
a4:e2:cf:ef:84:fc:b5:26:f3:0c:14:72:a9:67:c9:df:8c:10:
33:3c:ee:99:16:ad:24:c6:8d:2d:6f:4f:4d:62:a1:1a:8c:19:
7e:9e:76:8b:f7:15:28:e1:cf:5b:1f:35:b7:c6:56:a0:86:a3:
70:fe:0c:d5:7e:ef:74:a8:38:01:64:06:47:bd:42:b3:84:a5:
ae:86:cc:5e:82:bb:48:0b:70:c0:56:27:9c:a4:d6:df:da:59:
80:f1:82:2a:35:d1:72:0b:3a:53:9c:81:fb:2c:af:77:e8:25:
78:e7:b1:7a:b0:36:a7:73:d9:c9:d2:02:c7:90:3e:d1:53:bc:
99:a5:6f:25:e7:a7:53:1e:d9:ea:e1:4f:ea:1e:9f:62:f6:16:
b5:46:18:c2:21:f1:c7:b9:0b:77:47:38:42:11:45:da:89:a3:
a2:cf:fe:05
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQl+/oHigDduM2oEpA8kjWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA3MGIwYzlhZGQ5Mjk3MmZlZmM1NjZjMTEyZDkzNzE3
YzRkNmMwHhcNMjUwMTAyMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjE0NWJmYWIxZGMwM2RkMjg0ZDc5M2ZhY2I3YzM5ODRkYWY2YjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9XyfkVeYLlTvWh6UtZfdN353ILV
+ERvTMx8R+PoIwO/6Z36PJm3aDHM1rDUvCj8M5heXUa+x8+wkqfgEFkZKMLP4UYQ
VBTnzaxXdaIi0Ag5a3MszMsAIp9o09dzFJQOiRD8Bw+3PU1r/hG0xPnToofrzITU
L86w7UGl2sr5iUbU02dS5ZeH+VAEs7d8MrB69099ST3QcApCjOSP7N7UR8arp17p
8wHO0uvygGK7fX8np05VJYtsGqHHHIATzwTw6ivRrYytS9OTW4oLb5b0cOpiDHp4
tD4vRWSlIAXNkTlmfuclFx0OU97KEOeaMlbwaGb8gq4a4lGtdTjsY0RV9QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHsUW/qx3APdKE15P6y3w5hNr2tEMB8GA1UdIwQY
MBaAFL/QcLDJrdkpcv78VmwRLZNxfE1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYt
NTNjY2E4MWU5MjI0LzEvZXhSYi1ySGNBOTBvVFhrX3JMZkRtRTJ2YTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYtNTNjY2E4MWU5MjI0
LzEvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDid0YAwQC
uQeEAwQDvF/wMA0EAgACMAcDBQMqABCwMA0GCSqGSIb3DQEBCwUAA4IBAQASa1ww
hJxGjL+m1JstUz6xlsWbjO8/7lh5qLbSQv8RXLLEUlwxw7J4D8c3KlJ0lDo1b8MB
bbu1guwKEYa0NK0IBRaADnPY0/LgPb3GIfs42xy+OzFD1KPGk7yk4s/vhPy1JvMM
FHKpZ8nfjBAzPO6ZFq0kxo0tb09NYqEajBl+nnaL9xUo4c9bHzW3xlaghqNw/gzV
fu90qDgBZAZHvUKzhKWuhsxegrtIC3DAViecpNbf2lmA8YIqNdFyCzpTnIH7LK93
6CV457F6sDanc9nJ0gLHkD7RU7yZpW8l56dTHtnq4U/qHp9i9ha1RhjCIfHHuQt3
RzhCEUXaiaOiz/4F
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:53:13 2025 by rpki-client