Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/At8Z9TojixSlLQjWVm3aa_2CoG8.roa
File: At8Z9TojixSlLQjWVm3aa_2CoG8.roa (raw, json)
Hash identifier: g1lxhWEdzZIZD1/es6HpRHlAviscTFbw5tGeIgTs7iM=
Subject key identifier: 02:DF:19:F5:3A:23:8B:14:A5:2D:08:D6:56:6D:DA:6B:FD:82:A0:6F
Certificate issuer: /CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Certificate serial: 01948ECE84CACF489F07EC9E8316CF9751E9
Authority key identifier: 09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/At8Z9TojixSlLQjWVm3aa_2CoG8.roa
Signing time: Wed 22 Jan 2025 16:18:06 +0000
ROA not before: Wed 22 Jan 2025 16:18:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202053
IP address blocks: 5.22.208.0/21 maxlen: 21
5.22.216.0/22 maxlen: 22
5.22.220.0/22 maxlen: 22
80.69.172.0/22 maxlen: 22
83.136.248.0/21 maxlen: 21
94.237.0.0/24 maxlen: 24
94.237.1.0/24 maxlen: 24
94.237.2.0/23 maxlen: 23
94.237.4.0/22 maxlen: 22
94.237.8.0/21 maxlen: 21
94.237.16.0/21 maxlen: 21
94.237.24.0/21 maxlen: 21
94.237.32.0/21 maxlen: 21
94.237.40.0/21 maxlen: 21
94.237.48.0/20 maxlen: 20
94.237.64.0/20 maxlen: 20
94.237.80.0/20 maxlen: 20
94.237.96.0/21 maxlen: 21
94.237.104.0/22 maxlen: 22
94.237.108.0/22 maxlen: 22
94.237.112.0/21 maxlen: 21
94.237.120.0/22 maxlen: 22
94.237.124.0/23 maxlen: 23
94.237.126.0/24 maxlen: 24
95.111.192.0/21 maxlen: 21
95.111.200.0/22 maxlen: 22
95.111.204.0/22 maxlen: 22
95.111.208.0/22 maxlen: 22
95.111.216.0/21 maxlen: 21
185.20.136.0/22 maxlen: 22
185.26.48.0/22 maxlen: 22
185.70.196.0/22 maxlen: 22
194.62.96.0/22 maxlen: 22
2a04:3540::/32 maxlen: 32
2a04:3541::/32 maxlen: 32
2a04:3541:8000::/34 maxlen: 34
2a04:3542::/32 maxlen: 32
2a04:3542:8000::/34 maxlen: 34
2a04:3543::/32 maxlen: 32
2a04:3544::/32 maxlen: 32
2a04:3544:8000::/34 maxlen: 34
2a04:3545::/32 maxlen: 32
2a04:3546::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8e:ce:84:ca:cf:48:9f:07:ec:9e:83:16:cf:97:51:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=099a1f2dbf7b7a84ae57b8d67426b7e4e420fab5
Validity
Not Before: Jan 22 16:18:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=02df19f53a238b14a52d08d6566dda6bfd82a06f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:f9:b4:44:e4:ae:d8:72:ee:5f:e9:e1:84:22:
a0:9e:9e:00:fb:b5:80:6d:13:b7:01:b9:70:ef:2c:
cf:e4:28:d8:99:78:35:80:df:05:3e:3f:1a:c4:f8:
94:d3:a0:b0:6a:bf:d9:77:a3:9b:a6:2c:d2:10:5b:
e7:22:88:ff:d4:95:3d:b9:d3:dd:4b:dd:b6:88:3b:
23:b4:3f:6f:4c:23:22:bd:c8:8d:2c:61:7a:ec:39:
27:77:2e:b8:e7:6a:43:9f:6e:e1:29:95:85:e2:51:
71:b4:08:a6:d6:30:08:aa:54:b9:12:7b:eb:58:8b:
c0:f4:9d:cb:a6:b3:27:cf:1a:83:93:71:d5:2b:67:
7f:43:e9:ff:36:5c:79:cd:84:08:e9:e0:8e:3e:3d:
37:7c:f0:c4:ce:de:1c:0f:fa:12:27:93:3a:c9:e0:
3f:68:e1:e9:c9:4a:f3:ba:da:6a:66:1e:d9:41:7c:
3d:4b:73:8d:40:09:a3:d2:56:c5:ee:6c:6e:1f:54:
f9:7a:8b:23:d5:be:75:bf:cf:92:47:95:95:03:09:
e7:69:91:b4:fe:0d:2c:e1:fa:e1:a8:e9:b2:f5:aa:
04:0a:ec:e3:21:c3:27:85:f3:19:32:70:25:eb:b1:
e7:40:59:e5:46:61:08:9d:f2:77:ec:c1:30:e8:f5:
49:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:DF:19:F5:3A:23:8B:14:A5:2D:08:D6:56:6D:DA:6B:FD:82:A0:6F
X509v3 Authority Key Identifier:
keyid:09:9A:1F:2D:BF:7B:7A:84:AE:57:B8:D6:74:26:B7:E4:E4:20:FA:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CZofLb97eoSuV7jWdCa35OQg-rU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/At8Z9TojixSlLQjWVm3aa_2CoG8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/d42abb-3342-4887-af40-9cd68f221e21/1/CZofLb97eoSuV7jWdCa35OQg-rU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.208.0/20
80.69.172.0/22
83.136.248.0/21
94.237.0.0-94.237.126.255
95.111.192.0-95.111.211.255
95.111.216.0/21
185.20.136.0/22
185.26.48.0/22
185.70.196.0/22
194.62.96.0/22
IPv6:
2a04:3540::-2a04:3546:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6c:0a:44:98:e7:7d:24:d6:b9:b7:b7:60:30:69:3a:9d:51:b1:
ec:78:0e:21:28:5d:0d:65:35:38:5e:b5:26:d4:e5:c0:0c:a0:
1d:f6:17:02:c6:28:cc:20:47:ec:53:97:9d:a9:30:34:78:4f:
d5:f3:f1:c7:91:56:09:30:f5:f1:dc:c0:c0:44:ef:54:c1:07:
ef:22:95:a2:70:27:10:ba:29:92:87:83:21:82:56:76:5e:19:
87:ab:a2:eb:ba:45:7c:77:b7:c1:71:4a:3c:1e:2d:78:91:82:
a1:af:dc:cb:d0:b9:d0:75:f5:26:c7:27:51:90:c9:64:ad:c1:
d5:19:74:a0:a9:e0:35:7b:88:9b:9c:c4:55:ff:e6:4b:ad:87:
89:fb:c6:8a:5c:02:5c:1a:ef:92:e0:db:92:e3:fc:0b:30:ea:
27:45:bc:c0:53:ce:bc:3d:2a:29:80:9c:ff:28:2e:ad:5d:f7:
16:54:e1:f9:ad:87:5f:c3:12:8c:f7:9d:28:32:08:06:45:47:
66:6b:26:fb:96:28:f4:2c:64:61:16:eb:80:0f:d1:05:dc:28:
c5:ef:86:14:96:39:c5:11:80:62:57:13:16:4b:9c:03:57:f5:
ab:e3:c7:e0:e3:a3:f1:a1:a2:4f:c9:68:83:2e:28:5b:56:b8:
f9:89:9b:5d
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAZSOzoTKz0ifB+yegxbPl1HpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5OWExZjJkYmY3YjdhODRhZTU3YjhkNjc0MjZiN2U0ZTQy
MGZhYjUwHhcNMjUwMTIyMTYxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmRmMTlmNTNhMjM4YjE0YTUyZDA4ZDY1NjZkZGE2YmZkODJhMDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/m0ROSu2HLuX+nhhCKgnp4A+7WA
bRO3Ablw7yzP5CjYmXg1gN8FPj8axPiU06Cwar/Zd6ObpizSEFvnIoj/1JU9udPd
S922iDsjtD9vTCMivciNLGF67Dkndy6452pDn27hKZWF4lFxtAim1jAIqlS5Envr
WIvA9J3LprMnzxqDk3HVK2d/Q+n/Nlx5zYQI6eCOPj03fPDEzt4cD/oSJ5M6yeA/
aOHpyUrzutpqZh7ZQXw9S3ONQAmj0lbF7mxuH1T5eosj1b51v8+SR5WVAwnnaZG0
/g0s4frhqOmy9aoECuzjIcMnhfMZMnAl67HnQFnlRmEInfJ37MEw6PVJPQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFALfGfU6I4sUpS0I1lZt2mv9gqBvMB8GA1UdIwQY
MBaAFAmaHy2/e3qErle41nQmt+TkIPq1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAt
OWNkNjhmMjIxZTIxLzEvQXQ4WjlUb2ppeFNsTFFqV1ZtM2FhXzJDb0c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9kNDJhYmItMzM0Mi00ODg3LWFmNDAtOWNkNjhmMjIxZTIx
LzEvQ1pvZkxiOTdlb1N1VjdqV2RDYTM1T1FnLXJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBRBAIAATBLAwQEBRbQAwQC
UEWsAwQDU4j4MAsDAwBe7QMEAF7tfjAMAwQGX2/AAwQCX2/QAwQDX2/YAwQCuRSI
AwQCuRowAwQCuUbEAwQCwj5gMBYEAgACMBAwDgMFBioENUADBQAqBDVGMA0GCSqG
SIb3DQEBCwUAA4IBAQBsCkSY530k1rm3t2AwaTqdUbHseA4hKF0NZTU4XrUm1OXA
DKAd9hcCxijMIEfsU5edqTA0eE/V8/HHkVYJMPXx3MDARO9UwQfvIpWicCcQuimS
h4MhglZ2XhmHq6LrukV8d7fBcUo8Hi14kYKhr9zL0LnQdfUmxydRkMlkrcHVGXSg
qeA1e4ibnMRV/+ZLrYeJ+8aKXAJcGu+S4NuS4/wLMOonRbzAU868PSopgJz/KC6t
XfcWVOH5rYdfwxKM950oMggGRUdmayb7lij0LGRhFuuAD9EF3CjF74YUljnFEYBi
VxMWS5wDV/Wr48fg46PxoaJPyWiDLihbVrj5iZtd
-----END CERTIFICATE-----
Generated at Fri Apr 25 16:38:15 2025 by rpki-client