Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/NxzgzrcAsHWy0jDkGocEc3A82GY.roa
File: NxzgzrcAsHWy0jDkGocEc3A82GY.roa (raw, json)
Hash identifier: 49MMg/vk9brRgJNoRcoYkHau0scqC/ahxGjMTh7J3YU=
Subject key identifier: 37:1C:E0:CE:B7:00:B0:75:B2:D2:30:E4:1A:87:04:73:70:3C:D8:66
Certificate issuer: /CN=b011022187e3395a1524fa1a7541ea793285afc2
Certificate serial: 019422200CF3C007ACB502A425EFFA06E809
Authority key identifier: B0:11:02:21:87:E3:39:5A:15:24:FA:1A:75:41:EA:79:32:85:AF:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/NxzgzrcAsHWy0jDkGocEc3A82GY.roa
Signing time: Wed 01 Jan 2025 13:48:33 +0000
ROA not before: Wed 01 Jan 2025 13:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39308
IP address blocks: 46.21.80.0/20 maxlen: 20
89.144.128.0/18 maxlen: 24
89.144.130.0/24 maxlen: 24
109.109.32.0/19 maxlen: 19
109.109.48.0/24 maxlen: 24
159.20.96.0/20 maxlen: 20
176.12.64.0/20 maxlen: 20
185.56.96.0/22 maxlen: 24
2a00:1570::/32 maxlen: 64
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:0c:f3:c0:07:ac:b5:02:a4:25:ef:fa:06:e8:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b011022187e3395a1524fa1a7541ea793285afc2
Validity
Not Before: Jan 1 13:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=371ce0ceb700b075b2d230e41a870473703cd866
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:66:a5:81:aa:cf:c6:be:11:56:d9:da:8c:cb:
2d:fa:c5:0c:47:68:74:d6:82:96:01:c6:1c:2f:84:
48:59:36:59:ce:71:5e:e8:17:54:aa:29:75:8d:01:
37:e1:fb:b4:48:34:7c:83:3d:10:c0:a4:88:18:93:
3f:8a:b3:89:14:3c:aa:6c:c7:02:13:98:2d:a7:a2:
d5:6b:9c:d3:0f:91:c8:63:53:de:6f:00:3d:12:41:
99:6e:85:b5:24:6c:6d:e0:0c:ea:f7:e1:19:60:31:
cb:1e:f6:95:f4:14:60:04:6f:d4:6f:c2:b2:06:65:
2e:ff:ea:c7:22:d4:1f:ff:55:f8:2d:a2:8a:1a:97:
ce:f9:04:b8:bd:7a:93:55:9d:e2:e9:20:cc:31:3a:
de:e8:ba:b9:b3:2e:87:aa:b6:5f:a7:88:67:d6:40:
a6:51:3c:be:40:fb:9c:da:87:85:c6:a8:d7:9b:9b:
13:d3:d0:2b:df:c8:27:49:aa:af:54:c6:6c:4b:f9:
70:fc:4f:89:08:f8:a6:39:4e:f7:95:6e:05:b6:e3:
d4:8f:71:bc:4d:13:2e:c8:7f:ab:8c:d9:5b:c0:ab:
cc:1a:6c:67:67:5b:15:80:e2:d6:4f:af:b4:79:3d:
08:0f:6a:1d:0f:7c:76:65:d2:da:83:96:22:0e:82:
b8:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:1C:E0:CE:B7:00:B0:75:B2:D2:30:E4:1A:87:04:73:70:3C:D8:66
X509v3 Authority Key Identifier:
keyid:B0:11:02:21:87:E3:39:5A:15:24:FA:1A:75:41:EA:79:32:85:AF:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBECIYfjOVoVJPoadUHqeTKFr8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/NxzgzrcAsHWy0jDkGocEc3A82GY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/e8bbd2-1361-41a3-90f0-5334e6b8c5fe/1/sBECIYfjOVoVJPoadUHqeTKFr8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.80.0/20
89.144.128.0/18
109.109.32.0/19
159.20.96.0/20
176.12.64.0/20
185.56.96.0/22
IPv6:
2a00:1570::/32
Signature Algorithm: sha256WithRSAEncryption
56:ab:85:c9:d8:ad:c6:ab:57:c4:1a:59:2b:38:8b:02:d4:cb:
b4:cd:a4:60:a0:57:42:7a:06:3a:5e:3e:66:65:ab:22:b7:23:
5c:44:98:98:f9:cc:e8:53:7e:18:da:f7:f7:e3:93:b9:2a:58:
76:ea:a6:8c:a3:eb:a0:d3:a9:97:9d:33:ed:53:24:6b:58:ac:
51:04:56:ab:b8:8e:96:1a:62:b1:e1:a1:f7:54:73:bd:5c:eb:
04:b4:ea:cf:fd:86:6a:52:10:16:6a:fa:d2:96:25:c6:ae:b7:
33:26:2e:61:64:3f:56:2c:c3:79:dd:c5:7c:30:a8:bc:45:f4:
fc:77:e8:4f:06:ea:66:17:91:74:62:72:a3:5f:07:8d:53:f8:
b8:38:97:03:52:ba:28:5c:08:ee:08:11:72:a9:87:b3:d8:b4:
f7:69:37:03:9a:88:2a:a4:13:8b:55:dd:00:65:fb:94:c6:a3:
78:c9:d1:f0:11:65:7c:89:dd:a8:70:a7:a2:ff:dd:36:c4:4e:
ce:d1:c8:39:2b:df:9a:bb:44:4b:44:93:f8:19:12:32:30:9c:
22:c0:0b:e0:f2:b2:60:91:f6:7b:be:af:c7:55:7d:60:f9:bd:
32:c7:ae:8c:15:3f:39:5a:f7:51:0c:18:81:a0:42:67:97:51:
f1:5b:5d:43
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQiIAzzwAestQKkJe/6BugJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwMTEwMjIxODdlMzM5NWExNTI0ZmExYTc1NDFlYTc5MzI4
NWFmYzIwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzFjZTBjZWI3MDBiMDc1YjJkMjMwZTQxYTg3MDQ3MzcwM2NkODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2algarPxr4RVtnajMst+sUMR2h0
1oKWAcYcL4RIWTZZznFe6BdUqil1jQE34fu0SDR8gz0QwKSIGJM/irOJFDyqbMcC
E5gtp6LVa5zTD5HIY1PebwA9EkGZboW1JGxt4Azq9+EZYDHLHvaV9BRgBG/Ub8Ky
BmUu/+rHItQf/1X4LaKKGpfO+QS4vXqTVZ3i6SDMMTre6Lq5sy6HqrZfp4hn1kCm
UTy+QPuc2oeFxqjXm5sT09Ar38gnSaqvVMZsS/lw/E+JCPimOU73lW4FtuPUj3G8
TRMuyH+rjNlbwKvMGmxnZ1sVgOLWT6+0eT0ID2odD3x2ZdLag5YiDoK4MQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDcc4M63ALB1stIw5BqHBHNwPNhmMB8GA1UdIwQY
MBaAFLARAiGH4zlaFST6GnVB6nkyha/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0JFQ0lZZmpPVm9WSlBvYWRVSHFlVEtGcjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9lOGJiZDItMTM2MS00MWEzLTkwZjAt
NTMzNGU2YjhjNWZlLzEvTnh6Z3pyY0FzSFd5MGpEa0dvY0VjM0E4MkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9lOGJiZDItMTM2MS00MWEzLTkwZjAtNTMzNGU2YjhjNWZl
LzEvc0JFQ0lZZmpPVm9WSlBvYWRVSHFlVEtGcjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQELhVQAwQG
WZCAAwQFbW0gAwQEnxRgAwQEsAxAAwQCuThgMA0EAgACMAcDBQAqABVwMA0GCSqG
SIb3DQEBCwUAA4IBAQBWq4XJ2K3Gq1fEGlkrOIsC1Mu0zaRgoFdCegY6Xj5mZasi
tyNcRJiY+czoU34Y2vf345O5Klh26qaMo+ug06mXnTPtUyRrWKxRBFaruI6WGmKx
4aH3VHO9XOsEtOrP/YZqUhAWavrSliXGrrczJi5hZD9WLMN53cV8MKi8RfT8d+hP
BupmF5F0YnKjXweNU/i4OJcDUrooXAjuCBFyqYez2LT3aTcDmogqpBOLVd0AZfuU
xqN4ydHwEWV8id2ocKei/902xE7O0cg5K9+au0RLRJP4GRIyMJwiwAvg8rJgkfZ7
vq/HVX1g+b0yx66MFT85WvdRDBiBoEJnl1HxW11D
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:26:58 2025 by rpki-client on console.sobornost.net