Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/ff00c4-b728-44a0-962d-973db9ce68b5/1/3Ld3_xMK0PlfZFY-qBwXca5iVGM.roa
File: 3Ld3_xMK0PlfZFY-qBwXca5iVGM.roa (raw, json)
Hash identifier: CjU6hi/Jh6Zo5sGQ2UDjZfEn9Czpv8lCLYgvh/6NOKs=
Subject key identifier: DC:B7:77:FF:13:0A:D0:F9:5F:64:56:3E:A8:1C:17:71:AE:62:54:63
Certificate issuer: /CN=32c2be483ff27bb8f0dc09ce0f71f2a88eaf7e07
Certificate serial: 01942669CED29747B2735F4CA27E6E79085B
Authority key identifier: 32:C2:BE:48:3F:F2:7B:B8:F0:DC:09:CE:0F:71:F2:A8:8E:AF:7E:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MsK-SD_ye7jw3AnOD3HyqI6vfgc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/ff00c4-b728-44a0-962d-973db9ce68b5/1/3Ld3_xMK0PlfZFY-qBwXca5iVGM.roa
Signing time: Thu 02 Jan 2025 09:47:35 +0000
ROA not before: Thu 02 Jan 2025 09:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51941
IP address blocks: 46.183.72.0/21 maxlen: 21
46.183.72.0/23 maxlen: 23
46.183.74.0/23 maxlen: 23
46.183.76.0/23 maxlen: 23
46.183.78.0/24 maxlen: 24
185.128.252.0/22 maxlen: 22
185.128.255.0/24 maxlen: 24
2a02:2380::/32 maxlen: 32
2a02:2380:1::/48 maxlen: 48
2a02:2380:2::/48 maxlen: 48
2a02:2380:3::/48 maxlen: 48
2a02:2380:4::/48 maxlen: 48
2a02:2380:ff00::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:69:ce:d2:97:47:b2:73:5f:4c:a2:7e:6e:79:08:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c2be483ff27bb8f0dc09ce0f71f2a88eaf7e07
Validity
Not Before: Jan 2 09:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dcb777ff130ad0f95f64563ea81c1771ae625463
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:f2:a1:4a:32:0b:53:d6:64:4b:33:d4:b7:af:
4c:e1:4e:6f:56:f5:db:a1:d8:67:2d:86:ff:86:f2:
b0:2c:0d:f6:9a:ea:91:27:d8:7e:a0:23:2c:17:84:
e2:35:21:73:a0:6a:f4:d1:95:b1:87:9c:6e:58:35:
97:98:3a:06:9d:c3:12:62:a6:bb:39:8d:9b:89:c5:
b8:c3:90:78:ae:bb:d6:d4:ec:7d:12:97:e6:29:57:
31:e7:c1:c2:01:6f:90:69:88:e7:3f:a3:99:58:a8:
98:62:31:05:bf:73:98:d6:f9:9a:39:e5:a1:47:0f:
00:9b:18:ac:4d:b4:f6:30:a0:1a:17:e5:c2:e8:a1:
a7:09:e3:fa:99:de:71:03:ec:81:00:45:b9:c2:42:
15:dd:f8:95:35:e0:7e:e9:13:6f:b1:8f:a8:a4:ca:
d5:77:50:a3:11:9b:21:d2:6c:1c:06:2d:f2:21:3f:
a6:f0:f3:9e:58:e0:f7:5a:7e:ae:29:4a:4c:6b:1e:
cb:97:29:cc:86:c0:15:86:78:c4:d6:09:76:9b:04:
bf:96:6c:dc:e9:8f:4f:3a:b8:44:87:6e:e4:ca:14:
86:f7:64:b8:76:ae:03:45:97:93:e9:81:91:4e:80:
be:71:2b:df:2e:99:ac:93:4b:63:22:f1:4a:db:5e:
ca:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:B7:77:FF:13:0A:D0:F9:5F:64:56:3E:A8:1C:17:71:AE:62:54:63
X509v3 Authority Key Identifier:
keyid:32:C2:BE:48:3F:F2:7B:B8:F0:DC:09:CE:0F:71:F2:A8:8E:AF:7E:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MsK-SD_ye7jw3AnOD3HyqI6vfgc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/ff00c4-b728-44a0-962d-973db9ce68b5/1/3Ld3_xMK0PlfZFY-qBwXca5iVGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/ff00c4-b728-44a0-962d-973db9ce68b5/1/MsK-SD_ye7jw3AnOD3HyqI6vfgc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.183.72.0/21
185.128.252.0/22
IPv6:
2a02:2380::/32
Signature Algorithm: sha256WithRSAEncryption
55:9a:c8:70:37:af:52:4b:3a:b3:fa:3d:7c:50:71:cb:5f:dd:
90:97:c6:98:ae:18:39:03:39:ab:1d:00:f0:a0:00:c5:3b:eb:
4b:56:45:3e:4d:89:22:07:8b:48:2a:3e:a8:be:5c:30:1c:e6:
dc:dc:00:1e:2a:0c:27:21:55:ca:db:d8:7f:68:a4:52:59:9b:
8e:9c:f5:db:a5:f0:5f:07:82:f8:fd:95:15:f2:ee:2d:3f:6a:
72:2a:30:ed:7a:a2:b2:f6:b1:56:a6:4f:ce:65:ff:a6:c9:01:
a4:92:e2:1c:e9:52:4a:01:d7:cd:69:bc:be:20:23:b7:bf:b9:
96:b5:f7:7a:de:b3:12:0f:73:bf:84:56:59:69:5c:11:64:35:
26:90:97:e0:bd:73:0f:08:e2:82:ce:a0:92:3c:33:ec:ac:96:
e7:08:7d:61:09:a6:21:83:e9:c0:fd:ce:42:0f:86:e3:da:22:
7e:1c:1f:ee:46:a0:cb:13:bf:82:0b:d1:d7:2f:1f:e4:b5:aa:
41:bc:09:bf:26:7f:d5:cc:11:d8:25:00:14:39:2c:59:9b:38:
4c:53:7a:8e:ce:62:ea:e5:a7:0c:2f:04:2d:f1:68:c3:54:76:
18:63:23:69:80:29:4f:bb:b0:d0:8a:de:34:86:62:53:f5:e3:
bc:f4:9f:99
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQmac7Sl0eyc19Mon5ueQhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzJiZTQ4M2ZmMjdiYjhmMGRjMDljZTBmNzFmMmE4OGVh
ZjdlMDcwHhcNMjUwMTAyMDk0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2I3NzdmZjEzMGFkMGY5NWY2NDU2M2VhODFjMTc3MWFlNjI1NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfKhSjILU9ZkSzPUt69M4U5vVvXb
odhnLYb/hvKwLA32muqRJ9h+oCMsF4TiNSFzoGr00ZWxh5xuWDWXmDoGncMSYqa7
OY2bicW4w5B4rrvW1Ox9EpfmKVcx58HCAW+QaYjnP6OZWKiYYjEFv3OY1vmaOeWh
Rw8AmxisTbT2MKAaF+XC6KGnCeP6md5xA+yBAEW5wkIV3fiVNeB+6RNvsY+opMrV
d1CjEZsh0mwcBi3yIT+m8POeWOD3Wn6uKUpMax7LlynMhsAVhnjE1gl2mwS/lmzc
6Y9POrhEh27kyhSG92S4dq4DRZeT6YGRToC+cSvfLpmsk0tjIvFK217KawIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNy3d/8TCtD5X2RWPqgcF3GuYlRjMB8GA1UdIwQY
MBaAFDLCvkg/8nu48NwJzg9x8qiOr34HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNLLVNEX3llN2p3M0FuT0QzSHlxSTZ2ZmdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mZjAwYzQtYjcyOC00NGEwLTk2MmQt
OTczZGI5Y2U2OGI1LzEvM0xkM194TUswUGxmWkZZLXFCd1hjYTVpVkdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mZjAwYzQtYjcyOC00NGEwLTk2MmQtOTczZGI5Y2U2OGI1
LzEvTXNLLVNEX3llN2p3M0FuT0QzSHlxSTZ2ZmdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLrdIAwQC
uYD8MA0EAgACMAcDBQAqAiOAMA0GCSqGSIb3DQEBCwUAA4IBAQBVmshwN69SSzqz
+j18UHHLX92Ql8aYrhg5AzmrHQDwoADFO+tLVkU+TYkiB4tIKj6ovlwwHObc3AAe
KgwnIVXK29h/aKRSWZuOnPXbpfBfB4L4/ZUV8u4tP2pyKjDteqKy9rFWpk/OZf+m
yQGkkuIc6VJKAdfNaby+ICO3v7mWtfd63rMSD3O/hFZZaVwRZDUmkJfgvXMPCOKC
zqCSPDPsrJbnCH1hCaYhg+nA/c5CD4bj2iJ+HB/uRqDLE7+CC9HXLx/ktapBvAm/
Jn/VzBHYJQAUOSxZmzhMU3qOzmLq5acMLwQt8WjDVHYYYyNpgClPu7DQit40hmJT
9eO89J+Z
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:27:54 2025 by rpki-client on console.sobornost.net