Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a1fdd6-730e-4af0-8a56-460273f16ddd/1/4sRmTDXLCty2oG7uCbm4SXKIyVE.roa
File: 4sRmTDXLCty2oG7uCbm4SXKIyVE.roa (raw, json)
Hash identifier: 4X9pRb1swIu+cVaImRyIHtbj3QJV4dZcCo4Wvcbk9Ug=
Subject key identifier: E2:C4:66:4C:35:CB:0A:DC:B6:A0:6E:EE:09:B9:B8:49:72:88:C9:51
Certificate issuer: /CN=1b31e73e6d3fc745f127a7ed990aa41214905e61
Certificate serial: 019423D70E44F962ED6C55DA2751D7CCE01A
Authority key identifier: 1B:31:E7:3E:6D:3F:C7:45:F1:27:A7:ED:99:0A:A4:12:14:90:5E:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GzHnPm0_x0XxJ6ftmQqkEhSQXmE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/a1fdd6-730e-4af0-8a56-460273f16ddd/1/4sRmTDXLCty2oG7uCbm4SXKIyVE.roa
Signing time: Wed 01 Jan 2025 21:48:04 +0000
ROA not before: Wed 01 Jan 2025 21:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21230
IP address blocks: 84.43.128.0/19 maxlen: 19
84.43.160.0/19 maxlen: 19
84.43.192.0/21 maxlen: 21
84.43.200.0/21 maxlen: 21
84.43.208.0/21 maxlen: 21
84.43.216.0/21 maxlen: 21
84.43.224.0/21 maxlen: 21
84.43.232.0/21 maxlen: 21
84.43.240.0/20 maxlen: 20
185.221.32.0/22 maxlen: 22
193.110.216.0/21 maxlen: 21
2a00:82a0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:0e:44:f9:62:ed:6c:55:da:27:51:d7:cc:e0:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b31e73e6d3fc745f127a7ed990aa41214905e61
Validity
Not Before: Jan 1 21:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e2c4664c35cb0adcb6a06eee09b9b8497288c951
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:49:30:d9:a7:d3:2f:f7:92:83:71:5f:19:eb:
01:d4:5e:67:bf:42:88:c6:e2:da:fa:f7:26:24:1f:
c9:2f:1a:33:f7:ed:49:54:ef:5d:98:1b:ea:de:5f:
21:7b:3c:0a:55:a5:95:4a:53:2e:4b:8c:a9:91:45:
8c:bb:3a:b0:78:9a:ef:52:ea:fd:6f:e4:45:b7:06:
47:72:19:d3:4a:e8:1c:81:eb:17:86:fc:f5:2e:ff:
e8:3c:5f:52:80:29:9d:f8:bf:b0:f8:f8:24:12:d0:
a5:fb:3e:36:29:61:f9:19:00:79:16:cf:66:fe:9c:
e5:47:f7:e2:9b:15:d4:d4:44:4f:c1:98:73:35:a6:
e6:3b:c9:3f:7c:34:19:24:fc:89:66:87:f8:8d:a9:
9f:b9:7d:4f:9a:bd:28:2c:22:82:bf:e1:22:b9:fd:
67:21:75:4f:17:35:48:25:69:b7:46:e1:07:36:19:
a3:fb:9b:8d:4e:e5:f4:4a:5f:24:3a:e7:e7:43:fc:
21:63:d9:ba:83:bc:2b:c0:97:6b:a9:00:56:bf:9a:
d7:27:cc:02:c8:1a:2b:ff:ba:a7:6d:79:86:87:a1:
24:f6:7f:24:fe:cc:58:60:1c:ae:41:4c:de:91:33:
fc:21:6e:97:59:18:a2:58:2f:de:a8:b2:78:77:ec:
28:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:C4:66:4C:35:CB:0A:DC:B6:A0:6E:EE:09:B9:B8:49:72:88:C9:51
X509v3 Authority Key Identifier:
keyid:1B:31:E7:3E:6D:3F:C7:45:F1:27:A7:ED:99:0A:A4:12:14:90:5E:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GzHnPm0_x0XxJ6ftmQqkEhSQXmE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a1fdd6-730e-4af0-8a56-460273f16ddd/1/4sRmTDXLCty2oG7uCbm4SXKIyVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a1fdd6-730e-4af0-8a56-460273f16ddd/1/GzHnPm0_x0XxJ6ftmQqkEhSQXmE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.43.128.0/17
185.221.32.0/22
193.110.216.0/21
IPv6:
2a00:82a0::/32
Signature Algorithm: sha256WithRSAEncryption
5d:91:2a:be:f6:be:b9:2a:ee:52:8e:63:9d:6c:8f:11:e6:2c:
db:55:97:0e:f6:fd:93:a6:4d:11:51:ef:31:5f:5b:6a:03:d5:
51:5c:53:59:10:98:74:7f:6c:fa:eb:85:fe:14:f7:ae:eb:75:
17:f6:59:a9:8d:a7:8c:84:db:40:7a:95:0e:0a:5b:e9:d0:b3:
fb:48:f4:1f:27:71:57:df:8f:50:da:42:bb:9a:a3:68:b7:b5:
da:be:ae:a1:3d:10:89:5b:af:53:39:de:d2:53:ee:f4:57:2f:
67:c0:b9:4d:59:c3:d1:c2:2c:d7:01:01:9f:9d:b0:ea:58:a6:
d7:8a:99:8e:b7:d9:15:5c:88:94:34:27:9e:2f:0e:72:ba:c1:
64:fa:a8:c8:24:32:2f:8d:82:69:c3:e9:a9:2f:c6:77:32:e9:
bb:b5:be:0f:ba:ed:89:ab:1b:e6:cf:1d:a2:2b:c0:3d:24:f9:
8f:a9:dc:f6:04:bb:73:37:08:5d:2d:5d:5b:98:f1:f2:f5:ea:
0e:46:83:7e:a0:9d:7a:9d:17:7c:1a:61:4c:f8:3e:bf:64:80:
85:a1:54:9b:20:f4:33:c2:9f:1c:94:33:04:05:c6:e1:16:c8:
5b:4c:9e:10:7f:e5:a8:8a:ba:91:d8:02:71:8e:1c:68:e2:17:
f0:13:18:15
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQj1w5E+WLtbFXaJ1HXzOAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMzFlNzNlNmQzZmM3NDVmMTI3YTdlZDk5MGFhNDEyMTQ5
MDVlNjEwHhcNMjUwMTAxMjE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmM0NjY0YzM1Y2IwYWRjYjZhMDZlZWUwOWI5Yjg0OTcyODhjOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkkw2afTL/eSg3FfGesB1F5nv0KI
xuLa+vcmJB/JLxoz9+1JVO9dmBvq3l8hezwKVaWVSlMuS4ypkUWMuzqweJrvUur9
b+RFtwZHchnTSugcgesXhvz1Lv/oPF9SgCmd+L+w+PgkEtCl+z42KWH5GQB5Fs9m
/pzlR/fimxXU1ERPwZhzNabmO8k/fDQZJPyJZof4jamfuX1Pmr0oLCKCv+Eiuf1n
IXVPFzVIJWm3RuEHNhmj+5uNTuX0Sl8kOufnQ/whY9m6g7wrwJdrqQBWv5rXJ8wC
yBor/7qnbXmGh6Ek9n8k/sxYYByuQUzekTP8IW6XWRiiWC/eqLJ4d+woMQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFOLEZkw1ywrctqBu7gm5uElyiMlRMB8GA1UdIwQY
MBaAFBsx5z5tP8dF8Sen7ZkKpBIUkF5hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3pIblBtMF94MFh4SjZmdG1RcWtFaFNRWG1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMWZkZDYtNzMwZS00YWYwLThhNTYt
NDYwMjczZjE2ZGRkLzEvNHNSbVREWExDdHkyb0c3dUNibTRTWEtJeVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMWZkZDYtNzMwZS00YWYwLThhNTYtNDYwMjczZjE2ZGRk
LzEvR3pIblBtMF94MFh4SjZmdG1RcWtFaFNRWG1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQHVCuAAwQC
ud0gAwQDwW7YMA0EAgACMAcDBQAqAIKgMA0GCSqGSIb3DQEBCwUAA4IBAQBdkSq+
9r65Ku5SjmOdbI8R5izbVZcO9v2Tpk0RUe8xX1tqA9VRXFNZEJh0f2z664X+FPeu
63UX9lmpjaeMhNtAepUOClvp0LP7SPQfJ3FX349Q2kK7mqNot7Xavq6hPRCJW69T
Od7SU+70Vy9nwLlNWcPRwizXAQGfnbDqWKbXipmOt9kVXIiUNCeeLw5yusFk+qjI
JDIvjYJpw+mpL8Z3Mum7tb4Puu2Jqxvmzx2iK8A9JPmPqdz2BLtzNwhdLV1bmPHy
9eoORoN+oJ16nRd8GmFM+D6/ZICFoVSbIPQzwp8clDMEBcbhFshbTJ4Qf+WoirqR
2AJxjhxo4hfwExgV
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:28:31 2025 by rpki-client on console.sobornost.net