Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/688cae-5f96-4875-8701-944ecec7a423/1/2ZXONPsq8Wq-C73Y4ZOdG8CP47o.roa
File: 2ZXONPsq8Wq-C73Y4ZOdG8CP47o.roa (raw, json)
Hash identifier: 23qtSB8U1yvtJIhVOx0ex1wgA9IS3rvYP3HTfvaa5cc=
Subject key identifier: D9:95:CE:34:FB:2A:F1:6A:BE:0B:BD:D8:E1:93:9D:1B:C0:8F:E3:BA
Certificate issuer: /CN=a7b1def695885eade5ccc8b4be2a02bb16079e9c
Certificate serial: 0194206828BDB2B53C1D32772614F314FD07
Authority key identifier: A7:B1:DE:F6:95:88:5E:AD:E5:CC:C8:B4:BE:2A:02:BB:16:07:9E:9C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p7He9pWIXq3lzMi0vioCuxYHnpw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/688cae-5f96-4875-8701-944ecec7a423/1/2ZXONPsq8Wq-C73Y4ZOdG8CP47o.roa
Signing time: Wed 01 Jan 2025 05:48:04 +0000
ROA not before: Wed 01 Jan 2025 05:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204648
IP address blocks: 173.255.144.0/24 maxlen: 24
173.255.146.0/24 maxlen: 24
173.255.148.0/24 maxlen: 24
173.255.150.0/24 maxlen: 24
193.17.36.0/24 maxlen: 24
193.17.37.0/24 maxlen: 24
193.17.38.0/24 maxlen: 24
193.17.39.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:28:bd:b2:b5:3c:1d:32:77:26:14:f3:14:fd:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7b1def695885eade5ccc8b4be2a02bb16079e9c
Validity
Not Before: Jan 1 05:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d995ce34fb2af16abe0bbdd8e1939d1bc08fe3ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:87:0c:8b:b2:1b:c1:1c:db:8d:58:66:79:64:
8d:62:f2:00:6e:92:3f:e4:e8:84:70:2f:01:f9:eb:
1d:9d:3b:a2:00:09:4f:50:3b:36:59:b5:f0:75:49:
9f:4d:9e:28:73:2a:13:47:bd:67:fc:7b:5a:58:91:
8d:1f:49:29:77:ce:8b:03:89:40:3f:2e:06:9b:d7:
2c:3f:36:43:1f:42:82:a3:24:79:cc:59:b6:55:8d:
d6:57:9b:75:25:49:e3:ab:5e:1d:23:32:4b:97:e4:
73:54:fe:e7:ce:a2:4d:36:29:83:34:cc:fe:83:a1:
32:db:36:60:a9:1c:22:8a:b9:30:13:1c:bc:c5:2d:
09:04:50:b9:43:bd:02:b2:88:fb:eb:83:5b:1e:4a:
47:44:62:cd:72:8c:9c:97:65:7a:2d:ab:c7:5c:74:
71:44:72:ba:47:b7:71:a9:36:93:bb:36:bc:14:f2:
3e:c9:cd:86:ca:24:a6:4f:52:60:5b:f8:2f:58:ab:
91:e5:67:92:50:e3:0e:66:7f:2e:c1:67:a2:ed:b3:
79:59:f1:ce:4e:b1:bd:5c:dd:d5:80:c9:81:66:9d:
c3:12:f5:1f:1f:bf:10:a4:9e:15:9a:e2:89:4a:43:
e7:f9:e3:95:c9:05:5c:72:6e:64:f6:a4:79:0a:89:
c8:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:95:CE:34:FB:2A:F1:6A:BE:0B:BD:D8:E1:93:9D:1B:C0:8F:E3:BA
X509v3 Authority Key Identifier:
keyid:A7:B1:DE:F6:95:88:5E:AD:E5:CC:C8:B4:BE:2A:02:BB:16:07:9E:9C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p7He9pWIXq3lzMi0vioCuxYHnpw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/688cae-5f96-4875-8701-944ecec7a423/1/2ZXONPsq8Wq-C73Y4ZOdG8CP47o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/688cae-5f96-4875-8701-944ecec7a423/1/p7He9pWIXq3lzMi0vioCuxYHnpw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
173.255.144.0/24
173.255.146.0/24
173.255.148.0/24
173.255.150.0/24
193.17.36.0/22
Signature Algorithm: sha256WithRSAEncryption
59:9c:6b:6b:67:5e:a5:bb:29:a1:7c:49:d1:0e:91:b7:9d:c4:
1b:44:4d:90:79:16:5c:00:91:3e:e3:10:bb:81:35:e7:bd:12:
f0:56:2b:e4:b2:2f:74:f4:51:bc:13:b3:4a:e1:e9:34:1b:a0:
22:3d:19:b2:19:69:b7:25:7f:8a:cb:b0:9a:fa:a8:d1:11:15:
3e:de:a3:2f:85:b9:7c:78:24:3a:e1:23:34:38:e4:51:3a:48:
af:d3:bf:2c:71:eb:45:6b:31:86:73:a5:70:f3:28:ca:4a:e7:
ea:67:ce:7d:20:c5:3c:01:ac:6f:e1:a8:ec:04:9e:34:0b:f2:
6a:48:24:ff:7e:d9:74:b6:c4:ba:74:76:a6:ef:33:d1:4b:26:
4e:12:db:5e:7d:4f:a8:2a:58:0c:3b:97:2b:cf:d2:3e:25:bd:
6d:ef:7a:e6:98:8c:8b:dd:ba:6d:b3:42:4f:da:6c:aa:87:d3:
ec:29:41:db:4c:da:ab:00:f6:5a:42:e3:46:0d:01:de:b0:82:
5c:d0:42:42:56:06:ff:59:8a:c9:2e:72:d0:38:5a:b2:8f:50:
db:5b:04:ad:27:c8:72:3f:6d:e0:e2:7c:3c:be:d2:5c:32:82:
a6:95:70:87:ac:37:f3:d1:9b:aa:49:a2:e8:61:4c:c6:cc:4d:
2b:7b:f9:3a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQgaCi9srU8HTJ3JhTzFP0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YjFkZWY2OTU4ODVlYWRlNWNjYzhiNGJlMmEwMmJiMTYw
NzllOWMwHhcNMjUwMTAxMDU0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTk1Y2UzNGZiMmFmMTZhYmUwYmJkZDhlMTkzOWQxYmMwOGZlM2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtocMi7IbwRzbjVhmeWSNYvIAbpI/
5OiEcC8B+esdnTuiAAlPUDs2WbXwdUmfTZ4ocyoTR71n/HtaWJGNH0kpd86LA4lA
Py4Gm9csPzZDH0KCoyR5zFm2VY3WV5t1JUnjq14dIzJLl+RzVP7nzqJNNimDNMz+
g6Ey2zZgqRwiirkwExy8xS0JBFC5Q70Csoj764NbHkpHRGLNcoycl2V6LavHXHRx
RHK6R7dxqTaTuza8FPI+yc2GyiSmT1JgW/gvWKuR5WeSUOMOZn8uwWei7bN5WfHO
TrG9XN3VgMmBZp3DEvUfH78QpJ4VmuKJSkPn+eOVyQVccm5k9qR5ConIrwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNmVzjT7KvFqvgu92OGTnRvAj+O6MB8GA1UdIwQY
MBaAFKex3vaViF6t5czItL4qArsWB56cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDdIZTlwV0lYcTNsek1pMHZpb0N1eFlIbnB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ODhjYWUtNWY5Ni00ODc1LTg3MDEt
OTQ0ZWNlYzdhNDIzLzEvMlpYT05Qc3E4V3EtQzczWTRaT2RHOENQNDdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ODhjYWUtNWY5Ni00ODc1LTg3MDEtOTQ0ZWNlYzdhNDIz
LzEvcDdIZTlwV0lYcTNsek1pMHZpb0N1eFlIbnB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQArf+QAwQA
rf+SAwQArf+UAwQArf+WAwQCwREkMA0GCSqGSIb3DQEBCwUAA4IBAQBZnGtrZ16l
uymhfEnRDpG3ncQbRE2QeRZcAJE+4xC7gTXnvRLwVivksi909FG8E7NK4ek0G6Ai
PRmyGWm3JX+Ky7Ca+qjRERU+3qMvhbl8eCQ64SM0OORROkiv078scetFazGGc6Vw
8yjKSufqZ859IMU8Aaxv4ajsBJ40C/JqSCT/ftl0tsS6dHam7zPRSyZOEttefU+o
KlgMO5crz9I+Jb1t73rmmIyL3bpts0JP2myqh9PsKUHbTNqrAPZaQuNGDQHesIJc
0EJCVgb/WYrJLnLQOFqyj1DbWwStJ8hyP23g4nw8vtJcMoKmlXCHrDfz0ZuqSaLo
YUzGzE0re/k6
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:31:56 2025 by rpki-client on console.sobornost.net