Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/6ef09b-802a-45f7-9e7f-06d530cefd8a/1/BfBzjofHcSu4a3jygqfPxr7xm38.roa
File: BfBzjofHcSu4a3jygqfPxr7xm38.roa (raw, json)
Hash identifier: WZsJkNeqT7b0+zK6F4CNPynL3I93rxtNrXgK5qWCEEI=
Subject key identifier: 05:F0:73:8E:87:C7:71:2B:B8:6B:78:F2:82:A7:CF:C6:BE:F1:9B:7F
Certificate issuer: /CN=efea177bcc2b0ef64cab604e6e6427b1ade0bf69
Certificate serial: 0194206874F3D7052D723D1E779DDD520918
Authority key identifier: EF:EA:17:7B:CC:2B:0E:F6:4C:AB:60:4E:6E:64:27:B1:AD:E0:BF:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7-oXe8wrDvZMq2BObmQnsa3gv2k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/6ef09b-802a-45f7-9e7f-06d530cefd8a/1/BfBzjofHcSu4a3jygqfPxr7xm38.roa
Signing time: Wed 01 Jan 2025 05:48:24 +0000
ROA not before: Wed 01 Jan 2025 05:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209041
IP address blocks: 81.21.224.0/24 maxlen: 24
81.21.225.0/24 maxlen: 24
81.21.226.0/24 maxlen: 24
81.21.227.0/24 maxlen: 24
2a0d:26c0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:74:f3:d7:05:2d:72:3d:1e:77:9d:dd:52:09:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=efea177bcc2b0ef64cab604e6e6427b1ade0bf69
Validity
Not Before: Jan 1 05:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=05f0738e87c7712bb86b78f282a7cfc6bef19b7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:8d:03:7b:11:db:dd:b5:47:5b:69:67:4f:2e:
99:17:59:50:b9:65:e1:3d:c8:8c:e7:83:08:37:f9:
67:7c:47:dd:ab:a4:7b:1e:5f:e1:be:78:f1:49:03:
4c:e9:f7:e3:57:b5:04:45:90:b3:4b:a9:2d:d5:57:
99:b8:73:63:e6:bc:25:04:ae:d5:7c:e2:cc:ca:9e:
f8:08:57:dd:53:57:be:57:cc:b8:d6:c4:37:8b:70:
63:4a:a3:5f:25:a3:c2:cc:25:06:3c:90:5b:80:73:
c3:26:6c:80:d4:0d:a0:21:ad:31:f0:67:30:a0:b5:
ea:fe:5e:bb:03:a1:8a:27:22:b1:fc:8e:eb:f6:55:
6b:27:52:89:8f:5c:05:95:18:e5:5c:60:0e:51:2f:
f8:bc:3b:ef:e2:2d:e1:ed:1d:b5:89:d1:1c:c9:d8:
7b:d8:a0:e6:0e:58:5c:76:93:32:04:18:9a:86:bc:
e4:e5:31:c5:db:09:b9:61:ad:27:a2:71:7c:ec:76:
3e:33:15:42:b7:7d:11:ca:bf:f4:c7:3e:af:1b:65:
2f:12:d2:3d:bb:01:6e:69:bc:99:bd:63:2d:49:e3:
81:14:12:19:47:b8:99:c7:ec:05:d2:04:8b:1e:b4:
af:f2:94:5e:59:0c:a6:23:9c:e4:5e:ba:64:f1:fa:
a3:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:F0:73:8E:87:C7:71:2B:B8:6B:78:F2:82:A7:CF:C6:BE:F1:9B:7F
X509v3 Authority Key Identifier:
keyid:EF:EA:17:7B:CC:2B:0E:F6:4C:AB:60:4E:6E:64:27:B1:AD:E0:BF:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7-oXe8wrDvZMq2BObmQnsa3gv2k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6ef09b-802a-45f7-9e7f-06d530cefd8a/1/BfBzjofHcSu4a3jygqfPxr7xm38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/6ef09b-802a-45f7-9e7f-06d530cefd8a/1/7-oXe8wrDvZMq2BObmQnsa3gv2k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.224.0/22
IPv6:
2a0d:26c0::/32
Signature Algorithm: sha256WithRSAEncryption
74:41:d0:50:28:07:2b:51:ae:82:89:41:70:64:bb:5c:30:e8:
29:5e:ea:84:75:be:2d:65:f3:6e:bb:14:eb:43:49:9d:b3:14:
77:62:dd:75:60:31:29:18:75:17:ef:f9:10:6d:22:56:13:11:
ad:18:6f:6d:ee:70:bb:0f:8c:34:bd:33:e7:e0:c0:4c:5d:c9:
a8:0f:cd:ff:a1:00:dd:87:ce:9b:a0:fb:30:30:67:82:d2:e8:
65:76:fd:ac:44:b1:ff:2a:68:29:3a:1b:7d:48:f5:8a:a4:14:
13:57:8d:fe:e5:50:41:84:7c:e4:f5:c7:38:58:61:22:f3:b3:
58:16:92:06:15:45:71:4d:72:8c:9d:4c:e6:98:aa:cd:49:b8:
4f:f9:33:08:63:a0:63:01:83:4b:bb:cd:39:23:33:1e:3e:d1:
b9:1f:b6:84:cd:c3:27:15:dc:4c:c9:0a:13:7f:61:ed:30:24:
dc:69:ae:7d:2c:15:12:e9:ea:29:9e:b3:12:2d:8c:4c:5a:80:
69:f1:48:42:00:5d:4c:da:c6:85:0b:f2:e9:a4:39:8c:4d:1a:
1f:0d:bf:1c:da:9e:ff:79:45:61:43:bd:09:ba:f9:0d:37:a1:
46:80:ae:03:f3:39:b4:f4:29:b8:98:1d:e8:1b:52:c5:34:f4:
eb:8a:0d:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaHTz1wUtcj0ed53dUgkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZWExNzdiY2MyYjBlZjY0Y2FiNjA0ZTZlNjQyN2IxYWRl
MGJmNjkwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWYwNzM4ZTg3Yzc3MTJiYjg2Yjc4ZjI4MmE3Y2ZjNmJlZjE5YjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY0DexHb3bVHW2lnTy6ZF1lQuWXh
PciM54MIN/lnfEfdq6R7Hl/hvnjxSQNM6ffjV7UERZCzS6kt1VeZuHNj5rwlBK7V
fOLMyp74CFfdU1e+V8y41sQ3i3BjSqNfJaPCzCUGPJBbgHPDJmyA1A2gIa0x8Gcw
oLXq/l67A6GKJyKx/I7r9lVrJ1KJj1wFlRjlXGAOUS/4vDvv4i3h7R21idEcydh7
2KDmDlhcdpMyBBiahrzk5THF2wm5Ya0nonF87HY+MxVCt30Ryr/0xz6vG2UvEtI9
uwFuabyZvWMtSeOBFBIZR7iZx+wF0gSLHrSv8pReWQymI5zkXrpk8fqjzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAXwc46Hx3EruGt48oKnz8a+8Zt/MB8GA1UdIwQY
MBaAFO/qF3vMKw72TKtgTm5kJ7Gt4L9pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNy1vWGU4d3JEdlpNcTJCT2JtUW5zYTNndjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy82ZWYwOWItODAyYS00NWY3LTllN2Yt
MDZkNTMwY2VmZDhhLzEvQmZCempvZkhjU3U0YTNqeWdxZlB4cjd4bTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy82ZWYwOWItODAyYS00NWY3LTllN2YtMDZkNTMwY2VmZDhh
LzEvNy1vWGU4d3JEdlpNcTJCT2JtUW5zYTNndjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCURXgMA0E
AgACMAcDBQAqDSbAMA0GCSqGSIb3DQEBCwUAA4IBAQB0QdBQKAcrUa6CiUFwZLtc
MOgpXuqEdb4tZfNuuxTrQ0mdsxR3Yt11YDEpGHUX7/kQbSJWExGtGG9t7nC7D4w0
vTPn4MBMXcmoD83/oQDdh86boPswMGeC0uhldv2sRLH/KmgpOht9SPWKpBQTV43+
5VBBhHzk9cc4WGEi87NYFpIGFUVxTXKMnUzmmKrNSbhP+TMIY6BjAYNLu805IzMe
PtG5H7aEzcMnFdxMyQoTf2HtMCTcaa59LBUS6eopnrMSLYxMWoBp8UhCAF1M2saF
C/LppDmMTRofDb8c2p7/eUVhQ70JuvkNN6FGgK4D8zm09Cm4mB3oG1LFNPTrig2f
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:32:14 2025 by rpki-client on console.sobornost.net