Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3lzsZYQeToAZVDxuh2681oRW8Tg.roa
File: 3lzsZYQeToAZVDxuh2681oRW8Tg.roa (raw, json)
Hash identifier: kxZSaMyLDeYcU1WIMKDSG66jtncX59lsPhs+PJwgtGA=
Subject key identifier: DE:5C:EC:65:84:1E:4E:80:19:54:3C:6E:87:6E:BC:D6:84:56:F1:38
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 0195F5F2956CA2A76AA18D267290FFDA8736
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3lzsZYQeToAZVDxuh2681oRW8Tg.roa
Signing time: Wed 02 Apr 2025 10:01:10 +0000
ROA not before: Wed 02 Apr 2025 10:01:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57169
IP address blocks: 192.36.38.0/24 maxlen: 24
192.36.39.0/24 maxlen: 24
192.36.41.0/24 maxlen: 24
192.36.56.0/24 maxlen: 24
192.36.61.0/24 maxlen: 24
192.71.26.0/24 maxlen: 24
192.71.233.0/24 maxlen: 24
192.121.16.0/24 maxlen: 24
192.121.17.0/24 maxlen: 24
192.121.163.0/24 maxlen: 24
192.121.171.0/24 maxlen: 24
193.235.147.0/24 maxlen: 24
194.68.225.0/24 maxlen: 24
194.71.107.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f5:f2:95:6c:a2:a7:6a:a1:8d:26:72:90:ff:da:87:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Apr 2 10:01:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de5cec65841e4e8019543c6e876ebcd68456f138
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:10:3b:13:66:cc:35:ad:b2:47:45:d1:71:69:
21:83:16:9d:eb:29:84:49:87:e5:8c:31:46:a1:28:
d6:8e:cb:25:59:78:28:52:ce:75:e4:5c:7d:a2:4d:
76:eb:bd:3e:36:d5:1d:50:89:b0:3c:a8:33:94:91:
d4:c6:47:07:29:fc:e5:48:44:1c:90:77:af:9d:1f:
d9:cc:ac:b6:05:94:8f:a5:ad:ca:05:8b:79:7c:51:
52:81:cd:24:38:13:94:6f:49:52:d4:00:eb:e0:7c:
65:ed:d9:75:fc:c9:74:cf:39:e6:cf:7a:a7:03:fb:
57:74:99:0b:72:9e:52:33:b5:be:84:95:50:c1:82:
f4:ca:e3:16:08:f1:9f:0a:01:81:70:2d:0e:a6:88:
b1:c9:ab:a4:5c:2e:3e:8a:45:64:88:ff:a3:10:79:
6e:3a:ce:3b:78:51:30:4f:2a:7c:0d:00:7d:9a:9f:
38:f5:34:aa:72:49:b6:6b:66:99:71:0e:75:a5:2e:
2c:47:32:e4:be:09:2b:c1:6f:1a:f1:3d:f9:3b:83:
e3:5d:88:83:a3:b6:70:a1:25:d8:9f:be:e7:4e:fb:
21:92:01:01:41:b1:e3:69:23:23:30:41:27:25:29:
2d:89:bd:b1:2e:88:c5:35:03:c5:b5:d7:d5:7a:33:
58:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:5C:EC:65:84:1E:4E:80:19:54:3C:6E:87:6E:BC:D6:84:56:F1:38
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3lzsZYQeToAZVDxuh2681oRW8Tg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.36.38.0/23
192.36.41.0/24
192.36.56.0/24
192.36.61.0/24
192.71.26.0/24
192.71.233.0/24
192.121.16.0/23
192.121.163.0/24
192.121.171.0/24
193.235.147.0/24
194.68.225.0/24
194.71.107.0/24
Signature Algorithm: sha256WithRSAEncryption
02:9e:fb:52:89:7f:aa:ad:17:f3:e2:cd:d3:9f:4a:ce:10:08:
24:9f:e3:06:88:18:b2:c3:c4:bc:3b:62:16:71:df:a8:bd:3e:
6e:f3:8d:50:9d:06:20:50:b9:c1:6a:b0:15:b7:bd:32:d4:ba:
4c:e2:36:4f:a5:83:9e:c3:3a:41:7d:1c:ff:35:d7:48:8c:1d:
5b:e6:3f:24:db:47:76:ef:19:3d:59:15:b7:c5:31:63:05:5e:
86:3d:8e:0f:a2:fc:d6:d4:c3:0c:c2:85:56:0a:36:08:91:dc:
b0:1c:22:71:cc:c8:fb:b3:bb:23:ab:c6:b2:42:4e:85:d3:b8:
db:16:1e:6b:2f:24:d5:84:00:8d:68:fd:39:5b:31:00:98:2c:
2a:49:2e:77:88:85:20:44:4d:f0:8c:93:75:0e:d7:01:96:a4:
f7:0e:fb:bc:a6:5e:bd:2c:ca:f2:74:43:42:ef:96:bf:92:2b:
24:d7:42:b9:35:5a:ed:e6:9f:ef:e7:b1:00:2b:63:2c:5b:d6:
01:b6:52:75:f3:73:26:7b:23:62:47:b5:e1:f5:a2:99:b8:41:
fa:50:ee:35:b9:39:12:06:69:cc:af:42:85:43:44:ac:91:e8:
5a:43:0b:0f:1e:4c:5b:d0:5a:2f:5c:95:0d:d7:36:a3:d6:99:
95:3e:8c:e0
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZX18pVsoqdqoY0mcpD/2oc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNDAyMTAwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTVjZWM2NTg0MWU0ZTgwMTk1NDNjNmU4NzZlYmNkNjg0NTZmMTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBA7E2bMNa2yR0XRcWkhgxad6ymE
SYfljDFGoSjWjsslWXgoUs515Fx9ok12670+NtUdUImwPKgzlJHUxkcHKfzlSEQc
kHevnR/ZzKy2BZSPpa3KBYt5fFFSgc0kOBOUb0lS1ADr4Hxl7dl1/Ml0zznmz3qn
A/tXdJkLcp5SM7W+hJVQwYL0yuMWCPGfCgGBcC0OpoixyaukXC4+ikVkiP+jEHlu
Os47eFEwTyp8DQB9mp849TSqckm2a2aZcQ51pS4sRzLkvgkrwW8a8T35O4PjXYiD
o7ZwoSXYn77nTvshkgEBQbHjaSMjMEEnJSktib2xLojFNQPFtdfVejNYdQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFN5c7GWEHk6AGVQ8boduvNaEVvE4MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvM2x6c1pZUWVUb0FaVkR4dWgyNjgxb1JXOFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBwCQmAwQA
wCQpAwQAwCQ4AwQAwCQ9AwQAwEcaAwQAwEfpAwQBwHkQAwQAwHmjAwQAwHmrAwQA
weuTAwQAwkThAwQAwkdrMA0GCSqGSIb3DQEBCwUAA4IBAQACnvtSiX+qrRfz4s3T
n0rOEAgkn+MGiBiyw8S8O2IWcd+ovT5u841QnQYgULnBarAVt70y1LpM4jZPpYOe
wzpBfRz/NddIjB1b5j8k20d27xk9WRW3xTFjBV6GPY4PovzW1MMMwoVWCjYIkdyw
HCJxzMj7s7sjq8ayQk6F07jbFh5rLyTVhACNaP05WzEAmCwqSS53iIUgRE3wjJN1
DtcBlqT3Dvu8pl69LMrydENC75a/kisk10K5NVrt5p/v57EAK2MsW9YBtlJ183Mm
eyNiR7Xh9aKZuEH6UO41uTkSBmnMr0KFQ0SskehaQwsPHkxb0FovXJUN1zaj1pmV
Pozg
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:32:17 2025 by rpki-client on console.sobornost.net