Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mkjnKvKIy_M22iZX7uT3KmVSfB0.roa
File: mkjnKvKIy_M22iZX7uT3KmVSfB0.roa (raw, json)
Hash identifier: 70dd7YPTFqsNs4reenSDjtcrHn3c/acHfFxz79GNi24=
Subject key identifier: 9A:48:E7:2A:F2:88:CB:F3:36:DA:26:57:EE:E4:F7:2A:65:52:7C:1D
Certificate issuer: /CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Certificate serial: 0194222014BD1ED1BE3E5BC5B425380F151D
Authority key identifier: 99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mkjnKvKIy_M22iZX7uT3KmVSfB0.roa
Signing time: Wed 01 Jan 2025 13:48:35 +0000
ROA not before: Wed 01 Jan 2025 13:48:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6848
IP address blocks: 5.23.128.0/17 maxlen: 17
46.253.160.0/20 maxlen: 20
62.205.64.0/18 maxlen: 18
78.20.0.0/14 maxlen: 14
78.29.192.0/18 maxlen: 18
81.82.0.0/15 maxlen: 15
81.164.0.0/15 maxlen: 15
82.143.64.0/18 maxlen: 18
82.210.64.0/19 maxlen: 19
83.217.128.0/19 maxlen: 19
84.192.0.0/13 maxlen: 13
85.28.64.0/18 maxlen: 18
85.255.193.0/24 maxlen: 24
85.255.195.0/24 maxlen: 24
85.255.197.0/24 maxlen: 24
85.255.200.0/24 maxlen: 24
85.255.201.0/24 maxlen: 24
85.255.205.0/24 maxlen: 24
85.255.207.0/24 maxlen: 24
94.72.64.0/19 maxlen: 19
94.224.0.0/14 maxlen: 14
141.134.0.0/15 maxlen: 15
157.173.128.0/18 maxlen: 18
178.116.0.0/14 maxlen: 14
185.23.244.0/22 maxlen: 22
185.30.52.0/22 maxlen: 22
185.248.40.0/22 maxlen: 22
188.44.64.0/19 maxlen: 19
188.95.146.0/23 maxlen: 23
188.188.0.0/15 maxlen: 15
195.16.0.0/19 maxlen: 19
195.130.128.0/19 maxlen: 19
195.162.192.0/19 maxlen: 19
212.76.224.0/19 maxlen: 19
212.88.224.0/19 maxlen: 19
212.123.0.0/19 maxlen: 19
213.118.0.0/15 maxlen: 15
213.132.128.0/19 maxlen: 19
213.214.32.0/19 maxlen: 19
213.224.0.0/16 maxlen: 16
213.251.64.0/18 maxlen: 18
217.72.224.0/20 maxlen: 20
217.168.120.0/21 maxlen: 21
2a00:1cf8::/32 maxlen: 32
2a02:1800::/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:14:bd:1e:d1:be:3e:5b:c5:b4:25:38:0f:15:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Validity
Not Before: Jan 1 13:48:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9a48e72af288cbf336da2657eee4f72a65527c1d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:38:d5:98:f8:78:65:f6:0d:02:98:e4:e3:4e:
19:36:bd:d4:bc:72:53:ee:17:d6:b1:2d:58:6e:6a:
bf:39:66:b4:63:1d:60:8e:fe:49:1d:e4:59:49:93:
5b:46:4f:0a:76:52:44:f4:2d:a4:e2:04:7b:e4:f5:
2f:08:04:f5:4c:1b:be:ca:5f:ea:29:fb:56:de:bf:
ba:17:01:dd:66:22:40:ee:9b:56:7c:6e:90:66:44:
4c:b2:91:87:e4:a3:b3:9e:b7:0f:df:59:18:74:0b:
7b:6f:51:50:bf:ce:c7:8d:c5:e0:33:d1:0a:a5:c4:
16:77:20:29:6d:c0:1c:dd:d8:bd:7f:f3:aa:50:ca:
d2:8d:17:84:cc:0e:2a:06:9f:a3:45:38:b4:e9:2c:
5b:89:7e:cf:49:3c:88:fc:5e:d2:40:8b:6c:7a:11:
08:b3:db:a4:2f:5e:e3:41:16:4a:bf:a6:25:3f:52:
88:5c:69:be:b4:2c:0e:49:b5:55:3a:da:05:77:57:
ba:69:56:f4:1e:f6:bc:0e:58:24:70:cf:ac:b2:9c:
53:82:90:b6:e2:06:f8:d6:cb:1d:92:12:87:bd:28:
f5:ec:55:fc:d5:54:09:95:5d:1f:e4:ae:01:bf:f6:
26:79:b4:6a:19:fc:c8:f4:26:9c:83:00:f7:6d:66:
ec:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:48:E7:2A:F2:88:CB:F3:36:DA:26:57:EE:E4:F7:2A:65:52:7C:1D
X509v3 Authority Key Identifier:
keyid:99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mkjnKvKIy_M22iZX7uT3KmVSfB0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.23.128.0/17
46.253.160.0/20
62.205.64.0/18
78.20.0.0/14
78.29.192.0/18
81.82.0.0/15
81.164.0.0/15
82.143.64.0/18
82.210.64.0/19
83.217.128.0/19
84.192.0.0/13
85.28.64.0/18
85.255.193.0/24
85.255.195.0/24
85.255.197.0/24
85.255.200.0/23
85.255.205.0/24
85.255.207.0/24
94.72.64.0/19
94.224.0.0/14
141.134.0.0/15
157.173.128.0/18
178.116.0.0/14
185.23.244.0/22
185.30.52.0/22
185.248.40.0/22
188.44.64.0/19
188.95.146.0/23
188.188.0.0/15
195.16.0.0/19
195.130.128.0/19
195.162.192.0/19
212.76.224.0/19
212.88.224.0/19
212.123.0.0/19
213.118.0.0/15
213.132.128.0/19
213.214.32.0/19
213.224.0.0/16
213.251.64.0/18
217.72.224.0/20
217.168.120.0/21
IPv6:
2a00:1cf8::/32
2a02:1800::/24
Signature Algorithm: sha256WithRSAEncryption
20:a4:9c:0f:2a:3e:62:39:01:5d:a5:f4:6c:40:00:56:ef:c7:
74:88:b3:55:71:a0:ff:f3:ee:49:fe:48:a5:32:27:f8:7c:31:
39:29:3c:9b:f0:57:53:6c:de:f6:4e:74:03:33:ef:2c:d7:91:
7e:95:1c:30:91:30:38:21:95:31:8d:01:31:c3:aa:0f:a5:5d:
bc:21:2a:e2:6f:aa:f1:69:fc:d8:c9:56:0d:74:26:a2:fd:53:
8c:a8:c6:4b:73:2e:69:f9:c0:e5:7d:36:5e:50:47:2d:5c:04:
09:d4:9d:c1:87:90:11:12:9b:ed:d5:03:f9:63:10:95:32:f6:
8e:09:6a:a7:6d:72:83:68:33:5b:1c:56:2c:86:db:72:86:8e:
74:1a:67:5d:45:2f:69:8d:98:6e:e2:3c:13:c7:3d:75:88:f1:
aa:04:f3:b8:1e:e3:81:d5:e5:18:32:ae:19:67:b3:28:75:fa:
b9:7c:52:c4:c4:e3:9e:86:c4:6b:1f:f6:31:d5:23:f7:bb:4e:
3c:1e:9c:fb:79:e0:48:8c:9e:fe:c0:8b:0c:07:23:f4:e2:e9:
af:10:f1:54:ab:35:40:2e:1d:9e:77:7a:9f:83:d6:f2:26:51:
0a:f0:93:8d:d0:4a:97:e3:f8:09:ed:26:7e:f2:81:e6:48:9f:
25:cb:8c:91
-----BEGIN CERTIFICATE-----
MIIGBjCCBO6gAwIBAgISAZQiIBS9HtG+PlvFtCU4DxUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OWRmN2RjMGVkNTE4ZjFlYzY5OTc0Y2Y5OGNlY2FhZGEx
YTg2ODAwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ4ZTcyYWYyODhjYmYzMzZkYTI2NTdlZWU0ZjcyYTY1NTI3YzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTjVmPh4ZfYNApjk404ZNr3UvHJT
7hfWsS1Ybmq/OWa0Yx1gjv5JHeRZSZNbRk8KdlJE9C2k4gR75PUvCAT1TBu+yl/q
KftW3r+6FwHdZiJA7ptWfG6QZkRMspGH5KOznrcP31kYdAt7b1FQv87HjcXgM9EK
pcQWdyApbcAc3di9f/OqUMrSjReEzA4qBp+jRTi06SxbiX7PSTyI/F7SQItsehEI
s9ukL17jQRZKv6YlP1KIXGm+tCwOSbVVOtoFd1e6aVb0Hva8DlgkcM+sspxTgpC2
4gb41ssdkhKHvSj17FX81VQJlV0f5K4Bv/YmebRqGfzI9CacgwD3bWbsQQIDAQAB
o4IDEjCCAw4wHQYDVR0OBBYEFJpI5yryiMvzNtomV+7k9yplUnwdMB8GA1UdIwQY
MBaAFJmd99wO1Rjx7GmXTPmM7KraGoaAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYt
MTM4Yjc4N2RlM2UzLzEvbWtqbkt2S0l5X00yMmlaWDd1VDNLbVZTZkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYtMTM4Yjc4N2RlM2Uz
LzEvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJgYIKwYBBQUHAQcBAf8EggEVMIIBETCB+QQCAAEwgfID
BAcFF4ADBAQu/aADBAY+zUADAwJOFAMEBk4dwAMDAVFSAwMBUaQDBAZSj0ADBAVS
0kADBAVT2YADAwNUwAMEBlUcQAMEAFX/wQMEAFX/wwMEAFX/xQMEAVX/yAMEAFX/
zQMEAFX/zwMEBV5IQAMDAl7gAwMBjYYDBAadrYADAwKydAMEArkX9AMEArkeNAME
Arn4KAMEBbwsQAMEAbxfkgMDAby8AwQFwxAAAwQFw4KAAwQFw6LAAwQF1EzgAwQF
1FjgAwQF1HsAAwMB1XYDBAXVhIADBAXV1iADAwDV4AMEBtX7QAMEBNlI4AMEA9mo
eDATBAIAAjANAwUAKgAc+AMEACoCGDANBgkqhkiG9w0BAQsFAAOCAQEAIKScDyo+
YjkBXaX0bEAAVu/HdIizVXGg//PuSf5IpTIn+HwxOSk8m/BXU2ze9k50AzPvLNeR
fpUcMJEwOCGVMY0BMcOqD6VdvCEq4m+q8Wn82MlWDXQmov1TjKjGS3MuafnA5X02
XlBHLVwECdSdwYeQERKb7dUD+WMQlTL2jglqp21yg2gzWxxWLIbbcoaOdBpnXUUv
aY2YbuI8E8c9dYjxqgTzuB7jgdXlGDKuGWezKHX6uXxSxMTjnobEax/2MdUj97tO
PB6c+3ngSIye/sCLDAcj9OLprxDxVKs1QC4dnnd6n4PW8iZRCvCTjdBKl+P4Ce0m
fvKB5kifJcuMkQ==
-----END CERTIFICATE-----
Generated at Wed Jan 22 17:26:10 2025 by rpki-client on console.sobornost.net