Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/tGFTGSnJNIlzfxIoLgNLXj1nGhU.roa
File: tGFTGSnJNIlzfxIoLgNLXj1nGhU.roa (raw, json)
Hash identifier: A9xa5ygiM/4HLJEJoVAkCni6Zz/wFAcDt38BJETCKSI=
Subject key identifier: B4:61:53:19:29:C9:34:89:73:7F:12:28:2E:03:4B:5E:3D:67:1A:15
Certificate issuer: /CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Certificate serial: 019423D74D06A5FDF60D275E5622BBEC8F38
Authority key identifier: D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/tGFTGSnJNIlzfxIoLgNLXj1nGhU.roa
Signing time: Wed 01 Jan 2025 21:48:20 +0000
ROA not before: Wed 01 Jan 2025 21:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12430
IP address blocks: 2.152.0.0/14 maxlen: 17
2.152.0.0/16 maxlen: 16
2.154.0.0/16 maxlen: 16
2.154.192.0/18 maxlen: 18
5.40.0.0/16 maxlen: 16
62.42.0.0/15 maxlen: 16
62.57.0.0/16 maxlen: 16
62.81.0.0/16 maxlen: 24
62.82.0.0/15 maxlen: 16
62.100.96.0/19 maxlen: 19
62.101.160.0/19 maxlen: 19
62.117.128.0/17 maxlen: 17
62.174.0.0/15 maxlen: 19
79.108.0.0/15 maxlen: 18
80.173.0.0/16 maxlen: 17
80.174.0.0/16 maxlen: 17
80.224.0.0/16 maxlen: 16
81.60.0.0/15 maxlen: 18
81.172.0.0/17 maxlen: 17
81.184.0.0/16 maxlen: 16
81.202.0.0/15 maxlen: 15
82.158.0.0/15 maxlen: 16
82.213.128.0/18 maxlen: 18
83.138.192.0/18 maxlen: 18
83.173.128.0/18 maxlen: 18
84.120.0.0/13 maxlen: 19
84.127.229.0/24 maxlen: 24
85.136.0.0/15 maxlen: 15
85.155.0.0/16 maxlen: 16
85.155.174.0/24 maxlen: 24
85.219.0.0/17 maxlen: 17
85.251.0.0/16 maxlen: 17
89.140.0.0/16 maxlen: 16
89.141.0.0/16 maxlen: 16
95.39.0.0/16 maxlen: 19
185.128.128.0/22 maxlen: 24
194.106.0.0/19 maxlen: 19
194.140.128.0/18 maxlen: 18
194.149.192.0/19 maxlen: 19
212.21.224.0/19 maxlen: 19
212.22.32.0/19 maxlen: 20
212.40.224.0/19 maxlen: 19
212.40.224.0/24 maxlen: 24
212.78.128.0/19 maxlen: 19
212.79.128.0/19 maxlen: 19
212.95.192.0/19 maxlen: 19
212.97.160.0/19 maxlen: 19
212.122.96.0/19 maxlen: 19
212.183.192.0/18 maxlen: 18
213.37.0.0/16 maxlen: 16
213.201.0.0/17 maxlen: 17
213.227.0.0/18 maxlen: 18
213.231.64.0/18 maxlen: 18
213.254.64.0/18 maxlen: 18
217.216.0.0/15 maxlen: 15
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:4d:06:a5:fd:f6:0d:27:5e:56:22:bb:ec:8f:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d434f1686102876c6216bcea28a5e502ec0d7b6b
Validity
Not Before: Jan 1 21:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b461531929c93489737f12282e034b5e3d671a15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:48:1d:15:f7:e1:f6:e4:41:8f:7c:44:8e:8a:
3e:89:41:21:3f:84:0c:3a:0d:8b:ab:c3:d4:d7:7c:
5c:c5:3e:37:ce:95:db:33:13:2a:70:e1:19:ed:8e:
97:fb:19:97:80:19:cc:36:05:8a:8b:c7:06:6d:bd:
b4:ca:fe:5d:98:13:5e:69:37:75:97:21:69:d3:2b:
78:2d:10:42:43:5c:d4:0c:54:6a:6a:a5:ba:cd:eb:
05:df:7a:e5:48:21:ff:d6:d9:10:bd:2e:c6:58:74:
a7:cb:c3:c9:9f:7c:f8:e6:67:38:3a:8a:de:a3:2e:
d2:46:a4:be:56:3b:23:e9:f0:91:2b:05:aa:4c:47:
ff:ba:63:63:a5:f3:60:9f:e7:00:67:5c:37:a8:33:
ce:39:31:12:a6:92:31:9f:67:57:63:89:bd:b5:c0:
4d:e6:b0:f9:32:a9:9d:d1:06:2d:c9:c5:64:c3:dd:
99:66:16:b8:74:c7:eb:be:55:40:6b:24:36:24:0d:
92:6e:51:32:cb:1e:b4:ce:88:b5:fb:4c:a0:73:ff:
63:09:c3:03:5f:9f:bc:3a:c1:a9:9e:5d:97:45:5e:
ff:5d:07:29:69:f1:a6:e2:f9:33:13:64:f1:04:d3:
d1:04:ea:3b:5e:55:61:cd:c4:c0:14:f5:e0:12:84:
82:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:61:53:19:29:C9:34:89:73:7F:12:28:2E:03:4B:5E:3D:67:1A:15
X509v3 Authority Key Identifier:
keyid:D4:34:F1:68:61:02:87:6C:62:16:BC:EA:28:A5:E5:02:EC:0D:7B:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DTxaGECh2xiFrzqKKXlAuwNe2s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/tGFTGSnJNIlzfxIoLgNLXj1nGhU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726bb4-5d87-402d-91ce-5712d95ae638/1/1DTxaGECh2xiFrzqKKXlAuwNe2s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.152.0.0/14
5.40.0.0/16
62.42.0.0/15
62.57.0.0/16
62.81.0.0-62.83.255.255
62.100.96.0/19
62.101.160.0/19
62.117.128.0/17
62.174.0.0/15
79.108.0.0/15
80.173.0.0-80.174.255.255
80.224.0.0/16
81.60.0.0/15
81.172.0.0/17
81.184.0.0/16
81.202.0.0/15
82.158.0.0/15
82.213.128.0/18
83.138.192.0/18
83.173.128.0/18
84.120.0.0/13
85.136.0.0/15
85.155.0.0/16
85.219.0.0/17
85.251.0.0/16
89.140.0.0/15
95.39.0.0/16
185.128.128.0/22
194.106.0.0/19
194.140.128.0/18
194.149.192.0/19
212.21.224.0/19
212.22.32.0/19
212.40.224.0/19
212.78.128.0/19
212.79.128.0/19
212.95.192.0/19
212.97.160.0/19
212.122.96.0/19
212.183.192.0/18
213.37.0.0/16
213.201.0.0/17
213.227.0.0/18
213.231.64.0/18
213.254.64.0/18
217.216.0.0/15
Signature Algorithm: sha256WithRSAEncryption
78:81:58:39:d0:87:ff:19:88:d6:1d:32:8a:62:b3:a0:01:3c:
18:53:65:bc:af:12:0f:a3:9e:4f:59:d0:96:95:e6:1e:a4:b1:
b8:56:a9:b0:f7:1c:7a:51:e5:4b:05:02:6b:ab:bd:db:9f:a7:
1e:7b:c3:33:29:23:3f:9c:20:c2:d2:77:59:7b:a1:58:c5:4f:
bc:99:e6:dc:2d:6a:15:c4:01:3a:b6:94:91:9c:54:2a:7a:a2:
67:21:c9:68:00:1c:07:b2:47:94:82:96:ed:e3:e8:a5:b4:58:
36:83:46:74:b7:f6:d9:e0:12:60:05:f0:e9:48:f2:a0:2c:9b:
66:16:3a:8f:25:ba:fd:6b:f3:51:24:b9:00:99:58:eb:be:ca:
92:49:4e:94:06:eb:e7:d3:ff:8d:66:24:ac:72:df:4e:bf:fc:
6f:cd:32:d8:75:8c:3f:82:0e:84:7f:2a:a2:e0:08:36:2a:74:
41:61:00:3e:b8:9d:82:4d:35:dd:66:7e:bc:42:d6:aa:dd:ac:
ed:92:91:64:62:25:0e:ce:f8:a1:ab:75:1d:a0:cf:73:bc:b0:
58:a9:98:ec:b0:81:5d:57:81:14:9a:1a:7c:d5:dc:bf:df:b9:
2f:fc:f3:ab:2f:97:a6:9e:34:42:8f:15:78:de:46:d1:51:00:
53:4d:cd:09
-----BEGIN CERTIFICATE-----
MIIGDjCCBPagAwIBAgISAZQj100Gpf32DSdeViK77I84MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0MzRmMTY4NjEwMjg3NmM2MjE2YmNlYTI4YTVlNTAyZWMw
ZDdiNmIwHhcNMjUwMTAxMjE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDYxNTMxOTI5YzkzNDg5NzM3ZjEyMjgyZTAzNGI1ZTNkNjcxYTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EgdFffh9uRBj3xEjoo+iUEhP4QM
Og2Lq8PU13xcxT43zpXbMxMqcOEZ7Y6X+xmXgBnMNgWKi8cGbb20yv5dmBNeaTd1
lyFp0yt4LRBCQ1zUDFRqaqW6zesF33rlSCH/1tkQvS7GWHSny8PJn3z45mc4Oore
oy7SRqS+Vjsj6fCRKwWqTEf/umNjpfNgn+cAZ1w3qDPOOTESppIxn2dXY4m9tcBN
5rD5Mqmd0QYtycVkw92ZZha4dMfrvlVAayQ2JA2SblEyyx60zoi1+0ygc/9jCcMD
X5+8OsGpnl2XRV7/XQcpafGm4vkzE2TxBNPRBOo7XlVhzcTAFPXgEoSCFQIDAQAB
o4IDGjCCAxYwHQYDVR0OBBYEFLRhUxkpyTSJc38SKC4DS149ZxoVMB8GA1UdIwQY
MBaAFNQ08WhhAodsYha86iil5QLsDXtrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2Ut
NTcxMmQ5NWFlNjM4LzEvdEdGVEdTbkpOSWx6ZnhJb0xnTkxYajFuR2hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiYjQtNWQ4Ny00MDJkLTkxY2UtNTcxMmQ5NWFlNjM4
LzEvMURUeGFHRUNoMnhpRnJ6cUtLWGxBdXdOZTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLgYIKwYBBQUHAQcBAf8EggEdMIIBGTCCARUEAgABMIIB
DQMDAgKYAwMABSgDAwE+KgMDAD45MAoDAwA+UQMDAj5QAwQFPmRgAwQFPmWgAwQH
PnWAAwMBPq4DAwFPbDAKAwMAUK0DAwBQrgMDAFDgAwMBUTwDBAdRrAADAwBRuAMD
AVHKAwMBUp4DBAZS1YADBAZTisADBAZTrYADAwNUeAMDAVWIAwMAVZsDBAdV2wAD
AwBV+wMDAVmMAwMAXycDBAK5gIADBAXCagADBAbCjIADBAXClcADBAXUFeADBAXU
FiADBAXUKOADBAXUToADBAXUT4ADBAXUX8ADBAXUYaADBAXUemADBAbUt8ADAwDV
JQMEB9XJAAMEBtXjAAMEBtXnQAMEBtX+QAMDAdnYMA0GCSqGSIb3DQEBCwUAA4IB
AQB4gVg50If/GYjWHTKKYrOgATwYU2W8rxIPo55PWdCWleYepLG4Vqmw9xx6UeVL
BQJrq73bn6cee8MzKSM/nCDC0ndZe6FYxU+8mebcLWoVxAE6tpSRnFQqeqJnIclo
ABwHskeUgpbt4+iltFg2g0Z0t/bZ4BJgBfDpSPKgLJtmFjqPJbr9a/NRJLkAmVjr
vsqSSU6UBuvn0/+NZiSsct9Ov/xvzTLYdYw/gg6Efyqi4Ag2KnRBYQA+uJ2CTTXd
Zn68Qtaq3aztkpFkYiUOzvihq3UdoM9zvLBYqZjssIFdV4EUmhp81dy/37kv/POr
L5emnjRCjxV43kbRUQBTTc0J
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:33:07 2025 by rpki-client on console.sobornost.net