Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/9a10bf-57b5-4954-a94b-13b2ab7ebebf/1/lbLvWDzRvxb9IY6TZML-k_lPFjs.roa
File: lbLvWDzRvxb9IY6TZML-k_lPFjs.roa (raw, json)
Hash identifier: eMXp1AhfmcXvlVSF7ts/yyOe6MkNpS4RJGmZwUgriZg=
Subject key identifier: 95:B2:EF:58:3C:D1:BF:16:FD:21:8E:93:64:C2:FE:93:F9:4F:16:3B
Certificate issuer: /CN=5ae2c2e1164d674eac0eb7c9cfee3868455e9f1d
Certificate serial: 01856FE6F844E737F1C1854FB9647F78EDC6
Authority key identifier: 5A:E2:C2:E1:16:4D:67:4E:AC:0E:B7:C9:CF:EE:38:68:45:5E:9F:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WuLC4RZNZ06sDrfJz-44aEVenx0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/9a10bf-57b5-4954-a94b-13b2ab7ebebf/1/lbLvWDzRvxb9IY6TZML-k_lPFjs.roa
Signing time: Mon 02 Jan 2023 00:34:45 +0000
ROA not before: Mon 02 Jan 2023 00:34:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203498
IP address blocks: 185.254.212.0/22 maxlen: 22
2a0c:5647::/32 maxlen: 32
2a0c:5642::/32 maxlen: 32
2a0c:5641::/32 maxlen: 32
2a0c:5645::/32 maxlen: 32
2a0c:5640::/29 maxlen: 29
2a0c:5646::/32 maxlen: 32
2a0c:5644::/32 maxlen: 32
2a0c:5643::/32 maxlen: 32
2a0c:5640::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:e6:f8:44:e7:37:f1:c1:85:4f:b9:64:7f:78:ed:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ae2c2e1164d674eac0eb7c9cfee3868455e9f1d
Validity
Not Before: Jan 2 00:34:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=95b2ef583cd1bf16fd218e9364c2fe93f94f163b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:3b:0f:c8:a5:d5:4f:e9:de:87:b9:94:95:58:
30:1d:77:ad:4d:4f:87:98:95:b1:b8:1c:a4:22:e7:
c7:4c:09:e6:a7:ee:e6:98:c4:2e:94:8e:06:c4:af:
ed:76:ec:04:31:bd:0f:f8:55:a5:d7:d5:88:38:0b:
b7:fd:6f:77:d4:57:52:71:0a:83:48:17:7a:ef:81:
07:bc:00:e6:cb:91:b8:ed:39:95:53:1c:6d:60:2a:
07:93:0f:19:69:64:30:e5:5f:9f:62:4f:4d:d1:ef:
5c:ab:92:59:c4:8a:d5:a2:da:10:3c:d1:f4:05:e6:
6b:82:6b:f9:12:56:9b:87:30:32:30:66:e7:c8:d7:
9a:e0:b4:64:89:d1:39:08:5f:97:2a:f3:5d:48:d0:
9d:4b:b7:cc:bc:b8:c5:01:c1:91:10:1f:88:92:c4:
ec:2d:5a:86:63:1c:04:a0:16:1a:2a:10:23:23:f9:
6c:a4:5b:75:98:ab:08:99:a0:63:39:f4:fc:02:da:
52:ed:15:e0:d7:80:85:63:66:6a:50:e9:e5:3c:78:
60:95:14:9e:a7:dc:d7:12:9d:fb:1f:e4:95:ca:b2:
a8:90:78:63:5c:b1:9c:54:ea:db:9e:39:92:81:e9:
0f:83:2e:d7:ca:8f:3b:d9:04:0b:80:36:e4:7e:a3:
33:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:B2:EF:58:3C:D1:BF:16:FD:21:8E:93:64:C2:FE:93:F9:4F:16:3B
X509v3 Authority Key Identifier:
keyid:5A:E2:C2:E1:16:4D:67:4E:AC:0E:B7:C9:CF:EE:38:68:45:5E:9F:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WuLC4RZNZ06sDrfJz-44aEVenx0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/9a10bf-57b5-4954-a94b-13b2ab7ebebf/1/lbLvWDzRvxb9IY6TZML-k_lPFjs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/9a10bf-57b5-4954-a94b-13b2ab7ebebf/1/WuLC4RZNZ06sDrfJz-44aEVenx0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.254.212.0/22
IPv6:
2a0c:5640::/29
Signature Algorithm: sha256WithRSAEncryption
cb:d5:3f:07:fb:1b:e1:bb:60:42:19:84:02:a9:9a:d6:00:2a:
a4:45:2d:1e:f8:eb:30:68:e9:b2:25:71:5c:52:1e:62:10:eb:
b9:c1:72:e6:02:b4:c6:d4:42:a1:5d:de:f0:5d:87:ce:a2:1a:
30:87:23:48:8a:28:2e:b1:46:e8:42:8c:ff:35:cc:db:a5:fa:
8e:cd:73:3f:0f:a6:68:9e:a8:d0:16:66:ec:11:31:d7:32:60:
23:66:05:65:c0:6a:01:2b:6f:2a:4a:ed:4d:a7:61:d5:0a:83:
18:42:05:28:10:86:eb:bc:23:b2:94:7a:f2:c4:97:bd:02:be:
79:02:8b:66:8f:db:f9:92:0a:51:22:ae:ea:d5:6f:bd:16:74:
23:85:ec:cd:df:6c:de:1a:33:2d:d7:fb:69:59:0e:bd:a9:5e:
a8:2a:0c:ac:43:86:b9:0b:00:f6:86:aa:d8:1a:6c:fb:02:85:
ac:64:0b:0c:9f:c3:56:e1:44:6a:42:d0:91:a6:5a:23:02:1e:
13:48:10:0f:56:97:05:8f:84:c6:c6:b6:96:b0:0e:16:22:4c:
4f:3f:4c:90:5c:9f:6e:be:b7:5d:04:13:d4:45:38:35:b1:0b:
cd:72:84:16:31:f5:8d:73:16:44:0c:c5:4f:d9:6b:d2:a4:0d:
98:d2:ab:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVv5vhE5zfxwYVPuWR/eO3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZTJjMmUxMTY0ZDY3NGVhYzBlYjdjOWNmZWUzODY4NDU1
ZTlmMWQwHhcNMjMwMTAyMDAzNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIyZWY1ODNjZDFiZjE2ZmQyMThlOTM2NGMyZmU5M2Y5NGYxNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTsPyKXVT+neh7mUlVgwHXetTU+H
mJWxuBykIufHTAnmp+7mmMQulI4GxK/tduwEMb0P+FWl19WIOAu3/W931FdScQqD
SBd674EHvADmy5G47TmVUxxtYCoHkw8ZaWQw5V+fYk9N0e9cq5JZxIrVotoQPNH0
BeZrgmv5ElabhzAyMGbnyNea4LRkidE5CF+XKvNdSNCdS7fMvLjFAcGREB+IksTs
LVqGYxwEoBYaKhAjI/lspFt1mKsImaBjOfT8AtpS7RXg14CFY2ZqUOnlPHhglRSe
p9zXEp37H+SVyrKokHhjXLGcVOrbnjmSgekPgy7Xyo872QQLgDbkfqMzLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJWy71g80b8W/SGOk2TC/pP5TxY7MB8GA1UdIwQY
MBaAFFriwuEWTWdOrA63yc/uOGhFXp8dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3VMQzRSWk5aMDZzRHJmSnotNDRhRVZlbngwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC85YTEwYmYtNTdiNS00OTU0LWE5NGIt
MTNiMmFiN2ViZWJmLzEvbGJMdldEelJ2eGI5SVk2VFpNTC1rX2xQRmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC85YTEwYmYtNTdiNS00OTU0LWE5NGItMTNiMmFiN2ViZWJm
LzEvV3VMQzRSWk5aMDZzRHJmSnotNDRhRVZlbngwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf7UMA0E
AgACMAcDBQMqDFZAMA0GCSqGSIb3DQEBCwUAA4IBAQDL1T8H+xvhu2BCGYQCqZrW
ACqkRS0e+OswaOmyJXFcUh5iEOu5wXLmArTG1EKhXd7wXYfOohowhyNIiigusUbo
Qoz/NczbpfqOzXM/D6ZonqjQFmbsETHXMmAjZgVlwGoBK28qSu1Np2HVCoMYQgUo
EIbrvCOylHryxJe9Ar55Aotmj9v5kgpRIq7q1W+9FnQjhezN32zeGjMt1/tpWQ69
qV6oKgysQ4a5CwD2hqrYGmz7AoWsZAsMn8NW4URqQtCRplojAh4TSBAPVpcFj4TG
xraWsA4WIkxPP0yQXJ9uvrddBBPURTg1sQvNcoQWMfWNcxZEDMVP2WvSpA2Y0qsm
-----END CERTIFICATE-----
Generated at Mon May 12 10:54:19 2025 by rpki-client