Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yqh6DixmAH0URk2hstSUVRfyMvQ.roa
File: yqh6DixmAH0URk2hstSUVRfyMvQ.roa (raw, json)
Hash identifier: f+vqMJ6ialM8fXxp4dNUeeDnJF2B7hZw4YLbzyjxus4=
Subject key identifier: CA:A8:7A:0E:2C:66:00:7D:14:46:4D:A1:B2:D4:94:55:17:F2:32:F4
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01942824A61CB999937F14D9680C29A6BCFE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yqh6DixmAH0URk2hstSUVRfyMvQ.roa
Signing time: Thu 02 Jan 2025 17:51:17 +0000
ROA not before: Thu 02 Jan 2025 17:51:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200019
IP address blocks: 185.216.68.0/24 maxlen: 24
194.48.248.0/24 maxlen: 24
2a00:1728:3e::/48 maxlen: 48
2a00:1728:3f::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:a6:1c:b9:99:93:7f:14:d9:68:0c:29:a6:bc:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 17:51:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=caa87a0e2c66007d14464da1b2d4945517f232f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:dc:e7:08:8b:86:79:a8:cc:3a:f7:24:5a:77:
30:8a:88:d0:e2:a8:04:38:05:0f:3e:24:aa:22:08:
ff:f7:77:8f:fd:de:bd:d0:23:ac:9e:b0:5c:12:5c:
26:bb:a5:20:a8:b2:f9:4f:e0:22:7a:71:a4:fd:93:
73:39:c1:37:37:ad:98:80:f1:e2:06:cf:40:1e:43:
00:9a:9a:c0:7d:82:8f:6c:2f:19:79:d6:29:96:b9:
6d:75:c8:71:64:73:0d:c9:a4:24:a7:60:cd:94:dd:
85:a7:aa:88:1e:80:d0:a6:fd:85:46:6f:18:d3:66:
8b:b8:c8:1b:b6:ea:5d:56:53:12:fb:f1:0e:11:82:
e0:06:e1:dd:e0:87:a7:bf:9e:f5:d7:ea:5e:2a:a3:
a2:e2:9a:0e:02:8e:a3:54:cd:05:8b:39:a6:ef:b9:
15:f5:53:a0:5a:3b:ca:0c:5f:7f:57:4b:a0:1d:8b:
5f:cb:9a:5e:ca:72:4e:a0:98:b1:fe:8f:c5:34:17:
a3:a2:b3:c2:d3:be:d7:6f:cc:2d:b7:17:af:f4:e0:
18:2f:44:02:f3:68:a9:3e:9d:78:3c:e9:a2:8f:53:
bf:88:58:2a:0d:60:1c:ad:50:6b:3f:dd:02:12:18:
13:0f:17:0a:47:d0:4d:46:f4:48:65:1c:3d:b2:f5:
8f:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:A8:7A:0E:2C:66:00:7D:14:46:4D:A1:B2:D4:94:55:17:F2:32:F4
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yqh6DixmAH0URk2hstSUVRfyMvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.216.68.0/24
194.48.248.0/24
IPv6:
2a00:1728:3e::/47
Signature Algorithm: sha256WithRSAEncryption
6c:d4:74:53:a5:d7:58:39:01:eb:70:3f:1d:dd:bd:06:85:a3:
8c:9b:b4:05:ee:8f:29:a8:a1:9e:c5:13:4d:b7:1e:22:06:ad:
ca:6b:74:b8:f2:fd:fa:74:5a:4e:70:6a:66:29:62:dd:32:53:
42:5c:14:b5:7e:8f:98:89:41:48:86:f4:51:60:41:7a:bc:dc:
ff:b5:8a:bd:db:74:34:5d:3b:b9:8a:43:b4:8b:c1:99:fc:d6:
27:98:2a:38:66:40:b8:df:9b:b6:f2:3c:33:26:b9:a2:4f:e9:
31:21:cf:06:b8:ef:32:b1:d8:f9:6c:1f:4d:cb:f4:4a:e3:5f:
eb:d7:7b:ea:f2:a9:50:5a:de:99:a5:b7:19:32:02:3b:7e:7c:
e0:e6:2a:f7:e6:0b:b4:46:38:44:cf:1e:5e:eb:f9:de:a3:2d:
e1:92:37:7f:73:d0:4d:07:43:22:b5:49:36:96:59:ac:d9:08:
5f:10:b9:47:92:01:35:eb:56:e6:44:8a:ec:48:b9:17:ea:d8:
de:25:d7:ea:79:76:29:4c:5a:7b:ab:b6:15:4d:30:74:ef:63:
5c:46:d5:b2:e4:54:5f:4e:66:7f:c5:d1:fc:fd:ef:a0:8c:55:
62:ef:f2:85:26:f9:6e:36:40:3c:17:d1:aa:60:9a:b8:e4:c1:
e8:24:b3:93
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQoJKYcuZmTfxTZaAwpprz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWE4N2EwZTJjNjYwMDdkMTQ0NjRkYTFiMmQ0OTQ1NTE3ZjIzMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNznCIuGeajMOvckWncwiojQ4qgE
OAUPPiSqIgj/93eP/d690COsnrBcElwmu6UgqLL5T+AienGk/ZNzOcE3N62YgPHi
Bs9AHkMAmprAfYKPbC8ZedYplrltdchxZHMNyaQkp2DNlN2Fp6qIHoDQpv2FRm8Y
02aLuMgbtupdVlMS+/EOEYLgBuHd4Ienv5711+peKqOi4poOAo6jVM0Fizmm77kV
9VOgWjvKDF9/V0ugHYtfy5peynJOoJix/o/FNBejorPC077Xb8wttxev9OAYL0QC
82ipPp14POmij1O/iFgqDWAcrVBrP90CEhgTDxcKR9BNRvRIZRw9svWPGwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMqoeg4sZgB9FEZNobLUlFUX8jL0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveXFoNkRpeG1BSDBVUmsyaHN0U1VWUmZ5TXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAudhEAwQA
wjD4MA8EAgACMAkDBwEqABcoAD4wDQYJKoZIhvcNAQELBQADggEBAGzUdFOl11g5
AetwPx3dvQaFo4ybtAXujymooZ7FE023HiIGrcprdLjy/fp0Wk5wamYpYt0yU0Jc
FLV+j5iJQUiG9FFgQXq83P+1ir3bdDRdO7mKQ7SLwZn81ieYKjhmQLjfm7byPDMm
uaJP6TEhzwa47zKx2PlsH03L9ErjX+vXe+ryqVBa3pmltxkyAjt+fODmKvfmC7RG
OETPHl7r+d6jLeGSN39z0E0HQyK1STaWWazZCF8QuUeSATXrVuZEiuxIuRfq2N4l
1+p5dilMWnurthVNMHTvY1xG1bLkVF9OZn/F0fz976CMVWLv8oUm+W42QDwX0apg
mrjkwegks5M=
-----END CERTIFICATE-----
Generated at Fri Apr 25 12:23:13 2025 by rpki-client