Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/a35bc9-72e6-4979-b462-bb4a8672cc0c/1/CFfUxIFh9E3XN1EntjmEwUZAUfA.roa
File: CFfUxIFh9E3XN1EntjmEwUZAUfA.roa (raw, json)
Hash identifier: LKtIJVn3SPxlyKkXSz+8d7gF12Vd76h6cTs7tmGxKjM=
Subject key identifier: 08:57:D4:C4:81:61:F4:4D:D7:37:51:27:B6:39:84:C1:46:40:51:F0
Certificate issuer: /CN=325a8b688deadbb91efbe0772308bac9f304a533
Certificate serial: 0194214423B12C1DF7E9A184F73F89651FCB
Authority key identifier: 32:5A:8B:68:8D:EA:DB:B9:1E:FB:E0:77:23:08:BA:C9:F3:04:A5:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MlqLaI3q27ke--B3Iwi6yfMEpTM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/a35bc9-72e6-4979-b462-bb4a8672cc0c/1/CFfUxIFh9E3XN1EntjmEwUZAUfA.roa
Signing time: Wed 01 Jan 2025 09:48:20 +0000
ROA not before: Wed 01 Jan 2025 09:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213158
IP address blocks: 91.205.231.0/24 maxlen: 24
2a0b:6640::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:23:b1:2c:1d:f7:e9:a1:84:f7:3f:89:65:1f:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=325a8b688deadbb91efbe0772308bac9f304a533
Validity
Not Before: Jan 1 09:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0857d4c48161f44dd7375127b63984c1464051f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:f6:ea:82:0d:f4:09:a4:7d:d1:cf:02:4f:a0:
ff:24:28:ed:e0:3f:26:0e:9d:bc:99:e7:18:96:49:
5c:ab:c2:58:cc:b0:02:49:af:3c:c9:5c:72:16:67:
40:a4:02:1c:0f:27:13:0d:40:06:fe:4f:bf:4b:14:
69:21:ce:f6:b5:3b:a7:15:9e:5a:97:7a:3a:ae:6e:
7a:e1:30:da:8f:a7:6c:eb:17:53:12:3d:49:0f:c4:
41:ef:1d:0d:52:39:bc:57:b3:bb:46:af:ab:38:37:
ac:ec:c0:14:d9:eb:3c:54:75:ea:98:96:70:47:2e:
c9:ba:a4:ef:64:a3:f8:8a:7e:92:bb:d7:1a:d5:55:
aa:20:c6:c7:9f:bf:5c:c1:c9:90:2e:8a:ec:f6:ea:
a9:bf:71:34:e3:fc:53:40:30:62:62:f8:eb:af:c2:
dc:83:72:68:f6:cc:c5:e0:0f:78:76:a7:2f:48:90:
d9:8d:2b:62:71:94:cc:9f:37:48:3b:41:6f:67:1b:
23:1e:7e:2d:27:02:f5:cb:97:f4:5e:da:ea:ec:d7:
ab:39:5d:0b:fa:c8:1f:0d:f1:d5:ef:2e:af:36:97:
3c:66:7b:17:f3:8d:d2:7d:02:21:43:18:b7:b0:19:
23:ee:59:6d:09:29:6a:8e:1d:3f:d7:41:98:98:13:
92:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:57:D4:C4:81:61:F4:4D:D7:37:51:27:B6:39:84:C1:46:40:51:F0
X509v3 Authority Key Identifier:
keyid:32:5A:8B:68:8D:EA:DB:B9:1E:FB:E0:77:23:08:BA:C9:F3:04:A5:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MlqLaI3q27ke--B3Iwi6yfMEpTM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a35bc9-72e6-4979-b462-bb4a8672cc0c/1/CFfUxIFh9E3XN1EntjmEwUZAUfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/a35bc9-72e6-4979-b462-bb4a8672cc0c/1/MlqLaI3q27ke--B3Iwi6yfMEpTM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.205.231.0/24
IPv6:
2a0b:6640::/29
Signature Algorithm: sha256WithRSAEncryption
29:20:17:c1:bf:c2:eb:3e:24:2f:10:52:4f:15:b1:8a:23:9e:
6c:1d:98:97:f8:9f:cd:b9:cc:9d:19:37:9d:ea:3b:64:ab:73:
f0:4e:da:99:b4:94:d6:07:ce:6c:db:e3:97:a4:5e:ae:e8:02:
24:09:30:10:fd:1a:d8:71:af:2d:54:0a:91:f2:06:13:44:f4:
68:b8:48:0c:1d:d5:7c:3f:37:a7:1f:44:ae:3a:f3:22:83:b2:
e9:c2:6c:1f:ba:a0:ad:31:c9:d5:ed:15:4b:e0:c4:22:c5:4e:
21:84:1f:73:ba:35:d8:64:49:07:88:01:63:7c:4a:45:3a:90:
35:f7:fe:d2:a6:fb:3b:03:14:51:e2:85:85:65:7f:31:4b:52:
72:6d:00:62:2d:79:b3:a8:ba:97:14:1a:08:88:1d:b0:75:8f:
b4:6d:56:e6:aa:2a:77:5a:0d:69:b7:73:e0:45:de:e8:d4:85:
18:4c:4a:8b:ab:be:d3:28:cb:de:61:80:c9:c2:da:82:e3:4b:
a0:bc:44:68:65:e5:39:9d:a5:8e:9a:39:10:88:1d:d7:31:07:
e8:42:4c:68:72:f8:be:46:e6:bb:95:12:2c:a1:70:40:fa:10:
b6:1c:8c:d1:89:d3:aa:fb:43:ba:fc:60:6d:65:ad:7d:fe:2f:
32:f9:39:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRCOxLB336aGE9z+JZR/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNWE4YjY4OGRlYWRiYjkxZWZiZTA3NzIzMDhiYWM5ZjMw
NGE1MzMwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU3ZDRjNDgxNjFmNDRkZDczNzUxMjdiNjM5ODRjMTQ2NDA1MWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/bqgg30CaR90c8CT6D/JCjt4D8m
Dp28mecYlklcq8JYzLACSa88yVxyFmdApAIcDycTDUAG/k+/SxRpIc72tTunFZ5a
l3o6rm564TDaj6ds6xdTEj1JD8RB7x0NUjm8V7O7Rq+rODes7MAU2es8VHXqmJZw
Ry7JuqTvZKP4in6Su9ca1VWqIMbHn79cwcmQLors9uqpv3E04/xTQDBiYvjrr8Lc
g3Jo9szF4A94dqcvSJDZjSticZTMnzdIO0FvZxsjHn4tJwL1y5f0Xtrq7NerOV0L
+sgfDfHV7y6vNpc8ZnsX843SfQIhQxi3sBkj7lltCSlqjh0/10GYmBOSbQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhX1MSBYfRN1zdRJ7Y5hMFGQFHwMB8GA1UdIwQY
MBaAFDJai2iN6tu5HvvgdyMIusnzBKUzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWxxTGFJM3EyN2tlLS1CM0l3aTZ5Zk1FcFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hMzViYzktNzJlNi00OTc5LWI0NjIt
YmI0YTg2NzJjYzBjLzEvQ0ZmVXhJRmg5RTNYTjFFbnRqbUV3VVpBVWZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hMzViYzktNzJlNi00OTc5LWI0NjItYmI0YTg2NzJjYzBj
LzEvTWxxTGFJM3EyN2tlLS1CM0l3aTZ5Zk1FcFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW83nMA0E
AgACMAcDBQMqC2ZAMA0GCSqGSIb3DQEBCwUAA4IBAQApIBfBv8LrPiQvEFJPFbGK
I55sHZiX+J/NucydGTed6jtkq3PwTtqZtJTWB85s2+OXpF6u6AIkCTAQ/RrYca8t
VAqR8gYTRPRouEgMHdV8PzenH0SuOvMig7LpwmwfuqCtMcnV7RVL4MQixU4hhB9z
ujXYZEkHiAFjfEpFOpA19/7Spvs7AxRR4oWFZX8xS1JybQBiLXmzqLqXFBoIiB2w
dY+0bVbmqip3Wg1pt3PgRd7o1IUYTEqLq77TKMveYYDJwtqC40ugvERoZeU5naWO
mjkQiB3XMQfoQkxocvi+Rua7lRIsoXBA+hC2HIzRidOq+0O6/GBtZa19/i8y+Tl+
-----END CERTIFICATE-----
Generated at Fri Apr 25 10:02:22 2025 by rpki-client