Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/yQp3lf1OVxhMQ-si3fJCgBiD3so.roa
File: yQp3lf1OVxhMQ-si3fJCgBiD3so.roa (raw, json)
Hash identifier: 2hMAD2c5ISOXJtDVu0nTlgQQryv7G6wnTPw6jHWepts=
Subject key identifier: C9:0A:77:95:FD:4E:57:18:4C:43:EB:22:DD:F2:42:80:18:83:DE:CA
Certificate issuer: /CN=e9c4cd4118ddffee56e885663795547a1de3f98a
Certificate serial: 019422FC1DD6E2C4F0CD633CDCFBDD101904
Authority key identifier: E9:C4:CD:41:18:DD:FF:EE:56:E8:85:66:37:95:54:7A:1D:E3:F9:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/yQp3lf1OVxhMQ-si3fJCgBiD3so.roa
Signing time: Wed 01 Jan 2025 17:48:55 +0000
ROA not before: Wed 01 Jan 2025 17:48:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35426
IP address blocks: 85.208.144.0/22 maxlen: 24
2a09:8740::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fc:1d:d6:e2:c4:f0:cd:63:3c:dc:fb:dd:10:19:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e9c4cd4118ddffee56e885663795547a1de3f98a
Validity
Not Before: Jan 1 17:48:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c90a7795fd4e57184c43eb22ddf242801883deca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:bb:5c:58:d2:64:df:c5:4a:a6:a7:d0:76:c4:
dc:1f:10:c5:9b:2f:91:84:32:f5:5d:5c:e5:5e:70:
6b:73:91:bc:63:f5:0d:93:b7:f8:b2:b8:53:3d:66:
08:cb:db:c6:12:c0:97:95:e8:08:fb:e5:3b:c3:90:
77:0e:04:7e:e9:8a:34:13:e4:25:be:ca:ff:96:fe:
c7:24:bc:be:d0:e6:7a:d0:25:10:f5:38:9a:7c:85:
85:2b:7e:79:bb:26:8d:b6:ef:4c:77:f1:12:48:1d:
64:22:49:d9:84:e8:13:d0:96:50:19:d6:25:b9:42:
0d:5b:fb:2e:24:79:39:e1:86:c5:b5:61:dc:b2:2c:
a3:b3:fc:55:21:2c:0c:1f:35:c9:da:bf:21:08:0a:
97:60:ca:6e:99:28:90:a7:0e:4e:98:70:e3:48:79:
f5:e2:ac:54:13:f7:f5:e2:53:8b:24:9b:0f:a9:0d:
c8:4c:01:35:7e:f8:2e:fb:92:32:0b:59:d0:a5:0b:
6d:c3:2a:cb:a3:86:f6:8a:d0:2f:63:15:93:48:f7:
de:c3:c3:8b:ca:4c:f1:52:5f:4c:ab:4e:31:48:92:
5d:49:b8:2a:78:48:9d:26:78:94:da:ed:bc:49:a4:
c2:63:48:83:b3:20:51:9e:1e:2c:59:fc:fa:e4:04:
f0:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:0A:77:95:FD:4E:57:18:4C:43:EB:22:DD:F2:42:80:18:83:DE:CA
X509v3 Authority Key Identifier:
keyid:E9:C4:CD:41:18:DD:FF:EE:56:E8:85:66:37:95:54:7A:1D:E3:F9:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/yQp3lf1OVxhMQ-si3fJCgBiD3so.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/3f7da4-3631-4b03-ba84-6cb2d3b4437c/1/6cTNQRjd_-5W6IVmN5VUeh3j-Yo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.144.0/22
IPv6:
2a09:8740::/29
Signature Algorithm: sha256WithRSAEncryption
76:73:2e:28:e8:62:89:1f:1c:12:2f:08:69:3f:6a:ff:31:3c:
cc:7b:9a:4a:40:19:7e:63:14:68:ae:2a:78:03:f3:48:2c:bc:
25:92:a1:8d:88:e4:f3:66:21:07:04:23:7a:d3:0b:9e:6f:04:
5d:dd:eb:8b:b1:f2:2d:82:ec:d2:69:bb:33:a3:fd:d1:72:11:
90:b4:58:a0:61:77:48:3f:2f:3c:39:6f:c9:f5:9b:fe:99:c8:
06:78:12:01:1d:67:01:69:d8:6b:46:95:4d:7e:4c:2b:4f:ec:
ef:17:e4:1c:c9:84:9b:20:31:31:fa:79:5d:d8:38:55:99:cb:
99:2d:6c:92:0a:52:39:0f:43:9a:db:92:63:6c:f4:5e:23:67:
09:58:39:7b:ec:4a:0a:ea:c3:11:e6:1f:ec:43:38:ef:e1:1a:
e8:a1:5a:15:2b:8f:b6:0d:9b:04:ef:b5:a7:4c:2c:de:4f:5a:
d5:b8:91:8e:74:39:31:d2:fa:b8:30:7e:c4:e6:fe:b6:8e:f9:
eb:fc:0c:f8:ac:fa:db:87:a5:f8:ec:63:18:61:4d:c6:a3:02:
dc:c1:4f:c0:76:fe:c7:32:5c:d7:da:38:11:88:2b:ec:3b:4a:
16:49:86:21:22:c7:39:b2:81:f4:6d:84:37:ec:35:1d:7f:94:
93:c2:57:90
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi/B3W4sTwzWM83PvdEBkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5YzRjZDQxMThkZGZmZWU1NmU4ODU2NjM3OTU1NDdhMWRl
M2Y5OGEwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTBhNzc5NWZkNGU1NzE4NGM0M2ViMjJkZGYyNDI4MDE4ODNkZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLtcWNJk38VKpqfQdsTcHxDFmy+R
hDL1XVzlXnBrc5G8Y/UNk7f4srhTPWYIy9vGEsCXlegI++U7w5B3DgR+6Yo0E+Ql
vsr/lv7HJLy+0OZ60CUQ9TiafIWFK355uyaNtu9Md/ESSB1kIknZhOgT0JZQGdYl
uUINW/suJHk54YbFtWHcsiyjs/xVISwMHzXJ2r8hCAqXYMpumSiQpw5OmHDjSHn1
4qxUE/f14lOLJJsPqQ3ITAE1fvgu+5IyC1nQpQttwyrLo4b2itAvYxWTSPfew8OL
ykzxUl9Mq04xSJJdSbgqeEidJniU2u28SaTCY0iDsyBRnh4sWfz65ATwUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMkKd5X9TlcYTEPrIt3yQoAYg97KMB8GA1UdIwQY
MBaAFOnEzUEY3f/uVuiFZjeVVHod4/mKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmNUTlFSamRfLTVXNklWbU41VlVlaDNqLVlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8zZjdkYTQtMzYzMS00YjAzLWJhODQt
NmNiMmQzYjQ0MzdjLzEveVFwM2xmMU9WeGhNUS1zaTNmSkNnQmlEM3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8zZjdkYTQtMzYzMS00YjAzLWJhODQtNmNiMmQzYjQ0Mzdj
LzEvNmNUTlFSamRfLTVXNklWbU41VlVlaDNqLVlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdCQMA0E
AgACMAcDBQMqCYdAMA0GCSqGSIb3DQEBCwUAA4IBAQB2cy4o6GKJHxwSLwhpP2r/
MTzMe5pKQBl+YxRorip4A/NILLwlkqGNiOTzZiEHBCN60wuebwRd3euLsfItguzS
abszo/3RchGQtFigYXdIPy88OW/J9Zv+mcgGeBIBHWcBadhrRpVNfkwrT+zvF+Qc
yYSbIDEx+nld2DhVmcuZLWySClI5D0Oa25JjbPReI2cJWDl77EoK6sMR5h/sQzjv
4RrooVoVK4+2DZsE77WnTCzeT1rVuJGOdDkx0vq4MH7E5v62jvnr/Az4rPrbh6X4
7GMYYU3GowLcwU/Adv7HMlzX2jgRiCvsO0oWSYYhIsc5soH0bYQ37DUdf5STwleQ
-----END CERTIFICATE-----
Generated at Fri Apr 25 20:59:03 2025 by rpki-client