Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/PKL-xLXtjYXiahzFZqoEsRCNiOA.roa
File: PKL-xLXtjYXiahzFZqoEsRCNiOA.roa (raw, json)
Hash identifier: Rpkn9hNDDIXXf1JwQ1dkAvJ5Khg2QBT1R7VsHD9aJkU=
Subject key identifier: 3C:A2:FE:C4:B5:ED:8D:85:E2:6A:1C:C5:66:AA:04:B1:10:8D:88:E0
Certificate issuer: /CN=e8f239a70043734172d26378bf2106ae72552187
Certificate serial: 019422FBF1042429B2A1D9E0F5B9CDCF67FF
Authority key identifier: E8:F2:39:A7:00:43:73:41:72:D2:63:78:BF:21:06:AE:72:55:21:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6PI5pwBDc0Fy0mN4vyEGrnJVIYc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/PKL-xLXtjYXiahzFZqoEsRCNiOA.roa
Signing time: Wed 01 Jan 2025 17:48:44 +0000
ROA not before: Wed 01 Jan 2025 17:48:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43846
IP address blocks: 37.0.64.0/21 maxlen: 24
79.140.144.0/20 maxlen: 24
79.140.151.0/24 maxlen: 24
89.207.192.0/21 maxlen: 24
185.12.40.0/22 maxlen: 24
185.12.43.0/24 maxlen: 24
185.80.96.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:f1:04:24:29:b2:a1:d9:e0:f5:b9:cd:cf:67:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8f239a70043734172d26378bf2106ae72552187
Validity
Not Before: Jan 1 17:48:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ca2fec4b5ed8d85e26a1cc566aa04b1108d88e0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:39:4e:b0:b5:d9:71:40:91:49:86:be:92:f4:
4a:dc:ed:7d:34:0a:14:10:75:97:51:03:65:45:2b:
26:dc:c2:f0:b0:79:e0:aa:5a:7d:51:f4:91:e9:50:
0d:54:7a:9d:e6:fb:00:80:de:c1:35:00:a4:d4:5a:
3f:ea:4b:12:32:d9:4b:78:1a:0f:97:3d:42:9c:0c:
97:10:a8:11:14:9e:26:b3:d7:33:ec:4b:4c:4e:68:
cd:a5:0b:85:fc:db:40:1c:0b:c9:b3:00:42:70:21:
1e:1d:0d:01:7a:02:26:8e:69:1b:4a:6e:3e:27:c6:
5d:e9:52:b4:f3:a7:db:bd:1d:5d:bb:77:8e:1d:a5:
49:58:6e:b8:d5:6a:48:15:dc:c7:a7:2e:fa:b8:c9:
24:72:bb:ef:f9:7a:85:2b:64:ce:f8:5b:cd:09:f3:
c6:4f:8e:a9:f5:6d:b6:10:52:4c:83:a8:64:b4:7e:
da:9c:51:cf:a3:0d:0f:e6:35:91:1a:1e:77:f4:f3:
20:83:3b:b1:01:d5:b5:1e:b0:a6:c7:07:36:fa:4d:
32:4d:e2:12:7e:52:5f:3b:83:bf:d5:c8:5c:d3:61:
3d:85:db:73:82:f9:46:24:69:86:90:d5:b2:24:60:
64:66:cf:f3:73:e7:0d:88:0a:9a:f5:f8:a8:77:9d:
46:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:A2:FE:C4:B5:ED:8D:85:E2:6A:1C:C5:66:AA:04:B1:10:8D:88:E0
X509v3 Authority Key Identifier:
keyid:E8:F2:39:A7:00:43:73:41:72:D2:63:78:BF:21:06:AE:72:55:21:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6PI5pwBDc0Fy0mN4vyEGrnJVIYc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/PKL-xLXtjYXiahzFZqoEsRCNiOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/4e902a-299f-4da7-9a6d-669bd113a178/1/6PI5pwBDc0Fy0mN4vyEGrnJVIYc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.0.64.0/21
79.140.144.0/20
89.207.192.0/21
185.12.40.0/22
185.80.96.0/22
Signature Algorithm: sha256WithRSAEncryption
3f:70:50:06:eb:3d:f4:26:58:2e:52:8d:66:78:5e:79:1d:58:
52:c5:05:9f:1a:cb:cb:da:93:ec:49:ec:dd:b2:dc:17:64:d4:
f4:0b:e9:70:c9:60:b3:33:c4:e7:25:11:c3:2d:4b:8a:3c:75:
e5:be:47:bf:79:63:46:14:4c:cc:d3:d9:c4:d5:b8:73:57:ce:
82:52:5e:1e:33:94:41:df:63:fc:c5:49:77:43:2e:6c:14:f6:
d9:ad:b4:72:a1:ae:1b:38:60:54:f7:78:1d:cb:72:88:d4:05:
04:87:90:8d:b3:fc:da:3f:b0:d6:7c:08:40:2b:25:1c:67:35:
8f:b3:f9:78:0d:02:e5:41:ec:a6:48:b9:16:86:1a:94:ed:02:
07:22:f3:15:97:a5:79:08:f8:ff:c5:6c:b6:86:73:5b:c0:df:
cd:70:e1:3c:6e:bb:6e:ab:82:4f:fb:de:c4:b1:c5:c5:0d:ab:
0b:0b:30:d6:22:20:10:e8:7e:62:ab:8a:32:25:f2:60:94:bf:
83:29:dc:c4:73:6e:e1:5b:f1:ed:fc:33:cc:aa:82:bf:5a:83:
d9:28:32:d8:0d:71:b7:ef:e4:63:4a:5e:77:87:6e:5f:74:ed:
25:3e:f4:73:6e:32:d9:86:d5:62:dc:50:1d:31:b4:fc:f1:6d:
88:ed:4d:15
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQi+/EEJCmyodng9bnNz2f/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZjIzOWE3MDA0MzczNDE3MmQyNjM3OGJmMjEwNmFlNzI1
NTIxODcwHhcNMjUwMTAxMTc0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2EyZmVjNGI1ZWQ4ZDg1ZTI2YTFjYzU2NmFhMDRiMTEwOGQ4OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjlOsLXZcUCRSYa+kvRK3O19NAoU
EHWXUQNlRSsm3MLwsHngqlp9UfSR6VANVHqd5vsAgN7BNQCk1Fo/6ksSMtlLeBoP
lz1CnAyXEKgRFJ4ms9cz7EtMTmjNpQuF/NtAHAvJswBCcCEeHQ0BegImjmkbSm4+
J8Zd6VK086fbvR1du3eOHaVJWG641WpIFdzHpy76uMkkcrvv+XqFK2TO+FvNCfPG
T46p9W22EFJMg6hktH7anFHPow0P5jWRGh539PMggzuxAdW1HrCmxwc2+k0yTeIS
flJfO4O/1chc02E9hdtzgvlGJGmGkNWyJGBkZs/zc+cNiAqa9fiod51GxwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDyi/sS17Y2F4mocxWaqBLEQjYjgMB8GA1UdIwQY
MBaAFOjyOacAQ3NBctJjeL8hBq5yVSGHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlBJNXB3QkRjMEZ5MG1ONHZ5RUdybkpWSVljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy80ZTkwMmEtMjk5Zi00ZGE3LTlhNmQt
NjY5YmQxMTNhMTc4LzEvUEtMLXhMWHRqWVhpYWh6Rlpxb0VzUkNOaU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy80ZTkwMmEtMjk5Zi00ZGE3LTlhNmQtNjY5YmQxMTNhMTc4
LzEvNlBJNXB3QkRjMEZ5MG1ONHZ5RUdybkpWSVljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDJQBAAwQE
T4yQAwQDWc/AAwQCuQwoAwQCuVBgMA0GCSqGSIb3DQEBCwUAA4IBAQA/cFAG6z30
JlguUo1meF55HVhSxQWfGsvL2pPsSezdstwXZNT0C+lwyWCzM8TnJRHDLUuKPHXl
vke/eWNGFEzM09nE1bhzV86CUl4eM5RB32P8xUl3Qy5sFPbZrbRyoa4bOGBU93gd
y3KI1AUEh5CNs/zaP7DWfAhAKyUcZzWPs/l4DQLlQeymSLkWhhqU7QIHIvMVl6V5
CPj/xWy2hnNbwN/NcOE8brtuq4JP+97EscXFDasLCzDWIiAQ6H5iq4oyJfJglL+D
KdzEc27hW/Ht/DPMqoK/WoPZKDLYDXG37+RjSl53h25fdO0lPvRzbjLZhtVi3FAd
MbT88W2I7U0V
-----END CERTIFICATE-----
Generated at Thu Apr 24 22:33:48 2025 by rpki-client