Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/S2TXSI-3n25IfgGnM4uuJwml268.roa
File: S2TXSI-3n25IfgGnM4uuJwml268.roa (raw, json)
Hash identifier: DAgFF4qJxC/k8JOz+sB1Q1cvXx4PDaouIru4SXZXgbU=
Subject key identifier: 4B:64:D7:48:8F:B7:9F:6E:48:7E:01:A7:33:8B:AE:27:09:A5:DB:AF
Certificate issuer: /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial: 019424451359ABBAFA877296F674B4A850BE
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/S2TXSI-3n25IfgGnM4uuJwml268.roa
Signing time: Wed 01 Jan 2025 23:48:14 +0000
ROA not before: Wed 01 Jan 2025 23:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57809
IP address blocks: 85.14.166.0/23 maxlen: 23
85.14.174.0/24 maxlen: 24
85.14.178.0/23 maxlen: 23
109.74.84.0/23 maxlen: 23
109.74.91.0/24 maxlen: 24
217.171.23.0/24 maxlen: 24
217.171.28.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:13:59:ab:ba:fa:87:72:96:f6:74:b4:a8:50:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Validity
Not Before: Jan 1 23:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b64d7488fb79f6e487e01a7338bae2709a5dbaf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:0f:83:2d:bb:c7:3b:94:a4:a1:31:b3:55:08:
19:02:2e:98:17:56:97:d5:84:91:21:5a:49:cd:7b:
52:78:70:29:11:65:0b:5c:40:85:f3:e4:49:91:80:
5a:5d:5b:2f:1b:f9:2a:56:f2:39:0a:5d:14:54:2c:
fc:0c:51:54:ed:ff:bf:72:d8:bc:b5:8c:ba:4a:e2:
45:c9:4b:63:a3:de:1c:3a:b1:af:20:5f:ef:9d:d1:
79:5c:48:7a:8d:6e:56:1e:c8:c4:68:a7:f5:32:83:
a2:d5:bc:5e:4f:76:4a:f7:49:ab:51:ef:78:e0:f2:
c9:ae:e0:b3:cb:ec:4c:c7:c1:3c:38:9b:78:cb:ed:
be:80:ba:ee:31:ce:54:dd:8c:be:e1:11:a0:8e:64:
de:0b:02:e6:42:56:7b:97:18:35:ab:64:5a:9b:8d:
a4:c0:9a:0e:b1:15:df:50:c9:3b:1f:cc:ea:8a:70:
00:51:f6:33:dd:0e:6b:33:c8:d9:56:5c:55:28:60:
0b:bd:9e:4f:87:b7:9a:a9:d8:70:a9:60:0e:8f:79:
c8:ab:8f:da:ad:10:30:84:fe:44:df:78:71:9b:a0:
17:a0:a8:91:5f:09:c5:82:b5:71:f0:73:6d:8b:b3:
20:35:97:ab:98:0a:2a:0f:82:96:6e:87:a5:6b:99:
ec:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:64:D7:48:8F:B7:9F:6E:48:7E:01:A7:33:8B:AE:27:09:A5:DB:AF
X509v3 Authority Key Identifier:
keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/S2TXSI-3n25IfgGnM4uuJwml268.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.14.166.0/23
85.14.174.0/24
85.14.178.0/23
109.74.84.0/23
109.74.91.0/24
217.171.23.0/24
217.171.28.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:19:a2:fd:d8:40:66:12:6c:d0:78:e1:ec:c2:92:3b:6a:71:
d9:80:78:4c:08:55:bc:53:6e:84:bb:9c:b5:48:c8:ef:0d:77:
63:f6:45:65:ad:1c:87:72:c8:16:d9:63:16:ab:39:3e:26:23:
7e:6f:8a:0e:76:15:cf:d5:64:c1:9e:f5:1d:e8:5c:8b:e2:a1:
79:ce:a3:11:e9:24:21:34:11:46:77:13:eb:37:90:27:1a:b3:
12:06:31:8b:d0:63:72:5d:1b:ec:c7:6c:c9:37:45:92:0d:eb:
dc:69:ad:c3:ed:58:63:5b:58:7e:23:ae:27:6a:bd:26:c3:5d:
f0:12:8a:1e:ae:d1:f0:0f:d9:39:47:1e:f2:73:55:f3:af:0c:
db:86:ac:ab:8a:a1:45:b0:43:04:8e:0f:f9:fd:12:cc:04:45:
a2:73:17:63:dd:f7:a0:9c:fc:5b:77:4a:41:c1:6d:2c:6d:9b:
ce:5d:c7:a3:84:77:fc:9d:d1:08:03:2c:54:a6:06:4f:03:b3:
11:33:f6:04:df:b6:36:12:21:5d:0b:e3:b2:ee:c8:a1:1a:d1:
cf:b2:41:4c:fd:b0:c4:58:64:6d:3b:d2:06:31:1e:b1:cb:d8:
24:6e:66:cf:19:a3:91:ad:b2:83:9a:ef:0a:23:ca:62:42:ca:
2d:e0:ef:47
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQkRRNZq7r6h3KW9nS0qFC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjY0ZDc0ODhmYjc5ZjZlNDg3ZTAxYTczMzhiYWUyNzA5YTVkYmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQ+DLbvHO5SkoTGzVQgZAi6YF1aX
1YSRIVpJzXtSeHApEWULXECF8+RJkYBaXVsvG/kqVvI5Cl0UVCz8DFFU7f+/cti8
tYy6SuJFyUtjo94cOrGvIF/vndF5XEh6jW5WHsjEaKf1MoOi1bxeT3ZK90mrUe94
4PLJruCzy+xMx8E8OJt4y+2+gLruMc5U3Yy+4RGgjmTeCwLmQlZ7lxg1q2Ram42k
wJoOsRXfUMk7H8zqinAAUfYz3Q5rM8jZVlxVKGALvZ5Ph7eaqdhwqWAOj3nIq4/a
rRAwhP5E33hxm6AXoKiRXwnFgrVx8HNti7MgNZermAoqD4KWboela5ns/QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFEtk10iPt59uSH4BpzOLricJpduvMB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEvUzJUWFNJLTNuMjVJZmdHbk00dXVKd21sMjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBVQ6mAwQA
VQ6uAwQBVQ6yAwQBbUpUAwQAbUpbAwQA2asXAwQA2ascMA0GCSqGSIb3DQEBCwUA
A4IBAQAaGaL92EBmEmzQeOHswpI7anHZgHhMCFW8U26Eu5y1SMjvDXdj9kVlrRyH
csgW2WMWqzk+JiN+b4oOdhXP1WTBnvUd6FyL4qF5zqMR6SQhNBFGdxPrN5AnGrMS
BjGL0GNyXRvsx2zJN0WSDevcaa3D7VhjW1h+I64nar0mw13wEooertHwD9k5Rx7y
c1XzrwzbhqyriqFFsEMEjg/5/RLMBEWicxdj3fegnPxbd0pBwW0sbZvOXcejhHf8
ndEIAyxUpgZPA7MRM/YE37Y2EiFdC+Oy7sihGtHPskFM/bDEWGRtO9IGMR6xy9gk
bmbPGaORrbKDmu8KI8piQsot4O9H
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:32:37 2025 by rpki-client