Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/QR-XfIkw00mD51XnwCvsG-9T89w.roa
File: QR-XfIkw00mD51XnwCvsG-9T89w.roa (raw, json)
Hash identifier: a0XDBbD/tQURYMLpVooHaNMf9NXfcD/rGt0gapo+gwA=
Subject key identifier: 41:1F:97:7C:89:30:D3:49:83:E7:55:E7:C0:2B:EC:1B:EF:53:F3:DC
Certificate issuer: /CN=6f20c1aae03c274f029428eea0a4424208d4f3ed
Certificate serial: 019422FB7505108819436BA8027598399FEC
Authority key identifier: 6F:20:C1:AA:E0:3C:27:4F:02:94:28:EE:A0:A4:42:42:08:D4:F3:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/byDBquA8J08ClCjuoKRCQgjU8-0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/QR-XfIkw00mD51XnwCvsG-9T89w.roa
Signing time: Wed 01 Jan 2025 17:48:12 +0000
ROA not before: Wed 01 Jan 2025 17:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206602
IP address blocks: 185.245.144.0/22 maxlen: 22
185.245.144.0/24 maxlen: 24
185.245.145.0/24 maxlen: 24
185.245.146.0/24 maxlen: 24
185.245.147.0/24 maxlen: 24
2a12:bcc0::/29 maxlen: 29
2a12:bcc0:1::/48 maxlen: 48
2a12:bcc0:2::/48 maxlen: 48
2a12:bcc0:101::/48 maxlen: 48
2a12:bcc0:102::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:75:05:10:88:19:43:6b:a8:02:75:98:39:9f:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6f20c1aae03c274f029428eea0a4424208d4f3ed
Validity
Not Before: Jan 1 17:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=411f977c8930d34983e755e7c02bec1bef53f3dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:52:33:7f:2e:85:85:0d:1d:8a:50:1b:9b:a5:
be:9e:ce:f2:45:90:74:f6:1a:d1:58:0e:08:0d:b1:
a8:69:28:76:83:0f:57:9c:7b:13:f2:9d:cd:46:00:
42:cb:ec:ce:74:a2:50:e7:0e:4e:0e:50:a7:c2:f8:
e2:f1:59:4e:ae:7f:1a:3f:19:4c:62:25:0b:b9:92:
76:20:34:d3:4d:75:79:57:53:9b:79:95:42:c7:2b:
d6:d7:64:e3:0c:f1:1b:4a:f4:54:0c:25:73:07:0d:
b7:5a:2d:e8:5a:c0:d0:80:30:d6:63:0e:51:28:9a:
c1:ed:91:97:43:94:75:50:ba:42:d2:af:69:68:c9:
3d:73:1c:a1:46:1c:91:3b:5a:f5:f3:07:38:d1:30:
35:53:40:4a:e5:3a:4c:9f:0a:1c:01:3c:24:5e:6e:
a2:75:70:8a:ec:f6:f6:6b:13:03:f9:40:3a:cc:4d:
99:0c:22:2b:d2:08:b1:67:72:57:ad:9b:cc:53:77:
99:9a:ca:90:6e:f5:fe:c7:41:24:80:c7:58:c7:29:
6e:4e:22:80:c3:96:33:c2:5c:72:a3:29:60:6e:e6:
19:13:1e:15:11:d4:de:0f:2a:7c:21:51:03:e1:15:
21:ad:bf:28:6a:68:45:bb:f6:8a:1e:62:2d:6f:65:
c6:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:1F:97:7C:89:30:D3:49:83:E7:55:E7:C0:2B:EC:1B:EF:53:F3:DC
X509v3 Authority Key Identifier:
keyid:6F:20:C1:AA:E0:3C:27:4F:02:94:28:EE:A0:A4:42:42:08:D4:F3:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/byDBquA8J08ClCjuoKRCQgjU8-0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/QR-XfIkw00mD51XnwCvsG-9T89w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/7e4ba7-f592-4eec-bcae-095d0bd2555f/1/byDBquA8J08ClCjuoKRCQgjU8-0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.245.144.0/22
IPv6:
2a12:bcc0::/29
Signature Algorithm: sha256WithRSAEncryption
15:83:1b:99:96:75:c6:89:5b:ea:08:81:2a:2d:15:89:e3:83:
ee:00:67:99:f0:ea:72:38:83:b6:e1:20:32:2c:cb:30:99:8d:
88:d4:9b:69:a1:d2:e5:09:b9:ab:c5:31:46:a9:1f:34:0a:bf:
82:43:6b:e2:9c:0c:58:86:5d:86:85:07:18:c4:76:4a:b4:f2:
dd:eb:e8:7d:ad:91:5e:40:2f:d5:f3:9c:a6:37:de:31:e7:0a:
44:f0:55:ce:9b:d0:1e:72:98:64:79:ef:f5:32:d5:24:fd:8c:
55:dd:6c:11:ff:90:66:eb:cd:f7:a7:27:ff:52:b3:d6:35:06:
f9:b0:97:8b:9a:8f:00:62:ab:78:1f:1b:5a:20:3c:93:16:03:
ec:35:40:ae:9f:24:42:d0:21:19:3a:68:7f:c9:df:65:9e:c7:
58:47:ed:d2:89:d1:47:2e:fd:20:be:e2:57:c0:b7:3c:76:8b:
7c:3d:fd:35:6e:4d:cb:ad:5e:05:80:3c:e4:5c:5b:23:7e:6b:
42:d6:53:44:64:a3:70:1b:b2:4c:3c:27:0a:54:37:63:4c:6b:
d4:57:8e:7d:7a:fc:25:05:7f:fa:0f:bf:02:38:32:40:df:c4:
36:06:5c:0b:9d:9e:63:66:73:44:4e:e5:b0:98:e0:a0:e3:4a:
45:92:6b:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+3UFEIgZQ2uoAnWYOZ/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMjBjMWFhZTAzYzI3NGYwMjk0MjhlZWEwYTQ0MjQyMDhk
NGYzZWQwHhcNMjUwMTAxMTc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFmOTc3Yzg5MzBkMzQ5ODNlNzU1ZTdjMDJiZWMxYmVmNTNmM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVIzfy6FhQ0dilAbm6W+ns7yRZB0
9hrRWA4IDbGoaSh2gw9XnHsT8p3NRgBCy+zOdKJQ5w5ODlCnwvji8VlOrn8aPxlM
YiULuZJ2IDTTTXV5V1ObeZVCxyvW12TjDPEbSvRUDCVzBw23Wi3oWsDQgDDWYw5R
KJrB7ZGXQ5R1ULpC0q9paMk9cxyhRhyRO1r18wc40TA1U0BK5TpMnwocATwkXm6i
dXCK7Pb2axMD+UA6zE2ZDCIr0gixZ3JXrZvMU3eZmsqQbvX+x0EkgMdYxyluTiKA
w5YzwlxyoylgbuYZEx4VEdTeDyp8IVED4RUhrb8oamhFu/aKHmItb2XG3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEEfl3yJMNNJg+dV58Ar7BvvU/PcMB8GA1UdIwQY
MBaAFG8gwargPCdPApQo7qCkQkII1PPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnlEQnF1QThKMDhDbENqdW9LUkNRZ2pVOC0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS83ZTRiYTctZjU5Mi00ZWVjLWJjYWUt
MDk1ZDBiZDI1NTVmLzEvUVItWGZJa3cwMG1ENTFYbndDdnNHLTlUODl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS83ZTRiYTctZjU5Mi00ZWVjLWJjYWUtMDk1ZDBiZDI1NTVm
LzEvYnlEQnF1QThKMDhDbENqdW9LUkNRZ2pVOC0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufWQMA0E
AgACMAcDBQMqErzAMA0GCSqGSIb3DQEBCwUAA4IBAQAVgxuZlnXGiVvqCIEqLRWJ
44PuAGeZ8OpyOIO24SAyLMswmY2I1JtpodLlCbmrxTFGqR80Cr+CQ2vinAxYhl2G
hQcYxHZKtPLd6+h9rZFeQC/V85ymN94x5wpE8FXOm9Aecphkee/1MtUk/YxV3WwR
/5Bm6833pyf/UrPWNQb5sJeLmo8AYqt4HxtaIDyTFgPsNUCunyRC0CEZOmh/yd9l
nsdYR+3SidFHLv0gvuJXwLc8dot8Pf01bk3LrV4FgDzkXFsjfmtC1lNEZKNwG7JM
PCcKVDdjTGvUV459evwlBX/6D78CODJA38Q2BlwLnZ5jZnNETuWwmOCg40pFkmu0
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:06:32 2025 by rpki-client