Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/20a767-7b41-463b-a6c9-5fc8e6327889/1/iqbUC3RkeGwfkGzLdhu1vTKXGrY.roa
File: iqbUC3RkeGwfkGzLdhu1vTKXGrY.roa (raw, json)
Hash identifier: RaEnfZTaOx7WzFEEDktbraYPhjg7MFND4IvOcK58KYI=
Subject key identifier: 8A:A6:D4:0B:74:64:78:6C:1F:90:6C:CB:76:1B:B5:BD:32:97:1A:B6
Certificate issuer: /CN=b1427bdcd47c78431f662a08589005acb50b9341
Certificate serial: 0194228D09B40DB6A30B90B19E9E5C90FD25
Authority key identifier: B1:42:7B:DC:D4:7C:78:43:1F:66:2A:08:58:90:05:AC:B5:0B:93:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sUJ73NR8eEMfZioIWJAFrLULk0E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/20a767-7b41-463b-a6c9-5fc8e6327889/1/iqbUC3RkeGwfkGzLdhu1vTKXGrY.roa
Signing time: Wed 01 Jan 2025 15:47:35 +0000
ROA not before: Wed 01 Jan 2025 15:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8749
IP address blocks: 91.234.54.0/24 maxlen: 24
91.235.148.0/24 maxlen: 24
91.235.241.0/24 maxlen: 24
91.236.12.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:09:b4:0d:b6:a3:0b:90:b1:9e:9e:5c:90:fd:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1427bdcd47c78431f662a08589005acb50b9341
Validity
Not Before: Jan 1 15:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8aa6d40b7464786c1f906ccb761bb5bd32971ab6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:53:43:a0:f3:69:3b:c0:c2:a3:f0:71:9a:44:
85:cc:dc:1a:d9:68:a0:24:2e:04:36:23:d0:31:90:
5a:3f:37:43:66:51:f0:d1:ac:be:c2:1e:2d:ad:5a:
e6:f3:6b:b1:5f:a8:87:8a:88:93:1f:61:a7:39:4c:
27:b5:0c:06:ff:18:f6:0c:ec:e8:14:36:bd:43:4b:
34:11:f0:38:56:0f:a7:cd:47:55:48:66:d1:fe:e1:
0a:98:c7:fe:eb:b8:11:6b:d2:76:9b:d2:ca:54:8c:
13:a5:c8:aa:01:8b:53:f6:62:1d:e5:18:2a:ad:e4:
56:4f:4d:85:e5:91:a8:85:de:26:f6:ad:a5:b4:16:
5c:37:a6:ee:55:44:0c:b9:5f:9c:8d:db:8a:c6:c0:
a2:90:90:5f:a5:90:18:ee:4a:b5:19:d5:9c:bb:d4:
d5:24:6e:93:39:89:44:cb:66:36:a2:73:2c:e3:a3:
b4:cf:13:9d:24:46:bb:13:46:98:9f:9e:41:3f:59:
d7:6c:44:56:b8:5a:97:1c:e6:29:3e:e8:23:57:fc:
65:53:1d:26:4c:d5:ed:89:8e:be:f7:67:75:cb:18:
15:ea:9a:cf:2d:3e:4a:7e:53:f8:71:f9:00:90:1a:
7b:dc:2e:b5:48:ad:9e:10:a8:e2:67:ff:f5:a1:1f:
b4:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:A6:D4:0B:74:64:78:6C:1F:90:6C:CB:76:1B:B5:BD:32:97:1A:B6
X509v3 Authority Key Identifier:
keyid:B1:42:7B:DC:D4:7C:78:43:1F:66:2A:08:58:90:05:AC:B5:0B:93:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sUJ73NR8eEMfZioIWJAFrLULk0E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/20a767-7b41-463b-a6c9-5fc8e6327889/1/iqbUC3RkeGwfkGzLdhu1vTKXGrY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/20a767-7b41-463b-a6c9-5fc8e6327889/1/sUJ73NR8eEMfZioIWJAFrLULk0E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.234.54.0/24
91.235.148.0/24
91.235.241.0/24
91.236.12.0/24
Signature Algorithm: sha256WithRSAEncryption
c3:60:77:69:07:f0:01:55:9f:72:04:1b:ae:d4:8f:44:c4:31:
a1:bf:84:4c:d4:9e:7a:0e:4a:12:98:ff:8a:8c:23:39:7b:9d:
74:20:53:01:2d:ea:53:cb:5e:c4:78:cf:0f:ce:9d:36:64:54:
90:2d:69:bf:80:8a:5e:ae:e1:74:53:8b:4b:1a:bb:02:60:76:
99:04:eb:44:ed:bb:a9:6c:61:a7:a0:55:02:0b:8a:08:c6:45:
2e:ce:d3:95:39:87:68:b4:36:b7:8d:11:3b:c5:e8:d4:db:de:
58:1c:41:10:50:fc:04:f2:9a:2e:6c:91:d2:a4:c9:67:17:73:
85:4b:89:60:27:5a:8a:7b:b1:b2:33:7b:78:a4:df:25:0e:d6:
14:70:c3:78:07:97:2a:d6:bd:46:4b:0e:98:4e:20:1f:43:19:
33:83:14:e3:d5:bb:99:36:15:5a:7e:35:bc:f4:48:34:b6:7f:
89:a1:45:45:bf:24:ce:17:3f:70:dc:d8:6e:47:11:3f:91:46:
ac:ce:cc:b2:29:36:d0:3e:6c:6f:94:5f:36:50:7a:74:65:51:
c5:ab:1d:fe:0a:84:57:6a:0b:2f:1a:e7:b7:bb:03:fb:4a:89:
5e:4c:18:3b:1d:68:59:b8:56:35:13:98:76:f7:a9:2c:3f:2f:
4f:0b:2e:4c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQijQm0DbajC5Cxnp5ckP0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNDI3YmRjZDQ3Yzc4NDMxZjY2MmEwODU4OTAwNWFjYjUw
YjkzNDEwHhcNMjUwMTAxMTU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWE2ZDQwYjc0NjQ3ODZjMWY5MDZjY2I3NjFiYjViZDMyOTcxYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlNDoPNpO8DCo/BxmkSFzNwa2Wig
JC4ENiPQMZBaPzdDZlHw0ay+wh4trVrm82uxX6iHioiTH2GnOUwntQwG/xj2DOzo
FDa9Q0s0EfA4Vg+nzUdVSGbR/uEKmMf+67gRa9J2m9LKVIwTpciqAYtT9mId5Rgq
reRWT02F5ZGohd4m9q2ltBZcN6buVUQMuV+cjduKxsCikJBfpZAY7kq1GdWcu9TV
JG6TOYlEy2Y2onMs46O0zxOdJEa7E0aYn55BP1nXbERWuFqXHOYpPugjV/xlUx0m
TNXtiY6+92d1yxgV6prPLT5KflP4cfkAkBp73C61SK2eEKjiZ//1oR+0yQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIqm1At0ZHhsH5Bsy3Ybtb0ylxq2MB8GA1UdIwQY
MBaAFLFCe9zUfHhDH2YqCFiQBay1C5NBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1VKNzNOUjhlRU1mWmlvSVdKQUZyTFVMazBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yMGE3NjctN2I0MS00NjNiLWE2Yzkt
NWZjOGU2MzI3ODg5LzEvaXFiVUMzUmtlR3dma0d6TGRodTF2VEtYR3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yMGE3NjctN2I0MS00NjNiLWE2YzktNWZjOGU2MzI3ODg5
LzEvc1VKNzNOUjhlRU1mWmlvSVdKQUZyTFVMazBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW+o2AwQA
W+uUAwQAW+vxAwQAW+wMMA0GCSqGSIb3DQEBCwUAA4IBAQDDYHdpB/ABVZ9yBBuu
1I9ExDGhv4RM1J56DkoSmP+KjCM5e510IFMBLepTy17EeM8Pzp02ZFSQLWm/gIpe
ruF0U4tLGrsCYHaZBOtE7bupbGGnoFUCC4oIxkUuztOVOYdotDa3jRE7xejU295Y
HEEQUPwE8poubJHSpMlnF3OFS4lgJ1qKe7GyM3t4pN8lDtYUcMN4B5cq1r1GSw6Y
TiAfQxkzgxTj1buZNhVafjW89Eg0tn+JoUVFvyTOFz9w3NhuRxE/kUaszsyyKTbQ
PmxvlF82UHp0ZVHFqx3+CoRXagsvGue3uwP7SoleTBg7HWhZuFY1E5h296ksPy9P
Cy5M
-----END CERTIFICATE-----
Generated at Fri Apr 25 21:14:22 2025 by rpki-client