Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/70599d-c474-4123-a743-a201dfabdab1/1/PrJQJT3uctgSQDhbXg7t6tQ4QrM.roa
File: PrJQJT3uctgSQDhbXg7t6tQ4QrM.roa (raw, json)
Hash identifier: gya9esJQBziUpHHO9F+UZbaGJJEGL38CeXZKg65ppYM=
Subject key identifier: 3E:B2:50:25:3D:EE:72:D8:12:40:38:5B:5E:0E:ED:EA:D4:38:42:B3
Certificate issuer: /CN=51afbc1462455e9869d48b257b18e23be77aa6c3
Certificate serial: 01942521CA5B39316D41A317887F3C8890BE
Authority key identifier: 51:AF:BC:14:62:45:5E:98:69:D4:8B:25:7B:18:E2:3B:E7:7A:A6:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ua-8FGJFXphp1IslexjiO-d6psM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/70599d-c474-4123-a743-a201dfabdab1/1/PrJQJT3uctgSQDhbXg7t6tQ4QrM.roa
Signing time: Thu 02 Jan 2025 03:49:18 +0000
ROA not before: Thu 02 Jan 2025 03:49:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213241
IP address blocks: 87.238.226.0/24 maxlen: 24
89.42.52.0/23 maxlen: 24
89.47.38.0/23 maxlen: 24
94.139.34.0/23 maxlen: 24
94.139.38.0/24 maxlen: 24
185.39.9.0/24 maxlen: 24
185.185.230.0/24 maxlen: 24
2a13:1fc0::/48 maxlen: 48
2a13:1fc0:1::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:ca:5b:39:31:6d:41:a3:17:88:7f:3c:88:90:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=51afbc1462455e9869d48b257b18e23be77aa6c3
Validity
Not Before: Jan 2 03:49:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3eb250253dee72d81240385b5e0eedead43842b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:cf:32:ab:db:b5:d2:c8:0b:6a:6b:08:06:b9:
94:0f:51:56:e6:53:66:2c:19:fa:bb:5f:dc:a2:55:
0f:a5:d5:6f:0d:cc:8b:7d:20:13:f3:6a:a7:23:d1:
ea:29:fa:74:96:19:aa:bb:52:bb:2b:34:9f:3e:b1:
19:69:0b:d6:bd:ba:cc:a7:6a:90:a9:47:51:52:e7:
a5:98:7f:1e:30:7c:c4:7b:8e:be:c5:af:b1:5c:07:
bd:d7:13:50:5f:35:12:85:a0:de:b3:d4:e6:11:76:
9a:50:30:67:51:92:f2:98:da:ea:e2:5c:5f:d6:b7:
af:71:fe:63:42:dc:b1:a4:8f:d2:b3:4e:d2:c7:7d:
fd:67:11:16:9c:26:8f:5e:2f:8a:35:26:44:bf:68:
10:5d:92:1e:b3:5a:89:9a:63:94:dc:97:ee:03:f1:
1c:17:a9:0b:05:de:f9:7d:18:1c:0a:08:40:5b:52:
5d:41:29:64:ec:83:f7:5b:2c:74:6f:bb:5a:fb:03:
79:89:9d:ab:7a:40:56:3a:3b:aa:2e:16:29:b1:42:
b1:31:f5:e3:e9:16:db:be:92:a0:36:33:0a:f5:7d:
7b:c1:f2:61:f3:af:0f:45:d7:c2:62:a5:c8:81:0e:
a3:24:aa:ee:80:db:01:6f:58:fb:76:ab:73:1e:2b:
cf:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:B2:50:25:3D:EE:72:D8:12:40:38:5B:5E:0E:ED:EA:D4:38:42:B3
X509v3 Authority Key Identifier:
keyid:51:AF:BC:14:62:45:5E:98:69:D4:8B:25:7B:18:E2:3B:E7:7A:A6:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ua-8FGJFXphp1IslexjiO-d6psM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/70599d-c474-4123-a743-a201dfabdab1/1/PrJQJT3uctgSQDhbXg7t6tQ4QrM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/70599d-c474-4123-a743-a201dfabdab1/1/Ua-8FGJFXphp1IslexjiO-d6psM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.238.226.0/24
89.42.52.0/23
89.47.38.0/23
94.139.34.0/23
94.139.38.0/24
185.39.9.0/24
185.185.230.0/24
IPv6:
2a13:1fc0::/47
Signature Algorithm: sha256WithRSAEncryption
90:a1:1c:21:3b:44:24:35:de:c4:7e:fd:0c:41:9a:f5:8c:c6:
e6:dd:8a:35:cd:29:ae:4e:51:3f:87:07:c8:cb:f6:49:a6:d3:
05:b4:42:8f:ae:1e:b5:a6:d2:f0:29:ca:2b:1a:04:cf:72:29:
1d:b6:22:ff:b0:c0:e3:2d:94:a9:df:0c:dc:05:e1:43:d8:b6:
15:ff:59:62:c8:ff:28:93:27:d2:5a:90:6c:30:b4:11:c4:5f:
90:48:58:81:d3:ca:99:5b:30:a8:99:1b:05:08:70:f9:37:28:
b6:69:5f:bb:85:60:b7:64:d8:14:08:f7:24:84:56:fa:fd:4f:
e0:ac:dc:13:5d:12:98:40:2c:e8:28:4c:a7:81:ff:83:75:01:
65:fe:0f:21:bc:5a:66:67:ab:b5:e2:d2:5f:4a:a8:9c:d5:3d:
00:33:2f:c1:87:3a:a1:9f:87:a7:fb:aa:46:37:0e:9f:90:6d:
7b:a4:20:00:62:06:97:cf:bc:83:a0:d1:67:fe:ac:c1:1f:21:
d4:f1:0e:b9:f7:6f:a9:d8:9a:cd:6f:5d:36:85:6c:e1:cd:ae:
50:89:32:09:0c:10:b1:dc:d3:5d:86:12:29:b1:26:10:b9:22:
89:ed:a5:c9:3b:b6:fe:46:67:8a:49:93:c9:5d:ac:26:87:41:
35:6b:fb:69
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAZQlIcpbOTFtQaMXiH88iJC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYWZiYzE0NjI0NTVlOTg2OWQ0OGIyNTdiMThlMjNiZTc3
YWE2YzMwHhcNMjUwMTAyMDM0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWIyNTAyNTNkZWU3MmQ4MTI0MDM4NWI1ZTBlZWRlYWQ0Mzg0MmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzM8yq9u10sgLamsIBrmUD1FW5lNm
LBn6u1/colUPpdVvDcyLfSAT82qnI9HqKfp0lhmqu1K7KzSfPrEZaQvWvbrMp2qQ
qUdRUuelmH8eMHzEe46+xa+xXAe91xNQXzUShaDes9TmEXaaUDBnUZLymNrq4lxf
1revcf5jQtyxpI/Ss07Sx339ZxEWnCaPXi+KNSZEv2gQXZIes1qJmmOU3JfuA/Ec
F6kLBd75fRgcCghAW1JdQSlk7IP3Wyx0b7ta+wN5iZ2rekBWOjuqLhYpsUKxMfXj
6RbbvpKgNjMK9X17wfJh868PRdfCYqXIgQ6jJKrugNsBb1j7dqtzHivPcQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFD6yUCU97nLYEkA4W14O7erUOEKzMB8GA1UdIwQY
MBaAFFGvvBRiRV6YadSLJXsY4jvneqbDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWEtOEZHSkZYcGhwMUlzbGV4amlPLWQ2cHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83MDU5OWQtYzQ3NC00MTIzLWE3NDMt
YTIwMWRmYWJkYWIxLzEvUHJKUUpUM3VjdGdTUURoYlhnN3Q2dFE0UXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83MDU5OWQtYzQ3NC00MTIzLWE3NDMtYTIwMWRmYWJkYWIx
LzEvVWEtOEZHSkZYcGhwMUlzbGV4amlPLWQ2cHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQAV+7iAwQB
WSo0AwQBWS8mAwQBXosiAwQAXosmAwQAuScJAwQAubnmMA8EAgACMAkDBwEqEx/A
AAAwDQYJKoZIhvcNAQELBQADggEBAJChHCE7RCQ13sR+/QxBmvWMxubdijXNKa5O
UT+HB8jL9kmm0wW0Qo+uHrWm0vApyisaBM9yKR22Iv+wwOMtlKnfDNwF4UPYthX/
WWLI/yiTJ9JakGwwtBHEX5BIWIHTyplbMKiZGwUIcPk3KLZpX7uFYLdk2BQI9ySE
Vvr9T+Cs3BNdEphALOgoTKeB/4N1AWX+DyG8WmZnq7Xi0l9KqJzVPQAzL8GHOqGf
h6f7qkY3Dp+QbXukIABiBpfPvIOg0Wf+rMEfIdTxDrn3b6nYms1vXTaFbOHNrlCJ
MgkMELHc012GEimxJhC5Iontpck7tv5GZ4pJk8ldrCaHQTVr+2k=
-----END CERTIFICATE-----
Generated at Sat Apr 26 15:49:41 2025 by rpki-client