Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/XaY9bUiZ_CFGYXPkNboje_P8adc.roa
File: XaY9bUiZ_CFGYXPkNboje_P8adc.roa (raw, json)
Hash identifier: b9+EkuxILTVWiZrAAhWN9xohV/5GiE1XVfEOgozpLGc=
Subject key identifier: 5D:A6:3D:6D:48:99:FC:21:46:61:73:E4:35:BA:23:7B:F3:FC:69:D7
Certificate issuer: /CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Certificate serial: 01941F8C8ED8AED74F0D85856842D02DECBC
Authority key identifier: 38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/XaY9bUiZ_CFGYXPkNboje_P8adc.roa
Signing time: Wed 01 Jan 2025 01:48:12 +0000
ROA not before: Wed 01 Jan 2025 01:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201644
IP address blocks: 185.68.88.0/22 maxlen: 22
185.68.88.0/23 maxlen: 23
185.68.88.0/24 maxlen: 24
185.68.89.0/24 maxlen: 24
185.68.90.0/23 maxlen: 23
185.68.90.0/24 maxlen: 24
185.68.91.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:8e:d8:ae:d7:4f:0d:85:85:68:42:d0:2d:ec:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Validity
Not Before: Jan 1 01:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5da63d6d4899fc21466173e435ba237bf3fc69d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:3e:3d:fe:7a:ae:54:43:71:47:89:22:1e:69:
ba:cd:a5:73:a3:11:e7:72:d4:9f:0f:94:11:59:d3:
20:46:7a:74:bc:91:4d:1c:73:04:34:1d:c0:04:c1:
6f:5e:b6:12:a8:6a:be:bb:bf:16:f6:d3:10:8e:b6:
1e:44:4b:b0:b4:6e:86:04:1b:a1:5e:2e:71:fd:35:
2d:4b:be:76:e3:db:36:95:2d:b5:bb:b0:af:01:e6:
e7:e3:1d:3d:51:3a:e1:ff:92:ad:bb:72:1e:56:6a:
a1:3e:fa:df:ee:f3:d3:f1:00:ec:f1:82:63:68:1a:
59:4c:f7:ad:dd:ac:69:0b:f1:6c:af:a8:01:1c:ae:
ff:03:ec:b5:b4:c6:e3:af:49:70:fb:93:7f:c6:0f:
95:e6:26:91:b9:a6:08:5b:fc:2c:f4:d2:63:44:43:
b3:e0:ef:8e:52:bd:34:8f:70:2d:a3:a3:98:30:32:
58:f7:d4:da:32:81:e7:3d:8b:5f:64:89:7f:8a:56:
99:ec:19:1d:41:08:be:93:5e:00:3f:79:01:56:b3:
36:4b:c9:db:19:bb:3f:d2:7c:ef:ac:b3:7f:c2:35:
bb:7b:a0:b9:a3:f9:47:66:dc:75:6c:c5:e7:65:58:
77:b8:a4:47:27:4a:43:cc:04:9f:da:fe:9c:25:91:
2e:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:A6:3D:6D:48:99:FC:21:46:61:73:E4:35:BA:23:7B:F3:FC:69:D7
X509v3 Authority Key Identifier:
keyid:38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/XaY9bUiZ_CFGYXPkNboje_P8adc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.68.88.0/22
Signature Algorithm: sha256WithRSAEncryption
52:ec:37:69:fb:20:67:ce:3e:86:2e:cb:e4:14:85:7a:41:6e:
e5:97:36:45:ff:e7:92:31:ea:1d:68:55:61:1f:10:13:5d:c4:
bc:3d:24:41:b5:ea:08:be:72:2c:c8:59:1a:92:80:af:27:35:
06:5b:97:1e:35:a1:3c:e0:f0:48:a5:4c:4d:83:8f:46:00:d7:
01:cb:de:d4:f3:58:88:d4:f3:82:74:49:89:69:05:fe:d4:47:
08:57:f2:d7:7c:c1:be:7b:aa:61:67:c0:a1:34:89:11:e3:2c:
92:02:32:1f:aa:fd:bd:ae:8d:00:9d:7e:d4:9c:23:09:9a:8f:
ba:a7:ce:ba:43:9a:d1:0d:59:62:87:33:69:d0:50:25:56:74:
b7:4a:e9:a2:2e:06:45:1f:92:c3:90:10:08:5b:17:2c:83:08:
ef:fe:5b:3a:aa:2b:6b:65:62:4c:28:0c:88:67:83:10:ed:f9:
14:82:c8:15:e5:b9:d5:50:7c:e8:c5:a6:dc:c1:6b:f7:a3:50:
6e:20:ad:86:1e:e1:5f:24:07:f6:43:49:18:98:08:ff:e0:4a:
8f:ec:ac:67:9b:6b:44:e6:1a:e4:6f:4b:cb:b2:d2:f2:73:4c:
c6:63:ba:74:15:08:ec:e5:88:bd:e5:66:7f:1f:b0:29:21:de:
99:81:3a:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjI7YrtdPDYWFaELQLey8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTBlN2E0NTQ5YTU3MWY2OGI2ODhkYWQ0ZjVjZWQ4ZTUy
OTA2OGIwHhcNMjUwMTAxMDE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE2M2Q2ZDQ4OTlmYzIxNDY2MTczZTQzNWJhMjM3YmYzZmM2OWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjj49/nquVENxR4kiHmm6zaVzoxHn
ctSfD5QRWdMgRnp0vJFNHHMENB3ABMFvXrYSqGq+u78W9tMQjrYeREuwtG6GBBuh
Xi5x/TUtS75249s2lS21u7CvAebn4x09UTrh/5Ktu3IeVmqhPvrf7vPT8QDs8YJj
aBpZTPet3axpC/Fsr6gBHK7/A+y1tMbjr0lw+5N/xg+V5iaRuaYIW/ws9NJjREOz
4O+OUr00j3Ato6OYMDJY99TaMoHnPYtfZIl/ilaZ7BkdQQi+k14AP3kBVrM2S8nb
Gbs/0nzvrLN/wjW7e6C5o/lHZtx1bMXnZVh3uKRHJ0pDzASf2v6cJZEuuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2mPW1ImfwhRmFz5DW6I3vz/GnXMB8GA1UdIwQY
MBaAFDiQ56RUmlcfaLaI2tT1ztjlKQaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTIt
OTQ4MTJjN2Y0NDllLzEvWGFZOWJVaVpfQ0ZHWVhQa05ib2plX1A4YWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTItOTQ4MTJjN2Y0NDll
LzEvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuURYMA0G
CSqGSIb3DQEBCwUAA4IBAQBS7Ddp+yBnzj6GLsvkFIV6QW7llzZF/+eSMeodaFVh
HxATXcS8PSRBteoIvnIsyFkakoCvJzUGW5ceNaE84PBIpUxNg49GANcBy97U81iI
1POCdEmJaQX+1EcIV/LXfMG+e6phZ8ChNIkR4yySAjIfqv29ro0AnX7UnCMJmo+6
p866Q5rRDVlihzNp0FAlVnS3SumiLgZFH5LDkBAIWxcsgwjv/ls6qitrZWJMKAyI
Z4MQ7fkUgsgV5bnVUHzoxabcwWv3o1BuIK2GHuFfJAf2Q0kYmAj/4EqP7Kxnm2tE
5hrkb0vLstLyc0zGY7p0FQjs5Yi95WZ/H7ApId6ZgTpK
-----END CERTIFICATE-----
Generated at Fri Apr 25 03:38:05 2025 by rpki-client