Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/CYWLmYxcCQgki-Xk5YRvuSHALzs.roa
File: CYWLmYxcCQgki-Xk5YRvuSHALzs.roa (raw, json)
Hash identifier: 61Fic0FYH+kK7MaPnl8UV3ohGlvf2gRHDh8nlfVoQGY=
Subject key identifier: 09:85:8B:99:8C:5C:09:08:24:8B:E5:E4:E5:84:6F:B9:21:C0:2F:3B
Certificate issuer: /CN=61c5ed0ded8625b32b6533207229f2c467259848
Certificate serial: 019420685C35B4B47BE080835A90EE1CC63A
Authority key identifier: 61:C5:ED:0D:ED:86:25:B3:2B:65:33:20:72:29:F2:C4:67:25:98:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YcXtDe2GJbMrZTMgcinyxGclmEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/CYWLmYxcCQgki-Xk5YRvuSHALzs.roa
Signing time: Wed 01 Jan 2025 05:48:17 +0000
ROA not before: Wed 01 Jan 2025 05:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204400
IP address blocks: 185.234.204.0/22 maxlen: 22
185.234.204.0/24 maxlen: 24
185.234.205.0/24 maxlen: 24
185.234.206.0/24 maxlen: 24
185.234.207.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:5c:35:b4:b4:7b:e0:80:83:5a:90:ee:1c:c6:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61c5ed0ded8625b32b6533207229f2c467259848
Validity
Not Before: Jan 1 05:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=09858b998c5c0908248be5e4e5846fb921c02f3b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:0f:65:ea:d0:14:72:56:80:42:8b:78:9c:02:
08:9b:fe:2d:35:e6:fd:7b:f0:76:04:14:f6:01:8a:
29:5f:34:a9:34:6f:c2:c3:e4:a9:db:ae:ed:d9:ac:
53:b5:6c:6d:6c:c1:63:e7:f9:09:9e:b4:79:2c:13:
2f:74:85:3d:72:0e:eb:b1:64:65:02:06:f1:d3:d0:
13:de:c9:6f:45:51:36:17:96:90:fa:b5:10:d4:26:
9e:7c:ae:17:85:a9:06:ad:1c:f1:8b:29:53:30:e8:
b7:bf:9e:7c:c7:c5:fe:41:5d:c8:91:8b:84:a9:0b:
82:c4:75:78:5c:33:3c:ce:93:d6:0c:dd:fa:1a:c9:
d4:d1:04:9f:da:ee:86:da:9c:05:2a:97:81:5e:2a:
63:55:75:ab:c8:78:02:cb:78:55:2a:1f:c8:8c:a4:
55:c6:d5:aa:86:f8:9f:ec:78:0c:07:35:39:08:82:
29:eb:af:ec:a1:8c:ab:f1:e5:11:20:20:e4:65:05:
96:33:c0:6e:ee:d8:a2:0c:1c:d1:58:5b:22:4f:91:
a3:9d:38:d0:f9:b2:20:a6:31:33:df:8f:1a:78:3d:
16:18:07:d2:17:0c:63:73:bc:24:d5:9d:64:12:bf:
34:5a:93:e0:34:a3:9c:73:9e:3a:38:69:b0:e0:ad:
70:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:85:8B:99:8C:5C:09:08:24:8B:E5:E4:E5:84:6F:B9:21:C0:2F:3B
X509v3 Authority Key Identifier:
keyid:61:C5:ED:0D:ED:86:25:B3:2B:65:33:20:72:29:F2:C4:67:25:98:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YcXtDe2GJbMrZTMgcinyxGclmEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/CYWLmYxcCQgki-Xk5YRvuSHALzs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6062af-53bc-435d-b5fb-a118498325f7/1/YcXtDe2GJbMrZTMgcinyxGclmEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.234.204.0/22
Signature Algorithm: sha256WithRSAEncryption
43:30:48:ee:2b:f4:79:43:f8:f2:51:7a:0f:a7:29:f8:94:a3:
02:c1:11:8c:06:ca:ec:86:cc:6f:e6:4b:0f:36:85:be:c7:09:
68:e3:5c:1a:e1:f3:85:dc:e3:9e:bc:36:38:c1:ad:32:51:04:
03:5a:bc:c5:0d:bd:3c:73:ac:89:e4:e6:49:85:12:51:a3:7d:
c3:6d:8d:b3:89:f0:3c:27:11:29:0a:b9:3b:d8:db:16:85:19:
4b:cf:2b:15:1c:b4:c9:dc:e6:45:27:6d:b9:de:57:85:5c:fe:
c1:f9:fc:6e:bc:6e:17:d5:13:0b:a3:4a:6a:de:13:70:ca:32:
e5:56:51:a1:a9:e6:ca:03:a8:4c:97:44:3f:59:7b:e5:70:aa:
43:d4:39:c3:b4:5e:0f:07:15:ef:5d:93:ed:95:1b:9a:c0:48:
c4:4a:aa:2e:29:cb:f3:a6:25:24:68:e5:b2:73:e2:74:71:1b:
9a:65:a8:87:0d:d9:8c:81:bc:3e:69:ae:7f:93:db:b3:51:35:
ee:5c:ca:fe:85:b6:62:f8:fa:8f:e3:0f:1e:e1:ca:b4:67:16:
48:42:73:4a:c7:f7:e0:ae:8f:2a:ec:fa:fc:bd:a1:a5:1d:cd:
e9:0b:0e:14:f9:f1:8f:92:41:90:86:a6:f4:13:9e:a3:01:86:
01:08:bf:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaFw1tLR74ICDWpDuHMY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYzVlZDBkZWQ4NjI1YjMyYjY1MzMyMDcyMjlmMmM0Njcy
NTk4NDgwHhcNMjUwMTAxMDU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTg1OGI5OThjNWMwOTA4MjQ4YmU1ZTRlNTg0NmZiOTIxYzAyZjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6A9l6tAUclaAQot4nAIIm/4tNeb9
e/B2BBT2AYopXzSpNG/Cw+Sp267t2axTtWxtbMFj5/kJnrR5LBMvdIU9cg7rsWRl
Agbx09AT3slvRVE2F5aQ+rUQ1CaefK4XhakGrRzxiylTMOi3v558x8X+QV3IkYuE
qQuCxHV4XDM8zpPWDN36GsnU0QSf2u6G2pwFKpeBXipjVXWryHgCy3hVKh/IjKRV
xtWqhvif7HgMBzU5CIIp66/soYyr8eURICDkZQWWM8Bu7tiiDBzRWFsiT5GjnTjQ
+bIgpjEz348aeD0WGAfSFwxjc7wk1Z1kEr80WpPgNKOcc546OGmw4K1wkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmFi5mMXAkIJIvl5OWEb7khwC87MB8GA1UdIwQY
MBaAFGHF7Q3thiWzK2UzIHIp8sRnJZhIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWNYdERlMkdKYk1yWlRNZ2Npbnl4R2NsbUVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82MDYyYWYtNTNiYy00MzVkLWI1ZmIt
YTExODQ5ODMyNWY3LzEvQ1lXTG1ZeGNDUWdraS1YazVZUnZ1U0hBTHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82MDYyYWYtNTNiYy00MzVkLWI1ZmItYTExODQ5ODMyNWY3
LzEvWWNYdERlMkdKYk1yWlRNZ2Npbnl4R2NsbUVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuerMMA0G
CSqGSIb3DQEBCwUAA4IBAQBDMEjuK/R5Q/jyUXoPpyn4lKMCwRGMBsrshsxv5ksP
NoW+xwlo41wa4fOF3OOevDY4wa0yUQQDWrzFDb08c6yJ5OZJhRJRo33DbY2zifA8
JxEpCrk72NsWhRlLzysVHLTJ3OZFJ2253leFXP7B+fxuvG4X1RMLo0pq3hNwyjLl
VlGhqebKA6hMl0Q/WXvlcKpD1DnDtF4PBxXvXZPtlRuawEjESqouKcvzpiUkaOWy
c+J0cRuaZaiHDdmMgbw+aa5/k9uzUTXuXMr+hbZi+PqP4w8e4cq0ZxZIQnNKx/fg
ro8q7Pr8vaGlHc3pCw4U+fGPkkGQhqb0E56jAYYBCL/M
-----END CERTIFICATE-----
Generated at Fri Apr 25 13:19:11 2025 by rpki-client