Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/G9ZE7eAyr9dm1UpsiMBlORYgqF8.roa
File: G9ZE7eAyr9dm1UpsiMBlORYgqF8.roa (raw, json)
Hash identifier: DUNTtHQq08Gs+Evq8uiJDfHkuc3/b3Ha6zCK06L0e5I=
Subject key identifier: 1B:D6:44:ED:E0:32:AF:D7:66:D5:4A:6C:88:C0:65:39:16:20:A8:5F
Certificate issuer: /CN=8d64e43c75bdc511d524f0c85d009cba76956144
Certificate serial: 019421446A8922BD7EF605D98166973BD3E7
Authority key identifier: 8D:64:E4:3C:75:BD:C5:11:D5:24:F0:C8:5D:00:9C:BA:76:95:61:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/G9ZE7eAyr9dm1UpsiMBlORYgqF8.roa
Signing time: Wed 01 Jan 2025 09:48:39 +0000
ROA not before: Wed 01 Jan 2025 09:48:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 61349
IP address blocks: 91.199.236.0/24 maxlen: 24
91.205.212.0/22 maxlen: 24
185.29.200.0/22 maxlen: 24
185.173.12.0/22 maxlen: 22
193.178.196.0/24 maxlen: 24
2a04:4340::/29 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:6a:89:22:bd:7e:f6:05:d9:81:66:97:3b:d3:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d64e43c75bdc511d524f0c85d009cba76956144
Validity
Not Before: Jan 1 09:48:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1bd644ede032afd766d54a6c88c065391620a85f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:b3:ef:a2:fe:a7:a1:4e:0b:f6:1d:a8:b0:c2:
f0:b2:da:04:0a:6d:b1:6f:fd:b0:a3:50:05:43:d9:
86:4c:9c:65:ea:0e:60:e3:6c:91:8d:60:d7:fb:79:
61:37:46:73:66:77:00:f8:6b:9e:30:b5:76:69:47:
cd:f3:fe:8b:02:01:44:d8:63:d0:49:d9:b2:04:f9:
20:6b:dd:24:9a:bb:ab:26:46:c2:84:a5:a6:43:a6:
74:31:66:1f:bd:f7:ed:9a:78:44:12:99:f2:e7:19:
5c:df:c7:cc:28:0d:b1:8f:d5:26:06:28:11:c9:7f:
37:bc:5f:d7:48:24:6e:ff:c4:a7:d4:ef:90:80:8e:
af:11:30:9a:c5:89:e9:26:fe:c4:c6:22:e0:d0:56:
48:04:8f:98:fe:a1:6d:9e:28:c7:e2:5d:c1:a9:15:
2e:85:26:af:ab:5c:f0:f2:f8:0e:ad:cf:d0:ec:1c:
da:3e:e6:a0:7f:8e:53:94:e1:51:d2:1f:ab:4d:51:
27:53:5b:b5:9d:09:f1:16:6a:a1:cf:3a:f5:08:c2:
7f:24:3b:0f:c0:6a:1e:d2:b8:ef:28:27:9b:28:67:
c9:89:37:6b:b9:b2:fe:67:3a:3a:89:da:9f:3e:ed:
72:a8:7d:d1:b7:60:31:07:19:52:17:4f:35:6b:26:
60:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:D6:44:ED:E0:32:AF:D7:66:D5:4A:6C:88:C0:65:39:16:20:A8:5F
X509v3 Authority Key Identifier:
keyid:8D:64:E4:3C:75:BD:C5:11:D5:24:F0:C8:5D:00:9C:BA:76:95:61:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWTkPHW9xRHVJPDIXQCcunaVYUQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/G9ZE7eAyr9dm1UpsiMBlORYgqF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f9b09-a59e-4f90-87c7-72448352b807/1/jWTkPHW9xRHVJPDIXQCcunaVYUQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.199.236.0/24
91.205.212.0/22
185.29.200.0/22
185.173.12.0/22
193.178.196.0/24
IPv6:
2a04:4340::/29
Signature Algorithm: sha256WithRSAEncryption
3c:d8:06:a7:a1:ac:e2:6f:0f:21:e5:8f:3e:3a:7a:76:b2:9b:
57:f0:61:23:8a:04:84:7c:d5:5e:dc:3d:d6:c6:69:15:de:56:
59:3f:c2:48:6c:6e:78:ab:72:4a:cc:d9:56:59:f1:11:3a:c0:
97:27:5b:85:87:38:cf:33:00:ea:70:4b:0a:43:b7:e7:84:f4:
29:5d:f1:c0:df:1b:92:99:52:ac:5a:b2:f3:c0:51:f6:25:71:
33:f8:f4:55:ac:91:ad:39:e4:1f:7c:2d:6d:1c:56:05:c6:a2:
ba:e0:1f:ed:d9:ec:91:9d:23:d2:f0:db:68:87:38:fd:ab:1e:
53:f9:2d:ce:41:d7:4f:d9:05:3a:db:82:52:b1:64:5c:b1:15:
18:ce:a5:f8:bb:0f:b3:f1:32:9e:b6:5c:5c:c0:3b:23:e3:4a:
fc:c3:62:25:b0:8f:23:c9:39:18:d4:01:15:c6:f6:f8:e3:af:
2c:b9:67:e1:0e:23:79:da:94:da:9b:d1:25:75:f0:e9:ac:57:
20:59:cd:cb:e4:e1:84:ce:c2:8e:75:2c:53:e7:ea:c4:ca:45:
29:08:d2:c7:57:33:a0:85:f9:2c:f0:87:44:f0:ee:e2:da:df:
4a:82:ee:df:1f:a9:a6:4a:06:bf:93:77:f0:23:18:33:dd:b4:
eb:71:5e:2c
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQhRGqJIr1+9gXZgWaXO9PnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjRlNDNjNzViZGM1MTFkNTI0ZjBjODVkMDA5Y2JhNzY5
NTYxNDQwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQ2NDRlZGUwMzJhZmQ3NjZkNTRhNmM4OGMwNjUzOTE2MjBhODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLPvov6noU4L9h2osMLwstoECm2x
b/2wo1AFQ9mGTJxl6g5g42yRjWDX+3lhN0ZzZncA+GueMLV2aUfN8/6LAgFE2GPQ
SdmyBPkga90kmrurJkbChKWmQ6Z0MWYfvfftmnhEEpny5xlc38fMKA2xj9UmBigR
yX83vF/XSCRu/8Sn1O+QgI6vETCaxYnpJv7ExiLg0FZIBI+Y/qFtnijH4l3BqRUu
hSavq1zw8vgOrc/Q7BzaPuagf45TlOFR0h+rTVEnU1u1nQnxFmqhzzr1CMJ/JDsP
wGoe0rjvKCebKGfJiTdrubL+Zzo6idqfPu1yqH3Rt2AxBxlSF081ayZgswIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFBvWRO3gMq/XZtVKbIjAZTkWIKhfMB8GA1UdIwQY
MBaAFI1k5Dx1vcUR1STwyF0AnLp2lWFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldUa1BIVzl4UkhWSlBESVhRQ2N1bmFWWVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82ZjliMDktYTU5ZS00ZjkwLTg3Yzct
NzI0NDgzNTJiODA3LzEvRzlaRTdlQXlyOWRtMVVwc2lNQmxPUllncUY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82ZjliMDktYTU5ZS00ZjkwLTg3YzctNzI0NDgzNTJiODA3
LzEvaldUa1BIVzl4UkhWSlBESVhRQ2N1bmFWWVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAW8fsAwQC
W83UAwQCuR3IAwQCua0MAwQAwbLEMA0EAgACMAcDBQMqBENAMA0GCSqGSIb3DQEB
CwUAA4IBAQA82Aanoazibw8h5Y8+Onp2sptX8GEjigSEfNVe3D3WxmkV3lZZP8JI
bG54q3JKzNlWWfEROsCXJ1uFhzjPMwDqcEsKQ7fnhPQpXfHA3xuSmVKsWrLzwFH2
JXEz+PRVrJGtOeQffC1tHFYFxqK64B/t2eyRnSPS8Ntohzj9qx5T+S3OQddP2QU6
24JSsWRcsRUYzqX4uw+z8TKetlxcwDsj40r8w2IlsI8jyTkY1AEVxvb4468suWfh
DiN52pTam9EldfDprFcgWc3L5OGEzsKOdSxT5+rEykUpCNLHVzOghfks8IdE8O7i
2t9Kgu7fH6mmSga/k3fwIxgz3bTrcV4s
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:49:38 2025 by rpki-client