Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/8920fc-bbae-4132-b752-ee72f2b3a473/1/o6lJ-qfhS9C09IpxbbRvCOiFoHM.roa
File: o6lJ-qfhS9C09IpxbbRvCOiFoHM.roa (raw, json)
Hash identifier: s9YF0YMackzUIop5+kUK7Z2zh1o4IPsYyQyvrXKhSCc=
Subject key identifier: A3:A9:49:FA:A7:E1:4B:D0:B4:F4:8A:71:6D:B4:6F:08:E8:85:A0:73
Certificate issuer: /CN=45cf9dc0c7b7fc4a336e4eee57b1ec1948c8ddf3
Certificate serial: 019420D6430AF8CDFEEA0EB6BD0EFB08046C
Authority key identifier: 45:CF:9D:C0:C7:B7:FC:4A:33:6E:4E:EE:57:B1:EC:19:48:C8:DD:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rc-dwMe3_Eozbk7uV7HsGUjI3fM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/8920fc-bbae-4132-b752-ee72f2b3a473/1/o6lJ-qfhS9C09IpxbbRvCOiFoHM.roa
Signing time: Wed 01 Jan 2025 07:48:20 +0000
ROA not before: Wed 01 Jan 2025 07:48:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199710
IP address blocks: 185.42.236.0/23 maxlen: 23
185.42.236.0/24 maxlen: 24
185.42.237.0/24 maxlen: 24
185.42.238.0/23 maxlen: 23
185.42.238.0/24 maxlen: 24
185.42.239.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:43:0a:f8:cd:fe:ea:0e:b6:bd:0e:fb:08:04:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45cf9dc0c7b7fc4a336e4eee57b1ec1948c8ddf3
Validity
Not Before: Jan 1 07:48:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3a949faa7e14bd0b4f48a716db46f08e885a073
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:24:76:3e:21:26:84:80:c1:22:13:6b:4a:33:
76:6d:68:c2:e1:3f:c9:5a:ed:29:d0:81:95:4e:fe:
cc:67:5a:bf:fc:09:27:d5:75:45:6f:63:c1:18:16:
ae:91:5d:97:78:4b:8e:b0:6f:83:6f:37:13:da:b3:
21:7a:40:05:bf:66:f9:9f:e0:05:5b:16:dc:cd:d7:
a9:11:a2:c4:96:ee:08:65:01:3d:39:d9:b0:9a:38:
56:0f:11:ce:32:7f:95:b8:92:2e:b9:ee:b5:3a:3f:
a5:65:11:8d:a8:89:72:46:4a:18:df:8c:ce:a4:36:
4b:f3:83:57:f2:06:b8:4c:1f:a5:55:a1:cc:40:3a:
24:38:d6:83:2a:41:33:0b:14:50:cb:4d:da:b9:10:
27:83:87:81:49:8a:70:d0:a6:46:f0:26:53:6a:7a:
68:88:9f:23:54:26:da:0c:bc:62:4b:9d:06:ba:f2:
89:51:18:af:5e:a0:d1:20:51:d1:8d:e8:cb:cf:58:
50:2c:3b:23:f4:7d:fc:39:74:eb:4c:e2:0d:d8:db:
62:a1:3e:65:fb:6b:bc:bd:0f:a1:ac:67:ca:bd:39:
a4:25:40:07:11:9d:70:cc:70:a0:21:c7:8a:ad:dd:
a8:1d:f3:52:1f:af:fa:d2:e7:ea:2d:ea:61:95:dc:
df:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:A9:49:FA:A7:E1:4B:D0:B4:F4:8A:71:6D:B4:6F:08:E8:85:A0:73
X509v3 Authority Key Identifier:
keyid:45:CF:9D:C0:C7:B7:FC:4A:33:6E:4E:EE:57:B1:EC:19:48:C8:DD:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rc-dwMe3_Eozbk7uV7HsGUjI3fM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/8920fc-bbae-4132-b752-ee72f2b3a473/1/o6lJ-qfhS9C09IpxbbRvCOiFoHM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/8920fc-bbae-4132-b752-ee72f2b3a473/1/Rc-dwMe3_Eozbk7uV7HsGUjI3fM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.42.236.0/22
Signature Algorithm: sha256WithRSAEncryption
59:bd:e3:6a:17:6b:95:20:b6:3c:7a:cc:71:6d:02:2b:cf:b7:
95:55:35:1f:ac:e9:f4:66:14:70:9b:f9:4c:24:a6:67:f5:b5:
d6:ea:45:2a:33:3c:e4:99:49:a0:68:cf:28:44:6a:48:9f:5d:
6a:41:54:48:f9:ac:67:e8:0a:0e:89:42:68:9d:29:8b:9e:b3:
d2:69:43:c1:91:7d:94:ab:fd:e8:2a:e1:8a:1e:63:5c:38:0b:
1c:14:00:ab:de:63:4f:57:4d:7b:96:75:6e:b4:95:8f:52:3a:
80:4b:3f:c3:86:e5:bc:cb:18:0a:46:14:9b:ab:e7:16:d9:44:
26:fd:1e:f8:e7:1d:83:22:67:6a:43:aa:82:e2:a9:84:a7:32:
b3:52:8b:07:1c:36:7a:79:2b:e3:ee:39:26:89:a4:75:08:a6:
90:ad:2d:2f:5e:56:44:d0:0a:22:01:d5:bc:2c:70:08:76:76:
5d:55:55:77:05:b2:31:fe:c0:57:82:61:a9:e0:74:62:7f:92:
db:dd:b9:ef:d7:eb:b6:25:01:96:d6:3f:29:36:96:49:bc:75:
1c:81:be:7d:fe:b6:8e:7f:db:f7:b8:43:74:37:47:f0:c3:b4:
9e:91:5b:94:df:ae:7e:fe:7d:4f:61:5e:41:63:06:12:2f:e9:
76:74:aa:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kMK+M3+6g62vQ77CARsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1Y2Y5ZGMwYzdiN2ZjNGEzMzZlNGVlZTU3YjFlYzE5NDhj
OGRkZjMwHhcNMjUwMTAxMDc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2E5NDlmYWE3ZTE0YmQwYjRmNDhhNzE2ZGI0NmYwOGU4ODVhMDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCR2PiEmhIDBIhNrSjN2bWjC4T/J
Wu0p0IGVTv7MZ1q//Akn1XVFb2PBGBaukV2XeEuOsG+DbzcT2rMhekAFv2b5n+AF
WxbczdepEaLElu4IZQE9OdmwmjhWDxHOMn+VuJIuue61Oj+lZRGNqIlyRkoY34zO
pDZL84NX8ga4TB+lVaHMQDokONaDKkEzCxRQy03auRAng4eBSYpw0KZG8CZTanpo
iJ8jVCbaDLxiS50GuvKJURivXqDRIFHRjejLz1hQLDsj9H38OXTrTOIN2NtioT5l
+2u8vQ+hrGfKvTmkJUAHEZ1wzHCgIceKrd2oHfNSH6/60ufqLephldzf9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKOpSfqn4UvQtPSKcW20bwjohaBzMB8GA1UdIwQY
MBaAFEXPncDHt/xKM25O7lex7BlIyN3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmMtZHdNZTNfRW96Yms3dVY3SHNHVWpJM2ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy84OTIwZmMtYmJhZS00MTMyLWI3NTIt
ZWU3MmYyYjNhNDczLzEvbzZsSi1xZmhTOUMwOUlweGJiUnZDT2lGb0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy84OTIwZmMtYmJhZS00MTMyLWI3NTItZWU3MmYyYjNhNDcz
LzEvUmMtZHdNZTNfRW96Yms3dVY3SHNHVWpJM2ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSrsMA0G
CSqGSIb3DQEBCwUAA4IBAQBZveNqF2uVILY8esxxbQIrz7eVVTUfrOn0ZhRwm/lM
JKZn9bXW6kUqMzzkmUmgaM8oRGpIn11qQVRI+axn6AoOiUJonSmLnrPSaUPBkX2U
q/3oKuGKHmNcOAscFACr3mNPV017lnVutJWPUjqASz/DhuW8yxgKRhSbq+cW2UQm
/R745x2DImdqQ6qC4qmEpzKzUosHHDZ6eSvj7jkmiaR1CKaQrS0vXlZE0AoiAdW8
LHAIdnZdVVV3BbIx/sBXgmGp4HRif5Lb3bnv1+u2JQGW1j8pNpZJvHUcgb59/raO
f9v3uEN0N0fww7SekVuU365+/n1PYV5BYwYSL+l2dKqz
-----END CERTIFICATE-----
Generated at Fri Apr 25 09:14:24 2025 by rpki-client