Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/kI0vHB0itKLKV54MYG6cGrVo0eY.roa
File: kI0vHB0itKLKV54MYG6cGrVo0eY.roa (raw, json)
Hash identifier: C5TgalX0uC/rPE4DDIN7aoT3cFXmNAi4cZYsmZl5eDw=
Subject key identifier: 90:8D:2F:1C:1D:22:B4:A2:CA:57:9E:0C:60:6E:9C:1A:B5:68:D1:E6
Certificate issuer: /CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
Certificate serial: 01942143A7EDFD28AF6BD444FDE6D39C21EC
Authority key identifier: E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/kI0vHB0itKLKV54MYG6cGrVo0eY.roa
Signing time: Wed 01 Jan 2025 09:47:49 +0000
ROA not before: Wed 01 Jan 2025 09:47:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15870
IP address blocks: 109.120.21.0/24 maxlen: 24
176.62.76.0/24 maxlen: 24
176.62.80.0/24 maxlen: 24
178.74.109.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:a7:ed:fd:28:af:6b:d4:44:fd:e6:d3:9c:21:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e4b1306101cc9ec9fce985280c1db0f37c135a3a
Validity
Not Before: Jan 1 09:47:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=908d2f1c1d22b4a2ca579e0c606e9c1ab568d1e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:c4:b6:75:2c:0c:ee:30:82:50:1b:74:25:0b:
2e:bc:17:ba:5f:9c:4b:69:a3:87:b7:91:6f:c4:ef:
e9:e2:f3:c0:5c:0c:81:50:e1:04:22:36:51:9b:b2:
b7:62:6a:bc:9e:b1:0b:2d:51:2a:dd:bf:8e:1a:f3:
91:71:0e:00:21:14:89:05:fa:eb:77:e7:e4:aa:3e:
de:e0:cd:dd:6e:5a:b9:71:f9:87:58:2b:bc:bb:97:
11:c3:c8:d7:e4:9b:0d:cb:26:79:85:ed:c4:97:ab:
b1:ed:df:5c:35:d6:f8:9f:39:13:78:29:c5:11:d1:
92:0a:ef:de:8b:48:8a:51:57:51:5d:06:3b:1d:4f:
65:1d:46:05:33:ab:6c:4d:e9:59:9c:fc:0c:ce:01:
d1:1b:5f:80:4c:80:5c:ce:2d:61:1c:4b:90:c1:a4:
83:24:ce:42:9e:97:0a:31:5f:fa:cb:27:ea:ab:38:
43:0d:e9:db:0a:c3:f9:c6:b2:d5:5d:f9:9c:a0:84:
83:fe:43:25:75:38:b8:47:52:0b:13:8e:f7:05:af:
17:16:6d:3d:fc:00:e5:d5:16:06:57:8b:d7:a0:02:
e3:99:04:cf:07:ac:35:f4:58:f3:61:d9:e0:34:78:
d0:71:dc:09:81:b0:92:08:ed:85:a6:2d:76:61:04:
91:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:8D:2F:1C:1D:22:B4:A2:CA:57:9E:0C:60:6E:9C:1A:B5:68:D1:E6
X509v3 Authority Key Identifier:
keyid:E4:B1:30:61:01:CC:9E:C9:FC:E9:85:28:0C:1D:B0:F3:7C:13:5A:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5LEwYQHMnsn86YUoDB2w83wTWjo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/kI0vHB0itKLKV54MYG6cGrVo0eY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4d089e-5d1c-4e34-9465-fa6348f695b5/1/5LEwYQHMnsn86YUoDB2w83wTWjo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.120.21.0/24
176.62.76.0/24
176.62.80.0/24
178.74.109.0/24
Signature Algorithm: sha256WithRSAEncryption
da:cf:dd:bc:8a:21:b8:fa:f7:92:a6:eb:f3:c7:c9:75:27:08:
84:cf:f8:d6:48:74:48:6d:80:7f:11:97:9c:ba:04:9b:cd:55:
59:b0:ba:23:fc:62:a7:cc:c6:88:c7:dc:61:df:0c:08:43:df:
c0:87:5e:c9:33:0c:79:5d:aa:cd:e4:a8:ae:f7:d9:77:d7:ac:
b1:cc:b3:54:95:bc:5f:f6:d6:48:64:a9:23:0d:77:40:20:f5:
e8:21:c9:a7:d4:35:8e:af:3e:1d:6f:58:44:ee:65:2f:e0:50:
55:fd:94:59:0e:59:36:8a:ca:c7:7b:6d:37:9b:d6:67:5a:78:
e3:12:64:15:6b:96:17:e1:bf:e5:a6:99:ce:4e:e0:4a:e9:ea:
22:ea:d0:40:42:77:65:a1:a7:eb:42:77:46:52:44:95:9c:a6:
9a:5c:21:3b:c8:d7:0a:4d:49:e0:a0:98:ce:5f:ce:d6:ae:2a:
10:14:6e:41:da:39:78:8d:e4:b9:80:38:71:96:e5:ce:98:99:
20:e2:d6:5a:60:db:d5:0a:4b:0c:5f:2d:71:b9:c5:9d:ff:d5:
5b:cb:5c:e5:37:10:90:a2:07:b4:14:92:0d:9d:c9:cd:d1:78:
09:db:0d:3c:b5:a2:02:9e:86:18:99:47:e3:39:06:22:58:9c:
89:db:91:63
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhQ6ft/Siva9RE/ebTnCHsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YjEzMDYxMDFjYzllYzlmY2U5ODUyODBjMWRiMGYzN2Mx
MzVhM2EwHhcNMjUwMTAxMDk0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDhkMmYxYzFkMjJiNGEyY2E1NzllMGM2MDZlOWMxYWI1NjhkMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysS2dSwM7jCCUBt0JQsuvBe6X5xL
aaOHt5FvxO/p4vPAXAyBUOEEIjZRm7K3Ymq8nrELLVEq3b+OGvORcQ4AIRSJBfrr
d+fkqj7e4M3dblq5cfmHWCu8u5cRw8jX5JsNyyZ5he3El6ux7d9cNdb4nzkTeCnF
EdGSCu/ei0iKUVdRXQY7HU9lHUYFM6tsTelZnPwMzgHRG1+ATIBczi1hHEuQwaSD
JM5CnpcKMV/6yyfqqzhDDenbCsP5xrLVXfmcoISD/kMldTi4R1ILE473Ba8XFm09
/ADl1RYGV4vXoALjmQTPB6w19FjzYdngNHjQcdwJgbCSCO2Fpi12YQSRKwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJCNLxwdIrSiyleeDGBunBq1aNHmMB8GA1UdIwQY
MBaAFOSxMGEBzJ7J/OmFKAwdsPN8E1o6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUt
ZmE2MzQ4ZjY5NWI1LzEva0kwdkhCMGl0S0xLVjU0TVlHNmNHclZvMGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80ZDA4OWUtNWQxYy00ZTM0LTk0NjUtZmE2MzQ4ZjY5NWI1
LzEvNUxFd1lRSE1uc244NllVb0RCMnc4M3dUV2pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbXgVAwQA
sD5MAwQAsD5QAwQAskptMA0GCSqGSIb3DQEBCwUAA4IBAQDaz928iiG4+veSpuvz
x8l1JwiEz/jWSHRIbYB/EZecugSbzVVZsLoj/GKnzMaIx9xh3wwIQ9/Ah17JMwx5
XarN5Kiu99l316yxzLNUlbxf9tZIZKkjDXdAIPXoIcmn1DWOrz4db1hE7mUv4FBV
/ZRZDlk2isrHe203m9ZnWnjjEmQVa5YX4b/lppnOTuBK6eoi6tBAQndloafrQndG
UkSVnKaaXCE7yNcKTUngoJjOX87WrioQFG5B2jl4jeS5gDhxluXOmJkg4tZaYNvV
CksMXy1xucWd/9Vby1zlNxCQoge0FJINncnN0XgJ2w08taICnoYYmUfjOQYiWJyJ
25Fj
-----END CERTIFICATE-----
Generated at Sat Apr 26 11:25:21 2025 by rpki-client