Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/I9GqI9GxRbg5gyNw2oYeQXtgJJg.roa
File: I9GqI9GxRbg5gyNw2oYeQXtgJJg.roa (raw, json)
Hash identifier: IdZbo1C2DnUJiJSpOjjTPKnvp3frNBJygc4FMjTeWHU=
Subject key identifier: 23:D1:AA:23:D1:B1:45:B8:39:83:23:70:DA:86:1E:41:7B:60:24:98
Certificate issuer: /CN=dd0b663c45d7bc2724d168485087581e14448fb6
Certificate serial: 019424459D72B548976457D6115DCB22FCCA
Authority key identifier: DD:0B:66:3C:45:D7:BC:27:24:D1:68:48:50:87:58:1E:14:44:8F:B6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3QtmPEXXvCck0WhIUIdYHhREj7Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/I9GqI9GxRbg5gyNw2oYeQXtgJJg.roa
Signing time: Wed 01 Jan 2025 23:48:49 +0000
ROA not before: Wed 01 Jan 2025 23:48:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9051
IP address blocks: 37.209.248.0/21 maxlen: 24
82.112.160.0/21 maxlen: 24
82.112.161.0/26 maxlen: 26
185.124.212.0/22 maxlen: 24
193.227.160.0/19 maxlen: 24
213.175.160.0/19 maxlen: 24
2a06:b540::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:9d:72:b5:48:97:64:57:d6:11:5d:cb:22:fc:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dd0b663c45d7bc2724d168485087581e14448fb6
Validity
Not Before: Jan 1 23:48:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=23d1aa23d1b145b839832370da861e417b602498
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:cf:81:ce:39:b7:07:6f:50:12:ec:f4:15:62:
a7:ed:54:a0:33:f2:2a:c0:ca:1e:b4:30:ee:ed:d4:
95:72:ce:40:7d:8f:79:18:ab:b8:08:4d:85:1f:88:
64:ff:db:6a:ec:bb:69:2f:73:91:eb:da:0d:e5:d4:
85:49:22:1a:e7:d7:d3:a9:26:bd:29:6e:23:31:bb:
ca:54:6f:92:27:61:e4:d0:0a:9f:aa:6d:9f:d3:95:
00:7c:3f:9d:e7:15:0f:2b:f2:46:49:59:a7:99:e0:
a3:27:2e:d4:10:2c:2a:cf:05:d8:24:34:f2:98:c2:
99:a4:a5:7f:41:ef:08:dd:f7:97:45:e0:36:fa:e6:
2f:61:ba:7c:6e:2d:fa:85:64:ff:5a:81:e0:a7:f4:
e5:64:90:a2:95:58:67:b8:d7:b6:6a:9e:52:f8:bb:
58:79:19:34:68:f8:85:c2:0e:55:55:18:47:d5:76:
08:15:44:ad:aa:95:2c:5b:0d:a7:d6:16:09:dd:fd:
69:fa:eb:6e:5f:96:b0:39:d0:2c:08:f3:0a:81:c4:
53:ea:9a:b2:65:22:9f:e0:17:b5:47:46:8d:76:c5:
f9:ec:72:fc:3f:4b:9b:a4:1c:10:ca:7d:b8:84:e5:
91:01:0d:a2:f2:c9:e7:83:01:d0:7f:6e:65:19:f4:
6d:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:D1:AA:23:D1:B1:45:B8:39:83:23:70:DA:86:1E:41:7B:60:24:98
X509v3 Authority Key Identifier:
keyid:DD:0B:66:3C:45:D7:BC:27:24:D1:68:48:50:87:58:1E:14:44:8F:B6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3QtmPEXXvCck0WhIUIdYHhREj7Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/I9GqI9GxRbg5gyNw2oYeQXtgJJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/68/edc238-4c0a-46ed-bc24-3b9e3c8a2fca/1/3QtmPEXXvCck0WhIUIdYHhREj7Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.209.248.0/21
82.112.160.0/21
185.124.212.0/22
193.227.160.0/19
213.175.160.0/19
IPv6:
2a06:b540::/29
Signature Algorithm: sha256WithRSAEncryption
59:e6:8b:b1:94:b4:88:b0:ad:36:ed:38:71:9d:62:3a:dc:74:
dc:03:4b:53:42:37:2b:5d:3f:c9:40:fe:01:86:34:cc:05:a6:
7f:45:f7:0b:f2:63:a4:15:93:88:45:b4:74:25:9d:b7:68:49:
2a:b9:00:24:e5:18:18:01:e3:e5:e9:b4:b1:f0:f2:c3:36:b4:
17:6a:a4:fa:d9:14:81:b9:45:a8:74:c9:af:66:62:db:6a:88:
ec:97:ab:91:04:7e:6b:9f:ab:d1:c2:19:16:29:8a:04:6d:10:
5d:39:40:ba:3e:62:d4:ac:1f:bb:8d:55:dc:2d:0b:95:04:60:
42:11:23:af:69:11:a9:bc:cc:a5:18:7f:76:e9:6f:dd:1e:39:
86:b9:0c:da:67:26:48:be:30:ab:9e:6a:8a:a0:74:c6:63:6d:
dc:07:ae:1b:85:87:5b:b2:2e:9d:d4:e5:39:1c:16:36:f1:93:
c1:84:5d:ee:ba:b9:ba:51:92:a6:63:44:2a:78:ad:20:a3:ba:
1a:86:1c:fe:77:e9:83:ac:d2:82:01:68:b3:26:d1:46:50:5a:
69:87:2c:b2:dd:84:b3:de:8d:a7:20:e3:21:89:72:62:32:c9:
72:ab:79:83:8e:d6:8d:37:06:2e:38:ce:a2:ac:8c:03:99:98:
31:c2:96:ed
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQkRZ1ytUiXZFfWEV3LIvzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMGI2NjNjNDVkN2JjMjcyNGQxNjg0ODUwODc1ODFlMTQ0
NDhmYjYwHhcNMjUwMTAxMjM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2QxYWEyM2QxYjE0NWI4Mzk4MzIzNzBkYTg2MWU0MTdiNjAyNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAns+Bzjm3B29QEuz0FWKn7VSgM/Iq
wMoetDDu7dSVcs5AfY95GKu4CE2FH4hk/9tq7LtpL3OR69oN5dSFSSIa59fTqSa9
KW4jMbvKVG+SJ2Hk0Aqfqm2f05UAfD+d5xUPK/JGSVmnmeCjJy7UECwqzwXYJDTy
mMKZpKV/Qe8I3feXReA2+uYvYbp8bi36hWT/WoHgp/TlZJCilVhnuNe2ap5S+LtY
eRk0aPiFwg5VVRhH1XYIFUStqpUsWw2n1hYJ3f1p+utuX5awOdAsCPMKgcRT6pqy
ZSKf4Be1R0aNdsX57HL8P0ubpBwQyn24hOWRAQ2i8snngwHQf25lGfRtvwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFCPRqiPRsUW4OYMjcNqGHkF7YCSYMB8GA1UdIwQY
MBaAFN0LZjxF17wnJNFoSFCHWB4URI+2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1F0bVBFWFh2Q2NrMFdoSVVJZFlIaFJFajdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9lZGMyMzgtNGMwYS00NmVkLWJjMjQt
M2I5ZTNjOGEyZmNhLzEvSTlHcUk5R3hSYmc1Z3lOdzJvWWVRWHRnSkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9lZGMyMzgtNGMwYS00NmVkLWJjMjQtM2I5ZTNjOGEyZmNh
LzEvM1F0bVBFWFh2Q2NrMFdoSVVJZFlIaFJFajdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDJdH4AwQD
UnCgAwQCuXzUAwQFweOgAwQF1a+gMA0EAgACMAcDBQMqBrVAMA0GCSqGSIb3DQEB
CwUAA4IBAQBZ5ouxlLSIsK027ThxnWI63HTcA0tTQjcrXT/JQP4BhjTMBaZ/RfcL
8mOkFZOIRbR0JZ23aEkquQAk5RgYAePl6bSx8PLDNrQXaqT62RSBuUWodMmvZmLb
aojsl6uRBH5rn6vRwhkWKYoEbRBdOUC6PmLUrB+7jVXcLQuVBGBCESOvaRGpvMyl
GH926W/dHjmGuQzaZyZIvjCrnmqKoHTGY23cB64bhYdbsi6d1OU5HBY28ZPBhF3u
urm6UZKmY0QqeK0go7oahhz+d+mDrNKCAWizJtFGUFpphyyy3YSz3o2nIOMhiXJi
Mslyq3mDjtaNNwYuOM6irIwDmZgxwpbt
-----END CERTIFICATE-----
Generated at Fri Apr 25 15:34:21 2025 by rpki-client