Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/1c8bee-8df8-4102-a4ec-4f1ade1da20d/1/KKfXHhC8ynjRtI36KFPIqF0xAvY.roa
File: KKfXHhC8ynjRtI36KFPIqF0xAvY.roa (raw, json)
Hash identifier: ezgy1Jn7srd8Of8dUU4rL8GndM8gLc3B5ZacAY1O9xY=
Subject key identifier: 28:A7:D7:1E:10:BC:CA:78:D1:B4:8D:FA:28:53:C8:A8:5D:31:02:F6
Certificate issuer: /CN=ebf58388c631c977ea51fcadb50cd20a7492f5e7
Certificate serial: 01942520A8E7E6F9EB0609C32AE20EC59B97
Authority key identifier: EB:F5:83:88:C6:31:C9:77:EA:51:FC:AD:B5:0C:D2:0A:74:92:F5:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6_WDiMYxyXfqUfyttQzSCnSS9ec.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/1c8bee-8df8-4102-a4ec-4f1ade1da20d/1/KKfXHhC8ynjRtI36KFPIqF0xAvY.roa
Signing time: Thu 02 Jan 2025 03:48:04 +0000
ROA not before: Thu 02 Jan 2025 03:48:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 213270
IP address blocks: 37.200.86.0/24 maxlen: 24
2a02:f980::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:20:a8:e7:e6:f9:eb:06:09:c3:2a:e2:0e:c5:9b:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ebf58388c631c977ea51fcadb50cd20a7492f5e7
Validity
Not Before: Jan 2 03:48:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28a7d71e10bcca78d1b48dfa2853c8a85d3102f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:0f:11:13:67:e4:5a:56:aa:b6:07:ce:77:c8:
8e:d5:59:3c:ae:94:34:1f:7b:66:8f:9b:4d:71:5e:
8d:4b:69:0c:72:21:98:3f:c0:73:6d:1a:b9:4f:f4:
d7:66:01:6f:06:87:b2:55:f0:00:94:2e:6f:05:0d:
ed:2b:08:ef:90:b7:14:28:46:1d:1c:9a:8c:0f:69:
8e:ab:16:62:d9:db:f5:28:04:45:e0:c0:ed:64:7e:
ec:68:9c:c9:80:db:af:b5:f7:c1:21:9e:fe:75:46:
9b:b6:85:c1:f1:3b:32:79:d3:f0:7d:2a:fb:0d:9d:
f7:a0:ec:69:be:d8:e8:8f:96:ae:d4:89:b6:3f:1b:
f6:9f:91:34:2f:6a:16:cd:99:d0:54:5f:3c:aa:6d:
64:03:aa:38:b7:63:f2:0a:8b:81:2e:46:a5:bc:de:
f1:3d:04:a2:a0:e8:df:70:3e:33:5d:35:e8:48:24:
ce:84:a8:4d:6f:2b:b9:fa:cd:78:bf:c4:8d:4d:00:
f3:e4:85:9c:8e:8d:0c:cd:1a:e8:51:45:4f:88:d6:
51:0a:29:74:8a:43:04:73:e2:0c:8d:14:a0:19:4a:
49:9f:15:e2:ed:86:78:34:bd:89:ee:21:81:93:d2:
45:d1:2a:01:cc:6b:da:2f:67:91:b8:1b:98:0c:2c:
60:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:A7:D7:1E:10:BC:CA:78:D1:B4:8D:FA:28:53:C8:A8:5D:31:02:F6
X509v3 Authority Key Identifier:
keyid:EB:F5:83:88:C6:31:C9:77:EA:51:FC:AD:B5:0C:D2:0A:74:92:F5:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_WDiMYxyXfqUfyttQzSCnSS9ec.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/1c8bee-8df8-4102-a4ec-4f1ade1da20d/1/KKfXHhC8ynjRtI36KFPIqF0xAvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/1c8bee-8df8-4102-a4ec-4f1ade1da20d/1/6_WDiMYxyXfqUfyttQzSCnSS9ec.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.200.86.0/24
IPv6:
2a02:f980::/32
Signature Algorithm: sha256WithRSAEncryption
25:0c:ca:2f:b1:e6:68:56:a0:55:cd:5b:a7:bd:31:a2:84:75:
61:a0:00:ca:7f:7c:ce:2a:de:97:d1:7c:7b:65:08:53:6c:74:
c0:c7:ef:21:a3:25:e1:ec:62:b7:71:98:7d:c0:0d:21:91:56:
f3:ae:71:d5:9a:ae:a1:ff:92:31:b3:59:fc:6a:f2:63:56:dc:
74:61:82:9d:29:12:46:8a:d4:ad:5d:c1:48:a7:0b:c6:86:03:
f9:24:54:c9:ce:27:fa:f1:12:ff:05:5c:50:87:fc:66:ec:44:
ab:8f:eb:92:14:d6:31:42:4a:d0:2a:cc:2d:48:c4:73:79:38:
c0:a9:e8:a1:c6:3e:30:6e:ab:dc:13:93:83:db:87:fa:9e:ca:
81:ad:02:3a:55:b4:71:36:e7:fc:80:d3:29:ec:b6:ec:62:c2:
59:b5:c0:37:9b:0e:1a:b4:a5:91:ae:61:0c:44:bc:a1:21:b8:
b9:e3:6c:49:38:3e:ff:42:12:10:0d:b1:83:2c:23:63:b1:7a:
08:5f:8b:9e:7f:8a:a7:de:40:d4:63:b6:e3:cd:47:dd:a7:21:
f3:d8:43:53:46:83:23:fb:08:c4:09:1e:9b:60:77:3e:1b:6a:
e1:4a:94:a0:5e:85:15:fb:b5:25:c8:38:70:c6:a9:1f:13:7c:
2a:e2:7b:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIKjn5vnrBgnDKuIOxZuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZjU4Mzg4YzYzMWM5NzdlYTUxZmNhZGI1MGNkMjBhNzQ5
MmY1ZTcwHhcNMjUwMTAyMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGE3ZDcxZTEwYmNjYTc4ZDFiNDhkZmEyODUzYzhhODVkMzEwMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg8RE2fkWlaqtgfOd8iO1Vk8rpQ0
H3tmj5tNcV6NS2kMciGYP8BzbRq5T/TXZgFvBoeyVfAAlC5vBQ3tKwjvkLcUKEYd
HJqMD2mOqxZi2dv1KARF4MDtZH7saJzJgNuvtffBIZ7+dUabtoXB8TsyedPwfSr7
DZ33oOxpvtjoj5au1Im2Pxv2n5E0L2oWzZnQVF88qm1kA6o4t2PyCouBLkalvN7x
PQSioOjfcD4zXTXoSCTOhKhNbyu5+s14v8SNTQDz5IWcjo0MzRroUUVPiNZRCil0
ikMEc+IMjRSgGUpJnxXi7YZ4NL2J7iGBk9JF0SoBzGvaL2eRuBuYDCxgUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCin1x4QvMp40bSN+ihTyKhdMQL2MB8GA1UdIwQY
MBaAFOv1g4jGMcl36lH8rbUM0gp0kvXnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9XRGlNWXh5WGZxVWZ5dHRRelNDblNTOWVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8xYzhiZWUtOGRmOC00MTAyLWE0ZWMt
NGYxYWRlMWRhMjBkLzEvS0tmWEhoQzh5bmpSdEkzNktGUElxRjB4QXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8xYzhiZWUtOGRmOC00MTAyLWE0ZWMtNGYxYWRlMWRhMjBk
LzEvNl9XRGlNWXh5WGZxVWZ5dHRRelNDblNTOWVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJchWMA0E
AgACMAcDBQAqAvmAMA0GCSqGSIb3DQEBCwUAA4IBAQAlDMovseZoVqBVzVunvTGi
hHVhoADKf3zOKt6X0Xx7ZQhTbHTAx+8hoyXh7GK3cZh9wA0hkVbzrnHVmq6h/5Ix
s1n8avJjVtx0YYKdKRJGitStXcFIpwvGhgP5JFTJzif68RL/BVxQh/xm7ESrj+uS
FNYxQkrQKswtSMRzeTjAqeihxj4wbqvcE5OD24f6nsqBrQI6VbRxNuf8gNMp7Lbs
YsJZtcA3mw4atKWRrmEMRLyhIbi542xJOD7/QhIQDbGDLCNjsXoIX4uef4qn3kDU
Y7bjzUfdpyHz2ENTRoMj+wjECR6bYHc+G2rhSpSgXoUV+7UlyDhwxqkfE3wq4nug
-----END CERTIFICATE-----
Generated at Fri Apr 25 16:40:58 2025 by rpki-client