Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/aAjiTGjBvK-qa1UvGqne8OL4KrA.roa
File: aAjiTGjBvK-qa1UvGqne8OL4KrA.roa (raw, json)
Hash identifier: BjZaYz009qatAltLmOSug4n6bf9uQdN4teDrrkkHNbw=
Subject key identifier: 68:08:E2:4C:68:C1:BC:AF:AA:6B:55:2F:1A:A9:DE:F0:E2:F8:2A:B0
Certificate issuer: /CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
Certificate serial: 0194222006CB1B501B0D4F28B07E9FA1A835
Authority key identifier: D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/aAjiTGjBvK-qa1UvGqne8OL4KrA.roa
Signing time: Wed 01 Jan 2025 13:48:31 +0000
ROA not before: Wed 01 Jan 2025 13:48:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198426
IP address blocks: 185.149.209.0/24 maxlen: 24
192.175.40.0/22 maxlen: 22
2a0d:a0c0::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:06:cb:1b:50:1b:0d:4f:28:b0:7e:9f:a1:a8:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d04079bb7070ed0eeea3a1a467c79462bcc5455f
Validity
Not Before: Jan 1 13:48:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6808e24c68c1bcafaa6b552f1aa9def0e2f82ab0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:87:5e:2e:8b:c7:8c:be:68:4e:1a:aa:1d:2c:
a3:97:52:1f:b5:e4:a8:1f:7a:7c:03:e5:ca:ea:13:
75:a4:f8:7c:97:91:9b:2f:96:d9:aa:d8:c2:3f:f1:
c9:e7:14:68:b1:dd:a7:30:68:8d:bb:31:08:30:42:
73:35:26:32:a1:2d:10:ee:75:58:94:26:cc:db:95:
5e:bf:74:85:b0:e0:ba:d9:ca:13:32:a8:47:69:dd:
cb:e1:c9:cc:d3:1d:fc:84:4d:82:2a:49:f4:9c:93:
c2:b3:2c:40:ce:58:bf:70:bc:a2:73:ac:2c:77:81:
4d:65:b2:32:f6:67:b3:3b:c0:9d:72:b5:af:8b:f7:
91:a2:6f:25:31:4c:18:3a:32:61:05:ce:55:54:83:
5a:c3:f3:9c:ad:44:5a:f6:b1:45:28:23:1e:56:be:
1d:8e:f9:56:c6:4e:86:19:3f:8c:0e:7b:b6:5b:10:
18:9d:b0:3c:3c:89:57:23:9c:ac:18:1b:f4:e1:1e:
45:16:0e:92:e9:da:02:2e:62:dc:5a:10:ad:2d:4e:
16:2c:bd:fb:0b:d3:2e:e9:ae:e4:8c:c2:07:a6:a5:
16:d4:72:37:d9:80:62:c8:16:66:42:61:0f:7c:f2:
31:22:b3:20:b9:b6:48:54:3c:90:f1:53:8a:cc:47:
7e:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:08:E2:4C:68:C1:BC:AF:AA:6B:55:2F:1A:A9:DE:F0:E2:F8:2A:B0
X509v3 Authority Key Identifier:
keyid:D0:40:79:BB:70:70:ED:0E:EE:A3:A1:A4:67:C7:94:62:BC:C5:45:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/aAjiTGjBvK-qa1UvGqne8OL4KrA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a93da0-e155-4324-9ba9-62098d1ec1e6/1/0EB5u3Bw7Q7uo6GkZ8eUYrzFRV8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.149.209.0/24
192.175.40.0/22
IPv6:
2a0d:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
6c:0f:66:89:ce:c5:bf:7b:0f:e6:39:ba:75:ab:4d:80:cf:d6:
4f:c2:1d:e1:72:37:3e:51:16:1f:77:4d:25:c5:1d:94:f3:3b:
77:8e:d2:d6:16:17:4c:75:01:7e:a1:aa:9d:1f:4b:0f:0f:c4:
e9:e3:d7:74:e2:9f:f0:72:35:51:3d:29:3a:fd:e2:04:07:ec:
ca:d6:27:e6:57:bb:fd:26:f1:5b:d6:6b:b7:b6:d5:60:09:8c:
ec:9a:0d:02:49:62:8f:b4:1b:61:f5:3e:db:26:89:1b:33:45:
e1:d3:1c:30:d1:a1:dd:73:54:c6:91:00:25:3e:fb:23:e4:46:
0e:fc:ab:b2:94:d5:04:a2:31:88:74:3b:0a:70:ce:32:25:25:
3e:b0:f1:16:96:79:e4:32:d2:b9:de:59:58:7e:59:f8:85:a7:
61:2b:f3:e4:37:f4:ba:70:de:f8:98:97:e2:9c:09:31:1d:21:
e3:82:7b:34:9c:96:c5:b0:15:5b:9b:eb:f6:d6:6f:91:29:89:
2f:20:e0:af:05:cc:f9:82:b7:f7:01:6e:ab:42:d6:7d:ea:29:
17:be:91:19:95:6c:72:f8:11:1a:2c:9b:31:25:d0:71:25:36:
2b:45:8e:d4:34:a9:19:a5:77:c5:bb:13:43:28:c1:13:ca:4d:
e6:9f:67:60
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQiIAbLG1AbDU8osH6foag1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDA3OWJiNzA3MGVkMGVlZWEzYTFhNDY3Yzc5NDYyYmNj
NTQ1NWYwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA4ZTI0YzY4YzFiY2FmYWE2YjU1MmYxYWE5ZGVmMGUyZjgyYWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYdeLovHjL5oThqqHSyjl1IfteSo
H3p8A+XK6hN1pPh8l5GbL5bZqtjCP/HJ5xRosd2nMGiNuzEIMEJzNSYyoS0Q7nVY
lCbM25Vev3SFsOC62coTMqhHad3L4cnM0x38hE2CKkn0nJPCsyxAzli/cLyic6ws
d4FNZbIy9mezO8CdcrWvi/eRom8lMUwYOjJhBc5VVINaw/OcrURa9rFFKCMeVr4d
jvlWxk6GGT+MDnu2WxAYnbA8PIlXI5ysGBv04R5FFg6S6doCLmLcWhCtLU4WLL37
C9Mu6a7kjMIHpqUW1HI32YBiyBZmQmEPfPIxIrMgubZIVDyQ8VOKzEd+ZQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGgI4kxowbyvqmtVLxqp3vDi+CqwMB8GA1UdIwQY
MBaAFNBAebtwcO0O7qOhpGfHlGK8xUVfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTkt
NjIwOThkMWVjMWU2LzEvYUFqaVRHakJ2Sy1xYTFVdkdxbmU4T0w0S3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hOTNkYTAtZTE1NS00MzI0LTliYTktNjIwOThkMWVjMWU2
LzEvMEVCNXUzQnc3UTd1bzZHa1o4ZVVZcnpGUlY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuZXRAwQC
wK8oMA8EAgACMAkDBwAqDaDAAAAwDQYJKoZIhvcNAQELBQADggEBAGwPZonOxb97
D+Y5unWrTYDP1k/CHeFyNz5RFh93TSXFHZTzO3eO0tYWF0x1AX6hqp0fSw8PxOnj
13Tin/ByNVE9KTr94gQH7MrWJ+ZXu/0m8VvWa7e21WAJjOyaDQJJYo+0G2H1Ptsm
iRszReHTHDDRod1zVMaRACU++yPkRg78q7KU1QSiMYh0OwpwzjIlJT6w8RaWeeQy
0rneWVh+WfiFp2Er8+Q39Lpw3viYl+KcCTEdIeOCezSclsWwFVub6/bWb5EpiS8g
4K8FzPmCt/cBbqtC1n3qKRe+kRmVbHL4ERosmzEl0HElNitFjtQ0qRmld8W7E0Mo
wRPKTeafZ2A=
-----END CERTIFICATE-----
Generated at Fri Apr 25 05:50:35 2025 by rpki-client