Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/0-DRCfkpBDrsJRSJxKK3nX_LrZw.roa
File: 0-DRCfkpBDrsJRSJxKK3nX_LrZw.roa (raw, json)
Hash identifier: BjYEFfztzrfSf9BH/ut9S9y16Rlv7uTwFlgTI+tPFoE=
Subject key identifier: D3:E0:D1:09:F9:29:04:3A:EC:25:14:89:C4:A2:B7:9D:7F:CB:AD:9C
Certificate issuer: /CN=61e565562d3e3f565e9c0a41946ea53d45d5d657
Certificate serial: 019422FB52AF0D54B1063C4AC438F1E43B67
Authority key identifier: 61:E5:65:56:2D:3E:3F:56:5E:9C:0A:41:94:6E:A5:3D:45:D5:D6:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YeVlVi0-P1ZenApBlG6lPUXV1lc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/0-DRCfkpBDrsJRSJxKK3nX_LrZw.roa
Signing time: Wed 01 Jan 2025 17:48:03 +0000
ROA not before: Wed 01 Jan 2025 17:48:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211186
IP address blocks: 91.218.22.0/24 maxlen: 24
185.14.96.0/24 maxlen: 24
195.95.189.0/24 maxlen: 24
2a0c:2580::/30 maxlen: 30
2a0c:2580::/36 maxlen: 36
2a0c:2580:1000::/36 maxlen: 36
2a0c:2580:2000::/36 maxlen: 36
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:52:af:0d:54:b1:06:3c:4a:c4:38:f1:e4:3b:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61e565562d3e3f565e9c0a41946ea53d45d5d657
Validity
Not Before: Jan 1 17:48:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d3e0d109f929043aec251489c4a2b79d7fcbad9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:35:2f:c7:6b:9a:d9:6d:e9:f6:5c:25:b4:03:
bd:97:e0:75:12:fe:3e:33:1d:28:93:7f:0c:8c:96:
7a:39:e9:61:6f:45:f5:1a:ad:38:23:97:17:07:c3:
33:40:dd:db:a4:73:c9:b8:7f:3b:15:b9:4f:0b:6c:
d0:f3:92:c5:da:f6:ea:1a:f9:33:2b:2f:fb:c4:03:
27:3b:3e:b5:e6:b8:87:5a:d5:c7:fb:74:69:99:ac:
a4:90:42:1e:a4:8f:f7:d1:19:2b:5d:0b:1b:17:8b:
23:74:41:02:ec:07:67:a7:81:b9:94:95:ed:e2:ce:
38:10:ad:f7:d9:79:22:58:56:11:dc:9b:a4:d8:bb:
d2:e3:9d:33:5e:7e:34:40:cc:ba:1f:91:1c:ea:76:
e6:4c:37:2a:a9:31:dd:02:28:cd:51:5c:25:2e:a8:
8c:2e:5e:2b:b3:aa:41:94:86:77:e8:c1:78:38:e9:
43:d0:7a:67:44:0c:d8:b9:3a:06:83:0e:ce:33:42:
5d:d3:1b:0a:25:71:ef:56:2b:39:cd:9c:f8:d6:64:
4e:10:c5:f0:a7:bb:1b:2d:b1:df:55:fb:b7:cc:05:
2a:9f:fb:ff:a6:2f:04:05:d0:18:f2:03:56:f3:af:
b1:df:e9:4f:c4:67:7b:0f:ad:ce:56:0e:53:02:82:
ec:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:E0:D1:09:F9:29:04:3A:EC:25:14:89:C4:A2:B7:9D:7F:CB:AD:9C
X509v3 Authority Key Identifier:
keyid:61:E5:65:56:2D:3E:3F:56:5E:9C:0A:41:94:6E:A5:3D:45:D5:D6:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YeVlVi0-P1ZenApBlG6lPUXV1lc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/0-DRCfkpBDrsJRSJxKK3nX_LrZw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66214b-01df-4b01-ba76-f4cbd6ba6c0f/1/YeVlVi0-P1ZenApBlG6lPUXV1lc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.218.22.0/24
185.14.96.0/24
195.95.189.0/24
IPv6:
2a0c:2580::/30
Signature Algorithm: sha256WithRSAEncryption
90:71:84:36:e7:9d:c2:be:0c:d1:b5:8c:1a:bb:b6:90:38:e0:
e3:3d:6a:ee:fa:da:9c:c0:27:1b:a2:72:72:42:44:44:40:0d:
d6:1f:cf:22:4f:82:a2:55:0e:b0:c1:9e:6a:1f:b5:cd:5c:48:
65:b8:48:e1:a2:7a:79:3d:92:88:44:1c:8d:d3:43:61:c9:3e:
e1:73:50:cf:09:8f:97:9b:8e:54:be:fd:ac:39:e1:15:c5:62:
96:28:7b:c8:09:64:ff:f1:a1:58:13:15:ca:a3:b7:03:92:99:
82:a8:02:26:61:dc:50:1d:42:5f:ef:4d:a0:0b:24:c6:ee:53:
6b:18:8f:d0:15:73:af:0e:77:d5:78:f4:f6:17:77:5c:4b:80:
f4:b3:b6:9f:ce:07:f4:bd:54:db:54:d4:02:a3:04:5b:4c:11:
c9:21:a7:de:a0:1e:15:ac:6d:82:73:4b:83:8a:f6:7b:74:72:
25:66:5a:57:c4:d1:93:1a:7f:21:14:31:1a:9f:a7:d5:9c:73:
2e:c1:4c:88:05:49:17:05:6d:fc:0d:0f:64:fe:5c:5b:a5:fb:
ad:97:89:bd:a2:01:a4:fc:1a:b8:b7:b8:ca:66:68:35:72:95:
09:2d:b8:77:21:a8:17:7e:3d:bd:d1:25:b5:f9:9d:bb:0d:a0:
c6:5c:5c:c4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQi+1KvDVSxBjxKxDjx5DtnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTU2NTU2MmQzZTNmNTY1ZTljMGE0MTk0NmVhNTNkNDVk
NWQ2NTcwHhcNMjUwMTAxMTc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2UwZDEwOWY5MjkwNDNhZWMyNTE0ODljNGEyYjc5ZDdmY2JhZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDUvx2ua2W3p9lwltAO9l+B1Ev4+
Mx0ok38MjJZ6Oelhb0X1Gq04I5cXB8MzQN3bpHPJuH87FblPC2zQ85LF2vbqGvkz
Ky/7xAMnOz615riHWtXH+3RpmaykkEIepI/30RkrXQsbF4sjdEEC7Adnp4G5lJXt
4s44EK332XkiWFYR3Juk2LvS450zXn40QMy6H5Ec6nbmTDcqqTHdAijNUVwlLqiM
Ll4rs6pBlIZ36MF4OOlD0HpnRAzYuToGgw7OM0Jd0xsKJXHvVis5zZz41mROEMXw
p7sbLbHfVfu3zAUqn/v/pi8EBdAY8gNW86+x3+lPxGd7D63OVg5TAoLsuQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNPg0Qn5KQQ67CUUicSit51/y62cMB8GA1UdIwQY
MBaAFGHlZVYtPj9WXpwKQZRupT1F1dZXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVWbFZpMC1QMVplbkFwQmxHNmxQVVhWMWxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NjIxNGItMDFkZi00YjAxLWJhNzYt
ZjRjYmQ2YmE2YzBmLzEvMC1EUkNma3BCRHJzSlJTSnhLSzNuWF9Mclp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NjIxNGItMDFkZi00YjAxLWJhNzYtZjRjYmQ2YmE2YzBm
LzEvWWVWbFZpMC1QMVplbkFwQmxHNmxQVVhWMWxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAW9oWAwQA
uQ5gAwQAw1+9MA0EAgACMAcDBQIqDCWAMA0GCSqGSIb3DQEBCwUAA4IBAQCQcYQ2
553CvgzRtYwau7aQOODjPWru+tqcwCcbonJyQkREQA3WH88iT4KiVQ6wwZ5qH7XN
XEhluEjhonp5PZKIRByN00NhyT7hc1DPCY+Xm45Uvv2sOeEVxWKWKHvICWT/8aFY
ExXKo7cDkpmCqAImYdxQHUJf702gCyTG7lNrGI/QFXOvDnfVePT2F3dcS4D0s7af
zgf0vVTbVNQCowRbTBHJIafeoB4VrG2Cc0uDivZ7dHIlZlpXxNGTGn8hFDEan6fV
nHMuwUyIBUkXBW38DQ9k/lxbpfutl4m9ogGk/Bq4t7jKZmg1cpUJLbh3IagXfj29
0SW1+Z27DaDGXFzE
-----END CERTIFICATE-----
Generated at Fri Apr 25 12:00:18 2025 by rpki-client