Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/tDQAlIS1RkP7Hll5jY6GwoLQRHA.roa
File: tDQAlIS1RkP7Hll5jY6GwoLQRHA.roa (raw, json)
Hash identifier: ZBp1qrqjsUhmRr1QqJR4LsXUqiXorK/xdRoQ9NS8bh8=
Subject key identifier: B4:34:00:94:84:B5:46:43:FB:1E:59:79:8D:8E:86:C2:82:D0:44:70
Certificate issuer: /CN=a24cf90329c47ba343a66cd65d38833a357b5955
Certificate serial: 01942143E7156A4FFC3AC486134C66FA11C3
Authority key identifier: A2:4C:F9:03:29:C4:7B:A3:43:A6:6C:D6:5D:38:83:3A:35:7B:59:55
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/okz5AynEe6NDpmzWXTiDOjV7WVU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/tDQAlIS1RkP7Hll5jY6GwoLQRHA.roa
Signing time: Wed 01 Jan 2025 09:48:05 +0000
ROA not before: Wed 01 Jan 2025 09:48:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211482
IP address blocks: 185.217.28.0/24 maxlen: 24
185.217.29.0/24 maxlen: 24
185.217.31.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:e7:15:6a:4f:fc:3a:c4:86:13:4c:66:fa:11:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a24cf90329c47ba343a66cd65d38833a357b5955
Validity
Not Before: Jan 1 09:48:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b434009484b54643fb1e59798d8e86c282d04470
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ab:4c:62:24:8e:02:be:68:f2:48:dd:ea:a4:
f7:55:87:bd:30:2f:c2:9f:16:83:d4:6c:8a:0d:0f:
7f:c0:ad:5e:10:64:cd:11:5c:93:08:b8:e9:f4:56:
c7:36:9a:74:97:ef:d3:41:f9:2e:e5:4a:11:74:4e:
99:13:62:65:fc:ac:81:b6:ec:ba:c0:5c:1b:65:82:
57:24:44:83:3f:d1:8c:e8:67:71:aa:59:0a:ce:cf:
af:3f:5c:ad:37:de:1b:03:34:d5:a2:4b:c1:42:ee:
de:57:12:2d:e0:56:78:93:33:86:23:5f:69:0a:ee:
d8:4a:43:c2:fe:b0:b1:56:76:2f:1c:a7:70:89:48:
52:17:cf:78:cc:1d:11:e9:ea:27:ff:99:ab:b2:df:
02:21:bd:98:f9:0b:de:0a:b8:0c:e3:d8:d9:96:e6:
5a:dd:02:58:de:67:54:68:78:34:79:d4:65:e5:fd:
98:fd:2f:e4:d7:7c:39:00:a3:55:41:cc:4f:ea:32:
9b:8f:86:7d:34:dd:5f:35:f3:f2:55:7c:4c:bd:0c:
c5:f0:a2:19:e6:15:3b:fb:75:55:4a:d7:4b:98:6c:
62:c0:81:d1:59:10:51:0d:5b:26:c9:ba:10:50:13:
74:55:6c:04:af:9b:64:da:c2:1e:a8:9a:fb:e8:bd:
25:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:34:00:94:84:B5:46:43:FB:1E:59:79:8D:8E:86:C2:82:D0:44:70
X509v3 Authority Key Identifier:
keyid:A2:4C:F9:03:29:C4:7B:A3:43:A6:6C:D6:5D:38:83:3A:35:7B:59:55
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/okz5AynEe6NDpmzWXTiDOjV7WVU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/tDQAlIS1RkP7Hll5jY6GwoLQRHA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/dea149-4fb8-4978-a46b-33985db8047a/1/okz5AynEe6NDpmzWXTiDOjV7WVU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.217.28.0/23
185.217.31.0/24
Signature Algorithm: sha256WithRSAEncryption
97:00:ec:14:39:7d:94:c8:dc:ec:5a:de:50:e4:ee:45:5e:d2:
81:cc:f0:cb:09:98:a1:4a:8e:ee:9f:4e:81:f9:d0:56:4e:67:
c6:4d:fa:0b:31:ec:0a:ff:5b:c0:25:ee:6b:3a:f9:72:10:3e:
5c:38:19:d5:09:01:d6:58:22:75:1f:fc:af:22:e0:72:3c:8a:
27:7d:d6:22:84:c4:26:45:88:b4:5c:cc:95:56:60:67:1d:3f:
56:2b:b0:19:bc:04:a9:61:43:ec:bf:ff:a8:be:48:ee:00:0f:
9b:e6:ce:c9:29:78:04:d4:41:c8:f1:d9:79:46:35:61:57:93:
c8:a3:de:c5:20:05:6a:03:9d:ea:8e:ab:23:54:b3:18:74:94:
9b:45:17:b7:fa:7d:6b:40:5b:5f:f9:96:8d:69:f5:bd:30:08:
d2:a2:55:e2:41:ab:45:f2:3d:c9:62:d1:9c:62:6d:ee:8a:d3:
eb:b2:86:50:17:1f:8e:f7:6e:c7:f4:f8:71:69:39:38:d6:a7:
a2:b5:5a:98:c4:62:15:c6:ec:49:53:6c:6a:59:f0:60:24:aa:
84:33:a2:54:97:48:b5:94:76:78:3c:2d:b1:11:d2:a9:f9:25:
9f:5e:5c:a8:70:81:9d:5e:94:76:e5:93:3c:2b:1e:ee:37:a0:
1f:1c:32:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ+cVak/8OsSGE0xm+hHDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyNGNmOTAzMjljNDdiYTM0M2E2NmNkNjVkMzg4MzNhMzU3
YjU5NTUwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDM0MDA5NDg0YjU0NjQzZmIxZTU5Nzk4ZDhlODZjMjgyZDA0NDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6tMYiSOAr5o8kjd6qT3VYe9MC/C
nxaD1GyKDQ9/wK1eEGTNEVyTCLjp9FbHNpp0l+/TQfku5UoRdE6ZE2Jl/KyBtuy6
wFwbZYJXJESDP9GM6GdxqlkKzs+vP1ytN94bAzTVokvBQu7eVxIt4FZ4kzOGI19p
Cu7YSkPC/rCxVnYvHKdwiUhSF894zB0R6eon/5mrst8CIb2Y+QveCrgM49jZluZa
3QJY3mdUaHg0edRl5f2Y/S/k13w5AKNVQcxP6jKbj4Z9NN1fNfPyVXxMvQzF8KIZ
5hU7+3VVStdLmGxiwIHRWRBRDVsmyboQUBN0VWwEr5tk2sIeqJr76L0lAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLQ0AJSEtUZD+x5ZeY2OhsKC0ERwMB8GA1UdIwQY
MBaAFKJM+QMpxHujQ6Zs1l04gzo1e1lVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2t6NUF5bkVlNk5EcG16V1hUaURPalY3V1ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kZWExNDktNGZiOC00OTc4LWE0NmIt
MzM5ODVkYjgwNDdhLzEvdERRQWxJUzFSa1A3SGxsNWpZNkd3b0xRUkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kZWExNDktNGZiOC00OTc4LWE0NmItMzM5ODVkYjgwNDdh
LzEvb2t6NUF5bkVlNk5EcG16V1hUaURPalY3V1ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBudkcAwQA
udkfMA0GCSqGSIb3DQEBCwUAA4IBAQCXAOwUOX2UyNzsWt5Q5O5FXtKBzPDLCZih
So7un06B+dBWTmfGTfoLMewK/1vAJe5rOvlyED5cOBnVCQHWWCJ1H/yvIuByPIon
fdYihMQmRYi0XMyVVmBnHT9WK7AZvASpYUPsv/+ovkjuAA+b5s7JKXgE1EHI8dl5
RjVhV5PIo97FIAVqA53qjqsjVLMYdJSbRRe3+n1rQFtf+ZaNafW9MAjSolXiQatF
8j3JYtGcYm3uitPrsoZQFx+O927H9PhxaTk41qeitVqYxGIVxuxJU2xqWfBgJKqE
M6JUl0i1lHZ4PC2xEdKp+SWfXlyocIGdXpR25ZM8Kx7uN6AfHDI5
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:52:13 2025 by rpki-client