Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/dWFT9hgaVCYJtdxaSn0ewqM1KWo.roa
File: dWFT9hgaVCYJtdxaSn0ewqM1KWo.roa (raw, json)
Hash identifier: tHOIQAagcAGzXqkgG6BKkUp0/ND0gT/kYOrqKoarV1g=
Subject key identifier: 75:61:53:F6:18:1A:54:26:09:B5:DC:5A:4A:7D:1E:C2:A3:35:29:6A
Certificate issuer: /CN=17dbd5acf1f9c75d18a1f75031114c48f0b23363
Certificate serial: 0194258F6A0919101A67BBB7E8D236F7FCF6
Authority key identifier: 17:DB:D5:AC:F1:F9:C7:5D:18:A1:F7:50:31:11:4C:48:F0:B2:33:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/dWFT9hgaVCYJtdxaSn0ewqM1KWo.roa
Signing time: Thu 02 Jan 2025 05:49:03 +0000
ROA not before: Thu 02 Jan 2025 05:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25156
IP address blocks: 85.89.128.0/19 maxlen: 19
85.89.128.0/21 maxlen: 21
2a00:65c0::/32 maxlen: 32
2a00:65c0:1::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:6a:09:19:10:1a:67:bb:b7:e8:d2:36:f7:fc:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17dbd5acf1f9c75d18a1f75031114c48f0b23363
Validity
Not Before: Jan 2 05:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=756153f6181a542609b5dc5a4a7d1ec2a335296a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:25:6e:fd:bb:af:2c:db:16:01:12:f3:b2:b5:
f3:f5:41:0e:81:d8:dd:cc:e4:a6:9d:9d:12:15:65:
20:e8:03:fe:0d:26:c2:95:28:09:e3:c1:08:31:18:
8e:d7:00:5e:5a:49:6c:36:e8:df:79:76:73:18:7f:
25:5d:0f:b7:0a:7d:4b:05:c9:36:fb:06:19:87:38:
db:f9:c2:c3:56:4e:6d:29:54:77:7a:e5:69:17:0f:
37:b8:c4:38:ed:eb:9b:8d:80:4e:37:1a:84:e0:ca:
21:02:2f:03:f1:39:49:fc:82:71:3c:0a:db:47:6a:
a4:2b:34:4c:83:47:e4:a7:9a:a1:cb:e7:ce:65:02:
7a:d3:03:ca:21:74:f2:9d:13:56:58:66:04:87:bc:
90:7e:63:45:f3:dc:d9:e7:6e:3f:25:eb:a6:90:f1:
8a:8a:de:ad:ff:8b:60:2f:cf:db:58:c7:20:98:79:
e2:32:e7:80:88:34:c7:fd:18:b4:36:90:08:01:22:
20:af:83:c9:6f:6a:dc:c0:82:03:14:78:9e:9c:30:
6d:91:f8:98:db:a7:cf:80:65:d6:4d:b4:6c:62:fe:
60:c1:4d:bf:06:9e:9f:f6:b1:ca:15:59:70:ba:a5:
52:8c:35:66:21:b4:a5:a2:94:cc:d9:ff:20:f3:21:
09:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:61:53:F6:18:1A:54:26:09:B5:DC:5A:4A:7D:1E:C2:A3:35:29:6A
X509v3 Authority Key Identifier:
keyid:17:DB:D5:AC:F1:F9:C7:5D:18:A1:F7:50:31:11:4C:48:F0:B2:33:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9vVrPH5x10YofdQMRFMSPCyM2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/dWFT9hgaVCYJtdxaSn0ewqM1KWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/29199f-f6cc-448a-bfd4-581db87c821e/1/F9vVrPH5x10YofdQMRFMSPCyM2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.89.128.0/19
IPv6:
2a00:65c0::/32
Signature Algorithm: sha256WithRSAEncryption
04:99:65:b3:60:bb:13:95:fa:4b:e6:e5:ca:72:6c:68:7d:61:
2b:c1:22:5a:f8:c7:7c:31:eb:2f:84:92:2e:ad:d0:e5:ee:77:
17:7b:32:bb:8f:6f:b9:76:18:e8:37:64:4a:9a:f5:cc:ee:ca:
0b:e4:db:b7:0f:74:41:9a:2c:9a:a2:a1:7d:b5:33:51:02:e2:
76:85:48:43:96:be:68:6b:a4:95:06:a6:f5:d5:9d:86:9a:6c:
ae:50:af:19:5e:3f:aa:30:a6:93:3b:c2:43:3a:ca:0a:e4:aa:
d5:83:c7:ad:e6:9f:1b:cf:4f:87:6c:e5:e3:52:21:38:2c:7f:
84:f7:ba:68:c0:2a:61:85:ae:3b:bc:af:6a:ad:ed:80:3b:1f:
92:85:62:41:1b:7b:3f:1e:57:32:e0:45:7e:30:11:e5:52:3e:
a3:75:40:ca:69:8c:ca:e3:87:52:3b:38:20:bb:fa:93:3e:7f:
ea:78:23:3c:2f:c7:ab:6b:c2:e3:0e:e9:cd:7e:c9:5e:5a:9b:
2c:f8:41:88:4c:6e:3e:7c:b1:bb:d8:b3:56:a3:89:51:ed:a9:
18:2e:55:5e:8a:df:16:a3:c6:1f:47:32:b2:49:2f:98:0b:bd:
b7:7a:8d:07:96:a1:de:9d:04:45:fb:5e:05:1c:f5:e4:b2:a0:
cc:9d:0a:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj2oJGRAaZ7u36NI29/z2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGJkNWFjZjFmOWM3NWQxOGExZjc1MDMxMTE0YzQ4ZjBi
MjMzNjMwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTYxNTNmNjE4MWE1NDI2MDliNWRjNWE0YTdkMWVjMmEzMzUyOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSVu/buvLNsWARLzsrXz9UEOgdjd
zOSmnZ0SFWUg6AP+DSbClSgJ48EIMRiO1wBeWklsNujfeXZzGH8lXQ+3Cn1LBck2
+wYZhzjb+cLDVk5tKVR3euVpFw83uMQ47eubjYBONxqE4MohAi8D8TlJ/IJxPArb
R2qkKzRMg0fkp5qhy+fOZQJ60wPKIXTynRNWWGYEh7yQfmNF89zZ524/JeumkPGK
it6t/4tgL8/bWMcgmHniMueAiDTH/Ri0NpAIASIgr4PJb2rcwIIDFHienDBtkfiY
26fPgGXWTbRsYv5gwU2/Bp6f9rHKFVlwuqVSjDVmIbSlopTM2f8g8yEJGQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHVhU/YYGlQmCbXcWkp9HsKjNSlqMB8GA1UdIwQY
MBaAFBfb1azx+cddGKH3UDERTEjwsjNjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjl2VnJQSDV4MTBZb2ZkUU1SRk1TUEN5TTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8yOTE5OWYtZjZjYy00NDhhLWJmZDQt
NTgxZGI4N2M4MjFlLzEvZFdGVDloZ2FWQ1lKdGR4YVNuMGV3cU0xS1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8yOTE5OWYtZjZjYy00NDhhLWJmZDQtNTgxZGI4N2M4MjFl
LzEvRjl2VnJQSDV4MTBZb2ZkUU1SRk1TUEN5TTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFVVmAMA0E
AgACMAcDBQAqAGXAMA0GCSqGSIb3DQEBCwUAA4IBAQAEmWWzYLsTlfpL5uXKcmxo
fWErwSJa+Md8MesvhJIurdDl7ncXezK7j2+5dhjoN2RKmvXM7soL5Nu3D3RBmiya
oqF9tTNRAuJ2hUhDlr5oa6SVBqb11Z2GmmyuUK8ZXj+qMKaTO8JDOsoK5KrVg8et
5p8bz0+HbOXjUiE4LH+E97powCphha47vK9qre2AOx+ShWJBG3s/Hlcy4EV+MBHl
Uj6jdUDKaYzK44dSOzggu/qTPn/qeCM8L8era8LjDunNfsleWpss+EGITG4+fLG7
2LNWo4lR7akYLlVeit8Wo8YfRzKySS+YC723eo0HlqHenQRF+14FHPXksqDMnQrM
-----END CERTIFICATE-----
Generated at Fri Apr 25 06:48:27 2025 by rpki-client