Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/KX-LT3dz707Vp7hkt51mW7kN47w.roa
File: KX-LT3dz707Vp7hkt51mW7kN47w.roa (raw, json)
Hash identifier: B+a9FfO6NerOzeUWDsk9OJMmWDCrppwYJ3/nJz/k+A8=
Subject key identifier: 29:7F:8B:4F:77:73:EF:4E:D5:A7:B8:64:B7:9D:66:5B:B9:0D:E3:BC
Certificate issuer: /CN=845d042f65e1b1303a44e43e0e02748a75837b44
Certificate serial: 019424B3B1BAEAC45B63B1F4203E4A17BB7C
Authority key identifier: 84:5D:04:2F:65:E1:B1:30:3A:44:E4:3E:0E:02:74:8A:75:83:7B:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/KX-LT3dz707Vp7hkt51mW7kN47w.roa
Signing time: Thu 02 Jan 2025 01:49:03 +0000
ROA not before: Thu 02 Jan 2025 01:49:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12459
IP address blocks: 185.54.161.0/24 maxlen: 24
185.119.89.0/24 maxlen: 24
185.119.90.0/24 maxlen: 24
2a0c:bf80:5a::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:b1:ba:ea:c4:5b:63:b1:f4:20:3e:4a:17:bb:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=845d042f65e1b1303a44e43e0e02748a75837b44
Validity
Not Before: Jan 2 01:49:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=297f8b4f7773ef4ed5a7b864b79d665bb90de3bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:30:88:ff:72:9c:d5:21:e6:5b:99:c3:d1:7e:
1a:65:19:4b:70:ad:a9:30:03:03:b6:f3:e4:85:dd:
e4:d4:d6:bd:e2:27:4d:2d:20:f8:f6:53:18:de:dc:
f2:12:38:92:e7:2c:0c:ee:65:ba:e9:1b:f6:7b:d1:
aa:38:95:c2:d4:89:ed:62:3f:59:8a:7d:4b:6b:a9:
3b:a1:a1:44:3a:33:0d:af:2d:81:25:6f:2c:a6:14:
f1:6d:0f:a7:8b:c8:8e:3a:a7:4e:5e:81:02:bc:c2:
4b:9e:c3:10:58:31:43:bc:a1:d4:2a:da:ed:8e:e7:
fc:6d:d4:1d:f7:d8:f9:28:58:f6:9c:7f:fe:60:5a:
c3:38:45:eb:82:78:74:64:30:ac:ca:fe:34:24:e2:
d3:f0:76:54:2c:19:6f:ca:6c:18:79:c5:63:a6:86:
69:19:2d:39:92:9c:16:e4:63:e1:34:73:ea:3a:3d:
2e:29:42:0e:be:66:af:b5:88:07:08:83:d8:aa:52:
a4:7a:1d:4c:17:81:16:d5:af:95:f0:60:4f:b2:00:
fc:40:69:86:6e:26:0c:db:eb:0e:22:d0:f8:d6:bc:
8a:c5:24:ac:92:84:fa:0a:86:04:b3:bd:6e:4c:41:
de:e2:10:12:4e:a6:c5:54:87:aa:4b:f2:1b:6a:53:
3c:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:7F:8B:4F:77:73:EF:4E:D5:A7:B8:64:B7:9D:66:5B:B9:0D:E3:BC
X509v3 Authority Key Identifier:
keyid:84:5D:04:2F:65:E1:B1:30:3A:44:E4:3E:0E:02:74:8A:75:83:7B:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/KX-LT3dz707Vp7hkt51mW7kN47w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/96dbcd-6a39-4c20-9128-d8c351d93ec6/1/hF0EL2XhsTA6ROQ-DgJ0inWDe0Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.54.161.0/24
185.119.89.0-185.119.90.255
IPv6:
2a0c:bf80:5a::/48
Signature Algorithm: sha256WithRSAEncryption
a0:5f:8b:fd:53:75:c4:01:59:07:9b:97:1a:f6:5b:a4:fc:1d:
85:1b:77:dc:b0:cd:18:66:da:44:0b:bd:4f:02:d8:be:45:9b:
a5:f2:b0:b1:b1:6f:9d:f2:36:57:dc:52:0a:58:9e:2c:bf:fe:
05:6e:15:47:7c:91:01:ce:0e:5a:b1:55:02:bf:8f:81:5a:b2:
66:ed:03:bf:82:18:f3:3d:9f:35:57:0b:c5:61:e6:4f:2f:63:
e2:1b:55:6b:b7:9f:2f:58:39:5d:ac:1a:48:b0:7d:6b:05:a4:
f1:33:bd:b4:cc:5e:f5:e8:55:58:b0:16:b6:ee:07:3d:75:98:
ac:9c:10:5e:21:2e:3d:d5:47:5f:0b:20:a8:9f:70:28:97:9b:
b0:d2:e0:25:5e:f9:87:db:34:cc:df:dc:2d:9c:5b:80:3c:6f:
d6:41:ae:bf:1e:60:b1:f3:5d:4d:1c:17:e8:4b:be:b4:a9:01:
43:de:c4:91:8a:61:6b:6e:36:ed:63:8a:75:82:eb:7e:f0:c8:
9a:8b:b2:aa:3e:9f:28:f8:b7:8f:a9:cd:00:11:ba:e2:5e:3d:
cd:7e:f0:a9:53:36:96:4c:c3:d8:d7:72:67:10:83:5b:84:25:
37:be:3a:61:5c:97:21:90:bb:1c:7a:dd:39:8f:80:8d:3f:46:
8a:34:78:e2
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAZQks7G66sRbY7H0ID5KF7t8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWQwNDJmNjVlMWIxMzAzYTQ0ZTQzZTBlMDI3NDhhNzU4
MzdiNDQwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdmOGI0Zjc3NzNlZjRlZDVhN2I4NjRiNzlkNjY1YmI5MGRlM2JjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojCI/3Kc1SHmW5nD0X4aZRlLcK2p
MAMDtvPkhd3k1Na94idNLSD49lMY3tzyEjiS5ywM7mW66Rv2e9GqOJXC1IntYj9Z
in1La6k7oaFEOjMNry2BJW8sphTxbQ+ni8iOOqdOXoECvMJLnsMQWDFDvKHUKtrt
juf8bdQd99j5KFj2nH/+YFrDOEXrgnh0ZDCsyv40JOLT8HZULBlvymwYecVjpoZp
GS05kpwW5GPhNHPqOj0uKUIOvmavtYgHCIPYqlKkeh1MF4EW1a+V8GBPsgD8QGmG
biYM2+sOItD41ryKxSSskoT6CoYEs71uTEHe4hASTqbFVIeqS/IbalM8lwIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFCl/i093c+9O1ae4ZLedZlu5DeO8MB8GA1UdIwQY
MBaAFIRdBC9l4bEwOkTkPg4CdIp1g3tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEYwRUwyWGhzVEE2Uk9RLURnSjBpbldEZTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS85NmRiY2QtNmEzOS00YzIwLTkxMjgt
ZDhjMzUxZDkzZWM2LzEvS1gtTFQzZHo3MDdWcDdoa3Q1MW1XN2tONDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS85NmRiY2QtNmEzOS00YzIwLTkxMjgtZDhjMzUxZDkzZWM2
LzEvaEYwRUwyWGhzVEE2Uk9RLURnSjBpbldEZTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD4GCCsGAQUFBwEHAQH/BC8wLTAaBAIAATAUAwQAuTahMAwD
BAC5d1kDBAC5d1owDwQCAAIwCQMHACoMv4AAWjANBgkqhkiG9w0BAQsFAAOCAQEA
oF+L/VN1xAFZB5uXGvZbpPwdhRt33LDNGGbaRAu9TwLYvkWbpfKwsbFvnfI2V9xS
ClieLL/+BW4VR3yRAc4OWrFVAr+PgVqyZu0Dv4IY8z2fNVcLxWHmTy9j4htVa7ef
L1g5XawaSLB9awWk8TO9tMxe9ehVWLAWtu4HPXWYrJwQXiEuPdVHXwsgqJ9wKJeb
sNLgJV75h9s0zN/cLZxbgDxv1kGuvx5gsfNdTRwX6Eu+tKkBQ97EkYpha2427WOK
dYLrfvDImouyqj6fKPi3j6nNABG64l49zX7wqVM2lkzD2NdyZxCDW4QlN746YVyX
IZC7HHrdOY+AjT9GijR44g==
-----END CERTIFICATE-----
Generated at Fri Apr 25 16:53:01 2025 by rpki-client