Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/62641c-3444-4425-bf51-6d05c0d0da6f/1/KXik7lH7rXobKNDojQJvsYz5RkY.roa
File: KXik7lH7rXobKNDojQJvsYz5RkY.roa (raw, json)
Hash identifier: OmHOyyMTUBadMMSlHfFTN/cjiEKBhDbZve1q3aoF8Wg=
Subject key identifier: 29:78:A4:EE:51:FB:AD:7A:1B:28:D0:E8:8D:02:6F:B1:8C:F9:46:46
Certificate issuer: /CN=61c68268743e823e0e1c870060c0a14223f151eb
Certificate serial: 0194274749FD55C8332C29C6E126958066FF
Authority key identifier: 61:C6:82:68:74:3E:82:3E:0E:1C:87:00:60:C0:A1:42:23:F1:51:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YcaCaHQ-gj4OHIcAYMChQiPxUes.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/62641c-3444-4425-bf51-6d05c0d0da6f/1/KXik7lH7rXobKNDojQJvsYz5RkY.roa
Signing time: Thu 02 Jan 2025 13:49:30 +0000
ROA not before: Thu 02 Jan 2025 13:49:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34749
IP address blocks: 93.94.160.0/21 maxlen: 24
193.168.50.0/24 maxlen: 24
2a00:ea80::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:49:fd:55:c8:33:2c:29:c6:e1:26:95:80:66:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61c68268743e823e0e1c870060c0a14223f151eb
Validity
Not Before: Jan 2 13:49:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2978a4ee51fbad7a1b28d0e88d026fb18cf94646
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:0a:41:a5:91:1b:dc:ac:22:13:42:b4:cc:a3:
7f:95:1c:c0:a5:49:ab:ed:b8:4d:da:3e:b9:ff:f6:
17:cf:38:93:77:9f:f3:fc:c7:6e:c4:39:8b:6c:55:
ba:f7:06:31:49:bd:8d:bf:9e:31:ca:03:f0:48:34:
0b:52:95:38:91:cd:53:f5:c3:ce:d4:7e:e2:12:80:
33:32:ea:ee:ad:00:3f:49:14:89:ff:1e:6b:12:45:
d3:d4:e9:39:f4:94:43:e7:64:d5:42:d8:a9:64:b7:
3a:b3:f5:52:5c:f8:c8:7a:fb:a6:5d:5e:8d:e4:4e:
83:78:63:25:c0:31:94:d1:53:57:6a:aa:a8:4a:81:
e6:cf:84:0e:e3:45:67:bf:97:e1:a5:33:af:3b:ff:
43:87:9c:ca:19:98:14:a0:3d:28:91:70:74:0c:5d:
5f:23:c7:1a:33:c6:32:df:63:ec:99:0d:a5:af:e0:
7a:c0:89:b1:f5:e4:75:0a:78:9f:2b:d3:03:12:2d:
91:88:52:37:56:51:ff:e1:b8:2a:81:f8:fe:f7:04:
7c:cb:68:ab:0a:4b:25:93:ce:03:eb:78:68:87:c9:
b9:a2:ab:02:31:0f:7e:41:da:50:61:f8:ba:4e:a8:
18:da:5d:a2:95:91:d0:14:da:c0:88:19:13:63:6e:
1c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:78:A4:EE:51:FB:AD:7A:1B:28:D0:E8:8D:02:6F:B1:8C:F9:46:46
X509v3 Authority Key Identifier:
keyid:61:C6:82:68:74:3E:82:3E:0E:1C:87:00:60:C0:A1:42:23:F1:51:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YcaCaHQ-gj4OHIcAYMChQiPxUes.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/62641c-3444-4425-bf51-6d05c0d0da6f/1/KXik7lH7rXobKNDojQJvsYz5RkY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/62641c-3444-4425-bf51-6d05c0d0da6f/1/YcaCaHQ-gj4OHIcAYMChQiPxUes.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.94.160.0/21
193.168.50.0/24
IPv6:
2a00:ea80::/32
Signature Algorithm: sha256WithRSAEncryption
85:7c:c0:a9:cd:cf:eb:b2:78:fa:1e:2a:79:66:20:58:3e:9a:
3d:68:a4:02:63:6a:ac:3d:48:b6:4e:67:91:a2:48:8d:e2:22:
d1:82:de:2f:2c:11:e8:8d:21:6e:26:da:91:f5:a9:ba:f7:60:
fc:61:28:6b:74:61:8b:92:80:bc:03:f7:95:7f:db:04:c5:c1:
1c:87:bb:94:dc:79:00:73:00:64:fd:42:ba:cf:5f:b3:ef:68:
a9:38:b5:f7:ff:9e:5c:b7:07:84:81:6e:2c:b7:d6:74:bf:db:
68:4c:0d:6e:fb:ba:16:be:53:8d:32:30:c4:ae:77:f6:b6:d9:
af:5d:62:a3:c9:ba:bb:02:8e:55:6d:cb:30:c2:50:46:8b:84:
b4:c6:d8:fe:a8:cf:94:20:89:11:f3:c5:7e:a7:14:cf:6e:7c:
98:f8:ca:2c:0d:29:53:12:46:60:3c:1e:8e:82:ce:9b:bc:40:
72:a1:7e:3e:f7:35:30:49:dc:1b:6b:d4:8b:ce:eb:63:4c:e2:
82:51:2a:0c:a0:6c:2b:22:2d:79:68:32:f3:86:3c:1f:04:ca:
4c:8d:b9:00:e7:05:ed:29:0d:52:ac:bc:5d:9c:f6:0b:8b:dc:
e0:c1:98:12:f4:63:ce:2d:29:9c:29:87:e8:33:0c:ce:ab:6e:
1a:4a:14:83
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnR0n9VcgzLCnG4SaVgGb/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYzY4MjY4NzQzZTgyM2UwZTFjODcwMDYwYzBhMTQyMjNm
MTUxZWIwHhcNMjUwMTAyMTM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc4YTRlZTUxZmJhZDdhMWIyOGQwZTg4ZDAyNmZiMThjZjk0NjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwpBpZEb3KwiE0K0zKN/lRzApUmr
7bhN2j65//YXzziTd5/z/MduxDmLbFW69wYxSb2Nv54xygPwSDQLUpU4kc1T9cPO
1H7iEoAzMururQA/SRSJ/x5rEkXT1Ok59JRD52TVQtipZLc6s/VSXPjIevumXV6N
5E6DeGMlwDGU0VNXaqqoSoHmz4QO40Vnv5fhpTOvO/9Dh5zKGZgUoD0okXB0DF1f
I8caM8Yy32PsmQ2lr+B6wImx9eR1CnifK9MDEi2RiFI3VlH/4bgqgfj+9wR8y2ir
Ckslk84D63hoh8m5oqsCMQ9+QdpQYfi6TqgY2l2ilZHQFNrAiBkTY24chQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCl4pO5R+616GyjQ6I0Cb7GM+UZGMB8GA1UdIwQY
MBaAFGHGgmh0PoI+DhyHAGDAoUIj8VHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWNhQ2FIUS1najRPSEljQVlNQ2hRaVB4VWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi82MjY0MWMtMzQ0NC00NDI1LWJmNTEt
NmQwNWMwZDBkYTZmLzEvS1hpazdsSDdyWG9iS05Eb2pRSnZzWXo1UmtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi82MjY0MWMtMzQ0NC00NDI1LWJmNTEtNmQwNWMwZDBkYTZm
LzEvWWNhQ2FIUS1najRPSEljQVlNQ2hRaVB4VWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXV6gAwQA
wagyMA0EAgACMAcDBQAqAOqAMA0GCSqGSIb3DQEBCwUAA4IBAQCFfMCpzc/rsnj6
Hip5ZiBYPpo9aKQCY2qsPUi2TmeRokiN4iLRgt4vLBHojSFuJtqR9am692D8YShr
dGGLkoC8A/eVf9sExcEch7uU3HkAcwBk/UK6z1+z72ipOLX3/55ctweEgW4st9Z0
v9toTA1u+7oWvlONMjDErnf2ttmvXWKjybq7Ao5VbcswwlBGi4S0xtj+qM+UIIkR
88V+pxTPbnyY+MosDSlTEkZgPB6Ogs6bvEByoX4+9zUwSdwba9SLzutjTOKCUSoM
oGwrIi15aDLzhjwfBMpMjbkA5wXtKQ1SrLxdnPYLi9zgwZgS9GPOLSmcKYfoMwzO
q24aShSD
-----END CERTIFICATE-----
Generated at Fri Apr 25 09:08:24 2025 by rpki-client