Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/UAlBnL2rhAXUgBqvO47Qajamw2g.roa
File: UAlBnL2rhAXUgBqvO47Qajamw2g.roa (raw, json)
Hash identifier: xN29on2+6W1aee+fqCjKGDXnFxjptJbwJyR3u33Vxwo=
Subject key identifier: 50:09:41:9C:BD:AB:84:05:D4:80:1A:AF:3B:8E:D0:6A:36:A6:C3:68
Certificate issuer: /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial: 0194221FC0CE77C3028901A42748C3E00EDC
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/UAlBnL2rhAXUgBqvO47Qajamw2g.roa
Signing time: Wed 01 Jan 2025 13:48:13 +0000
ROA not before: Wed 01 Jan 2025 13:48:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 35199
IP address blocks: 85.219.196.0/24 maxlen: 24
89.174.22.0/24 maxlen: 24
89.174.170.0/24 maxlen: 24
217.153.228.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:c0:ce:77:c3:02:89:01:a4:27:48:c3:e0:0e:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Validity
Not Before: Jan 1 13:48:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5009419cbdab8405d4801aaf3b8ed06a36a6c368
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:f0:bf:f6:8b:3d:05:dc:29:6d:f6:a4:1f:77:
67:54:73:89:80:d4:68:27:ff:22:0f:d3:e3:45:1c:
86:0b:cd:03:65:6c:ba:86:65:79:47:c8:93:dc:e4:
4e:4e:26:d1:18:60:ac:4e:56:43:a0:03:b2:8c:bd:
78:cf:03:78:9b:4c:fe:44:ce:e3:05:d1:3b:a7:d4:
56:3d:29:b0:e5:90:2c:29:5b:1c:32:a5:dd:f9:c6:
9d:ef:3f:f3:e9:e4:5b:71:b7:b6:e7:6d:6c:a7:50:
42:a4:cd:5a:f6:62:f9:74:1a:60:f7:f0:0f:10:c2:
0d:9c:08:61:fe:cf:b9:83:84:ca:c0:7a:58:c5:83:
08:d7:6c:11:48:33:d6:11:fe:49:08:82:a6:5a:e7:
96:3d:32:e8:4c:ee:fe:75:8d:91:21:ba:b4:5c:cc:
fe:a7:85:fe:87:40:99:0e:3b:18:86:e5:f3:e9:cb:
c3:7e:bf:6b:48:6d:e1:29:0a:53:cd:6e:bd:0f:09:
9d:07:65:da:63:49:68:d9:8d:2c:be:7b:d0:8f:ef:
b9:53:e0:48:6a:f5:e4:ed:6f:66:76:af:15:c9:03:
2d:37:96:1a:7a:97:98:07:da:98:40:f7:40:30:78:
52:1f:7e:0c:57:93:eb:7d:6d:cc:1c:c6:18:3d:f0:
25:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:09:41:9C:BD:AB:84:05:D4:80:1A:AF:3B:8E:D0:6A:36:A6:C3:68
X509v3 Authority Key Identifier:
keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/UAlBnL2rhAXUgBqvO47Qajamw2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.219.196.0/24
89.174.22.0/24
89.174.170.0/24
217.153.228.0/23
Signature Algorithm: sha256WithRSAEncryption
25:9a:7d:c8:b4:20:1b:45:8c:77:d1:d1:55:64:6b:4c:be:80:
68:78:d5:93:38:5b:ce:7b:17:58:6a:0a:86:70:a4:36:ff:c8:
af:c8:a3:aa:41:3b:c4:e6:00:7b:af:75:a9:c4:99:6f:16:0e:
b1:b2:11:23:dc:d3:a8:e4:3b:f8:2b:6e:ba:e8:b0:8a:be:15:
aa:3b:b9:d9:79:6c:78:be:1f:02:3d:84:26:08:a1:0f:b2:8e:
c2:c6:50:5a:bc:0d:4f:ea:9a:ec:9c:d9:5c:fb:84:fa:66:47:
63:a5:9d:e9:b6:d0:0f:6f:65:8a:f0:f8:86:20:7b:9d:a4:98:
e4:ad:c2:58:33:db:cb:f7:8e:14:e4:fb:e9:cf:61:66:a2:60:
74:7a:ef:c9:fc:34:9d:1a:60:67:7d:9d:0b:35:ca:1e:eb:17:
55:27:ac:21:87:e1:e6:c3:d0:d6:86:ac:7d:ce:84:ff:40:17:
1b:5a:73:83:55:1f:24:f9:53:9a:72:2d:de:6e:d6:f6:b3:1d:
2d:d7:87:13:0e:41:ae:4f:0f:a4:10:0e:26:5d:a5:3a:66:e7:
5f:47:38:3e:11:b7:f4:fb:e4:f4:a2:79:5c:5f:bd:a3:85:cc:
dd:53:07:9b:be:cf:43:ad:52:dd:d5:5f:58:27:ea:87:36:5d:
33:b2:3d:2a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQiH8DOd8MCiQGkJ0jD4A7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDA5NDE5Y2JkYWI4NDA1ZDQ4MDFhYWYzYjhlZDA2YTM2YTZjMzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvC/9os9BdwpbfakH3dnVHOJgNRo
J/8iD9PjRRyGC80DZWy6hmV5R8iT3OROTibRGGCsTlZDoAOyjL14zwN4m0z+RM7j
BdE7p9RWPSmw5ZAsKVscMqXd+cad7z/z6eRbcbe2521sp1BCpM1a9mL5dBpg9/AP
EMINnAhh/s+5g4TKwHpYxYMI12wRSDPWEf5JCIKmWueWPTLoTO7+dY2RIbq0XMz+
p4X+h0CZDjsYhuXz6cvDfr9rSG3hKQpTzW69DwmdB2XaY0lo2Y0svnvQj++5U+BI
avXk7W9mdq8VyQMtN5YaepeYB9qYQPdAMHhSH34MV5PrfW3MHMYYPfAl5QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFAJQZy9q4QF1IAarzuO0Go2psNoMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvVUFsQm5MMnJoQVhVZ0Jxdk80N1FhamFtdzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVdvEAwQA
Wa4WAwQAWa6qAwQB2ZnkMA0GCSqGSIb3DQEBCwUAA4IBAQAlmn3ItCAbRYx30dFV
ZGtMvoBoeNWTOFvOexdYagqGcKQ2/8ivyKOqQTvE5gB7r3WpxJlvFg6xshEj3NOo
5Dv4K2666LCKvhWqO7nZeWx4vh8CPYQmCKEPso7CxlBavA1P6prsnNlc+4T6Zkdj
pZ3pttAPb2WK8PiGIHudpJjkrcJYM9vL944U5Pvpz2FmomB0eu/J/DSdGmBnfZ0L
Ncoe6xdVJ6whh+Hmw9DWhqx9zoT/QBcbWnODVR8k+VOaci3ebtb2sx0t14cTDkGu
Tw+kEA4mXaU6ZudfRzg+Ebf0++T0onlcX72jhczdUwebvs9DrVLd1V9YJ+qHNl0z
sj0q
-----END CERTIFICATE-----
Generated at Fri Apr 25 05:33:51 2025 by rpki-client