Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/3xLZeEIptPvK0tTXJW89UAdaarE.roa
File: 3xLZeEIptPvK0tTXJW89UAdaarE.roa (raw, json)
Hash identifier: Tc+izVjQYC0MNH3Q9cc3IIUmepusC2XNOTdtPs/jIz4=
Subject key identifier: DF:12:D9:78:42:29:B4:FB:CA:D2:D4:D7:25:6F:3D:50:07:5A:6A:B1
Certificate issuer: /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial: 01942143C698D73350FB6796AE14B60F2AF0
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/3xLZeEIptPvK0tTXJW89UAdaarE.roa
Signing time: Wed 01 Jan 2025 09:47:57 +0000
ROA not before: Wed 01 Jan 2025 09:47:57 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208959
IP address blocks: 45.86.221.0/24 maxlen: 24
46.232.210.0/23 maxlen: 23
185.207.164.0/22 maxlen: 22
2a11:b00::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:c6:98:d7:33:50:fb:67:96:ae:14:b6:0f:2a:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
Validity
Not Before: Jan 1 09:47:57 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=df12d9784229b4fbcad2d4d7256f3d50075a6ab1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:48:65:62:18:1f:e4:b4:23:5b:ea:d8:9f:4a:
66:f5:ab:00:e2:77:c4:a7:1f:e6:67:72:7b:b7:53:
01:8b:df:0d:d0:06:9e:48:5f:55:2d:81:48:7c:13:
dd:29:16:e1:25:6b:dd:4c:94:74:29:ac:c2:9f:e4:
8d:41:f6:06:5c:23:f9:1c:03:c7:b1:33:0a:f0:dd:
18:85:22:4b:84:c7:88:a5:05:4f:b7:11:a7:fe:61:
d6:26:fa:d7:bc:eb:49:d7:c0:77:22:c7:87:86:55:
d1:d6:7c:5c:26:9e:13:b0:e4:17:d6:14:bd:08:e3:
33:86:69:67:b0:91:ec:75:79:3e:01:85:cb:3b:90:
2f:3a:03:c3:f4:1a:c4:3c:e9:83:6e:69:d3:48:1a:
1c:49:5d:0b:57:c0:03:6a:ba:90:29:84:82:76:7c:
64:c1:f8:e8:b6:51:9f:a1:bd:08:b7:15:7f:b8:6c:
85:ec:88:14:d8:7f:c4:97:0d:4d:c6:e0:15:6c:66:
54:bd:34:c5:47:24:ef:9a:79:65:02:ff:b2:d8:cf:
90:41:89:be:34:0e:a1:e2:cd:44:77:93:48:bc:82:
f2:40:f9:20:c9:c7:c1:0a:6f:11:be:db:97:ae:f4:
e1:3f:0d:6a:d6:aa:94:0c:f7:e0:58:44:06:32:c3:
c8:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:12:D9:78:42:29:B4:FB:CA:D2:D4:D7:25:6F:3D:50:07:5A:6A:B1
X509v3 Authority Key Identifier:
keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/3xLZeEIptPvK0tTXJW89UAdaarE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.221.0/24
46.232.210.0/23
185.207.164.0/22
IPv6:
2a11:b00::/29
Signature Algorithm: sha256WithRSAEncryption
50:f6:17:f1:2d:da:37:51:e1:d0:07:ef:cc:f5:e7:0b:81:38:
49:0c:0a:e9:72:fb:3c:ae:b9:35:62:4d:37:dc:7a:7d:fb:5a:
e4:bc:12:56:a2:78:26:57:83:ea:b4:d5:5f:fc:f7:bb:f1:30:
f0:08:5b:e3:93:f0:66:50:5d:00:58:d2:80:60:07:95:dd:64:
1e:14:f1:80:29:b4:91:4e:38:07:c2:bd:8e:c7:d5:81:a3:71:
ca:b9:48:33:af:4e:f7:25:1d:2f:e6:4c:ba:23:d9:69:0a:66:
70:a9:b4:3d:50:ea:d9:bf:f9:3c:dc:a7:c5:be:52:7b:38:2f:
0e:9d:c3:0e:e9:0e:e6:b1:02:6a:fe:0a:f9:63:e5:20:ce:e9:
b0:eb:e5:9b:23:5a:49:73:81:4e:89:e0:91:3a:be:d1:ec:ff:
6e:67:38:53:e7:1c:0e:83:17:4c:79:f9:35:e4:ac:81:7e:3b:
9b:22:12:2d:b9:6c:3d:30:eb:79:d8:68:44:3b:2d:f2:6e:00:
28:5c:39:b2:99:a3:98:db:36:49:ac:c5:86:a2:a8:6d:0b:c2:
28:8d:ca:74:67:c7:bb:0d:09:64:6f:8f:17:76:19:b0:32:4e:
79:2a:7f:ef:e1:74:88:5e:a5:1b:9e:7e:ca:cf:02:01:d3:a7:
c0:18:aa:88
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQhQ8aY1zNQ+2eWrhS2DyrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjUwMTAxMDk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjEyZDk3ODQyMjliNGZiY2FkMmQ0ZDcyNTZmM2Q1MDA3NWE2YWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEhlYhgf5LQjW+rYn0pm9asA4nfE
px/mZ3J7t1MBi98N0AaeSF9VLYFIfBPdKRbhJWvdTJR0KazCn+SNQfYGXCP5HAPH
sTMK8N0YhSJLhMeIpQVPtxGn/mHWJvrXvOtJ18B3IseHhlXR1nxcJp4TsOQX1hS9
COMzhmlnsJHsdXk+AYXLO5AvOgPD9BrEPOmDbmnTSBocSV0LV8ADarqQKYSCdnxk
wfjotlGfob0ItxV/uGyF7IgU2H/Elw1NxuAVbGZUvTTFRyTvmnllAv+y2M+QQYm+
NA6h4s1Ed5NIvILyQPkgycfBCm8RvtuXrvThPw1q1qqUDPfgWEQGMsPIWwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN8S2XhCKbT7ytLU1yVvPVAHWmqxMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEvM3hMWmVFSXB0UHZLMHRUWEpXODlVQWRhYXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQALVbdAwQB
LujSAwQCuc+kMA0EAgACMAcDBQMqEQsAMA0GCSqGSIb3DQEBCwUAA4IBAQBQ9hfx
Ldo3UeHQB+/M9ecLgThJDArpcvs8rrk1Yk033Hp9+1rkvBJWongmV4PqtNVf/Pe7
8TDwCFvjk/BmUF0AWNKAYAeV3WQeFPGAKbSRTjgHwr2Ox9WBo3HKuUgzr073JR0v
5ky6I9lpCmZwqbQ9UOrZv/k83KfFvlJ7OC8OncMO6Q7msQJq/gr5Y+Ugzumw6+Wb
I1pJc4FOieCROr7R7P9uZzhT5xwOgxdMefk15KyBfjubIhItuWw9MOt52GhEOy3y
bgAoXDmymaOY2zZJrMWGoqhtC8Iojcp0Z8e7DQlkb48XdhmwMk55Kn/v4XSIXqUb
nn7KzwIB06fAGKqI
-----END CERTIFICATE-----
Generated at Fri Apr 25 00:45:06 2025 by rpki-client