Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/39c9e3-f7c2-4298-9666-b825967a757a/1/iWeqg2fM-bOr0nrPrGbQuhoU9AI.roa
File: iWeqg2fM-bOr0nrPrGbQuhoU9AI.roa (raw, json)
Hash identifier: FKxgaCA0gKFSYvzHrPdwz/du8IpMEpojl7Ooe7Yry+4=
Subject key identifier: 89:67:AA:83:67:CC:F9:B3:AB:D2:7A:CF:AC:66:D0:BA:1A:14:F4:02
Certificate issuer: /CN=e3de21b0636c614ebf43664798012afd56c5ee86
Certificate serial: 01942444A03835C30BA68350B1583201E567
Authority key identifier: E3:DE:21:B0:63:6C:61:4E:BF:43:66:47:98:01:2A:FD:56:C5:EE:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/494hsGNsYU6_Q2ZHmAEq_VbF7oY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/39c9e3-f7c2-4298-9666-b825967a757a/1/iWeqg2fM-bOr0nrPrGbQuhoU9AI.roa
Signing time: Wed 01 Jan 2025 23:47:44 +0000
ROA not before: Wed 01 Jan 2025 23:47:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200052
IP address blocks: 185.21.216.0/22 maxlen: 22
193.28.252.0/23 maxlen: 23
193.29.6.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:a0:38:35:c3:0b:a6:83:50:b1:58:32:01:e5:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e3de21b0636c614ebf43664798012afd56c5ee86
Validity
Not Before: Jan 1 23:47:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8967aa8367ccf9b3abd27acfac66d0ba1a14f402
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a3:1c:3b:e5:46:ed:55:9d:4a:f2:d0:b1:22:
19:3d:84:4f:fa:b5:ea:11:ab:67:ab:96:7d:fa:2c:
91:bf:99:6b:05:f5:d1:0a:95:e8:c1:fd:07:3e:90:
59:c4:46:d7:23:8c:64:01:79:e5:3c:cd:cf:3b:ee:
67:f5:db:76:4b:f0:04:f5:51:e9:78:0c:40:53:c3:
7d:59:3f:d2:d4:97:29:ec:44:a3:6c:32:8e:20:1e:
56:79:55:57:5f:da:f9:58:02:2b:d0:76:01:b1:1a:
01:00:60:54:cf:23:95:09:33:a1:1d:b4:bd:99:28:
4b:7e:fc:a8:68:fb:0f:a9:06:38:d2:26:9c:45:41:
28:69:2d:16:a1:d3:6f:f3:90:49:1b:ab:64:85:ff:
3e:00:00:31:18:16:0d:d6:78:3f:47:93:f4:47:b3:
f2:4a:8b:de:ca:f8:2d:71:1b:92:fd:3c:98:60:ee:
09:f0:d9:15:66:8e:2e:cf:82:93:5d:0c:ca:14:46:
fa:18:93:e5:5a:91:fa:35:bb:bf:53:6d:d0:26:e8:
f3:dc:2f:7a:ab:dd:01:5c:39:dc:a6:99:e8:84:29:
1b:b1:16:61:e4:07:7b:b1:b5:f7:37:43:ee:4e:a6:
00:66:51:c1:84:4d:38:f1:e0:2a:2e:47:c4:5b:e0:
82:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:67:AA:83:67:CC:F9:B3:AB:D2:7A:CF:AC:66:D0:BA:1A:14:F4:02
X509v3 Authority Key Identifier:
keyid:E3:DE:21:B0:63:6C:61:4E:BF:43:66:47:98:01:2A:FD:56:C5:EE:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/494hsGNsYU6_Q2ZHmAEq_VbF7oY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/39c9e3-f7c2-4298-9666-b825967a757a/1/iWeqg2fM-bOr0nrPrGbQuhoU9AI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/39c9e3-f7c2-4298-9666-b825967a757a/1/494hsGNsYU6_Q2ZHmAEq_VbF7oY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.21.216.0/22
193.28.252.0/23
193.29.6.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:5b:47:73:4d:17:ed:29:cb:b3:3f:e6:d2:ec:b7:94:c9:02:
34:9e:43:7b:e2:c2:b6:ae:1a:9a:d0:cf:ba:b1:6c:13:a1:10:
1a:ed:8a:f9:9a:13:92:6f:a8:a8:43:da:da:f0:bf:e5:f7:e1:
2a:7c:08:f2:b8:88:a2:81:8d:d1:a6:f0:4a:7c:a2:a6:c3:d9:
e1:79:67:c1:f2:3b:ec:a5:63:6c:5e:97:a9:0d:03:d1:db:d5:
58:be:6f:4e:bd:0b:77:eb:e4:42:c3:44:db:18:e7:7a:a5:cd:
99:ec:0c:ee:63:6a:a0:4e:b0:74:1c:61:79:92:21:3c:bf:65:
b8:3d:be:a3:c9:ea:de:ae:43:27:70:0f:74:8d:01:8f:d5:4f:
75:54:8c:1f:0b:5d:23:38:44:55:b3:ae:40:35:17:7c:87:26:
3f:ec:7f:0d:ec:6a:d7:a4:14:31:dd:86:c8:91:59:be:fc:7d:
34:3f:2e:f5:e4:2a:bd:cb:7a:8b:1c:e6:be:2b:d1:0a:d5:b0:
a5:56:af:5a:36:69:1f:0b:71:c6:4b:50:13:97:3c:84:ac:0f:
7f:3e:44:14:69:c7:6f:30:07:df:ff:09:78:93:ae:f0:fa:0b:
ba:c7:51:9a:88:96:72:ad:fd:85:2e:7b:6a:4e:12:cb:d3:d2:
3b:c1:d5:a3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQkRKA4NcMLpoNQsVgyAeVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZGUyMWIwNjM2YzYxNGViZjQzNjY0Nzk4MDEyYWZkNTZj
NWVlODYwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTY3YWE4MzY3Y2NmOWIzYWJkMjdhY2ZhYzY2ZDBiYTFhMTRmNDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqMcO+VG7VWdSvLQsSIZPYRP+rXq
Eatnq5Z9+iyRv5lrBfXRCpXowf0HPpBZxEbXI4xkAXnlPM3PO+5n9dt2S/AE9VHp
eAxAU8N9WT/S1Jcp7ESjbDKOIB5WeVVXX9r5WAIr0HYBsRoBAGBUzyOVCTOhHbS9
mShLfvyoaPsPqQY40iacRUEoaS0WodNv85BJG6tkhf8+AAAxGBYN1ng/R5P0R7Py
SoveyvgtcRuS/TyYYO4J8NkVZo4uz4KTXQzKFEb6GJPlWpH6Nbu/U23QJujz3C96
q90BXDncppnohCkbsRZh5Ad7sbX3N0PuTqYAZlHBhE048eAqLkfEW+CC5wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIlnqoNnzPmzq9J6z6xm0LoaFPQCMB8GA1UdIwQY
MBaAFOPeIbBjbGFOv0NmR5gBKv1Wxe6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDk0aHNHTnNZVTZfUTJaSG1BRXFfVmJGN29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS8zOWM5ZTMtZjdjMi00Mjk4LTk2NjYt
YjgyNTk2N2E3NTdhLzEvaVdlcWcyZk0tYk9yMG5yUHJHYlF1aG9VOUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS8zOWM5ZTMtZjdjMi00Mjk4LTk2NjYtYjgyNTk2N2E3NTdh
LzEvNDk0aHNHTnNZVTZfUTJaSG1BRXFfVmJGN29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuRXYAwQB
wRz8AwQBwR0GMA0GCSqGSIb3DQEBCwUAA4IBAQCPW0dzTRftKcuzP+bS7LeUyQI0
nkN74sK2rhqa0M+6sWwToRAa7Yr5mhOSb6ioQ9ra8L/l9+EqfAjyuIiigY3RpvBK
fKKmw9nheWfB8jvspWNsXpepDQPR29VYvm9OvQt36+RCw0TbGOd6pc2Z7AzuY2qg
TrB0HGF5kiE8v2W4Pb6jyererkMncA90jQGP1U91VIwfC10jOERVs65ANRd8hyY/
7H8N7GrXpBQx3YbIkVm+/H00Py715Cq9y3qLHOa+K9EK1bClVq9aNmkfC3HGS1AT
lzyErA9/PkQUacdvMAff/wl4k67w+gu6x1GaiJZyrf2FLntqThLL09I7wdWj
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:40:19 2025 by rpki-client