Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/e6632b-1fbf-496f-b355-1536fc78385d/1/0i9Bsr9ABLnx3mgPWtu21_vME3g.roa
File: 0i9Bsr9ABLnx3mgPWtu21_vME3g.roa (raw, json)
Hash identifier: TMrcqTSOi1Ov7CcLLSWohgeiaaCi8xEADwSrQIF/DCo=
Subject key identifier: D2:2F:41:B2:BF:40:04:B9:F1:DE:68:0F:5A:DB:B6:D7:FB:CC:13:78
Certificate issuer: /CN=28cb5f3fb957251aad4ba09d0bab7352b74bb07d
Certificate serial: 0194214451EA7BC7FC16E4B5E1FA563AC296
Authority key identifier: 28:CB:5F:3F:B9:57:25:1A:AD:4B:A0:9D:0B:AB:73:52:B7:4B:B0:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KMtfP7lXJRqtS6CdC6tzUrdLsH0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/e6632b-1fbf-496f-b355-1536fc78385d/1/0i9Bsr9ABLnx3mgPWtu21_vME3g.roa
Signing time: Wed 01 Jan 2025 09:48:33 +0000
ROA not before: Wed 01 Jan 2025 09:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43911
IP address blocks: 91.195.220.0/23 maxlen: 23
91.195.220.0/24 maxlen: 24
91.195.221.0/24 maxlen: 24
2001:67c:220::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:51:ea:7b:c7:fc:16:e4:b5:e1:fa:56:3a:c2:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=28cb5f3fb957251aad4ba09d0bab7352b74bb07d
Validity
Not Before: Jan 1 09:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d22f41b2bf4004b9f1de680f5adbb6d7fbcc1378
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d0:24:d5:f3:73:12:02:bf:b6:c5:ad:30:90:
24:fb:05:68:80:90:55:ee:e7:46:fb:1f:ad:96:ef:
69:6c:dc:b3:ae:b4:07:46:04:04:63:fa:a9:69:b5:
0c:be:ad:a1:ad:9d:55:f3:78:1a:08:b8:18:83:18:
7a:1d:b9:02:d9:4e:c6:a3:d5:05:06:97:5b:e8:f9:
82:5b:be:74:75:a0:3f:51:88:10:6e:a9:97:c1:94:
d5:53:ac:60:02:45:18:ae:18:e4:a9:b7:87:50:69:
89:b6:56:43:9c:2f:2a:ee:cf:04:68:ac:6a:e6:48:
ac:37:79:12:26:99:24:c8:91:b3:01:a0:88:07:ef:
47:17:34:c7:bd:7f:9b:f9:9a:3b:24:fe:f7:4e:95:
fa:66:fa:6c:4d:d1:8a:25:ed:c1:fc:82:30:51:22:
8c:ca:45:39:cd:e2:e9:bf:6f:0b:03:78:ec:49:3d:
50:2e:0b:87:ad:a0:36:9d:a0:6e:f8:59:e6:16:97:
44:60:ba:64:c5:39:5b:61:eb:c1:b7:a1:29:2d:76:
25:00:66:77:f2:4e:4d:61:ad:bc:5c:83:b6:d9:8e:
06:28:9e:39:a7:39:f3:47:80:9c:36:31:65:95:04:
1c:a6:3f:b8:a4:e5:ae:8f:10:c9:a9:a2:c8:3f:7f:
c5:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:2F:41:B2:BF:40:04:B9:F1:DE:68:0F:5A:DB:B6:D7:FB:CC:13:78
X509v3 Authority Key Identifier:
keyid:28:CB:5F:3F:B9:57:25:1A:AD:4B:A0:9D:0B:AB:73:52:B7:4B:B0:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KMtfP7lXJRqtS6CdC6tzUrdLsH0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/e6632b-1fbf-496f-b355-1536fc78385d/1/0i9Bsr9ABLnx3mgPWtu21_vME3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/e6632b-1fbf-496f-b355-1536fc78385d/1/KMtfP7lXJRqtS6CdC6tzUrdLsH0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.220.0/23
IPv6:
2001:67c:220::/48
Signature Algorithm: sha256WithRSAEncryption
a5:fb:a0:36:be:1f:d8:98:1f:87:8e:1c:9b:16:26:5a:81:a9:
b2:b9:11:9f:56:dc:9d:90:87:a3:bd:d0:b1:f0:c8:e2:a9:9e:
37:28:22:b3:59:63:11:e1:28:6f:62:a4:20:54:e6:8b:ee:89:
db:31:44:05:05:3d:84:b7:33:3c:c4:9a:b0:17:75:c0:d3:36:
7e:0a:56:f2:1d:3e:2b:68:d9:d9:58:b4:6f:b3:f1:cd:b2:42:
f3:d1:57:36:64:5c:a4:f9:5b:e2:11:c1:66:fe:a1:33:2c:1a:
46:bc:01:bf:4b:e9:3b:c7:ed:d5:60:3d:1d:b7:cc:f9:7e:dd:
ba:9d:ce:45:d2:81:e6:62:bd:17:d0:fe:69:e3:74:42:56:96:
84:7e:16:25:34:20:ab:0a:c6:53:a1:30:1d:a6:84:8a:8d:e5:
ef:3f:a9:d3:90:19:59:31:0e:75:0f:ec:63:c7:f9:e2:39:a8:
26:f7:ce:62:17:4c:4c:8e:ef:dc:27:d0:f0:44:93:ab:5e:f8:
14:9c:db:8e:f2:a2:f2:f3:af:9e:ff:39:d1:57:3f:8f:c3:d8:
ba:e6:84:10:61:69:45:f7:5a:54:c0:33:d2:32:24:a9:93:a5:
a0:ce:d7:b9:ac:35:6b:6a:27:56:c4:36:1b:28:d4:4d:33:2f:
67:66:7e:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRFHqe8f8FuS14fpWOsKWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4Y2I1ZjNmYjk1NzI1MWFhZDRiYTA5ZDBiYWI3MzUyYjc0
YmIwN2QwHhcNMjUwMTAxMDk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjJmNDFiMmJmNDAwNGI5ZjFkZTY4MGY1YWRiYjZkN2ZiY2MxMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstAk1fNzEgK/tsWtMJAk+wVogJBV
7udG+x+tlu9pbNyzrrQHRgQEY/qpabUMvq2hrZ1V83gaCLgYgxh6HbkC2U7Go9UF
Bpdb6PmCW750daA/UYgQbqmXwZTVU6xgAkUYrhjkqbeHUGmJtlZDnC8q7s8EaKxq
5kisN3kSJpkkyJGzAaCIB+9HFzTHvX+b+Zo7JP73TpX6ZvpsTdGKJe3B/IIwUSKM
ykU5zeLpv28LA3jsST1QLguHraA2naBu+FnmFpdEYLpkxTlbYevBt6EpLXYlAGZ3
8k5NYa28XIO22Y4GKJ45pznzR4CcNjFllQQcpj+4pOWujxDJqaLIP3/FlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNIvQbK/QAS58d5oD1rbttf7zBN4MB8GA1UdIwQY
MBaAFCjLXz+5VyUarUugnQurc1K3S7B9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS010ZlA3bFhKUnF0UzZDZEM2dHpVcmRMc0gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9lNjYzMmItMWZiZi00OTZmLWIzNTUt
MTUzNmZjNzgzODVkLzEvMGk5QnNyOUFCTG54M21nUFd0dTIxX3ZNRTNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9lNjYzMmItMWZiZi00OTZmLWIzNTUtMTUzNmZjNzgzODVk
LzEvS010ZlA3bFhKUnF0UzZDZEM2dHpVcmRMc0gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8PcMA8E
AgACMAkDBwAgAQZ8AiAwDQYJKoZIhvcNAQELBQADggEBAKX7oDa+H9iYH4eOHJsW
JlqBqbK5EZ9W3J2Qh6O90LHwyOKpnjcoIrNZYxHhKG9ipCBU5ovuidsxRAUFPYS3
MzzEmrAXdcDTNn4KVvIdPito2dlYtG+z8c2yQvPRVzZkXKT5W+IRwWb+oTMsGka8
Ab9L6TvH7dVgPR23zPl+3bqdzkXSgeZivRfQ/mnjdEJWloR+FiU0IKsKxlOhMB2m
hIqN5e8/qdOQGVkxDnUP7GPH+eI5qCb3zmIXTEyO79wn0PBEk6te+BSc247yovLz
r57/OdFXP4/D2LrmhBBhaUX3WlTAM9IyJKmTpaDO17msNWtqJ1bENhso1E0zL2dm
fpM=
-----END CERTIFICATE-----
Generated at Thu Apr 24 22:33:25 2025 by rpki-client