Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/b89e86-bfb4-4af6-8448-1f0dd9fdf5f3/1/Kukv8lguLlqo8syva8to6ZRKCQQ.roa
File: Kukv8lguLlqo8syva8to6ZRKCQQ.roa (raw, json)
Hash identifier: 6TsYNWvLqQDFoSOz1kHCV3IHIsfRZkDxe8fDivBN+2k=
Subject key identifier: 2A:E9:2F:F2:58:2E:2E:5A:A8:F2:CC:AF:6B:CB:68:E9:94:4A:09:04
Certificate issuer: /CN=cb5427fd5d20585e97c2f2771d4809bf6341daa1
Certificate serial: 01942144074610FD10FD82DE4DDA3FCDEF1C
Authority key identifier: CB:54:27:FD:5D:20:58:5E:97:C2:F2:77:1D:48:09:BF:63:41:DA:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y1Qn_V0gWF6XwvJ3HUgJv2NB2qE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/b89e86-bfb4-4af6-8448-1f0dd9fdf5f3/1/Kukv8lguLlqo8syva8to6ZRKCQQ.roa
Signing time: Wed 01 Jan 2025 09:48:13 +0000
ROA not before: Wed 01 Jan 2025 09:48:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201704
IP address blocks: 37.98.200.0/22 maxlen: 22
89.42.164.0/22 maxlen: 22
185.65.184.0/22 maxlen: 22
212.63.96.0/21 maxlen: 21
2a03:1d20::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:07:46:10:fd:10:fd:82:de:4d:da:3f:cd:ef:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb5427fd5d20585e97c2f2771d4809bf6341daa1
Validity
Not Before: Jan 1 09:48:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2ae92ff2582e2e5aa8f2ccaf6bcb68e9944a0904
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:0d:1f:d6:f2:4e:c9:47:c8:96:4c:1b:0e:1b:
48:71:65:e6:50:1d:22:e4:43:69:de:4c:8a:45:15:
d6:6b:fb:45:5f:db:50:f8:fa:86:0d:15:02:ab:59:
35:6a:f2:49:7d:21:cb:f2:4c:43:61:42:1a:3b:83:
4e:de:ca:80:56:9e:22:3b:4d:fb:05:c5:02:b1:d6:
93:df:9c:be:b9:79:ee:d1:20:fa:43:f0:f9:3f:cf:
e1:65:ee:ed:85:34:98:ca:ed:da:3e:eb:b2:40:a9:
76:f5:d6:d2:ec:4d:3e:2f:7d:58:0e:96:98:c3:32:
75:da:98:7a:7b:fa:64:a7:f5:ed:b1:49:94:b6:9d:
d1:47:e1:5b:ec:78:df:92:ac:7c:85:1e:57:68:38:
49:99:01:87:31:84:cd:53:ad:3b:09:0d:1d:4b:af:
da:06:5b:35:50:56:7f:8d:bd:ca:aa:5c:39:dd:94:
02:54:78:58:f3:95:ba:20:96:08:b1:8f:e5:e7:10:
25:27:3f:45:9c:fd:b3:c2:25:52:ea:1e:e2:45:e1:
9b:73:74:a7:3e:62:6a:b3:83:cd:11:23:1b:0f:80:
8c:81:50:a8:a5:d7:65:28:b4:e8:9e:cc:fc:c1:e7:
11:a2:aa:2f:e8:b3:ab:c3:5e:d9:ef:a9:00:7f:1d:
48:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:E9:2F:F2:58:2E:2E:5A:A8:F2:CC:AF:6B:CB:68:E9:94:4A:09:04
X509v3 Authority Key Identifier:
keyid:CB:54:27:FD:5D:20:58:5E:97:C2:F2:77:1D:48:09:BF:63:41:DA:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y1Qn_V0gWF6XwvJ3HUgJv2NB2qE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b89e86-bfb4-4af6-8448-1f0dd9fdf5f3/1/Kukv8lguLlqo8syva8to6ZRKCQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b89e86-bfb4-4af6-8448-1f0dd9fdf5f3/1/y1Qn_V0gWF6XwvJ3HUgJv2NB2qE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.200.0/22
89.42.164.0/22
185.65.184.0/22
212.63.96.0/21
IPv6:
2a03:1d20::/32
Signature Algorithm: sha256WithRSAEncryption
33:48:4a:01:45:df:db:41:05:4a:35:c0:56:c5:0c:c6:80:1f:
56:3f:39:5d:4a:62:5e:8a:c4:3d:9c:4f:3c:e9:8a:ce:0e:10:
42:04:79:5d:b7:d9:94:25:d8:1c:5d:b2:0e:10:b7:4c:46:36:
30:04:1b:ed:69:85:79:23:69:6f:00:1d:75:99:11:95:77:a7:
48:90:95:0e:eb:e3:b6:04:0c:ef:a6:36:c3:45:13:76:76:db:
3f:41:b4:d3:e9:f7:c6:25:d1:e0:00:8c:f8:27:0e:ba:8d:be:
ee:40:cf:ed:57:52:e4:b0:f5:c4:a4:35:b7:28:32:a8:ef:b8:
f3:52:13:f3:d1:fc:d4:00:67:61:80:e5:b0:22:ea:c1:d8:c3:
8c:53:32:0e:1c:1b:b4:01:e3:e1:7f:0a:c4:40:94:27:6b:63:
d6:58:d3:de:cf:8f:a0:b9:4a:dc:a9:06:d1:c2:dd:f3:13:cf:
83:77:86:ed:27:f6:5d:f8:2e:94:71:93:d4:17:c4:bc:48:3f:
29:69:de:3e:e9:6a:8a:f7:b9:43:10:00:15:83:76:0d:9a:24:
59:fa:74:86:34:48:66:7c:f1:ef:29:e1:4f:22:cb:c1:13:2b:
d8:4f:1d:67:8c:f9:22:40:dd:cf:40:9c:65:e5:9b:6b:fb:7f:
76:55:a5:b5
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQhRAdGEP0Q/YLeTdo/ze8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNTQyN2ZkNWQyMDU4NWU5N2MyZjI3NzFkNDgwOWJmNjM0
MWRhYTEwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU5MmZmMjU4MmUyZTVhYThmMmNjYWY2YmNiNjhlOTk0NGEwOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0g0f1vJOyUfIlkwbDhtIcWXmUB0i
5ENp3kyKRRXWa/tFX9tQ+PqGDRUCq1k1avJJfSHL8kxDYUIaO4NO3sqAVp4iO037
BcUCsdaT35y+uXnu0SD6Q/D5P8/hZe7thTSYyu3aPuuyQKl29dbS7E0+L31YDpaY
wzJ12ph6e/pkp/XtsUmUtp3RR+Fb7Hjfkqx8hR5XaDhJmQGHMYTNU607CQ0dS6/a
Bls1UFZ/jb3Kqlw53ZQCVHhY85W6IJYIsY/l5xAlJz9FnP2zwiVS6h7iReGbc3Sn
PmJqs4PNESMbD4CMgVCopddlKLTonsz8wecRoqov6LOrw17Z76kAfx1I9QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFCrpL/JYLi5aqPLMr2vLaOmUSgkEMB8GA1UdIwQY
MBaAFMtUJ/1dIFhel8Lydx1ICb9jQdqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTFRbl9WMGdXRjZYd3ZKM0hVZ0p2Mk5CMnFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9iODllODYtYmZiNC00YWY2LTg0NDgt
MWYwZGQ5ZmRmNWYzLzEvS3VrdjhsZ3VMbHFvOHN5dmE4dG82WlJLQ1FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9iODllODYtYmZiNC00YWY2LTg0NDgtMWYwZGQ5ZmRmNWYz
LzEveTFRbl9WMGdXRjZYd3ZKM0hVZ0p2Mk5CMnFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCJWLIAwQC
WSqkAwQCuUG4AwQD1D9gMA0EAgACMAcDBQAqAx0gMA0GCSqGSIb3DQEBCwUAA4IB
AQAzSEoBRd/bQQVKNcBWxQzGgB9WPzldSmJeisQ9nE886YrODhBCBHldt9mUJdgc
XbIOELdMRjYwBBvtaYV5I2lvAB11mRGVd6dIkJUO6+O2BAzvpjbDRRN2dts/QbTT
6ffGJdHgAIz4Jw66jb7uQM/tV1LksPXEpDW3KDKo77jzUhPz0fzUAGdhgOWwIurB
2MOMUzIOHBu0AePhfwrEQJQna2PWWNPez4+guUrcqQbRwt3zE8+Dd4btJ/Zd+C6U
cZPUF8S8SD8pad4+6WqK97lDEAAVg3YNmiRZ+nSGNEhmfPHvKeFPIsvBEyvYTx1n
jPkiQN3PQJxl5Ztr+392VaW1
-----END CERTIFICATE-----
Generated at Fri Apr 25 05:20:30 2025 by rpki-client