Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/ct4uh4Dvn38kuKb2J9OedNnfBrQ.roa
File: ct4uh4Dvn38kuKb2J9OedNnfBrQ.roa (raw, json)
Hash identifier: nZxVoJ4prQOuIIhd7SEgU19Z8RQI5zRlz6rYzsDEzRI=
Subject key identifier: 72:DE:2E:87:80:EF:9F:7F:24:B8:A6:F6:27:D3:9E:74:D9:DF:06:B4
Certificate issuer: /CN=61b534437503668815add93cd17d0ad3e1b1a877
Certificate serial: 0194228DEE10C8B3F50BB8E4A5715321F822
Authority key identifier: 61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/ct4uh4Dvn38kuKb2J9OedNnfBrQ.roa
Signing time: Wed 01 Jan 2025 15:48:34 +0000
ROA not before: Wed 01 Jan 2025 15:48:34 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20507
IP address blocks: 85.223.101.0/24 maxlen: 24
85.223.126.0/24 maxlen: 24
217.149.192.0/19 maxlen: 24
217.149.192.0/24 maxlen: 24
217.149.201.0/24 maxlen: 24
217.149.202.0/24 maxlen: 24
217.149.203.0/24 maxlen: 24
217.149.217.0/24 maxlen: 24
217.149.218.0/24 maxlen: 24
217.149.219.0/24 maxlen: 24
2a01:3a8::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:ee:10:c8:b3:f5:0b:b8:e4:a5:71:53:21:f8:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b534437503668815add93cd17d0ad3e1b1a877
Validity
Not Before: Jan 1 15:48:34 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=72de2e8780ef9f7f24b8a6f627d39e74d9df06b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:86:a3:5b:be:34:07:6f:69:97:70:fa:31:44:
34:dd:1a:9e:c3:e1:34:2b:ce:b4:ad:6b:1e:02:1e:
b5:1a:53:5f:65:9e:7b:fa:0e:7f:22:ac:b6:e8:4f:
71:57:29:63:4c:21:5e:b6:0b:e2:b8:65:30:de:df:
c4:c0:fb:48:b7:46:3c:93:62:86:0e:37:56:9c:97:
11:db:e1:6a:a9:63:02:35:58:ed:d1:61:73:9b:d6:
7b:89:20:2b:3a:b4:91:ee:a0:4d:36:7f:1a:f7:c7:
70:07:63:de:38:a6:5b:de:98:25:cb:6e:1c:a0:70:
07:c9:c9:30:be:5a:7c:30:c4:2c:c3:0c:26:69:ca:
09:f8:59:72:25:8f:f3:fe:7f:7b:58:b2:ca:bb:0b:
b4:0a:7a:3d:91:6a:be:0d:28:49:32:cd:91:45:57:
41:32:5b:46:9e:22:80:45:eb:6d:d1:8d:8a:07:fa:
78:bc:b8:29:a3:de:d2:d9:91:62:40:3e:e9:db:e5:
1e:e3:d5:97:99:af:60:31:64:95:bf:76:a3:fe:ac:
16:b0:60:0a:ec:8a:00:b9:96:bd:a7:fa:42:bf:8a:
2a:e9:c1:e0:33:57:30:d9:a7:96:8a:78:c1:f0:be:
1a:76:bc:a1:61:47:99:f6:e4:13:73:a7:3e:6d:de:
dd:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:DE:2E:87:80:EF:9F:7F:24:B8:A6:F6:27:D3:9E:74:D9:DF:06:B4
X509v3 Authority Key Identifier:
keyid:61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/ct4uh4Dvn38kuKb2J9OedNnfBrQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.223.101.0/24
85.223.126.0/24
217.149.192.0/19
IPv6:
2a01:3a8::/32
Signature Algorithm: sha256WithRSAEncryption
af:b0:e2:28:ca:62:8b:49:02:0f:c2:56:da:b1:6b:bc:7a:bd:
7a:23:f5:52:a7:cd:ee:08:23:f1:06:56:94:4e:48:c4:16:71:
7a:47:9f:fa:49:e5:fe:04:78:60:bc:ee:e9:be:d5:1c:fe:64:
79:e4:33:40:f3:cc:84:ac:bd:72:36:fb:ae:99:5e:88:eb:8d:
f7:2e:1c:a9:31:e7:00:75:b8:e3:43:7e:f7:63:91:82:dd:7b:
38:9b:6e:eb:9a:6b:4f:d4:ed:5c:c8:bc:b2:c6:d1:cf:0a:92:
2b:62:1b:0f:64:66:fe:ae:90:1a:9e:4c:6a:11:ed:b7:11:29:
cc:15:ee:4e:be:56:83:50:4d:4c:81:54:6e:6a:a6:1a:aa:84:
9a:fd:4b:ea:98:f5:a2:40:13:e7:36:b3:6e:c0:3b:83:ae:41:
9c:98:b3:7d:f4:7d:61:79:a5:1b:33:6f:00:3b:92:81:2b:43:
82:31:6f:fc:2b:81:07:82:ee:7e:01:44:7a:15:cc:65:52:cc:
a5:8d:ae:a1:45:aa:2a:2f:9e:60:ce:42:ba:4f:7a:d6:1b:96:
61:e3:f0:0c:84:75:c3:f7:62:54:d5:d4:fe:24:d3:cf:4c:ff:
7d:9a:69:de:f9:25:d0:f8:92:77:87:0b:98:80:b0:ef:fc:6f:
57:4f:42:b4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQije4QyLP1C7jkpXFTIfgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjUzNDQzNzUwMzY2ODgxNWFkZDkzY2QxN2QwYWQzZTFi
MWE4NzcwHhcNMjUwMTAxMTU0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmRlMmU4NzgwZWY5ZjdmMjRiOGE2ZjYyN2QzOWU3NGQ5ZGYwNmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoajW740B29pl3D6MUQ03Rqew+E0
K860rWseAh61GlNfZZ57+g5/Iqy26E9xVyljTCFetgviuGUw3t/EwPtIt0Y8k2KG
DjdWnJcR2+FqqWMCNVjt0WFzm9Z7iSArOrSR7qBNNn8a98dwB2PeOKZb3pgly24c
oHAHyckwvlp8MMQswwwmacoJ+FlyJY/z/n97WLLKuwu0Cno9kWq+DShJMs2RRVdB
MltGniKARett0Y2KB/p4vLgpo97S2ZFiQD7p2+Ue49WXma9gMWSVv3aj/qwWsGAK
7IoAuZa9p/pCv4oq6cHgM1cw2aeWinjB8L4adryhYUeZ9uQTc6c+bd7dQwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFHLeLoeA759/JLim9ifTnnTZ3wa0MB8GA1UdIwQY
MBaAFGG1NEN1A2aIFa3ZPNF9CtPhsah3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYt
ZjU1NWUyZTY4YTEwLzEvY3Q0dWg0RHZuMzhrdUtiMko5T2VkTm5mQnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYtZjU1NWUyZTY4YTEw
LzEvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAVd9lAwQA
Vd9+AwQF2ZXAMA0EAgACMAcDBQAqAQOoMA0GCSqGSIb3DQEBCwUAA4IBAQCvsOIo
ymKLSQIPwlbasWu8er16I/VSp83uCCPxBlaUTkjEFnF6R5/6SeX+BHhgvO7pvtUc
/mR55DNA88yErL1yNvuumV6I6433LhypMecAdbjjQ373Y5GC3Xs4m27rmmtP1O1c
yLyyxtHPCpIrYhsPZGb+rpAankxqEe23ESnMFe5OvlaDUE1MgVRuaqYaqoSa/Uvq
mPWiQBPnNrNuwDuDrkGcmLN99H1heaUbM28AO5KBK0OCMW/8K4EHgu5+AUR6Fcxl
Usylja6hRaoqL55gzkK6T3rWG5Zh4/AMhHXD92JU1dT+JNPPTP99mmne+SXQ+JJ3
hwuYgLDv/G9XT0K0
-----END CERTIFICATE-----
Generated at Fri Apr 25 11:44:12 2025 by rpki-client