Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/oXKnWulzgBorCsfBE5MZyHLXlSc.roa
File: oXKnWulzgBorCsfBE5MZyHLXlSc.roa (raw, json)
Hash identifier: VWJHxlc+ImPCqcL0hEAzPzeHoYWv0lcDtIzO6OoF/4M=
Subject key identifier: A1:72:A7:5A:E9:73:80:1A:2B:0A:C7:C1:13:93:19:C8:72:D7:95:27
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 018DF322004981550F6D94EA65601E9A4368
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/oXKnWulzgBorCsfBE5MZyHLXlSc.roa
Signing time: Thu 29 Feb 2024 04:31:48 +0000
ROA not before: Thu 29 Feb 2024 04:31:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 21
89.249.200.0/24 maxlen: 24
212.42.192.0/20 maxlen: 24
212.42.208.0/20 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f3:22:00:49:81:55:0f:6d:94:ea:65:60:1e:9a:43:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Feb 29 04:31:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a172a75ae973801a2b0ac7c1139319c872d79527
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:21:74:a8:97:a8:08:ab:41:c3:06:0b:85:db:
90:48:10:fb:10:9a:5c:26:44:5a:a1:f5:9f:30:48:
e5:01:44:f7:d8:aa:26:23:72:15:56:3c:a0:7d:d6:
55:c2:d8:7c:26:0b:f2:6e:5c:14:cd:67:42:16:4f:
68:23:92:31:5a:49:00:c9:51:da:19:16:25:80:68:
8d:94:0b:f1:d1:c5:f8:a5:9f:47:f6:1a:7f:4e:c0:
d6:a5:8d:6c:f3:59:92:d3:3a:5e:c4:0f:de:4b:4c:
6b:96:68:76:67:88:17:eb:d4:4a:59:b2:ed:d4:b5:
eb:cc:5a:d7:82:3e:71:4d:db:dd:d6:a0:76:42:e3:
c3:a6:7e:c0:71:e6:4c:25:be:14:25:14:05:f5:2d:
a7:d7:55:aa:0d:d9:a9:ed:0f:d0:2f:05:bc:35:7a:
ef:53:28:87:f2:3b:81:22:e4:c0:cc:32:2b:07:96:
25:01:7d:76:ba:ad:17:1b:e7:29:6d:96:9e:05:0e:
a7:37:dc:af:bd:1a:b3:e4:b5:60:36:9c:da:75:e0:
3b:7f:b3:f1:a7:b8:f5:d8:c2:e3:89:92:e7:2d:ee:
bd:45:a9:6d:ed:d3:7d:a8:93:76:b4:87:eb:30:33:
63:ba:68:a0:43:f7:5a:73:9d:3a:32:58:99:9a:23:
f1:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:72:A7:5A:E9:73:80:1A:2B:0A:C7:C1:13:93:19:C8:72:D7:95:27
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/oXKnWulzgBorCsfBE5MZyHLXlSc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0-89.249.200.255
212.42.192.0/19
Signature Algorithm: sha256WithRSAEncryption
e1:45:fd:ac:c5:ff:19:d4:ef:5d:60:c6:65:e6:9b:08:dc:eb:
be:50:b1:d4:19:69:92:0c:9f:ef:97:e3:26:64:53:fa:a6:e2:
34:bc:ed:8f:69:16:77:a1:ec:cf:a0:ce:5f:80:72:d9:92:04:
10:c3:74:4d:7c:34:94:d9:e6:6f:01:0c:6c:e1:3d:28:22:62:
ad:ea:ba:94:95:fb:77:71:ed:7f:df:02:78:e3:4a:43:0b:e9:
e7:16:ac:2c:62:47:7e:ce:6f:ac:a4:3b:55:76:6c:d7:f8:6a:
e5:d6:ad:a1:a9:a8:90:26:a9:fe:14:5f:74:2f:29:74:6d:cb:
b9:01:c1:67:a0:d9:3a:09:7a:76:da:e2:e5:91:56:58:cd:11:
6c:1c:e1:76:b9:0c:2a:16:4d:de:03:3a:bb:40:93:43:e2:68:
0c:f8:2f:c8:a1:ef:7f:e3:f9:d2:b5:21:e4:31:61:c2:a6:0e:
b8:5f:96:3b:92:af:2f:9c:06:b6:e6:a8:e6:a0:83:20:5f:a1:
e2:2c:2c:f8:63:68:e9:d6:27:a4:e6:7f:3f:bf:03:88:3b:0d:
73:c0:75:f3:c4:92:72:45:ab:34:f9:3c:6b:f7:58:43:ec:a7:
8a:63:8a:5e:6b:13:69:4d:2a:ba:21:d7:91:32:16:8e:41:79:
c1:33:b8:a2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY3zIgBJgVUPbZTqZWAemkNoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwMjI5MDQzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTcyYTc1YWU5NzM4MDFhMmIwYWM3YzExMzkzMTljODcyZDc5NTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyF0qJeoCKtBwwYLhduQSBD7EJpc
JkRaofWfMEjlAUT32KomI3IVVjygfdZVwth8JgvyblwUzWdCFk9oI5IxWkkAyVHa
GRYlgGiNlAvx0cX4pZ9H9hp/TsDWpY1s81mS0zpexA/eS0xrlmh2Z4gX69RKWbLt
1LXrzFrXgj5xTdvd1qB2QuPDpn7AceZMJb4UJRQF9S2n11WqDdmp7Q/QLwW8NXrv
UyiH8juBIuTAzDIrB5YlAX12uq0XG+cpbZaeBQ6nN9yvvRqz5LVgNpzadeA7f7Px
p7j12MLjiZLnLe69Ralt7dN9qJN2tIfrMDNjumigQ/dac506MliZmiPxIQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKFyp1rpc4AaKwrHwROTGchy15UnMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvb1hLbld1bHpnQm9yQ3NmQkU1TVp5SExYbFNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAZZ+cAD
BABZ+cgDBAXUKsAwDQYJKoZIhvcNAQELBQADggEBAOFF/azF/xnU711gxmXmmwjc
675QsdQZaZIMn++X4yZkU/qm4jS87Y9pFneh7M+gzl+ActmSBBDDdE18NJTZ5m8B
DGzhPSgiYq3qupSV+3dx7X/fAnjjSkML6ecWrCxiR37Ob6ykO1V2bNf4auXWraGp
qJAmqf4UX3QvKXRty7kBwWeg2ToJenba4uWRVljNEWwc4Xa5DCoWTd4DOrtAk0Pi
aAz4L8ih73/j+dK1IeQxYcKmDrhfljuSry+cBrbmqOaggyBfoeIsLPhjaOnWJ6Tm
fz+/A4g7DXPAdfPEknJFqzT5PGv3WEPsp4pjil5rE2lNKroh15EyFo5BecEzuKI=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:01:00 2025 by rpki-client