Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/rvmURVzFk1bwGjGobGqb0yFt3KA.roa
File: rvmURVzFk1bwGjGobGqb0yFt3KA.roa (raw, json)
Hash identifier: +gkDNkESiZUmyHifu9XTl6mgqzplEi2EA3I3Oack5Ho=
Subject key identifier: AE:F9:94:45:5C:C5:93:56:F0:1A:31:A8:6C:6A:9B:D3:21:6D:DC:A0
Certificate issuer: /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial: 01942747E04717ADCF69407E8CF61E3E5DCB
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/rvmURVzFk1bwGjGobGqb0yFt3KA.roa
Signing time: Thu 02 Jan 2025 13:50:09 +0000
ROA not before: Thu 02 Jan 2025 13:50:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31643
IP address blocks: 85.28.0.0/20 maxlen: 20
85.28.0.0/21 maxlen: 21
85.28.8.0/21 maxlen: 21
85.28.16.0/20 maxlen: 20
85.28.16.0/21 maxlen: 21
85.28.24.0/21 maxlen: 21
85.28.32.0/20 maxlen: 20
217.151.16.0/20 maxlen: 20
217.151.16.0/21 maxlen: 21
217.151.24.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:e0:47:17:ad:cf:69:40:7e:8c:f6:1e:3e:5d:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
Validity
Not Before: Jan 2 13:50:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aef994455cc59356f01a31a86c6a9bd3216ddca0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:52:ef:cb:54:bf:5e:15:c6:90:73:f5:01:79:
6e:5b:f3:dd:42:36:4c:76:88:83:0d:66:58:4c:25:
31:c0:e0:4b:0c:d7:68:ae:f2:67:1c:0f:21:60:8d:
95:12:e0:be:75:2a:70:4f:1e:c0:fc:5c:73:79:b1:
51:b2:14:2f:cd:61:dd:fb:10:42:e3:39:47:6b:09:
03:0d:99:d7:8f:27:f3:5d:90:c8:01:b5:47:e7:f8:
36:81:f5:19:e7:da:5e:55:26:2e:bf:55:89:5b:4d:
35:b3:4d:d3:75:41:96:73:4c:c9:5c:b9:3f:2f:d7:
d4:ec:4d:72:f2:4c:11:48:24:40:f8:e6:3d:05:a4:
25:2f:fb:6a:c2:dd:e3:35:10:35:40:e2:41:c3:5f:
6c:68:f8:73:f4:c4:d9:b7:2d:60:22:5b:67:63:d1:
c2:75:ad:33:1a:fe:df:f6:73:33:1b:af:64:9d:56:
4c:f9:fd:27:58:9a:7c:67:04:61:2f:f3:17:4f:7f:
2b:c4:54:f9:9e:91:c6:88:b8:17:df:e9:01:90:d4:
8f:b9:28:e6:09:cf:5a:9c:ea:2d:45:2e:8a:c1:56:
6b:24:a6:4c:b6:2d:43:03:85:d3:e0:4d:b4:c7:8b:
de:9e:3f:f7:1a:92:e1:ca:60:7f:c3:a7:4a:cc:c6:
c2:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:F9:94:45:5C:C5:93:56:F0:1A:31:A8:6C:6A:9B:D3:21:6D:DC:A0
X509v3 Authority Key Identifier:
keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/rvmURVzFk1bwGjGobGqb0yFt3KA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.28.0.0-85.28.47.255
217.151.16.0/20
Signature Algorithm: sha256WithRSAEncryption
3d:06:01:d8:df:09:32:59:ae:65:25:0e:c6:9a:d3:1b:47:de:
11:16:18:77:82:d8:0e:60:7e:87:d5:82:b5:b5:ba:09:22:4f:
19:61:7e:b3:a7:11:ee:a5:4e:67:55:e7:43:a5:48:6e:7b:30:
c8:47:ed:4c:63:e6:ec:b4:74:5b:43:88:a8:e2:1f:4c:0d:25:
48:a9:2e:c8:75:cd:e9:94:4e:53:6d:07:8b:d0:b5:18:59:b5:
e4:1e:ab:5c:49:da:78:74:0c:ca:ed:a4:73:98:11:28:e7:1a:
3b:4f:a2:3d:b0:3b:b3:2d:45:68:20:5a:63:c3:e4:28:81:94:
fc:2b:bf:85:9c:b5:ab:dd:44:18:8c:61:b8:8c:c1:3d:86:0b:
92:a3:64:a8:fe:70:fd:f0:83:2f:ff:56:ec:1c:b9:a6:d5:7d:
1b:8a:30:35:1d:95:4c:e0:41:bb:73:32:a6:1e:91:c5:16:5e:
93:0b:4c:34:7f:01:77:07:f6:c7:8e:63:b2:15:e3:e7:65:74:
d3:05:72:0c:80:cf:f9:a2:e2:0c:95:bb:07:34:6a:34:24:03:
cf:cf:f8:17:2f:05:de:58:55:a9:f4:eb:65:2c:e8:fa:98:ec:
24:fa:6d:60:c8:dc:4e:6d:1a:53:96:cb:e5:13:ee:71:3c:15:
5d:ac:0a:5b
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQnR+BHF63PaUB+jPYePl3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWY5OTQ0NTVjYzU5MzU2ZjAxYTMxYTg2YzZhOWJkMzIxNmRkY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VLvy1S/XhXGkHP1AXluW/PdQjZM
doiDDWZYTCUxwOBLDNdorvJnHA8hYI2VEuC+dSpwTx7A/FxzebFRshQvzWHd+xBC
4zlHawkDDZnXjyfzXZDIAbVH5/g2gfUZ59peVSYuv1WJW001s03TdUGWc0zJXLk/
L9fU7E1y8kwRSCRA+OY9BaQlL/tqwt3jNRA1QOJBw19saPhz9MTZty1gIltnY9HC
da0zGv7f9nMzG69knVZM+f0nWJp8ZwRhL/MXT38rxFT5npHGiLgX3+kBkNSPuSjm
Cc9anOotRS6KwVZrJKZMti1DA4XT4E20x4venj/3GpLhymB/w6dKzMbCMwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFK75lEVcxZNW8BoxqGxqm9MhbdygMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvcnZtVVJWekZrMWJ3R2pHb2JHcWIweUZ0M0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATMAsDAwJVHAME
BFUcIAMEBNmXEDANBgkqhkiG9w0BAQsFAAOCAQEAPQYB2N8JMlmuZSUOxprTG0fe
ERYYd4LYDmB+h9WCtbW6CSJPGWF+s6cR7qVOZ1XnQ6VIbnswyEftTGPm7LR0W0OI
qOIfTA0lSKkuyHXN6ZROU20Hi9C1GFm15B6rXEnaeHQMyu2kc5gRKOcaO0+iPbA7
sy1FaCBaY8PkKIGU/Cu/hZy1q91EGIxhuIzBPYYLkqNkqP5w/fCDL/9W7By5ptV9
G4owNR2VTOBBu3Myph6RxRZekwtMNH8Bdwf2x45jshXj52V00wVyDIDP+aLiDJW7
BzRqNCQDz8/4Fy8F3lhVqfTrZSzo+pjsJPptYMjcTm0aU5bL5RPucTwVXawKWw==
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:19:20 2025 by rpki-client