Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/2038aa-7de5-4581-933a-d1a0c320c28a/1/lqgKwcqwVqi1K1c5h5ymlbm-KYI.roa
File: lqgKwcqwVqi1K1c5h5ymlbm-KYI.roa (raw, json)
Hash identifier: qnUOyvHZeuSvOCOOH4NYvO+S1v3dCucb9UhC55vrQ0Y=
Subject key identifier: 96:A8:0A:C1:CA:B0:56:A8:B5:2B:57:39:87:9C:A6:95:B9:BE:29:82
Certificate issuer: /CN=8023d3d35800ef3cb2a56c38bf914397381e0ff1
Certificate serial: 01864F49529D08AA69B64AAC9D5DF0B6AB37
Authority key identifier: 80:23:D3:D3:58:00:EF:3C:B2:A5:6C:38:BF:91:43:97:38:1E:0F:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gCPT01gA7zyypWw4v5FDlzgeD_E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b7/2038aa-7de5-4581-933a-d1a0c320c28a/1/lqgKwcqwVqi1K1c5h5ymlbm-KYI.roa
Signing time: Tue 14 Feb 2023 09:37:30 +0000
ROA not before: Tue 14 Feb 2023 09:37:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62353
IP address blocks: 213.159.16.0/22 maxlen: 24
213.159.16.0/21 maxlen: 24
213.159.20.0/22 maxlen: 24
185.22.12.0/22 maxlen: 24
185.22.12.0/23 maxlen: 24
185.22.14.0/23 maxlen: 24
185.81.10.0/23 maxlen: 24
185.81.11.0/24 maxlen: 24
185.81.8.0/24 maxlen: 24
185.81.8.0/23 maxlen: 24
185.81.8.0/22 maxlen: 24
2a00:5d60::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:4f:49:52:9d:08:aa:69:b6:4a:ac:9d:5d:f0:b6:ab:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8023d3d35800ef3cb2a56c38bf914397381e0ff1
Validity
Not Before: Feb 14 09:37:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=96a80ac1cab056a8b52b5739879ca695b9be2982
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:db:41:ab:e2:bf:c3:99:60:ee:00:4c:20:b5:
e5:fc:73:43:c5:3a:63:0c:fe:0c:3b:bc:ad:f4:80:
1e:87:e7:7a:48:ae:58:2a:0b:46:c0:10:5e:4f:18:
43:99:be:06:8e:5f:ff:43:c8:f8:11:10:c3:22:55:
cf:2a:58:85:5d:03:b6:97:af:1f:d9:07:c6:16:bf:
5d:16:f4:51:4b:3d:bf:73:96:96:8a:67:51:6f:fa:
34:f1:d0:88:df:d8:86:d2:4e:0c:3e:ca:ce:1b:d5:
85:ce:9b:f1:04:f9:45:cd:fe:f0:45:58:7d:fc:45:
cd:6e:3d:8d:2e:55:51:5e:63:c6:7b:87:8f:cb:73:
f6:9f:46:de:a6:60:4a:f5:36:f8:8c:9c:d9:ad:d9:
33:29:1e:e8:8a:d2:fd:da:a5:59:ba:d7:7b:b9:f4:
d0:1c:d2:02:5d:d1:bc:34:37:ff:0e:87:d5:df:29:
0f:45:dc:40:e0:19:2b:65:a1:5c:2c:5d:08:e6:8d:
fe:cf:c9:a2:e1:e9:7f:fd:dc:68:fc:64:cd:96:a9:
67:cf:e2:8f:13:b9:77:2c:ac:d9:65:6c:b6:3c:88:
f5:7f:b8:4b:fd:5d:1b:9e:d8:df:96:56:26:4b:a2:
ab:15:5b:05:a5:27:df:b9:55:96:1f:29:5b:57:21:
b6:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:A8:0A:C1:CA:B0:56:A8:B5:2B:57:39:87:9C:A6:95:B9:BE:29:82
X509v3 Authority Key Identifier:
keyid:80:23:D3:D3:58:00:EF:3C:B2:A5:6C:38:BF:91:43:97:38:1E:0F:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gCPT01gA7zyypWw4v5FDlzgeD_E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/2038aa-7de5-4581-933a-d1a0c320c28a/1/lqgKwcqwVqi1K1c5h5ymlbm-KYI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/2038aa-7de5-4581-933a-d1a0c320c28a/1/gCPT01gA7zyypWw4v5FDlzgeD_E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.22.12.0/22
185.81.8.0/22
213.159.16.0/21
IPv6:
2a00:5d60::/32
Signature Algorithm: sha256WithRSAEncryption
c6:06:5a:e3:c8:d4:36:b5:30:76:02:88:5e:92:23:48:10:55:
31:92:aa:52:43:57:34:9d:91:bb:dd:c2:02:29:40:63:5f:62:
a5:9a:9b:e1:f0:da:e2:ca:64:21:c2:df:23:44:78:a6:27:d4:
a9:f9:25:f5:1d:aa:3f:f3:a1:7a:53:e1:4a:02:ed:d8:b7:b3:
b2:41:6f:78:21:ca:ea:ba:a6:8e:2b:0c:f9:b3:13:36:d2:3a:
9b:98:1e:97:ee:54:68:a2:5b:4c:7d:21:59:05:6c:54:b0:ea:
4c:cc:3c:1d:e6:3a:9a:89:c6:74:d6:4d:8e:90:8c:88:c4:63:
6a:da:4e:31:85:a7:9c:8d:2b:81:4b:91:97:e3:b5:e2:c8:a9:
e4:32:67:d1:6a:c5:6f:ff:8a:ed:23:de:37:05:ef:c1:ae:49:
76:46:f0:68:87:79:d3:69:64:11:a5:fb:b1:b3:12:4e:6a:4f:
09:af:96:06:c6:25:88:1f:90:35:aa:a3:a9:7f:34:b9:10:f1:
27:7c:34:41:87:0f:23:17:1d:92:63:57:9b:da:52:0f:ae:5d:
d2:ac:82:f7:17:1e:99:84:27:59:63:13:25:ba:b4:2b:80:92:
68:2e:fe:a6:ab:53:a7:bf:1c:b1:05:df:47:25:92:7a:94:ea:
99:68:d7:5d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYZPSVKdCKpptkqsnV3wtqs3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMjNkM2QzNTgwMGVmM2NiMmE1NmMzOGJmOTE0Mzk3Mzgx
ZTBmZjEwHhcNMjMwMjE0MDkzNzMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmE4MGFjMWNhYjA1NmE4YjUyYjU3Mzk4NzljYTY5NWI5YmUyOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09tBq+K/w5lg7gBMILXl/HNDxTpj
DP4MO7yt9IAeh+d6SK5YKgtGwBBeTxhDmb4Gjl//Q8j4ERDDIlXPKliFXQO2l68f
2QfGFr9dFvRRSz2/c5aWimdRb/o08dCI39iG0k4MPsrOG9WFzpvxBPlFzf7wRVh9
/EXNbj2NLlVRXmPGe4ePy3P2n0bepmBK9Tb4jJzZrdkzKR7oitL92qVZutd7ufTQ
HNICXdG8NDf/DofV3ykPRdxA4BkrZaFcLF0I5o3+z8mi4el//dxo/GTNlqlnz+KP
E7l3LKzZZWy2PIj1f7hL/V0bntjfllYmS6KrFVsFpSffuVWWHylbVyG2NQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJaoCsHKsFaotStXOYecppW5vimCMB8GA1UdIwQY
MBaAFIAj09NYAO88sqVsOL+RQ5c4Hg/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0NQVDAxZ0E3enl5cFd3NHY1RkRsemdlRF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8yMDM4YWEtN2RlNS00NTgxLTkzM2Et
ZDFhMGMzMjBjMjhhLzEvbHFnS3djcXdWcWkxSzFjNWg1eW1sYm0tS1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8yMDM4YWEtN2RlNS00NTgxLTkzM2EtZDFhMGMzMjBjMjhh
LzEvZ0NQVDAxZ0E3enl5cFd3NHY1RkRsemdlRF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuRYMAwQC
uVEIAwQD1Z8QMA0EAgACMAcDBQAqAF1gMA0GCSqGSIb3DQEBCwUAA4IBAQDGBlrj
yNQ2tTB2AohekiNIEFUxkqpSQ1c0nZG73cICKUBjX2Klmpvh8NriymQhwt8jRHim
J9Sp+SX1Hao/86F6U+FKAu3Yt7OyQW94IcrquqaOKwz5sxM20jqbmB6X7lRooltM
fSFZBWxUsOpMzDwd5jqaicZ01k2OkIyIxGNq2k4xhaecjSuBS5GX47XiyKnkMmfR
asVv/4rtI943Be/Brkl2RvBoh3nTaWQRpfuxsxJOak8Jr5YGxiWIH5A1qqOpfzS5
EPEnfDRBhw8jFx2SY1eb2lIPrl3SrIL3Fx6ZhCdZYxMlurQrgJJoLv6mq1Onvxyx
Bd9HJZJ6lOqZaNdd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:06 2024 by rpki-client on console-ams.rpki-client.org