Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/H2MbsN_bGg5nRhMdpowLY8tCGIw.roa
File: H2MbsN_bGg5nRhMdpowLY8tCGIw.roa (raw, json)
Hash identifier: bLcgu4qCjNPRFhomkTt+2X9EDUAwEFSRhwUtsXTp3g8=
Subject key identifier: 1F:63:1B:B0:DF:DB:1A:0E:67:46:13:1D:A6:8C:0B:63:CB:42:18:8C
Certificate issuer: /CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Certificate serial: 0194266C0CEBA570606A420AABD22254CB72
Authority key identifier: 5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/H2MbsN_bGg5nRhMdpowLY8tCGIw.roa
Signing time: Thu 02 Jan 2025 09:50:02 +0000
ROA not before: Thu 02 Jan 2025 09:50:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212655
IP address blocks: 88.97.192.0/18 maxlen: 18
88.97.192.0/21 maxlen: 21
88.97.200.0/21 maxlen: 21
88.97.208.0/21 maxlen: 21
88.97.216.0/21 maxlen: 21
88.97.224.0/21 maxlen: 21
88.97.232.0/21 maxlen: 21
88.97.240.0/22 maxlen: 22
88.97.244.0/22 maxlen: 22
88.97.248.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6c:0c:eb:a5:70:60:6a:42:0a:ab:d2:22:54:cb:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Validity
Not Before: Jan 2 09:50:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f631bb0dfdb1a0e6746131da68c0b63cb42188c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:34:b3:b4:1f:29:32:b4:8e:c9:6d:08:93:40:
c7:a7:a2:ce:ae:4b:d1:69:6c:54:31:31:1f:e3:60:
e9:34:3c:91:ad:d3:47:e2:7a:3b:91:67:0f:f8:70:
b0:95:2f:97:88:aa:f3:c3:95:46:2e:c3:62:f9:bf:
a4:1d:04:92:c1:00:66:96:e6:f5:0e:fc:db:76:96:
76:86:db:02:9f:79:81:a1:f4:38:d0:9f:73:bd:20:
a1:6a:0e:6c:d2:ff:85:23:a2:e7:1e:9d:ee:2e:e1:
16:b0:1a:b2:4e:b2:97:40:15:db:ba:a6:1a:b0:1c:
9e:6f:df:88:0c:f4:95:d3:21:18:5f:95:98:ca:fb:
d4:d5:42:fd:ac:42:f5:ad:be:e1:10:f2:74:96:22:
48:ff:5c:9b:0d:cd:fa:b4:b5:14:1e:df:ca:30:b0:
56:ba:dc:a1:55:fd:dc:48:fd:1b:b7:d0:40:0b:04:
08:05:12:3f:56:fb:d3:5a:02:3d:03:51:4d:f9:1b:
0f:24:30:65:db:16:7d:ef:31:c0:26:10:d3:b9:b4:
35:a0:a3:93:36:fe:7f:2f:58:36:d8:38:08:0d:4a:
2f:5f:db:1d:04:f5:94:99:69:86:81:20:17:2d:7e:
24:b2:1b:0b:c4:0d:af:fc:28:71:f1:27:e1:de:bb:
73:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:63:1B:B0:DF:DB:1A:0E:67:46:13:1D:A6:8C:0B:63:CB:42:18:8C
X509v3 Authority Key Identifier:
keyid:5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/H2MbsN_bGg5nRhMdpowLY8tCGIw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.97.192.0/18
Signature Algorithm: sha256WithRSAEncryption
38:c9:b1:7d:0c:00:53:55:b4:2d:8f:11:32:cd:4d:d4:c8:f4:
f2:72:5e:63:1b:e1:36:ac:49:e3:b1:a4:e7:19:2f:9b:1d:b1:
f3:01:24:be:3b:0a:b1:88:13:6e:53:b1:ae:7c:2a:b3:ae:d0:
de:ef:be:49:cc:9a:80:fd:ed:1a:08:68:e5:53:c2:71:3d:9e:
bb:e3:0d:b7:92:69:01:75:6e:de:27:3c:94:b3:84:14:80:8c:
31:f9:45:07:79:2b:ad:07:66:29:d5:0c:de:85:10:15:90:34:
a5:5e:cb:fd:2e:37:84:68:46:6e:25:a0:0b:68:31:20:57:2e:
bc:76:52:47:3c:be:4e:8e:d3:50:58:b1:4c:ac:36:75:ea:a0:
95:83:63:dc:cc:a2:75:dc:f9:7e:09:52:e2:b1:7d:09:b9:a6:
6b:51:5f:ec:30:b4:5a:3a:31:70:5b:6d:39:c3:56:5c:d8:1c:
d9:53:ca:72:d1:f4:3f:bd:4a:66:73:7d:52:fc:68:87:36:73:
0a:85:b6:b5:d5:c5:ed:2d:cf:b7:f0:51:c7:56:ea:bb:54:4d:
fe:ab:f6:50:d9:92:92:62:5a:43:39:f8:50:fc:e3:6f:74:20:
fc:fe:09:ec:5c:33:56:45:8e:ef:8a:09:c8:fe:2d:fe:50:15:
47:50:a4:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbAzrpXBgakIKq9IiVMtyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1MDFiNzU1MDAyZDkxNDNlOGZhNjczNjgxNWU5ZjBm
OTM2OTUwHhcNMjUwMTAyMDk1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjYzMWJiMGRmZGIxYTBlNjc0NjEzMWRhNjhjMGI2M2NiNDIxODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTSztB8pMrSOyW0Ik0DHp6LOrkvR
aWxUMTEf42DpNDyRrdNH4no7kWcP+HCwlS+XiKrzw5VGLsNi+b+kHQSSwQBmlub1
DvzbdpZ2htsCn3mBofQ40J9zvSChag5s0v+FI6LnHp3uLuEWsBqyTrKXQBXbuqYa
sByeb9+IDPSV0yEYX5WYyvvU1UL9rEL1rb7hEPJ0liJI/1ybDc36tLUUHt/KMLBW
utyhVf3cSP0bt9BACwQIBRI/VvvTWgI9A1FN+RsPJDBl2xZ97zHAJhDTubQ1oKOT
Nv5/L1g22DgIDUovX9sdBPWUmWmGgSAXLX4kshsLxA2v/Chx8Sfh3rtzPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9jG7Df2xoOZ0YTHaaMC2PLQhiMMB8GA1UdIwQY
MBaAFFz0UBt1UALZFD6PpnNoFenw+TaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUt
NjBjZjlhYjFiMTNlLzEvSDJNYnNOX2JHZzVuUmhNZHBvd0xZOHRDR0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUtNjBjZjlhYjFiMTNl
LzEvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWGHAMA0G
CSqGSIb3DQEBCwUAA4IBAQA4ybF9DABTVbQtjxEyzU3UyPTycl5jG+E2rEnjsaTn
GS+bHbHzASS+OwqxiBNuU7GufCqzrtDe775JzJqA/e0aCGjlU8JxPZ674w23kmkB
dW7eJzyUs4QUgIwx+UUHeSutB2Yp1QzehRAVkDSlXsv9LjeEaEZuJaALaDEgVy68
dlJHPL5OjtNQWLFMrDZ16qCVg2PczKJ13Pl+CVLisX0JuaZrUV/sMLRaOjFwW205
w1Zc2BzZU8py0fQ/vUpmc31S/GiHNnMKhba11cXtLc+38FHHVuq7VE3+q/ZQ2ZKS
YlpDOfhQ/ONvdCD8/gnsXDNWRY7vignI/i3+UBVHUKQE
-----END CERTIFICATE-----
Generated at Mon Apr 7 19:25:06 2025 by rpki-client