Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/47e507-6b79-4046-b839-2d4c38d68f5b/1/goXCUeOfZ5-cQ04skoEaAhj8RDo.roa
File: goXCUeOfZ5-cQ04skoEaAhj8RDo.roa (raw, json)
Hash identifier: uOzOA2SYlLihIJFarNXqamqX3NhQtTM647Hu4z4Wkb0=
Subject key identifier: 82:85:C2:51:E3:9F:67:9F:9C:43:4E:2C:92:81:1A:02:18:FC:44:3A
Certificate issuer: /CN=aa308f9956941fa38dbe8ce8bd2ca975d11b162f
Certificate serial: 01896DB9E64834D6C8D768D601FA6A6C7318
Authority key identifier: AA:30:8F:99:56:94:1F:A3:8D:BE:8C:E8:BD:2C:A9:75:D1:1B:16:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qjCPmVaUH6ONvozovSypddEbFi8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/47e507-6b79-4046-b839-2d4c38d68f5b/1/goXCUeOfZ5-cQ04skoEaAhj8RDo.roa
Signing time: Wed 19 Jul 2023 10:37:26 +0000
ROA not before: Wed 19 Jul 2023 10:37:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35625
IP address blocks: 85.208.216.0/23 maxlen: 24
85.208.218.0/23 maxlen: 24
85.208.216.0/22 maxlen: 23
2a09:8c40::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:6d:b9:e6:48:34:d6:c8:d7:68:d6:01:fa:6a:6c:73:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa308f9956941fa38dbe8ce8bd2ca975d11b162f
Validity
Not Before: Jul 19 10:37:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8285c251e39f679f9c434e2c92811a0218fc443a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:7b:be:fb:70:48:06:69:7d:0c:8d:5c:cb:4c:
e8:34:fd:74:0c:b3:f5:91:70:39:64:5e:d6:6b:d6:
4a:5c:83:0d:2a:cf:1e:ea:af:9a:39:3f:dd:0b:4e:
bd:66:84:b0:a8:be:ff:fb:12:84:bf:25:b0:a9:00:
d7:9d:88:48:2e:9d:53:f8:c0:78:a2:55:6f:48:52:
dc:ba:dd:43:ce:c4:85:c2:e4:f2:d5:9f:c7:45:5e:
cd:e5:4e:32:6b:91:01:c6:e4:73:db:70:9c:5c:7f:
14:d7:42:c0:1d:50:8f:94:c6:d9:21:98:a7:36:c1:
02:14:88:e1:52:0b:20:5d:0a:cc:93:41:8e:c1:1a:
bf:eb:04:e9:21:17:b2:35:2c:42:20:3c:d5:e9:e2:
9d:1b:b6:72:a3:c2:55:7b:90:4d:c1:29:66:59:3c:
b6:41:3b:8d:30:d6:bb:cd:7b:00:40:97:5c:f9:b5:
57:07:d7:ee:83:86:6a:d7:fd:d8:2d:6d:81:da:cf:
08:7f:fa:1d:a9:4f:bc:7b:7e:56:43:2d:4d:2f:73:
31:ba:fb:ba:70:73:ba:77:0f:8b:01:b0:76:7a:d0:
93:e7:40:ca:eb:bf:f6:1f:84:18:69:ff:55:46:24:
06:da:02:23:b2:af:b5:bf:5c:51:96:dd:99:e7:f7:
4f:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:85:C2:51:E3:9F:67:9F:9C:43:4E:2C:92:81:1A:02:18:FC:44:3A
X509v3 Authority Key Identifier:
keyid:AA:30:8F:99:56:94:1F:A3:8D:BE:8C:E8:BD:2C:A9:75:D1:1B:16:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qjCPmVaUH6ONvozovSypddEbFi8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/47e507-6b79-4046-b839-2d4c38d68f5b/1/goXCUeOfZ5-cQ04skoEaAhj8RDo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/47e507-6b79-4046-b839-2d4c38d68f5b/1/qjCPmVaUH6ONvozovSypddEbFi8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.208.216.0/22
IPv6:
2a09:8c40::/29
Signature Algorithm: sha256WithRSAEncryption
1a:37:7b:7b:4f:71:41:64:40:d2:fa:95:13:0f:81:d2:8c:64:
2c:90:04:01:40:b7:0a:c6:ea:75:6f:e1:3b:b5:ab:eb:12:cf:
15:13:39:fe:4f:0c:db:59:f6:97:18:a9:e8:34:85:0e:8b:c3:
0d:b5:fc:33:92:35:9b:d8:c2:64:38:fb:18:bb:0c:e9:78:9b:
97:ff:7b:81:52:14:c6:7f:6e:41:15:22:ef:05:0c:9c:8d:19:
e6:c6:32:5c:e6:5d:e9:f7:ac:4b:c7:50:d4:a0:e2:6c:e8:8b:
8a:4d:94:75:88:66:21:5d:4f:d3:f1:7b:cf:d2:f5:37:2b:c5:
5b:15:da:df:c9:7d:f2:53:e2:04:ee:ff:4e:01:4d:6d:78:7b:
01:3f:c5:7f:e3:00:7a:6c:c6:a5:d6:38:07:10:c4:9c:39:7e:
38:bf:5c:3a:29:c3:a8:ce:c0:64:3b:6b:90:21:64:a2:e5:60:
39:6f:5f:19:10:86:90:48:27:93:b1:3e:60:04:c0:bf:ca:08:
2f:fc:19:ec:5a:c6:1f:68:9c:8c:b3:a6:47:3d:e1:83:5e:cc:
72:85:1b:b2:a5:59:b6:53:db:1b:f9:af:ea:1d:c0:08:fe:e8:
95:62:9e:20:57:d3:ee:8d:33:4d:54:1a:69:b2:d1:d3:ee:59:
e9:0c:93:b4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYltueZINNbI12jWAfpqbHMYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMzA4Zjk5NTY5NDFmYTM4ZGJlOGNlOGJkMmNhOTc1ZDEx
YjE2MmYwHhcNMjMwNzE5MTAzNzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mjg1YzI1MWUzOWY2NzlmOWM0MzRlMmM5MjgxMWEwMjE4ZmM0NDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHu++3BIBml9DI1cy0zoNP10DLP1
kXA5ZF7Wa9ZKXIMNKs8e6q+aOT/dC069ZoSwqL7/+xKEvyWwqQDXnYhILp1T+MB4
olVvSFLcut1DzsSFwuTy1Z/HRV7N5U4ya5EBxuRz23CcXH8U10LAHVCPlMbZIZin
NsECFIjhUgsgXQrMk0GOwRq/6wTpIReyNSxCIDzV6eKdG7Zyo8JVe5BNwSlmWTy2
QTuNMNa7zXsAQJdc+bVXB9fug4Zq1/3YLW2B2s8If/odqU+8e35WQy1NL3Mxuvu6
cHO6dw+LAbB2etCT50DK67/2H4QYaf9VRiQG2gIjsq+1v1xRlt2Z5/dPaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIKFwlHjn2efnENOLJKBGgIY/EQ6MB8GA1UdIwQY
MBaAFKowj5lWlB+jjb6M6L0sqXXRGxYvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWpDUG1WYVVINk9Odm96b3ZTeXBkZEViRmk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC80N2U1MDctNmI3OS00MDQ2LWI4Mzkt
MmQ0YzM4ZDY4ZjViLzEvZ29YQ1VlT2ZaNS1jUTA0c2tvRWFBaGo4UkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC80N2U1MDctNmI3OS00MDQ2LWI4MzktMmQ0YzM4ZDY4ZjVi
LzEvcWpDUG1WYVVINk9Odm96b3ZTeXBkZEViRmk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdDYMA0E
AgACMAcDBQMqCYxAMA0GCSqGSIb3DQEBCwUAA4IBAQAaN3t7T3FBZEDS+pUTD4HS
jGQskAQBQLcKxup1b+E7tavrEs8VEzn+TwzbWfaXGKnoNIUOi8MNtfwzkjWb2MJk
OPsYuwzpeJuX/3uBUhTGf25BFSLvBQycjRnmxjJc5l3p96xLx1DUoOJs6IuKTZR1
iGYhXU/T8XvP0vU3K8VbFdrfyX3yU+IE7v9OAU1teHsBP8V/4wB6bMal1jgHEMSc
OX44v1w6KcOozsBkO2uQIWSi5WA5b18ZEIaQSCeTsT5gBMC/yggv/BnsWsYfaJyM
s6ZHPeGDXsxyhRuypVm2U9sb+a/qHcAI/uiVYp4gV9PujTNNVBppstHT7lnpDJO0
-----END CERTIFICATE-----
Generated at Sun Jul 27 11:55:54 2025 by rpki-client