Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PGOS0clAPFV2e-WrjLhfBqUE160.roa
File: PGOS0clAPFV2e-WrjLhfBqUE160.roa (raw, json)
Hash identifier: enHvIgU/7JsNtmlButAqt0KIQWOznAj8a+fYpjNbwH0=
Subject key identifier: 3C:63:92:D1:C9:40:3C:55:76:7B:E5:AB:8C:B8:5F:06:A5:04:D7:AD
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194B7E8AD858B9F652F27F2821E6533548C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PGOS0clAPFV2e-WrjLhfBqUE160.roa
Signing time: Thu 30 Jan 2025 15:51:06 +0000
ROA not before: Thu 30 Jan 2025 15:51:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215590
IP address blocks: 193.124.89.0/24 maxlen: 24
194.87.192.0/22 maxlen: 22
194.87.192.0/24 maxlen: 24
194.87.193.0/24 maxlen: 24
194.87.194.0/24 maxlen: 24
194.87.195.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b7:e8:ad:85:8b:9f:65:2f:27:f2:82:1e:65:33:54:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 30 15:51:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3c6392d1c9403c55767be5ab8cb85f06a504d7ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:43:e8:86:ae:47:01:a5:d3:19:98:0b:2a:46:
dd:49:87:47:d8:5d:33:69:f6:64:35:b6:d5:53:e6:
a1:dc:51:f5:20:cf:dd:45:e7:7f:db:aa:b3:8a:80:
a4:73:a6:cd:a7:eb:20:30:93:2a:4d:e8:3d:db:bd:
93:b1:c1:14:29:ef:5a:2f:b0:f4:c1:7a:46:88:34:
7f:3b:31:90:a1:2a:25:14:7e:4e:d9:af:27:47:0c:
23:0a:58:43:44:7e:68:9e:09:e8:05:25:16:aa:a9:
ee:17:af:ae:8b:15:1d:c5:4c:f1:ec:22:e3:9d:e6:
2e:fe:3e:3b:9d:65:c6:d2:c2:3e:b7:7e:14:80:f4:
b4:b8:71:37:b8:0f:bb:a4:5a:55:70:27:87:8e:60:
a6:36:92:21:b2:3f:5b:83:97:e8:cb:69:d0:ea:cb:
27:dc:07:c5:c4:08:7d:ea:de:90:67:b1:90:3a:fc:
42:55:f6:5d:a5:8d:97:48:e9:e0:1f:63:6b:87:b0:
0c:0b:47:0c:36:af:c5:21:56:a8:60:55:e6:d7:ad:
c3:70:d3:a7:86:1b:95:bc:0b:3e:fd:ec:5a:e9:dd:
ce:c0:ce:cc:21:d4:1e:04:f9:ca:d7:91:0a:86:ee:
eb:03:85:e0:8b:38:e6:fa:5c:47:b5:b6:8e:40:30:
1b:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:63:92:D1:C9:40:3C:55:76:7B:E5:AB:8C:B8:5F:06:A5:04:D7:AD
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/PGOS0clAPFV2e-WrjLhfBqUE160.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.89.0/24
194.87.192.0/22
Signature Algorithm: sha256WithRSAEncryption
26:ce:4e:bb:60:7f:14:7b:d6:77:45:39:80:ff:3f:6b:28:ae:
81:1e:14:ba:2d:a5:68:7a:17:81:3d:17:9b:c2:54:03:bb:cd:
73:30:bf:9f:17:6d:6a:73:ef:5d:28:c0:1a:a8:9f:63:da:7e:
68:e9:56:56:6e:5f:44:21:dc:39:5b:3b:d2:00:f5:08:e3:de:
29:ea:01:b6:71:34:b6:5d:21:ce:74:15:23:e6:12:17:74:34:
93:b2:58:07:b1:46:bf:75:a8:f6:e9:2f:43:cf:ab:2a:5c:40:
ad:04:1f:33:b2:c0:16:2b:11:03:46:fe:98:a5:bf:cc:d5:e0:
13:32:33:52:46:67:09:f1:04:fc:87:43:d0:cd:7c:c1:49:14:
0a:88:9f:41:9c:2c:7e:b1:5c:d3:a0:f9:89:f0:4d:0e:8c:f5:
ac:35:49:68:30:92:27:ff:e2:a9:ae:27:6d:66:d1:1d:79:07:
0c:de:74:1b:88:1e:2a:a0:28:b9:d8:16:35:13:fb:ff:66:be:
a7:04:ff:81:24:c8:79:eb:8b:f9:a5:8c:11:41:1e:c1:8a:69:
83:2d:da:d2:5d:6e:03:7b:4b:56:0a:2c:6b:0e:68:b1:a9:ef:
be:51:6e:3a:bf:82:68:b7:af:83:28:97:e4:53:53:20:54:97:
a5:08:03:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZS36K2Fi59lLyfygh5lM1SMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTMwMTU1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzYzOTJkMWM5NDAzYzU1NzY3YmU1YWI4Y2I4NWYwNmE1MDRkN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kPohq5HAaXTGZgLKkbdSYdH2F0z
afZkNbbVU+ah3FH1IM/dRed/26qzioCkc6bNp+sgMJMqTeg9272TscEUKe9aL7D0
wXpGiDR/OzGQoSolFH5O2a8nRwwjClhDRH5ongnoBSUWqqnuF6+uixUdxUzx7CLj
neYu/j47nWXG0sI+t34UgPS0uHE3uA+7pFpVcCeHjmCmNpIhsj9bg5foy2nQ6ssn
3AfFxAh96t6QZ7GQOvxCVfZdpY2XSOngH2Nrh7AMC0cMNq/FIVaoYFXm163DcNOn
hhuVvAs+/exa6d3OwM7MIdQeBPnK15EKhu7rA4Xgizjm+lxHtbaOQDAbgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDxjktHJQDxVdnvlq4y4XwalBNetMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUEdPUzBjbEFQRlYyZS1XcmpMaGZCcVVFMTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwXxZAwQC
wlfAMA0GCSqGSIb3DQEBCwUAA4IBAQAmzk67YH8Ue9Z3RTmA/z9rKK6BHhS6LaVo
eheBPRebwlQDu81zML+fF21qc+9dKMAaqJ9j2n5o6VZWbl9EIdw5WzvSAPUI494p
6gG2cTS2XSHOdBUj5hIXdDSTslgHsUa/daj26S9Dz6sqXECtBB8zssAWKxEDRv6Y
pb/M1eATMjNSRmcJ8QT8h0PQzXzBSRQKiJ9BnCx+sVzToPmJ8E0OjPWsNUloMJIn
/+KpridtZtEdeQcM3nQbiB4qoCi52BY1E/v/Zr6nBP+BJMh564v5pYwRQR7BimmD
LdrSXW4De0tWCixrDmixqe++UW46v4Jot6+DKJfkU1MgVJelCAOe
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:41:37 2025 by rpki-client