Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0-DoI-jVyddvV4JO30zNi6sVa2c.roa
File: 0-DoI-jVyddvV4JO30zNi6sVa2c.roa (raw, json)
Hash identifier: avQmoE41wLlrl3BGeLtH1cwDfrvDE5x9wcGBsWmQCT0=
Subject key identifier: D3:E0:E8:23:E8:D5:C9:D7:6F:57:82:4E:DF:4C:CD:8B:AB:15:6B:67
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01958973EB6FDC7376ECB2B11FD3437BB29C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0-DoI-jVyddvV4JO30zNi6sVa2c.roa
Signing time: Wed 12 Mar 2025 08:23:50 +0000
ROA not before: Wed 12 Mar 2025 08:23:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 37.60.141.0/24 maxlen: 24
87.120.191.0/24 maxlen: 24
87.121.70.0/23 maxlen: 24
87.121.88.0/24 maxlen: 24
87.121.144.0/23 maxlen: 24
94.156.162.0/23 maxlen: 24
94.156.164.0/23 maxlen: 24
141.98.1.0/24 maxlen: 24
212.73.149.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:89:73:eb:6f:dc:73:76:ec:b2:b1:1f:d3:43:7b:b2:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 12 08:23:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d3e0e823e8d5c9d76f57824edf4ccd8bab156b67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:3e:34:0f:e0:c5:1a:30:08:de:d3:3a:64:19:
72:78:87:c4:d7:ee:82:c1:7a:f1:76:8a:51:32:8d:
41:2c:68:fe:d9:88:92:bd:6a:d0:ef:57:27:6e:38:
2e:29:46:8e:39:0d:85:14:48:62:43:48:61:8f:91:
83:74:d5:42:6b:23:31:89:8f:5b:cd:d5:49:e7:a7:
aa:50:f2:d1:8c:3f:96:d8:f5:b6:dc:d6:6f:b5:f8:
ae:d8:b2:45:e3:d3:8d:74:06:0b:93:05:5b:79:60:
54:82:24:31:e9:2b:62:2c:51:8d:99:52:28:2a:48:
2b:78:56:a7:59:21:d9:61:17:6a:9e:5f:3a:3c:71:
2b:d0:d8:ce:05:6d:64:03:16:50:5c:e9:ac:44:ea:
7d:76:75:f1:c4:2e:8c:99:8b:4f:ea:56:60:d1:c6:
8a:e1:1d:17:60:24:21:92:27:15:50:30:a5:54:f0:
99:16:9e:61:51:80:fb:7f:7b:2e:db:d8:cf:46:ab:
d1:25:9b:f0:5c:f9:60:04:ee:e6:6e:ce:0e:4f:98:
80:d2:09:56:91:0b:97:8b:88:29:f4:30:33:1c:b1:
a5:f8:27:b9:ff:6d:19:23:79:ea:99:cb:a8:1b:f5:
ba:da:75:82:a9:c5:8c:f0:10:d7:12:16:5f:c0:95:
8e:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:E0:E8:23:E8:D5:C9:D7:6F:57:82:4E:DF:4C:CD:8B:AB:15:6B:67
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/0-DoI-jVyddvV4JO30zNi6sVa2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.60.141.0/24
87.120.191.0/24
87.121.70.0/23
87.121.88.0/24
87.121.144.0/23
94.156.162.0-94.156.165.255
141.98.1.0/24
212.73.149.0/24
Signature Algorithm: sha256WithRSAEncryption
21:97:c6:c2:8e:44:97:c2:97:95:e5:8c:7b:eb:bc:20:d8:a5:
ab:ca:2c:be:89:1f:4b:1f:d0:ce:4c:40:ac:a5:93:35:80:e6:
43:66:e7:94:62:55:5d:61:25:df:5d:b0:ec:e7:ea:25:09:14:
4e:7a:8c:09:cc:60:09:5e:40:27:f7:6c:a4:69:34:40:88:dc:
b0:76:35:70:a6:a0:1d:ea:4a:f4:3a:87:fb:85:c7:dc:96:c4:
6e:db:c6:9d:b5:e0:79:51:74:68:f2:ab:1d:4a:50:40:17:53:
ad:06:b1:15:44:30:12:ef:f1:d3:1d:ab:57:04:ed:82:46:ab:
14:1b:3b:7c:ab:a7:6d:a2:01:52:79:a9:91:f8:f5:6e:02:58:
16:fc:aa:19:e4:2a:2c:a3:55:78:97:54:e4:11:d7:d8:df:9a:
65:ac:f7:cd:22:17:82:71:ed:8f:c9:7c:d8:0e:22:7e:b1:12:
5c:c1:27:7d:23:9f:f0:76:72:bf:ac:51:93:88:72:47:f5:17:
63:7b:0e:9a:f5:40:4e:bb:66:ec:84:3a:80:7a:05:78:41:00:
9f:e9:e1:9e:c2:45:5e:14:71:01:05:55:46:57:37:41:58:a1:
6c:d2:25:a5:ae:e1:2f:b2:23:37:b8:ad:ef:47:4e:18:5a:98:
02:92:3f:49
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZWJc+tv3HN27LKxH9NDe7KcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzEyMDgyMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2UwZTgyM2U4ZDVjOWQ3NmY1NzgyNGVkZjRjY2Q4YmFiMTU2YjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjz40D+DFGjAI3tM6ZBlyeIfE1+6C
wXrxdopRMo1BLGj+2YiSvWrQ71cnbjguKUaOOQ2FFEhiQ0hhj5GDdNVCayMxiY9b
zdVJ56eqUPLRjD+W2PW23NZvtfiu2LJF49ONdAYLkwVbeWBUgiQx6StiLFGNmVIo
KkgreFanWSHZYRdqnl86PHEr0NjOBW1kAxZQXOmsROp9dnXxxC6MmYtP6lZg0caK
4R0XYCQhkicVUDClVPCZFp5hUYD7f3su29jPRqvRJZvwXPlgBO7mbs4OT5iA0glW
kQuXi4gp9DAzHLGl+Ce5/20ZI3nqmcuoG/W62nWCqcWM8BDXEhZfwJWONwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNPg6CPo1cnXb1eCTt9MzYurFWtnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMC1Eb0ktalZ5ZGR2VjRKTzMwek5pNnNWYTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAJTyNAwQA
V3i/AwQBV3lGAwQAV3lYAwQBV3mQMAwDBAFenKIDBAFenKQDBACNYgEDBADUSZUw
DQYJKoZIhvcNAQELBQADggEBACGXxsKORJfCl5XljHvrvCDYpavKLL6JH0sf0M5M
QKylkzWA5kNm55RiVV1hJd9dsOzn6iUJFE56jAnMYAleQCf3bKRpNECI3LB2NXCm
oB3qSvQ6h/uFx9yWxG7bxp214HlRdGjyqx1KUEAXU60GsRVEMBLv8dMdq1cE7YJG
qxQbO3yrp22iAVJ5qZH49W4CWBb8qhnkKiyjVXiXVOQR19jfmmWs980iF4Jx7Y/J
fNgOIn6xElzBJ30jn/B2cr+sUZOIckf1F2N7Dpr1QE67ZuyEOoB6BXhBAJ/p4Z7C
RV4UcQEFVUZXN0FYoWzSJaWu4S+yIze4re9HThhamAKSP0k=
-----END CERTIFICATE-----
Generated at Sat Apr 5 08:42:34 2025 by rpki-client