Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HAZCjJvlgFLary2XnJWdGrr8Vqs.roa
File: HAZCjJvlgFLary2XnJWdGrr8Vqs.roa (raw, json)
Hash identifier: b5eWroAWQPbbZvSPBrEuRyU0h+0HHMU5E/YpcaPtiPQ=
Subject key identifier: 1C:06:42:8C:9B:E5:80:52:DA:AF:2D:97:9C:95:9D:1A:BA:FC:56:AB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194AC59B247CAD5C38209F1182BD505EBC3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HAZCjJvlgFLary2XnJWdGrr8Vqs.roa
Signing time: Tue 28 Jan 2025 09:59:07 +0000
ROA not before: Tue 28 Jan 2025 09:59:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25369
IP address blocks: 85.217.166.0/24 maxlen: 24
85.217.167.0/24 maxlen: 24
85.217.180.0/24 maxlen: 24
85.217.181.0/24 maxlen: 24
85.217.182.0/24 maxlen: 24
85.217.183.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ac:59:b2:47:ca:d5:c3:82:09:f1:18:2b:d5:05:eb:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 28 09:59:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c06428c9be58052daaf2d979c959d1abafc56ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:48:d9:39:21:e1:a5:a6:be:b2:02:cf:a2:7f:
3c:15:1c:73:b7:62:bb:c1:ed:cd:34:a5:a8:a5:c0:
2e:29:dc:55:54:7e:7b:4c:9b:46:24:60:29:c3:b9:
dd:c3:b6:9d:e9:6f:7b:a2:bb:4e:31:b4:ad:d3:f3:
3d:ff:73:30:e3:f4:32:fa:69:62:12:12:4e:7b:97:
4e:13:89:2e:84:5f:1a:92:32:cb:7b:fd:c9:c7:6f:
30:17:dd:1d:b1:8d:9e:9b:72:4b:aa:2c:98:64:c7:
16:2a:ab:3d:63:fb:4c:5e:a1:a1:62:0a:48:60:ba:
1c:05:8c:af:88:9e:9f:66:7f:17:7d:d9:20:6c:bd:
5a:1a:f7:34:73:a7:ad:ac:32:e5:42:0a:51:b6:cd:
0e:e8:0d:bf:f8:d6:93:a4:c8:51:4a:03:e0:63:f7:
30:74:81:21:4d:3d:a9:2c:4c:59:6f:70:5d:08:2c:
07:c1:33:a1:b0:60:4d:a4:08:89:c3:66:83:7a:7f:
4b:4d:24:ef:5a:80:ee:6f:51:dd:2c:ac:82:fd:16:
88:db:f1:ee:40:74:d7:42:1c:4c:a7:03:6c:39:70:
d7:c6:72:93:d9:0d:03:b9:07:06:19:8c:8b:14:95:
cd:cf:06:bc:eb:ee:62:04:fe:8b:92:98:15:85:03:
c3:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:06:42:8C:9B:E5:80:52:DA:AF:2D:97:9C:95:9D:1A:BA:FC:56:AB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HAZCjJvlgFLary2XnJWdGrr8Vqs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.217.166.0/23
85.217.180.0/22
Signature Algorithm: sha256WithRSAEncryption
2c:07:c1:ab:30:8d:41:9d:1f:6e:8e:ed:d8:70:7f:7b:c1:cd:
be:f4:b6:24:f5:d2:2f:98:e1:c6:94:c9:8e:ea:27:6d:72:52:
0a:a4:3a:fd:d7:42:0d:9d:e5:ad:8e:7c:f6:f2:7e:77:f5:a1:
81:56:a0:fe:af:2e:99:73:9a:12:26:5e:5f:7e:90:ba:ad:32:
d7:c9:59:ad:9e:a9:17:2d:12:71:b3:cf:bf:c7:06:d5:5b:b2:
40:02:b0:bd:f8:d1:cd:c4:28:a6:e0:d4:d6:34:77:d2:70:19:
69:1c:32:90:36:31:ae:4f:64:be:bb:0f:03:05:10:c9:07:91:
41:e8:2a:49:8a:6e:40:27:26:f9:c4:b4:9e:de:b1:38:fc:ff:
2a:db:28:d1:87:c5:00:43:74:f1:4f:80:9e:87:1d:65:a5:a9:
db:c2:55:d6:00:39:49:e4:68:eb:db:26:a5:99:86:ae:06:37:
bf:57:4c:3e:0b:f8:f5:44:22:4c:c0:5b:32:0b:ca:e0:4a:0a:
b8:9f:df:1f:b7:e0:76:25:33:b5:a5:48:07:de:db:3b:d6:00:
e9:93:9d:c8:cf:55:da:54:11:07:47:68:13:61:16:81:a9:99:
6d:85:88:5d:46:12:a5:7c:3f:fa:9d:53:30:ce:c0:16:a0:ee:
83:2d:c2:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSsWbJHytXDggnxGCvVBevDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTI4MDk1OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzA2NDI4YzliZTU4MDUyZGFhZjJkOTc5Yzk1OWQxYWJhZmM1NmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0jZOSHhpaa+sgLPon88FRxzt2K7
we3NNKWopcAuKdxVVH57TJtGJGApw7ndw7ad6W97ortOMbSt0/M9/3Mw4/Qy+mli
EhJOe5dOE4kuhF8akjLLe/3Jx28wF90dsY2em3JLqiyYZMcWKqs9Y/tMXqGhYgpI
YLocBYyviJ6fZn8XfdkgbL1aGvc0c6etrDLlQgpRts0O6A2/+NaTpMhRSgPgY/cw
dIEhTT2pLExZb3BdCCwHwTOhsGBNpAiJw2aDen9LTSTvWoDub1HdLKyC/RaI2/Hu
QHTXQhxMpwNsOXDXxnKT2Q0DuQcGGYyLFJXNzwa86+5iBP6LkpgVhQPD+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBwGQoyb5YBS2q8tl5yVnRq6/FarMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSEFaQ2pKdmxnRkxhcnkyWG5KV2RHcnI4VnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVdmmAwQC
Vdm0MA0GCSqGSIb3DQEBCwUAA4IBAQAsB8GrMI1BnR9uju3YcH97wc2+9LYk9dIv
mOHGlMmO6idtclIKpDr910INneWtjnz28n539aGBVqD+ry6Zc5oSJl5ffpC6rTLX
yVmtnqkXLRJxs8+/xwbVW7JAArC9+NHNxCim4NTWNHfScBlpHDKQNjGuT2S+uw8D
BRDJB5FB6CpJim5AJyb5xLSe3rE4/P8q2yjRh8UAQ3TxT4Cehx1lpanbwlXWADlJ
5Gjr2yalmYauBje/V0w+C/j1RCJMwFsyC8rgSgq4n98ft+B2JTO1pUgH3ts71gDp
k53Iz1XaVBEHR2gTYRaBqZlthYhdRhKlfD/6nVMwzsAWoO6DLcJ8
-----END CERTIFICATE-----
Generated at Sat Apr 5 09:03:34 2025 by rpki-client