Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/s9a3pEKBSyjyYAsrYAxiAEP4mCU.roa
File: s9a3pEKBSyjyYAsrYAxiAEP4mCU.roa (raw, json)
Hash identifier: 0FpwdS9NLp08wzi3cGdRZXNNnpCGm190316Q+yHGVNo=
Subject key identifier: B3:D6:B7:A4:42:81:4B:28:F2:60:0B:2B:60:0C:62:00:43:F8:98:25
Certificate issuer: /CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Certificate serial: 019421B208544D08F3463E30D4294471C30A
Authority key identifier: 32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/s9a3pEKBSyjyYAsrYAxiAEP4mCU.roa
Signing time: Wed 01 Jan 2025 11:48:23 +0000
ROA not before: Wed 01 Jan 2025 11:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 24620
IP address blocks: 85.254.214.0/23 maxlen: 23
85.254.216.0/21 maxlen: 21
85.254.224.0/22 maxlen: 22
85.254.228.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:08:54:4d:08:f3:46:3e:30:d4:29:44:71:c3:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=320b24a740f2e61632050adc146c1ee6a3e686c5
Validity
Not Before: Jan 1 11:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b3d6b7a442814b28f2600b2b600c620043f89825
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:ea:7a:69:25:11:cd:9d:cc:f9:98:e8:28:b1:
72:c7:3c:17:38:c4:81:99:56:d0:55:ed:77:ce:68:
ab:15:e3:d4:2f:4e:70:da:a2:15:06:3e:69:77:20:
cb:91:46:0a:35:27:5c:fd:01:d2:d9:60:5c:e8:22:
95:e9:54:1b:4f:94:40:e9:c2:43:b5:68:6a:42:c9:
fb:07:93:63:9e:90:36:d5:3e:57:93:6b:d1:69:21:
6a:3f:8c:cd:12:54:48:a2:23:6d:ec:65:f8:ce:16:
89:fa:40:6c:36:ed:82:d6:7d:4c:66:55:8d:5c:34:
95:7f:8b:c9:22:b5:c8:25:2b:ba:ae:a9:ec:8e:4b:
ca:9c:22:c4:5d:b2:f3:be:1f:a0:f4:b1:ea:2f:0d:
46:8e:3e:8e:36:2e:4f:6d:32:94:62:0f:ba:d2:42:
30:82:60:65:b5:03:f2:b9:db:85:01:05:47:05:59:
05:b2:00:19:c7:2d:99:07:80:d2:07:67:83:21:58:
85:2e:fd:22:e4:ee:6f:d4:f2:15:c3:85:1a:16:c2:
75:c2:36:93:e1:fd:53:32:40:82:cb:d5:15:4a:43:
e9:d6:29:17:af:eb:a7:1e:5e:cc:41:21:a0:fb:9d:
da:d5:c8:69:61:65:e2:1b:20:db:41:bc:79:ed:e0:
7a:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:D6:B7:A4:42:81:4B:28:F2:60:0B:2B:60:0C:62:00:43:F8:98:25
X509v3 Authority Key Identifier:
keyid:32:0B:24:A7:40:F2:E6:16:32:05:0A:DC:14:6C:1E:E6:A3:E6:86:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/s9a3pEKBSyjyYAsrYAxiAEP4mCU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9c27e4-d7b1-43c1-a38f-94914f5ddb3c/1/Mgskp0Dy5hYyBQrcFGwe5qPmhsU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.254.214.0-85.254.228.255
Signature Algorithm: sha256WithRSAEncryption
94:fd:14:65:4a:e5:e3:07:da:06:58:20:7a:1c:96:a6:1e:09:
3f:12:cd:1b:2a:3f:9e:e6:e2:c6:60:23:da:ab:d3:3e:25:7f:
f7:25:eb:19:42:19:0c:27:01:5c:71:37:3b:84:58:a1:41:01:
a6:94:09:77:ff:4e:ef:15:50:da:e8:b3:fc:5d:ea:92:4a:13:
04:52:f8:da:95:22:fd:e1:fc:62:47:ea:9b:63:9d:ae:ba:be:
85:d3:d5:0c:9e:3e:78:84:d2:80:ce:2d:1d:4b:11:cd:f0:f6:
d6:94:a5:18:c8:6f:c2:07:e4:ee:6b:c5:d9:a4:45:58:71:fc:
37:f4:45:fd:f0:e1:78:b8:ad:d2:7b:0d:cc:61:95:cd:b2:1b:
24:f3:dd:2a:4a:2b:95:90:6c:67:7b:1a:74:ec:6e:f5:7f:42:
96:3e:e9:95:46:ef:ce:ad:5a:4e:3d:3d:b8:52:e0:6a:68:31:
46:c6:65:f6:a5:cd:2a:c8:32:d2:80:dd:13:1d:7a:af:db:f6:
27:22:ca:9f:df:73:a1:e8:3d:09:ee:06:25:d5:a4:97:ec:42:
49:f5:41:a9:04:95:d6:1c:fc:ee:11:6b:8d:d8:90:e8:1a:ff:
7d:e8:7a:6e:a6:57:88:3d:2f:80:5a:dc:c2:e7:d9:87:b1:cb:
90:ed:6c:3f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsghUTQjzRj4w1ClEccMKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMGIyNGE3NDBmMmU2MTYzMjA1MGFkYzE0NmMxZWU2YTNl
Njg2YzUwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2Q2YjdhNDQyODE0YjI4ZjI2MDBiMmI2MDBjNjIwMDQzZjg5ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzup6aSURzZ3M+ZjoKLFyxzwXOMSB
mVbQVe13zmirFePUL05w2qIVBj5pdyDLkUYKNSdc/QHS2WBc6CKV6VQbT5RA6cJD
tWhqQsn7B5NjnpA21T5Xk2vRaSFqP4zNElRIoiNt7GX4zhaJ+kBsNu2C1n1MZlWN
XDSVf4vJIrXIJSu6rqnsjkvKnCLEXbLzvh+g9LHqLw1Gjj6ONi5PbTKUYg+60kIw
gmBltQPyuduFAQVHBVkFsgAZxy2ZB4DSB2eDIViFLv0i5O5v1PIVw4UaFsJ1wjaT
4f1TMkCCy9UVSkPp1ikXr+unHl7MQSGg+53a1chpYWXiGyDbQbx57eB6wwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLPWt6RCgUso8mALK2AMYgBD+JglMB8GA1UdIwQY
MBaAFDILJKdA8uYWMgUK3BRsHuaj5obFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYt
OTQ5MTRmNWRkYjNjLzEvczlhM3BFS0JTeWp5WUFzcllBeGlBRVA0bUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85YzI3ZTQtZDdiMS00M2MxLWEzOGYtOTQ5MTRmNWRkYjNj
LzEvTWdza3AwRHk1aFl5QlFyY0ZHd2U1cVBtaHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFV/tYD
BABV/uQwDQYJKoZIhvcNAQELBQADggEBAJT9FGVK5eMH2gZYIHoclqYeCT8SzRsq
P57m4sZgI9qr0z4lf/cl6xlCGQwnAVxxNzuEWKFBAaaUCXf/Tu8VUNros/xd6pJK
EwRS+NqVIv3h/GJH6ptjna66voXT1QyePniE0oDOLR1LEc3w9taUpRjIb8IH5O5r
xdmkRVhx/Df0Rf3w4Xi4rdJ7Dcxhlc2yGyTz3SpKK5WQbGd7GnTsbvV/QpY+6ZVG
786tWk49PbhS4GpoMUbGZfalzSrIMtKA3RMdeq/b9iciyp/fc6HoPQnuBiXVpJfs
Qkn1QakEldYc/O4Ra43YkOga/33oem6mV4g9L4Ba3MLn2Yexy5DtbD8=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:39:22 2025 by rpki-client