Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/qkG336jW3qw-2FEqug_Ga4_dOQ8.roa
File: qkG336jW3qw-2FEqug_Ga4_dOQ8.roa (raw, json)
Hash identifier: Mq/88KloqAbOwHviDY6fKjuS9dO1fuv1yCTeDJaVjFI=
Subject key identifier: AA:41:B7:DF:A8:D6:DE:AC:3E:D8:51:2A:BA:0F:C6:6B:8F:DD:39:0F
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 01957161F4CA5C2CD628FA927CE7D42C0342
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/qkG336jW3qw-2FEqug_Ga4_dOQ8.roa
Signing time: Fri 07 Mar 2025 16:13:19 +0000
ROA not before: Fri 07 Mar 2025 16:13:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210644
IP address blocks: 85.239.144.0/24 maxlen: 24
85.239.146.0/24 maxlen: 24
85.239.147.0/24 maxlen: 24
85.239.149.0/24 maxlen: 24
85.239.151.0/24 maxlen: 24
185.95.156.0/24 maxlen: 24
185.95.159.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:71:61:f4:ca:5c:2c:d6:28:fa:92:7c:e7:d4:2c:03:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Mar 7 16:13:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aa41b7dfa8d6deac3ed8512aba0fc66b8fdd390f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:2b:93:af:8c:4d:c6:5f:b0:44:66:f0:28:bb:
16:fc:92:ee:6b:ab:f4:05:d0:8a:75:01:d2:77:23:
ea:ad:fa:a7:1c:81:8d:cd:da:ca:ad:7e:6e:34:29:
6e:80:ec:2c:f7:ab:ec:95:8a:d5:b7:c2:65:ff:7b:
78:86:9e:bc:10:14:b0:53:4d:6f:c8:f2:7d:ea:32:
46:5d:c1:0d:6e:db:ae:7f:94:1c:90:41:62:d2:07:
71:bc:d9:0b:e3:d0:b8:47:73:79:82:9b:19:8b:70:
f0:84:a4:bf:0e:f7:2f:bc:62:39:61:b7:c5:12:42:
8f:e9:88:75:02:d4:f5:52:b7:b4:ee:64:c9:76:cb:
93:74:b1:44:fe:8f:f2:f0:75:10:3f:04:32:36:fc:
28:d1:cb:e9:b6:77:fd:12:81:f0:bb:db:7f:d8:82:
b6:04:de:b0:5c:4f:1a:3d:bd:67:a4:b2:1d:77:6c:
fa:83:0f:f0:1b:9e:5a:43:d4:5a:b4:84:b6:41:93:
22:c7:6a:c2:e8:15:bf:f4:7a:97:55:d6:47:d0:f7:
7c:bd:51:da:5b:6a:d9:07:88:ca:13:9b:46:ea:79:
28:4b:e3:a2:75:f8:71:b8:9d:b6:55:5b:6b:35:e2:
75:1d:03:83:c9:b9:50:00:3c:1c:4d:a1:7c:83:da:
0e:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:41:B7:DF:A8:D6:DE:AC:3E:D8:51:2A:BA:0F:C6:6B:8F:DD:39:0F
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/qkG336jW3qw-2FEqug_Ga4_dOQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.144.0/24
85.239.146.0/23
85.239.149.0/24
85.239.151.0/24
185.95.156.0/24
185.95.159.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:0a:a8:9c:45:02:08:dd:6b:af:d9:56:d4:de:33:60:1e:fc:
cc:0e:4b:0a:00:c8:20:5f:cc:54:a2:20:79:22:16:03:55:f2:
74:c8:4d:08:f0:9a:15:56:8a:04:4b:fb:a4:cb:a3:2b:9f:09:
c5:01:d6:7f:c6:c7:8e:6b:c6:34:66:b7:3a:ad:58:e4:6b:04:
e2:f5:75:9d:06:9d:80:fc:ed:ad:05:b8:ee:47:a5:25:d2:7b:
67:84:75:00:36:f4:9f:b8:81:bd:11:bf:76:0a:c9:a3:d1:17:
18:46:77:e6:07:63:1f:69:ca:2e:d6:e0:2e:ec:1f:0f:ca:ba:
da:92:de:03:5c:51:c0:c8:94:f9:a6:e7:01:2b:d3:cf:f7:01:
b9:e7:fa:c7:c2:9f:87:2d:cb:bc:34:d3:95:0f:0b:83:b8:6a:
e7:33:9b:dc:92:16:d3:08:30:3e:33:8a:10:b0:2b:e4:45:d7:
a9:7b:f9:0b:8c:fe:79:eb:74:76:e9:31:a0:eb:79:64:a8:a7:
b4:e7:96:e9:23:8b:53:ca:dd:03:f7:39:ad:d7:02:9b:62:31:
da:c6:43:2d:80:68:d3:01:53:3d:e8:11:05:c0:a4:e5:c3:3f:
f5:2c:c5:fd:5d:2e:7e:88:cc:dd:8d:37:3e:b2:f1:0f:47:5e:
80:a9:57:d1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZVxYfTKXCzWKPqSfOfULANCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjUwMzA3MTYxMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQxYjdkZmE4ZDZkZWFjM2VkODUxMmFiYTBmYzY2YjhmZGQzOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyuTr4xNxl+wRGbwKLsW/JLua6v0
BdCKdQHSdyPqrfqnHIGNzdrKrX5uNClugOws96vslYrVt8Jl/3t4hp68EBSwU01v
yPJ96jJGXcENbtuuf5QckEFi0gdxvNkL49C4R3N5gpsZi3DwhKS/DvcvvGI5YbfF
EkKP6Yh1AtT1Ure07mTJdsuTdLFE/o/y8HUQPwQyNvwo0cvptnf9EoHwu9t/2IK2
BN6wXE8aPb1npLIdd2z6gw/wG55aQ9RatIS2QZMix2rC6BW/9HqXVdZH0Pd8vVHa
W2rZB4jKE5tG6nkoS+OidfhxuJ22VVtrNeJ1HQODyblQADwcTaF8g9oOdQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKpBt9+o1t6sPthRKroPxmuP3TkPMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvcWtHMzM2alczcXctMkZFcXVnX0dhNF9kT1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVe+QAwQB
Ve+SAwQAVe+VAwQAVe+XAwQAuV+cAwQAuV+fMA0GCSqGSIb3DQEBCwUAA4IBAQBP
CqicRQII3Wuv2VbU3jNgHvzMDksKAMggX8xUoiB5IhYDVfJ0yE0I8JoVVooES/uk
y6MrnwnFAdZ/xseOa8Y0Zrc6rVjkawTi9XWdBp2A/O2tBbjuR6Ul0ntnhHUANvSf
uIG9Eb92Csmj0RcYRnfmB2Mfacou1uAu7B8Pyrrakt4DXFHAyJT5pucBK9PP9wG5
5/rHwp+HLcu8NNOVDwuDuGrnM5vckhbTCDA+M4oQsCvkRdepe/kLjP5563R26TGg
63lkqKe055bpI4tTyt0D9zmt1wKbYjHaxkMtgGjTAVM96BEFwKTlwz/1LMX9XS5+
iMzdjTc+svEPR16AqVfR
-----END CERTIFICATE-----
Generated at Mon Apr 7 01:05:41 2025 by rpki-client