Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/Q41X_j-X6MEBsrlAhkOF1wVzhbk.roa
File: Q41X_j-X6MEBsrlAhkOF1wVzhbk.roa (raw, json)
Hash identifier: YBskpCx6COz+43ChHeDsLz5PAi6tPK0b2nqeQTQNIwI=
Subject key identifier: 43:8D:57:FE:3F:97:E8:C1:01:B2:B9:40:86:43:85:D7:05:73:85:B9
Certificate issuer: /CN=9b3620d6798e7eb186639c4548a0696af6e30589
Certificate serial: 019422FB7E416D66C60F60083A1F312BB3C2
Authority key identifier: 9B:36:20:D6:79:8E:7E:B1:86:63:9C:45:48:A0:69:6A:F6:E3:05:89
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mzYg1nmOfrGGY5xFSKBpavbjBYk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/Q41X_j-X6MEBsrlAhkOF1wVzhbk.roa
Signing time: Wed 01 Jan 2025 17:48:14 +0000
ROA not before: Wed 01 Jan 2025 17:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16189
IP address blocks: 185.171.4.0/22 maxlen: 24
2a07:97c0::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:7e:41:6d:66:c6:0f:60:08:3a:1f:31:2b:b3:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9b3620d6798e7eb186639c4548a0696af6e30589
Validity
Not Before: Jan 1 17:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=438d57fe3f97e8c101b2b940864385d7057385b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:e0:72:bb:fb:01:7d:8e:d8:af:03:46:a2:48:
c4:65:f0:f9:10:9e:ea:3e:59:5d:83:d0:bd:e7:e1:
86:cc:ff:c3:52:51:d2:5b:59:06:d8:bf:46:4b:ce:
04:7d:43:93:c0:b4:72:af:7b:88:01:ce:5b:8f:89:
24:e1:50:e2:de:91:ef:5e:39:c0:bc:fb:d2:b1:33:
ee:b2:9b:a8:e6:e6:cf:ec:87:05:a2:6b:0f:ac:4b:
fc:ac:15:92:f3:b5:b0:fb:3d:6e:41:7e:32:8d:c1:
ab:39:9b:55:1a:18:1c:e4:9e:6c:32:47:ec:d6:1a:
44:23:e0:26:2e:1d:63:a5:72:40:93:2e:96:47:04:
f7:27:86:b4:6e:37:d8:94:15:50:00:d1:7a:7c:4a:
47:d7:c3:82:51:c9:10:81:72:35:a8:ce:26:6d:ed:
15:82:58:bf:7f:26:e8:bd:fe:19:94:f5:b6:11:b5:
7c:c7:b5:d7:36:b0:54:86:00:db:84:d9:97:c1:11:
0e:43:88:26:f0:87:96:d3:9c:6b:07:f4:f1:0c:0b:
fe:f7:16:82:00:c7:0d:98:19:38:14:0b:e5:92:43:
1e:58:ac:46:75:75:59:55:2c:33:c3:3a:72:9e:57:
a8:15:05:eb:70:5e:90:8a:f4:ee:ea:ff:02:57:3d:
63:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:8D:57:FE:3F:97:E8:C1:01:B2:B9:40:86:43:85:D7:05:73:85:B9
X509v3 Authority Key Identifier:
keyid:9B:36:20:D6:79:8E:7E:B1:86:63:9C:45:48:A0:69:6A:F6:E3:05:89
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mzYg1nmOfrGGY5xFSKBpavbjBYk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/Q41X_j-X6MEBsrlAhkOF1wVzhbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6b604b-4eed-4393-8e8c-cba0631f293f/1/mzYg1nmOfrGGY5xFSKBpavbjBYk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.171.4.0/22
IPv6:
2a07:97c0::/29
Signature Algorithm: sha256WithRSAEncryption
aa:76:2b:1f:2b:3e:36:fe:8c:2c:d1:c6:d4:b4:85:46:d7:57:
84:b6:7d:20:b7:91:f8:47:b0:dd:65:ae:24:4d:dd:66:5a:ae:
2f:c3:c6:a5:41:fb:d2:7e:94:41:4b:bb:ed:c4:da:51:e2:42:
f6:2e:27:13:cf:4b:25:0b:53:9e:ae:24:fe:87:39:1b:a0:60:
19:fe:64:b3:66:43:64:e7:4a:91:a2:0d:0b:db:d1:6f:75:ed:
03:04:55:d9:50:4f:ca:49:f5:51:81:d7:51:76:28:97:5a:a5:
05:e1:bf:6b:67:82:e7:ec:7c:c8:72:35:6f:da:f9:5d:51:44:
4e:78:20:99:10:3f:6c:af:49:c5:b2:9b:50:29:5f:14:5e:b1:
0d:a3:03:c8:cc:8f:74:48:4b:4b:31:a4:0e:3f:e2:6b:1a:81:
3e:4e:a6:09:8f:3b:11:5f:3d:20:67:e3:b9:b8:6e:28:1c:37:
d6:d6:04:bf:02:cd:60:45:a0:06:8e:62:40:6b:e6:30:96:26:
5b:ce:0f:49:d0:4a:a7:81:3a:34:73:a9:fb:1c:ad:82:0c:c4:
34:03:ab:19:8d:b8:d1:98:e9:6b:c1:b0:0a:e5:2e:eb:e4:3f:
62:29:ed:1e:55:32:11:93:b6:0b:4c:f0:d3:07:6f:17:c1:42:
e5:08:51:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+35BbWbGD2AIOh8xK7PCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMzYyMGQ2Nzk4ZTdlYjE4NjYzOWM0NTQ4YTA2OTZhZjZl
MzA1ODkwHhcNMjUwMTAxMTc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhkNTdmZTNmOTdlOGMxMDFiMmI5NDA4NjQzODVkNzA1NzM4NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzOByu/sBfY7YrwNGokjEZfD5EJ7q
Plldg9C95+GGzP/DUlHSW1kG2L9GS84EfUOTwLRyr3uIAc5bj4kk4VDi3pHvXjnA
vPvSsTPuspuo5ubP7IcFomsPrEv8rBWS87Ww+z1uQX4yjcGrOZtVGhgc5J5sMkfs
1hpEI+AmLh1jpXJAky6WRwT3J4a0bjfYlBVQANF6fEpH18OCUckQgXI1qM4mbe0V
gli/fybovf4ZlPW2EbV8x7XXNrBUhgDbhNmXwREOQ4gm8IeW05xrB/TxDAv+9xaC
AMcNmBk4FAvlkkMeWKxGdXVZVSwzwzpynleoFQXrcF6QivTu6v8CVz1jgQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEONV/4/l+jBAbK5QIZDhdcFc4W5MB8GA1UdIwQY
MBaAFJs2INZ5jn6xhmOcRUigaWr24wWJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXpZZzFubU9mckdHWTV4RlNLQnBhdmJqQllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82YjYwNGItNGVlZC00MzkzLThlOGMt
Y2JhMDYzMWYyOTNmLzEvUTQxWF9qLVg2TUVCc3JsQWhrT0Yxd1Z6aGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82YjYwNGItNGVlZC00MzkzLThlOGMtY2JhMDYzMWYyOTNm
LzEvbXpZZzFubU9mckdHWTV4RlNLQnBhdmJqQllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuasEMA0E
AgACMAcDBQMqB5fAMA0GCSqGSIb3DQEBCwUAA4IBAQCqdisfKz42/ows0cbUtIVG
11eEtn0gt5H4R7DdZa4kTd1mWq4vw8alQfvSfpRBS7vtxNpR4kL2LicTz0slC1Oe
riT+hzkboGAZ/mSzZkNk50qRog0L29Fvde0DBFXZUE/KSfVRgddRdiiXWqUF4b9r
Z4Ln7HzIcjVv2vldUUROeCCZED9sr0nFsptQKV8UXrENowPIzI90SEtLMaQOP+Jr
GoE+TqYJjzsRXz0gZ+O5uG4oHDfW1gS/As1gRaAGjmJAa+YwliZbzg9J0EqngTo0
c6n7HK2CDMQ0A6sZjbjRmOlrwbAK5S7r5D9iKe0eVTIRk7YLTPDTB28XwULlCFGC
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:31:11 2025 by rpki-client