Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/agnml2BoZnHcte3vAx95htHMxBs.roa
File: agnml2BoZnHcte3vAx95htHMxBs.roa (raw, json)
Hash identifier: 2HEzDKJFq3kC6T211YFaUksF6gjmrNkAZDecesO3QWc=
Subject key identifier: 6A:09:E6:97:60:68:66:71:DC:B5:ED:EF:03:1F:79:86:D1:CC:C4:1B
Certificate issuer: /CN=6029b1a08139e1da9643dd0424f5cd64507e3771
Certificate serial: 019421B1CF82AE8A7BF8DDE7892A7AD4709C
Authority key identifier: 60:29:B1:A0:81:39:E1:DA:96:43:DD:04:24:F5:CD:64:50:7E:37:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YCmxoIE54dqWQ90EJPXNZFB-N3E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/agnml2BoZnHcte3vAx95htHMxBs.roa
Signing time: Wed 01 Jan 2025 11:48:08 +0000
ROA not before: Wed 01 Jan 2025 11:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204002
IP address blocks: 185.43.88.0/24 maxlen: 24
185.43.89.0/24 maxlen: 24
185.43.90.0/24 maxlen: 24
185.43.91.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:cf:82:ae:8a:7b:f8:dd:e7:89:2a:7a:d4:70:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6029b1a08139e1da9643dd0424f5cd64507e3771
Validity
Not Before: Jan 1 11:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6a09e69760686671dcb5edef031f7986d1ccc41b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:7e:3f:98:7e:18:08:89:ed:7a:56:bf:87:d5:
46:e8:cd:0f:2a:72:80:8a:a1:44:02:61:41:d7:bc:
15:db:f7:b5:2b:d1:01:5b:23:8d:3d:78:0c:1b:5a:
5b:f8:51:7d:a4:15:76:54:8b:26:96:40:01:3c:1d:
80:b5:c5:b2:4b:54:1f:6a:68:15:aa:05:1a:e5:f4:
9a:6b:e5:9b:ac:58:48:69:7f:f7:ef:99:92:ea:e4:
ad:ce:8d:e6:af:4a:bf:fe:fe:98:98:6f:df:8e:28:
ba:35:11:1e:e7:46:db:c1:85:6d:bc:12:12:79:f0:
36:d4:5a:e1:64:71:55:a7:cd:38:76:58:41:22:17:
6d:6c:3c:42:61:57:7a:bf:8d:43:7d:bf:49:b9:6c:
37:ee:20:35:c8:ea:ef:29:c2:f0:36:34:cc:55:1f:
ae:24:95:66:5b:0f:fe:f4:26:15:c7:6f:2d:96:94:
20:39:8e:fc:c5:43:10:90:ac:be:0a:38:a1:47:ec:
ad:34:a5:82:ca:fd:b6:97:8e:99:fb:17:c4:3d:7d:
93:38:ad:15:eb:0d:4a:6b:e6:a8:65:05:72:f5:96:
aa:8d:e6:63:05:92:d4:15:7e:68:4b:2e:56:39:97:
9a:32:5f:90:f3:31:8a:06:f9:1f:23:48:bd:b2:de:
cc:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:09:E6:97:60:68:66:71:DC:B5:ED:EF:03:1F:79:86:D1:CC:C4:1B
X509v3 Authority Key Identifier:
keyid:60:29:B1:A0:81:39:E1:DA:96:43:DD:04:24:F5:CD:64:50:7E:37:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YCmxoIE54dqWQ90EJPXNZFB-N3E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/agnml2BoZnHcte3vAx95htHMxBs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3d56f6-9410-4844-a472-5615513fdcf4/1/YCmxoIE54dqWQ90EJPXNZFB-N3E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.43.88.0/22
Signature Algorithm: sha256WithRSAEncryption
07:3d:63:44:43:de:9e:5e:5f:b1:92:75:a9:29:6c:b6:d8:cc:
9d:68:1b:82:3a:87:e2:de:1b:a4:dc:a9:53:95:1d:a4:bf:40:
b1:fe:c2:f9:f1:d2:67:4f:f5:95:ce:52:83:cf:c5:05:fb:2c:
e9:73:d8:f8:be:70:5e:32:5b:43:09:54:cf:a5:87:b5:c8:5b:
63:9a:6b:e7:ad:bc:6a:de:cf:81:b7:fb:9b:33:07:1a:b6:4d:
e5:bf:80:22:22:5a:02:00:e9:56:90:95:5a:ae:ad:0e:b5:ff:
cc:57:27:01:9c:67:e0:8b:b3:0c:c1:c3:51:63:f1:e5:da:6a:
91:89:66:7f:6c:1f:c7:6e:a5:96:bc:3b:3e:d5:fe:dc:99:b7:
fe:43:53:24:ae:c5:9a:cf:0e:5e:00:00:74:4f:77:ed:4b:3a:
ba:1d:76:78:99:53:59:f3:74:66:1f:6d:de:ac:89:c3:dd:cf:
d9:73:1f:75:0a:29:52:3d:4a:44:5c:9d:fe:89:44:ab:51:88:
85:46:e3:1f:fe:27:eb:ba:02:93:05:a5:68:ef:60:b6:c1:fd:
c1:08:33:2e:08:01:60:82:57:9e:9c:43:a9:f6:da:4b:a7:fa:
a2:28:5f:03:84:dc:80:ab:d1:75:35:3c:59:69:bd:1b:b0:68:
d8:61:3c:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsc+Crop7+N3niSp61HCcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMjliMWEwODEzOWUxZGE5NjQzZGQwNDI0ZjVjZDY0NTA3
ZTM3NzEwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA5ZTY5NzYwNjg2NjcxZGNiNWVkZWYwMzFmNzk4NmQxY2NjNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH4/mH4YCIntela/h9VG6M0PKnKA
iqFEAmFB17wV2/e1K9EBWyONPXgMG1pb+FF9pBV2VIsmlkABPB2AtcWyS1QfamgV
qgUa5fSaa+WbrFhIaX/375mS6uStzo3mr0q//v6YmG/fjii6NREe50bbwYVtvBIS
efA21FrhZHFVp804dlhBIhdtbDxCYVd6v41Dfb9JuWw37iA1yOrvKcLwNjTMVR+u
JJVmWw/+9CYVx28tlpQgOY78xUMQkKy+CjihR+ytNKWCyv22l46Z+xfEPX2TOK0V
6w1Ka+aoZQVy9ZaqjeZjBZLUFX5oSy5WOZeaMl+Q8zGKBvkfI0i9st7MNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoJ5pdgaGZx3LXt7wMfeYbRzMQbMB8GA1UdIwQY
MBaAFGApsaCBOeHalkPdBCT1zWRQfjdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUNteG9JRTU0ZHFXUTkwRUpQWE5aRkItTjNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZDU2ZjYtOTQxMC00ODQ0LWE0NzIt
NTYxNTUxM2ZkY2Y0LzEvYWdubWwyQm9abkhjdGUzdkF4OTVodEhNeEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZDU2ZjYtOTQxMC00ODQ0LWE0NzItNTYxNTUxM2ZkY2Y0
LzEvWUNteG9JRTU0ZHFXUTkwRUpQWE5aRkItTjNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuStYMA0G
CSqGSIb3DQEBCwUAA4IBAQAHPWNEQ96eXl+xknWpKWy22MydaBuCOofi3huk3KlT
lR2kv0Cx/sL58dJnT/WVzlKDz8UF+yzpc9j4vnBeMltDCVTPpYe1yFtjmmvnrbxq
3s+Bt/ubMwcatk3lv4AiIloCAOlWkJVarq0Otf/MVycBnGfgi7MMwcNRY/Hl2mqR
iWZ/bB/HbqWWvDs+1f7cmbf+Q1MkrsWazw5eAAB0T3ftSzq6HXZ4mVNZ83RmH23e
rInD3c/Zcx91CilSPUpEXJ3+iUSrUYiFRuMf/ifrugKTBaVo72C2wf3BCDMuCAFg
gleenEOp9tpLp/qiKF8DhNyAq9F1NTxZab0bsGjYYTxY
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:31:11 2025 by rpki-client