Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/QQlxlfhA9BwLpxAQMkShfHqNuQ8.roa
File: QQlxlfhA9BwLpxAQMkShfHqNuQ8.roa (raw, json)
Hash identifier: J1jtN5BQZROl/8dEYO5qeCL3b90fBYd6l0TNzemkVxs=
Subject key identifier: 41:09:71:95:F8:40:F4:1C:0B:A7:10:10:32:44:A1:7C:7A:8D:B9:0F
Certificate issuer: /CN=6001b953c6be1f91831d68a5c0115c20e0cd7f9a
Certificate serial: 019424B3EAE0C939C552A0A58C18C5A9E59E
Authority key identifier: 60:01:B9:53:C6:BE:1F:91:83:1D:68:A5:C0:11:5C:20:E0:CD:7F:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YAG5U8a-H5GDHWilwBFcIODNf5o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/QQlxlfhA9BwLpxAQMkShfHqNuQ8.roa
Signing time: Thu 02 Jan 2025 01:49:18 +0000
ROA not before: Thu 02 Jan 2025 01:49:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42220
IP address blocks: 185.214.176.0/22 maxlen: 24
217.18.160.0/20 maxlen: 24
2a03:9520::/32 maxlen: 64
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:b3:ea:e0:c9:39:c5:52:a0:a5:8c:18:c5:a9:e5:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6001b953c6be1f91831d68a5c0115c20e0cd7f9a
Validity
Not Before: Jan 2 01:49:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=41097195f840f41c0ba710103244a17c7a8db90f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:c8:cd:95:5a:f8:71:5f:54:18:f2:6e:be:95:
9f:41:1e:0c:33:e4:82:bb:08:7a:a2:74:fe:48:ca:
23:b4:84:2a:85:23:f2:f6:09:4e:ea:fb:58:ed:e4:
50:dc:2b:70:7c:83:6c:f7:3d:7d:83:f7:bc:89:a8:
eb:c8:41:23:5b:b7:f5:4b:5f:c7:6b:da:1e:aa:9e:
ec:42:28:e2:82:7a:11:dc:13:45:33:90:c1:a8:bc:
30:fa:fb:87:75:3c:23:c2:4c:66:b4:62:e1:44:fb:
72:43:c7:8b:f9:28:32:16:2a:4a:09:26:96:05:31:
68:04:aa:11:6c:2f:c2:e9:89:48:86:76:3f:38:82:
e1:bc:3b:e1:09:f0:20:86:59:c4:05:cf:d9:68:2b:
83:60:dd:52:a5:68:47:fa:c4:d7:10:97:8c:92:09:
79:41:2b:3b:c2:c7:20:db:f0:e5:31:ef:57:9c:d3:
c7:10:9a:d1:f8:84:ae:7d:1f:a7:16:03:39:68:ff:
d7:82:44:a2:a9:ca:32:80:da:66:2c:3f:d0:3a:f9:
62:a7:19:78:99:29:d8:b6:6f:bb:6e:9b:cd:b3:85:
09:55:c2:57:a2:74:e7:f2:ae:7b:77:e0:65:11:3f:
45:1f:94:cc:93:e0:8c:46:82:cd:fa:b4:0d:22:a5:
ee:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:09:71:95:F8:40:F4:1C:0B:A7:10:10:32:44:A1:7C:7A:8D:B9:0F
X509v3 Authority Key Identifier:
keyid:60:01:B9:53:C6:BE:1F:91:83:1D:68:A5:C0:11:5C:20:E0:CD:7F:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAG5U8a-H5GDHWilwBFcIODNf5o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/QQlxlfhA9BwLpxAQMkShfHqNuQ8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/213be6-ecb9-4300-8346-a647675f46b6/1/YAG5U8a-H5GDHWilwBFcIODNf5o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.214.176.0/22
217.18.160.0/20
IPv6:
2a03:9520::/32
Signature Algorithm: sha256WithRSAEncryption
b7:27:09:73:6f:b9:45:02:8e:ea:8a:25:e0:97:22:fd:3f:56:
1b:c6:7b:3e:ce:73:b3:34:57:06:20:40:a3:6b:79:99:02:af:
65:e2:f5:2a:64:a8:d9:98:1d:1c:08:94:27:64:76:63:d3:5a:
41:64:7b:55:f7:33:60:e1:19:e5:28:cf:5c:00:16:0a:bc:76:
b5:08:f3:a3:4d:d4:5a:29:e1:b8:89:41:c0:9a:b8:50:f9:12:
25:8f:e6:9f:d7:ae:07:49:f5:78:b5:78:d4:7c:b5:a0:93:50:
d4:9f:eb:21:d0:9a:b3:9b:2d:47:e5:76:0b:e2:34:c5:13:63:
f8:9f:c6:d0:b9:6b:1c:61:18:11:9f:96:1b:e4:18:9c:45:e6:
bd:39:ce:12:ee:3c:9f:97:24:80:88:cb:23:62:1f:83:29:46:
e5:72:e8:28:84:fb:c7:3d:d0:64:70:a3:e1:89:f5:f6:22:85:
5f:24:8c:91:65:c1:de:1c:26:d4:41:f8:5e:75:97:c8:44:d4:
81:dd:db:9f:72:d2:33:73:0a:12:4f:28:b3:9d:b1:ff:a9:93:
03:5e:f8:24:0c:9b:5c:f9:49:44:69:b1:a9:98:d7:e4:46:90:
58:ab:07:84:e7:08:f3:ff:e1:54:21:c9:bc:d0:2c:d8:b5:50:
55:6a:53:72
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks+rgyTnFUqCljBjFqeWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMDFiOTUzYzZiZTFmOTE4MzFkNjhhNWMwMTE1YzIwZTBj
ZDdmOWEwHhcNMjUwMTAyMDE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA5NzE5NWY4NDBmNDFjMGJhNzEwMTAzMjQ0YTE3YzdhOGRiOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsjNlVr4cV9UGPJuvpWfQR4MM+SC
uwh6onT+SMojtIQqhSPy9glO6vtY7eRQ3CtwfINs9z19g/e8iajryEEjW7f1S1/H
a9oeqp7sQijignoR3BNFM5DBqLww+vuHdTwjwkxmtGLhRPtyQ8eL+SgyFipKCSaW
BTFoBKoRbC/C6YlIhnY/OILhvDvhCfAghlnEBc/ZaCuDYN1SpWhH+sTXEJeMkgl5
QSs7wscg2/DlMe9XnNPHEJrR+ISufR+nFgM5aP/XgkSiqcoygNpmLD/QOvlipxl4
mSnYtm+7bpvNs4UJVcJXonTn8q57d+BlET9FH5TMk+CMRoLN+rQNIqXu7QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEEJcZX4QPQcC6cQEDJEoXx6jbkPMB8GA1UdIwQY
MBaAFGABuVPGvh+Rgx1opcARXCDgzX+aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUFHNVU4YS1INUdESFdpbHdCRmNJT0ROZjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8yMTNiZTYtZWNiOS00MzAwLTgzNDYt
YTY0NzY3NWY0NmI2LzEvUVFseGxmaEE5QndMcHhBUU1rU2hmSHFOdVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8yMTNiZTYtZWNiOS00MzAwLTgzNDYtYTY0NzY3NWY0NmI2
LzEvWUFHNVU4YS1INUdESFdpbHdCRmNJT0ROZjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCudawAwQE
2RKgMA0EAgACMAcDBQAqA5UgMA0GCSqGSIb3DQEBCwUAA4IBAQC3Jwlzb7lFAo7q
iiXglyL9P1Ybxns+znOzNFcGIECja3mZAq9l4vUqZKjZmB0cCJQnZHZj01pBZHtV
9zNg4RnlKM9cABYKvHa1CPOjTdRaKeG4iUHAmrhQ+RIlj+af164HSfV4tXjUfLWg
k1DUn+sh0Jqzmy1H5XYL4jTFE2P4n8bQuWscYRgRn5Yb5BicRea9Oc4S7jyflySA
iMsjYh+DKUblcugohPvHPdBkcKPhifX2IoVfJIyRZcHeHCbUQfhedZfIRNSB3duf
ctIzcwoSTyiznbH/qZMDXvgkDJtc+UlEabGpmNfkRpBYqweE5wjz/+FUIcm80CzY
tVBValNy
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:52:57 2025 by rpki-client