Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/aZyh2bGavWMEtRLXP-7Y1R8X-Y0.roa
File: aZyh2bGavWMEtRLXP-7Y1R8X-Y0.roa (raw, json)
Hash identifier: NjEGrzochj3uyTLfOAhI65U3A0Px5muzxgwBE8Tvpko=
Subject key identifier: 69:9C:A1:D9:B1:9A:BD:63:04:B5:12:D7:3F:EE:D8:D5:1F:17:F9:8D
Certificate issuer: /CN=ff24b72f5f9040d4d22688f5ea511f615f15004c
Certificate serial: 01856D8AF938569B0459DC59448137FD820C
Authority key identifier: FF:24:B7:2F:5F:90:40:D4:D2:26:88:F5:EA:51:1F:61:5F:15:00:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_yS3L1-QQNTSJoj16lEfYV8VAEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/aZyh2bGavWMEtRLXP-7Y1R8X-Y0.roa
Signing time: Sun 01 Jan 2023 13:35:02 +0000
ROA not before: Sun 01 Jan 2023 13:35:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25151
IP address blocks: 81.24.0.0/20 maxlen: 24
185.78.196.0/22 maxlen: 24
2a05:6cc0::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8a:f9:38:56:9b:04:59:dc:59:44:81:37:fd:82:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff24b72f5f9040d4d22688f5ea511f615f15004c
Validity
Not Before: Jan 1 13:35:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=699ca1d9b19abd6304b512d73feed8d51f17f98d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:5e:2f:92:9e:8b:ea:2f:e1:12:fe:16:c1:6d:
a7:23:e0:b4:53:00:ec:27:a1:5b:79:96:a7:20:e3:
ab:7d:85:c2:1d:7d:c9:b0:fa:d0:66:35:26:0a:eb:
c9:0f:57:98:2e:66:91:55:b7:db:cf:41:ae:52:66:
dc:27:87:76:b5:05:51:18:f9:39:88:b1:96:42:de:
55:51:96:26:8e:6c:ea:33:b6:01:71:06:e2:8f:99:
5c:96:ed:92:c0:51:24:7c:65:e3:4b:78:37:c9:ac:
ce:ee:9f:4d:9a:d8:33:d0:51:97:bb:c4:0f:07:35:
f2:da:a9:1e:5c:67:d7:1e:36:99:6a:4b:67:d7:02:
1a:b5:ba:97:5d:09:fa:19:12:be:14:53:a1:2d:dd:
8d:9b:e9:01:cf:ac:ef:d2:53:78:d5:ee:ad:30:e3:
5e:6c:c4:8e:38:34:88:8b:7e:97:b9:8b:f6:ca:49:
63:ba:56:ad:a2:27:f3:4a:cc:2b:c0:a1:82:37:0e:
9d:7c:f6:3f:fe:91:16:aa:02:6a:1e:0f:32:2d:46:
85:d6:63:da:33:e5:51:a6:8b:b6:11:1c:d3:93:5c:
1f:87:1a:49:c6:d6:b7:d0:78:31:0f:7a:0a:1e:f5:
49:0a:4f:28:e6:62:2d:09:a2:d0:1a:49:f3:6f:2b:
cc:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:9C:A1:D9:B1:9A:BD:63:04:B5:12:D7:3F:EE:D8:D5:1F:17:F9:8D
X509v3 Authority Key Identifier:
keyid:FF:24:B7:2F:5F:90:40:D4:D2:26:88:F5:EA:51:1F:61:5F:15:00:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_yS3L1-QQNTSJoj16lEfYV8VAEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/aZyh2bGavWMEtRLXP-7Y1R8X-Y0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/798745-e247-4a87-ba1d-b66d8664b09b/1/_yS3L1-QQNTSJoj16lEfYV8VAEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.24.0.0/20
185.78.196.0/22
IPv6:
2a05:6cc0::/29
Signature Algorithm: sha256WithRSAEncryption
20:5f:32:39:0b:32:af:fe:49:46:73:24:ff:4e:e6:18:b2:2a:
34:85:79:e8:8f:66:89:15:f5:1f:d6:9d:04:7a:ea:ac:bb:e9:
b9:fd:48:6e:f8:c8:05:e1:74:79:93:93:2f:a5:91:10:fb:81:
a0:51:89:bc:b3:22:3f:66:85:5f:ed:2c:dd:3c:c1:e3:e9:6b:
0a:23:ad:f3:a4:f3:4f:27:d9:12:b8:50:7f:52:c3:8a:5b:79:
ab:23:a2:b5:f2:b0:8c:02:66:09:37:07:bf:7d:3c:6c:c5:f9:
61:cd:d1:85:fe:a9:b0:59:56:f6:54:fb:8f:82:6b:bd:9b:b9:
70:ee:34:61:94:f1:23:69:ba:49:ef:d7:44:0f:d7:a2:8c:a9:
1c:31:fb:5f:33:52:80:d1:3a:dd:1b:ec:3a:8a:dd:c8:6d:c6:
92:b5:09:fa:64:1d:6b:e6:58:4f:86:22:6d:d8:a3:f1:1b:ed:
e8:01:2e:24:69:ff:e4:38:3e:6b:19:27:7e:b9:df:65:66:c9:
99:e3:d4:f1:88:3d:16:ca:a6:2b:77:26:be:f7:68:57:2e:45:
b4:fb:66:77:2b:5e:f3:28:9f:88:8e:98:f8:6a:ab:fb:b8:03:
c2:76:1c:f4:de:69:5c:c8:30:69:d7:41:cd:67:7d:e2:67:ff:
2f:be:6f:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtivk4VpsEWdxZRIE3/YIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMjRiNzJmNWY5MDQwZDRkMjI2ODhmNWVhNTExZjYxNWYx
NTAwNGMwHhcNMjMwMTAxMTMzNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTljYTFkOWIxOWFiZDYzMDRiNTEyZDczZmVlZDhkNTFmMTdmOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo14vkp6L6i/hEv4WwW2nI+C0UwDs
J6FbeZanIOOrfYXCHX3JsPrQZjUmCuvJD1eYLmaRVbfbz0GuUmbcJ4d2tQVRGPk5
iLGWQt5VUZYmjmzqM7YBcQbij5lclu2SwFEkfGXjS3g3yazO7p9Nmtgz0FGXu8QP
BzXy2qkeXGfXHjaZaktn1wIatbqXXQn6GRK+FFOhLd2Nm+kBz6zv0lN41e6tMONe
bMSOODSIi36XuYv2ykljulatoifzSswrwKGCNw6dfPY//pEWqgJqHg8yLUaF1mPa
M+VRpou2ERzTk1wfhxpJxta30HgxD3oKHvVJCk8o5mItCaLQGknzbyvMzwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGmcodmxmr1jBLUS1z/u2NUfF/mNMB8GA1UdIwQY
MBaAFP8kty9fkEDU0iaI9epRH2FfFQBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lTM0wxLVFRTlRTSm9qMTZsRWZZVjhWQUV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy83OTg3NDUtZTI0Ny00YTg3LWJhMWQt
YjY2ZDg2NjRiMDliLzEvYVp5aDJiR2F2V01FdFJMWFAtN1kxUjhYLVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy83OTg3NDUtZTI0Ny00YTg3LWJhMWQtYjY2ZDg2NjRiMDli
LzEvX3lTM0wxLVFRTlRTSm9qMTZsRWZZVjhWQUV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEURgAAwQC
uU7EMA0EAgACMAcDBQMqBWzAMA0GCSqGSIb3DQEBCwUAA4IBAQAgXzI5CzKv/klG
cyT/TuYYsio0hXnoj2aJFfUf1p0Eeuqsu+m5/Uhu+MgF4XR5k5MvpZEQ+4GgUYm8
syI/ZoVf7SzdPMHj6WsKI63zpPNPJ9kSuFB/UsOKW3mrI6K18rCMAmYJNwe/fTxs
xflhzdGF/qmwWVb2VPuPgmu9m7lw7jRhlPEjabpJ79dED9eijKkcMftfM1KA0Trd
G+w6it3IbcaStQn6ZB1r5lhPhiJt2KPxG+3oAS4kaf/kOD5rGSd+ud9lZsmZ49Tx
iD0WyqYrdya+92hXLkW0+2Z3K17zKJ+Ijpj4aqv7uAPCdhz03mlcyDBp10HNZ33i
Z/8vvm80
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:26:25 2025 by rpki-client