Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/BpxpMqtX2BI2HvmcJUH48xghR8g.roa
File: BpxpMqtX2BI2HvmcJUH48xghR8g.roa (raw, json)
Hash identifier: mXU7HG44i69F2PkGAd8XWDXPFOvH8VQ4AEhwr2wm/4A=
Subject key identifier: 06:9C:69:32:AB:57:D8:12:36:1E:F9:9C:25:41:F8:F3:18:21:47:C8
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 0195D1BBA2576168AD5A639471A85C980EDA
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/BpxpMqtX2BI2HvmcJUH48xghR8g.roa
Signing time: Wed 26 Mar 2025 09:14:49 +0000
ROA not before: Wed 26 Mar 2025 09:14:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397451
IP address blocks: 85.204.196.0/23 maxlen: 23
85.204.196.0/24 maxlen: 24
85.204.197.0/24 maxlen: 24
89.46.112.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:bb:a2:57:61:68:ad:5a:63:94:71:a8:5c:98:0e:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Mar 26 09:14:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=069c6932ab57d812361ef99c2541f8f3182147c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:5a:96:b2:71:44:17:d7:ab:bc:22:22:29:fa:
c3:34:04:29:8a:09:39:2c:98:70:12:55:8b:88:4e:
13:42:da:83:f6:06:d6:69:35:bb:aa:9f:a7:5a:0b:
a6:ce:8d:41:58:1a:77:2b:c3:7c:60:4b:f9:7b:54:
ea:b9:cf:d1:99:eb:63:e3:b2:c0:76:73:70:cd:83:
e4:db:06:c0:f2:06:b4:a8:bb:a2:73:30:2d:10:84:
33:14:0a:05:26:ea:bc:02:11:47:84:d9:d9:74:04:
11:e9:a7:10:53:1c:b2:c0:9d:61:de:d3:f7:4d:2d:
f8:1f:46:0d:27:cd:a0:ca:6e:5e:50:e0:ea:53:3d:
d0:ce:b0:91:9b:b0:09:df:24:f2:11:fa:6e:61:84:
07:00:e9:f1:7b:5d:f7:e6:c2:4e:46:da:a8:36:06:
66:18:23:bc:49:8f:9b:57:05:c9:f4:10:26:a2:32:
86:f1:5a:06:a3:0d:83:d1:1f:c0:ef:5b:d8:82:42:
ff:e5:fe:a9:e2:b7:cd:07:23:7b:1a:17:b7:24:79:
cb:67:24:09:68:03:c9:3e:8d:c8:5a:8c:32:f5:9d:
9c:3c:9e:4f:ea:14:4b:58:2e:d1:12:14:9d:04:95:
c9:63:13:d9:d0:af:97:41:a0:21:8e:41:1f:97:59:
39:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:9C:69:32:AB:57:D8:12:36:1E:F9:9C:25:41:F8:F3:18:21:47:C8
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/BpxpMqtX2BI2HvmcJUH48xghR8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.196.0/23
89.46.112.0/23
Signature Algorithm: sha256WithRSAEncryption
85:92:5a:76:04:ac:78:8a:03:75:1b:ba:4d:3f:e1:0a:b2:75:
91:9a:47:e3:8c:f4:b8:23:a7:5d:83:a3:2d:c7:9c:1d:09:75:
4c:39:72:3e:37:64:c4:07:b1:0b:bd:68:a8:29:cf:4f:22:25:
98:1a:44:71:e5:26:32:46:34:31:df:1a:af:af:13:54:d9:5a:
80:16:b3:3a:e1:93:9d:86:57:56:8f:bc:96:ba:bb:0a:84:2e:
0f:5a:23:72:dc:11:9d:74:f4:0a:dd:f0:6b:06:69:10:2d:b1:
90:21:1e:ba:35:dc:8e:61:2d:b8:53:9e:64:05:6a:bc:5e:6d:
8f:7b:8b:42:d3:36:4e:54:8f:13:1d:38:92:fb:45:ab:29:61:
93:8b:89:82:2f:21:93:b6:37:88:33:15:5f:b7:d8:48:45:4d:
35:4a:bd:d2:45:ef:cf:27:7f:ff:21:c2:a9:04:db:8f:ab:0c:
78:84:91:8a:03:87:17:f2:a0:84:60:5e:76:d1:82:63:4f:b0:
6f:2b:6d:7b:fe:b6:63:64:f3:9c:79:6a:5d:1b:42:5d:a8:41:
2a:b2:66:21:ff:40:f2:a2:80:c1:15:6f:ef:2d:73:c7:24:ca:
9f:2e:00:1c:90:7f:32:5b:73:ac:e3:8c:20:91:04:25:cb:3f:
1e:ac:07:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXRu6JXYWitWmOUcahcmA7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMzI2MDkxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjljNjkzMmFiNTdkODEyMzYxZWY5OWMyNTQxZjhmMzE4MjE0N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylqWsnFEF9ervCIiKfrDNAQpigk5
LJhwElWLiE4TQtqD9gbWaTW7qp+nWgumzo1BWBp3K8N8YEv5e1Tquc/Rmetj47LA
dnNwzYPk2wbA8ga0qLuiczAtEIQzFAoFJuq8AhFHhNnZdAQR6acQUxyywJ1h3tP3
TS34H0YNJ82gym5eUODqUz3QzrCRm7AJ3yTyEfpuYYQHAOnxe1335sJORtqoNgZm
GCO8SY+bVwXJ9BAmojKG8VoGow2D0R/A71vYgkL/5f6p4rfNByN7Ghe3JHnLZyQJ
aAPJPo3IWowy9Z2cPJ5P6hRLWC7REhSdBJXJYxPZ0K+XQaAhjkEfl1k5DQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAacaTKrV9gSNh75nCVB+PMYIUfIMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvQnB4cE1xdFgyQkkySHZtY0pVSDQ4eGdoUjhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVczEAwQB
WS5wMA0GCSqGSIb3DQEBCwUAA4IBAQCFklp2BKx4igN1G7pNP+EKsnWRmkfjjPS4
I6ddg6Mtx5wdCXVMOXI+N2TEB7ELvWioKc9PIiWYGkRx5SYyRjQx3xqvrxNU2VqA
FrM64ZOdhldWj7yWursKhC4PWiNy3BGddPQK3fBrBmkQLbGQIR66NdyOYS24U55k
BWq8Xm2Pe4tC0zZOVI8THTiS+0WrKWGTi4mCLyGTtjeIMxVft9hIRU01Sr3SRe/P
J3//IcKpBNuPqwx4hJGKA4cX8qCEYF520YJjT7BvK217/rZjZPOceWpdG0JdqEEq
smYh/0DyooDBFW/vLXPHJMqfLgAckH8yW3Os44wgkQQlyz8erAdj
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:49:38 2025 by rpki-client