Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/9bb40d-ad28-4e51-84b8-5ae53a06eaa7/1/RcN3Kuq3ry-DnLR50I8ZgxWiZps.roa
File: RcN3Kuq3ry-DnLR50I8ZgxWiZps.roa (raw, json)
Hash identifier: 21uJ31ZQvbuNpqex7iYKgjQtgSig9b6f7lgE5wHxtS8=
Subject key identifier: 45:C3:77:2A:EA:B7:AF:2F:83:9C:B4:79:D0:8F:19:83:15:A2:66:9B
Certificate issuer: /CN=f156db2d2874f9e5985c9f18f05fe56e83f09516
Certificate serial: 019425FC8FC548D9410DB9971C6F7D561147
Authority key identifier: F1:56:DB:2D:28:74:F9:E5:98:5C:9F:18:F0:5F:E5:6E:83:F0:95:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8VbbLSh0-eWYXJ8Y8F_lboPwlRY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/9bb40d-ad28-4e51-84b8-5ae53a06eaa7/1/RcN3Kuq3ry-DnLR50I8ZgxWiZps.roa
Signing time: Thu 02 Jan 2025 07:48:16 +0000
ROA not before: Thu 02 Jan 2025 07:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3303
IP address blocks: 91.206.11.0/24 maxlen: 24
2a10:a1c0::/32 maxlen: 32
2a10:a1c0::/48 maxlen: 48
2a10:a1c0:1002::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:8f:c5:48:d9:41:0d:b9:97:1c:6f:7d:56:11:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f156db2d2874f9e5985c9f18f05fe56e83f09516
Validity
Not Before: Jan 2 07:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=45c3772aeab7af2f839cb479d08f198315a2669b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:af:3e:7b:f1:ca:f0:54:61:47:fa:71:81:d4:
8b:3b:8a:b2:d1:5b:61:61:9c:f0:11:9e:7a:74:2c:
bb:28:6c:13:d2:58:cf:7e:66:a6:45:86:f5:8b:bb:
05:33:49:3c:b9:37:fc:ed:23:3c:31:2f:b5:1d:9a:
26:6a:14:af:70:90:0d:bd:b9:3a:f8:2a:fb:65:90:
f4:8b:dd:66:0a:51:97:4d:90:70:b1:98:ab:13:1c:
0a:ad:5c:6c:16:3d:da:d6:d1:b2:82:38:04:39:04:
e4:96:0e:89:65:76:c3:3d:f1:a1:8c:56:29:5d:26:
18:e2:8b:65:d4:4b:49:34:97:ed:35:42:64:f1:9f:
ca:25:03:49:b3:cb:04:72:4f:a3:87:25:61:f8:4b:
a5:09:b5:9b:37:e5:41:07:46:7e:98:5a:56:d5:05:
fb:a8:b1:52:e6:32:3d:95:ba:24:10:f3:21:22:e0:
66:d8:8d:28:17:0f:cc:3b:4a:36:4b:ac:ca:0d:5e:
8a:6a:65:fd:f3:fe:84:07:43:f3:4f:4a:1f:f7:25:
e4:e6:2a:22:b6:31:a7:d2:32:c3:0b:99:ff:b0:17:
6a:a8:98:fa:9b:a0:ef:fc:14:04:98:22:0b:d7:ee:
c2:17:c4:36:3a:ac:6c:87:1b:89:b6:ed:45:b1:6f:
52:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:C3:77:2A:EA:B7:AF:2F:83:9C:B4:79:D0:8F:19:83:15:A2:66:9B
X509v3 Authority Key Identifier:
keyid:F1:56:DB:2D:28:74:F9:E5:98:5C:9F:18:F0:5F:E5:6E:83:F0:95:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8VbbLSh0-eWYXJ8Y8F_lboPwlRY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9bb40d-ad28-4e51-84b8-5ae53a06eaa7/1/RcN3Kuq3ry-DnLR50I8ZgxWiZps.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/9bb40d-ad28-4e51-84b8-5ae53a06eaa7/1/8VbbLSh0-eWYXJ8Y8F_lboPwlRY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.206.11.0/24
IPv6:
2a10:a1c0::/32
Signature Algorithm: sha256WithRSAEncryption
16:88:71:ae:ca:7d:96:3d:95:a5:2e:26:14:2c:73:88:20:cb:
63:51:c8:4f:32:23:b4:7f:a4:0a:77:a9:3e:f1:e0:b6:5c:a3:
bc:ac:87:1e:6a:64:13:84:21:f6:8b:2b:22:d2:f7:d9:c0:fb:
0f:36:b7:19:86:86:d3:5b:85:9e:1d:97:9a:b2:86:cf:12:19:
73:4d:81:13:09:4b:dc:9c:b2:50:bb:2c:19:f2:8e:fd:b0:0d:
81:8c:88:50:cf:05:e5:68:47:a3:d2:ff:24:2c:3f:ca:1c:4e:
f1:9f:17:59:43:49:f8:c1:b6:cb:15:19:f1:6c:ea:29:df:1e:
c1:ab:c1:28:44:3d:15:50:03:cb:1c:e2:bc:d2:6b:be:36:65:
e0:cd:29:1c:c7:c4:63:d2:5c:f5:53:dd:de:18:02:a6:5a:1d:
4c:db:06:33:8b:0f:d7:62:c4:ad:e7:f4:c6:0b:05:1c:6b:ec:
82:55:f5:de:f3:be:d7:cc:fd:fb:be:99:e1:34:70:64:ca:30:
a4:61:bc:d9:0b:f5:00:55:00:d1:48:dc:75:00:1d:0b:28:30:
e0:84:db:37:ef:f3:27:82:89:05:89:2d:80:ee:c6:96:ae:b0:
3f:14:a6:84:bc:fd:74:45:f5:19:f3:08:90:bd:a5:53:7c:d3:
77:76:48:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/I/FSNlBDbmXHG99VhFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNTZkYjJkMjg3NGY5ZTU5ODVjOWYxOGYwNWZlNTZlODNm
MDk1MTYwHhcNMjUwMTAyMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWMzNzcyYWVhYjdhZjJmODM5Y2I0NzlkMDhmMTk4MzE1YTI2NjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra8+e/HK8FRhR/pxgdSLO4qy0Vth
YZzwEZ56dCy7KGwT0ljPfmamRYb1i7sFM0k8uTf87SM8MS+1HZomahSvcJANvbk6
+Cr7ZZD0i91mClGXTZBwsZirExwKrVxsFj3a1tGygjgEOQTklg6JZXbDPfGhjFYp
XSYY4otl1EtJNJftNUJk8Z/KJQNJs8sEck+jhyVh+EulCbWbN+VBB0Z+mFpW1QX7
qLFS5jI9lbokEPMhIuBm2I0oFw/MO0o2S6zKDV6KamX98/6EB0PzT0of9yXk5ioi
tjGn0jLDC5n/sBdqqJj6m6Dv/BQEmCIL1+7CF8Q2OqxshxuJtu1FsW9S0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEXDdyrqt68vg5y0edCPGYMVomabMB8GA1UdIwQY
MBaAFPFW2y0odPnlmFyfGPBf5W6D8JUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFZiYkxTaDAtZVdZWEo4WThGX2xib1B3bFJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85YmI0MGQtYWQyOC00ZTUxLTg0Yjgt
NWFlNTNhMDZlYWE3LzEvUmNOM0t1cTNyeS1EbkxSNTBJOFpneFdpWnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85YmI0MGQtYWQyOC00ZTUxLTg0YjgtNWFlNTNhMDZlYWE3
LzEvOFZiYkxTaDAtZVdZWEo4WThGX2xib1B3bFJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW84LMA0E
AgACMAcDBQAqEKHAMA0GCSqGSIb3DQEBCwUAA4IBAQAWiHGuyn2WPZWlLiYULHOI
IMtjUchPMiO0f6QKd6k+8eC2XKO8rIceamQThCH2iysi0vfZwPsPNrcZhobTW4We
HZeasobPEhlzTYETCUvcnLJQuywZ8o79sA2BjIhQzwXlaEej0v8kLD/KHE7xnxdZ
Q0n4wbbLFRnxbOop3x7Bq8EoRD0VUAPLHOK80mu+NmXgzSkcx8Rj0lz1U93eGAKm
Wh1M2wYziw/XYsSt5/TGCwUca+yCVfXe877XzP37vpnhNHBkyjCkYbzZC/UAVQDR
SNx1AB0LKDDghNs37/MngokFiS2A7saWrrA/FKaEvP10RfUZ8wiQvaVTfNN3dkhS
-----END CERTIFICATE-----
Generated at Sun Apr 6 17:11:10 2025 by rpki-client