Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/yIea70mz68MEWf7MSufqGinRRfw.roa
File: yIea70mz68MEWf7MSufqGinRRfw.roa (raw, json)
Hash identifier: C1KZ935qcqSwGSABodTKIPq8sxOye3X7esfEPyg6lGw=
Subject key identifier: C8:87:9A:EF:49:B3:EB:C3:04:59:FE:CC:4A:E7:EA:1A:29:D1:45:FC
Certificate issuer: /CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
Certificate serial: 01942143C2864704451D991169922433D6A8
Authority key identifier: 66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/yIea70mz68MEWf7MSufqGinRRfw.roa
Signing time: Wed 01 Jan 2025 09:47:56 +0000
ROA not before: Wed 01 Jan 2025 09:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60255
IP address blocks: 185.208.88.0/22 maxlen: 24
2a0b:32c0::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:c2:86:47:04:45:1d:99:11:69:92:24:33:d6:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66634f14586e399cd3802d9c88b1e67d8ddb03a8
Validity
Not Before: Jan 1 09:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c8879aef49b3ebc30459fecc4ae7ea1a29d145fc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:5f:6e:95:92:2b:19:7c:25:49:71:1e:37:4b:
ab:49:92:d0:11:03:af:93:f8:e2:1b:cc:52:6c:21:
3f:59:ce:c8:da:d9:ba:87:d6:61:44:db:e6:78:67:
2f:a4:83:83:66:52:fc:73:3a:0b:e8:12:d7:99:29:
c9:46:8d:26:b4:8f:69:b8:a6:32:7a:da:e9:46:38:
20:b4:90:e7:90:3d:2d:7d:90:a4:9c:46:0c:e1:90:
8a:21:53:b5:28:f4:0e:ba:ae:a4:82:8b:da:e4:77:
e4:bc:3e:e2:1d:1b:ee:91:ea:c5:a9:6a:5d:36:a3:
91:93:6b:f3:f5:bb:29:43:35:a4:99:e9:93:a8:c8:
20:1f:bb:8d:71:83:fa:1d:37:4d:2b:a6:aa:17:f5:
6e:bf:d3:6e:7a:aa:68:c0:1d:e1:8f:d2:bb:5a:ee:
ac:82:8f:7f:b1:51:af:5e:1a:39:77:51:ec:d1:ec:
18:75:3a:28:83:e1:8c:d8:8a:b6:eb:bd:e4:56:ad:
7e:7a:d7:d4:6a:d1:06:08:99:ba:65:d3:09:99:cb:
63:11:e8:fc:d6:45:4c:dd:ef:1d:64:cd:93:82:93:
e8:0a:fa:d3:cb:9c:f0:07:10:b8:89:0f:a0:fa:08:
48:ee:5f:aa:a3:28:04:23:87:ae:f7:d0:1c:29:c9:
27:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:87:9A:EF:49:B3:EB:C3:04:59:FE:CC:4A:E7:EA:1A:29:D1:45:FC
X509v3 Authority Key Identifier:
keyid:66:63:4F:14:58:6E:39:9C:D3:80:2D:9C:88:B1:E6:7D:8D:DB:03:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/yIea70mz68MEWf7MSufqGinRRfw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2c2d33-a367-449b-9c47-171db4690c0a/1/ZmNPFFhuOZzTgC2ciLHmfY3bA6g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.208.88.0/22
IPv6:
2a0b:32c0::/29
Signature Algorithm: sha256WithRSAEncryption
6b:38:c5:a0:08:fb:5e:35:88:88:bf:d4:a6:1d:51:99:2c:1a:
7e:5f:c0:5a:b9:5e:f5:58:26:26:9b:d7:e4:6d:47:be:62:c4:
c4:53:82:7b:ca:36:56:93:26:f6:9b:23:9f:04:68:3f:e7:03:
47:34:b2:b5:c5:72:19:91:24:ba:d7:db:51:7c:2c:a8:c7:4e:
3a:e9:48:d0:e8:f8:73:a0:3d:77:8e:5f:bc:50:c1:f2:5c:bd:
67:76:d8:ee:a5:07:bc:29:3b:c5:55:af:76:15:1a:e9:ae:53:
6d:ab:66:1e:40:da:ad:1c:c2:58:c5:ea:ae:57:30:80:93:24:
a0:6f:41:47:65:16:a9:99:1a:ad:10:58:6d:9c:fa:8e:e0:56:
ad:84:53:f0:63:56:cb:05:8f:e1:f7:e6:ae:40:97:81:65:f2:
37:dc:f6:55:d4:48:70:0c:38:54:d6:3e:33:13:65:b6:a6:a0:
e3:85:c0:a1:81:52:00:c5:80:67:aa:2c:72:4a:55:95:da:b5:
55:93:0b:0c:69:47:65:85:de:f5:b9:9e:b8:94:44:7d:62:5d:
1a:5d:c9:d0:09:50:ca:ba:21:d4:45:32:1b:e2:03:ef:97:6b:
26:bf:94:db:1a:58:ff:bf:6b:e9:02:23:0a:eb:0d:9f:ca:f2:
ba:a3:6f:85
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ8KGRwRFHZkRaZIkM9aoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjM0ZjE0NTg2ZTM5OWNkMzgwMmQ5Yzg4YjFlNjdkOGRk
YjAzYTgwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODg3OWFlZjQ5YjNlYmMzMDQ1OWZlY2M0YWU3ZWExYTI5ZDE0NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw19ulZIrGXwlSXEeN0urSZLQEQOv
k/jiG8xSbCE/Wc7I2tm6h9ZhRNvmeGcvpIODZlL8czoL6BLXmSnJRo0mtI9puKYy
etrpRjggtJDnkD0tfZCknEYM4ZCKIVO1KPQOuq6kgova5HfkvD7iHRvukerFqWpd
NqORk2vz9bspQzWkmemTqMggH7uNcYP6HTdNK6aqF/Vuv9NueqpowB3hj9K7Wu6s
go9/sVGvXho5d1Hs0ewYdToog+GM2Iq2673kVq1+etfUatEGCJm6ZdMJmctjEej8
1kVM3e8dZM2TgpPoCvrTy5zwBxC4iQ+g+ghI7l+qoygEI4eu99AcKckn/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMiHmu9Js+vDBFn+zErn6hop0UX8MB8GA1UdIwQY
MBaAFGZjTxRYbjmc04AtnIix5n2N2wOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDct
MTcxZGI0NjkwYzBhLzEveUllYTcwbXo2OE1FV2Y3TVN1ZnFHaW5SUmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYzJkMzMtYTM2Ny00NDliLTljNDctMTcxZGI0NjkwYzBh
LzEvWm1OUEZGaHVPWnpUZ0MyY2lMSG1mWTNiQTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudBYMA0E
AgACMAcDBQMqCzLAMA0GCSqGSIb3DQEBCwUAA4IBAQBrOMWgCPteNYiIv9SmHVGZ
LBp+X8BauV71WCYmm9fkbUe+YsTEU4J7yjZWkyb2myOfBGg/5wNHNLK1xXIZkSS6
19tRfCyox0466UjQ6PhzoD13jl+8UMHyXL1ndtjupQe8KTvFVa92FRrprlNtq2Ye
QNqtHMJYxequVzCAkySgb0FHZRapmRqtEFhtnPqO4FathFPwY1bLBY/h9+auQJeB
ZfI33PZV1EhwDDhU1j4zE2W2pqDjhcChgVIAxYBnqixySlWV2rVVkwsMaUdlhd71
uZ64lER9Yl0aXcnQCVDKuiHURTIb4gPvl2smv5TbGlj/v2vpAiMK6w2fyvK6o2+F
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:40:04 2025 by rpki-client