Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/AF-KFPYoLrR_wnL0SE_zW6WshRE.roa
File: AF-KFPYoLrR_wnL0SE_zW6WshRE.roa (raw, json)
Hash identifier: z49PjeXPIBQhRQUNgU9fm0U8o2Eum7mravj6VvfHLII=
Subject key identifier: 00:5F:8A:14:F6:28:2E:B4:7F:C2:72:F4:48:4F:F3:5B:A5:AC:85:11
Certificate issuer: /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial: 0195281A8A8CFCDE0A2A253E199F12685714
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/AF-KFPYoLrR_wnL0SE_zW6WshRE.roa
Signing time: Fri 21 Feb 2025 10:43:02 +0000
ROA not before: Fri 21 Feb 2025 10:43:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48894
IP address blocks: 86.54.86.0/24 maxlen: 24
152.89.232.0/23 maxlen: 23
152.89.234.0/24 maxlen: 24
152.89.235.0/24 maxlen: 24
2a09:37c0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:28:1a:8a:8c:fc:de:0a:2a:25:3e:19:9f:12:68:57:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
Validity
Not Before: Feb 21 10:43:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=005f8a14f6282eb47fc272f4484ff35ba5ac8511
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:1c:aa:c0:4f:f3:6c:20:e5:d1:57:94:b1:5e:
38:18:28:07:2b:c6:d8:40:1a:a5:0a:62:e7:9c:77:
bb:94:40:a6:f5:cd:c5:04:fa:45:40:44:62:5c:50:
18:e8:ac:9e:a6:8e:18:1d:82:94:2f:12:33:f4:6c:
ee:f6:c4:e6:b1:b2:b2:1b:13:df:4e:de:6a:37:f7:
12:b6:da:9b:6e:44:91:1e:ec:29:3c:97:2f:ab:55:
08:ba:02:0c:e9:07:a7:d2:c6:6e:f2:28:37:3f:1c:
f8:85:a2:2b:75:fa:c4:7b:94:40:ec:e4:5c:6b:26:
f5:f8:90:19:6d:97:ef:56:ff:f6:eb:82:1c:c9:e6:
d4:31:b9:01:d0:61:85:43:06:e3:a8:f1:f6:db:41:
95:73:92:b4:74:a9:ae:45:a7:95:6a:e6:e4:5b:0d:
7f:f9:1f:a4:37:65:5c:f1:fb:e2:84:ef:2d:88:15:
90:36:b8:89:0c:46:a4:3a:78:b7:a9:43:52:12:04:
b3:20:8d:fb:ea:74:96:0f:39:33:a3:d6:ac:da:d4:
14:95:01:94:72:5a:d2:0a:9d:eb:5c:3f:78:e3:c8:
bd:73:20:b9:57:a7:b2:89:b8:1d:62:51:d7:16:f2:
1c:a5:b1:b9:6b:fe:54:95:9c:18:5a:cd:5f:94:26:
de:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:5F:8A:14:F6:28:2E:B4:7F:C2:72:F4:48:4F:F3:5B:A5:AC:85:11
X509v3 Authority Key Identifier:
keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/AF-KFPYoLrR_wnL0SE_zW6WshRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.54.86.0/24
152.89.232.0/22
IPv6:
2a09:37c0::/29
Signature Algorithm: sha256WithRSAEncryption
9f:99:16:9a:0d:6b:12:8c:3b:55:08:bd:58:1c:ba:ce:f5:26:
a7:cb:80:68:48:13:e8:b5:c1:9a:e6:55:59:e3:85:91:4d:6a:
f0:bb:f1:e2:95:99:fd:a9:13:48:f4:e3:a2:b9:b6:e3:44:e9:
42:be:70:e1:42:dc:e2:d8:74:f8:58:06:a1:6d:6b:f0:33:f8:
a8:1f:49:50:cb:0d:58:b4:94:37:81:4b:f1:80:c3:c0:6e:ab:
7d:1f:f4:d1:b7:30:14:07:90:aa:a4:e3:bb:c3:aa:d7:93:a2:
23:95:32:f0:97:40:57:87:4c:76:70:28:cf:63:5a:6b:52:cd:
39:bf:9a:23:5d:de:70:f6:2b:22:fd:a7:bf:66:21:fe:bd:4a:
92:aa:3e:ee:62:ba:0a:99:56:f9:ca:ee:82:32:df:3c:7d:16:
50:64:bb:ad:7d:a8:c4:fa:38:8a:0a:00:11:46:a2:67:ec:22:
02:c2:38:fd:fc:a6:31:62:80:0c:d1:88:58:2f:0d:03:5c:08:
8f:82:e8:43:9f:ed:c3:b6:fe:91:98:2a:be:58:29:78:b3:2a:
41:7e:e8:4c:3c:67:5a:be:d5:e2:13:65:31:c1:37:08:8a:45:
14:59:d1:4a:81:04:00:e9:ad:c7:07:3a:98:d5:2d:60:ef:35:
16:17:6e:e6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZUoGoqM/N4KKiU+GZ8SaFcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUwMjIxMTA0MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDVmOGExNGY2MjgyZWI0N2ZjMjcyZjQ0ODRmZjM1YmE1YWM4NTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8RyqwE/zbCDl0VeUsV44GCgHK8bY
QBqlCmLnnHe7lECm9c3FBPpFQERiXFAY6Kyepo4YHYKULxIz9Gzu9sTmsbKyGxPf
Tt5qN/cSttqbbkSRHuwpPJcvq1UIugIM6Qen0sZu8ig3Pxz4haIrdfrEe5RA7ORc
ayb1+JAZbZfvVv/264IcyebUMbkB0GGFQwbjqPH220GVc5K0dKmuRaeVaubkWw1/
+R+kN2Vc8fvihO8tiBWQNriJDEakOni3qUNSEgSzII376nSWDzkzo9as2tQUlQGU
clrSCp3rXD9448i9cyC5V6eyibgdYlHXFvIcpbG5a/5UlZwYWs1flCbe+wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFABfihT2KC60f8Jy9EhP81ulrIURMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvQUYtS0ZQWW9MclJfd25MMFNFX3pXNldzaFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAVjZWAwQC
mFnoMA0EAgACMAcDBQMqCTfAMA0GCSqGSIb3DQEBCwUAA4IBAQCfmRaaDWsSjDtV
CL1YHLrO9Sany4BoSBPotcGa5lVZ44WRTWrwu/HilZn9qRNI9OOiubbjROlCvnDh
Qtzi2HT4WAahbWvwM/ioH0lQyw1YtJQ3gUvxgMPAbqt9H/TRtzAUB5CqpOO7w6rX
k6IjlTLwl0BXh0x2cCjPY1prUs05v5ojXd5w9isi/ae/ZiH+vUqSqj7uYroKmVb5
yu6CMt88fRZQZLutfajE+jiKCgARRqJn7CICwjj9/KYxYoAM0YhYLw0DXAiPguhD
n+3Dtv6RmCq+WCl4sypBfuhMPGdavtXiE2UxwTcIikUUWdFKgQQA6a3HBzqY1S1g
7zUWF27m
-----END CERTIFICATE-----
Generated at Tue Apr 8 13:18:23 2025 by rpki-client