Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/8YGP0hkU08CaSTjLusnYfNoY0P4.roa
File: 8YGP0hkU08CaSTjLusnYfNoY0P4.roa (raw, json)
Hash identifier: jWZuJOzMx9s5Np/gPv2mn1+ybL0gZ2yjh5jQEUREZ9U=
Subject key identifier: F1:81:8F:D2:19:14:D3:C0:9A:49:38:CB:BA:C9:D8:7C:DA:18:D0:FE
Certificate issuer: /CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Certificate serial: 0194266BA9C3AFAD9B50154FD4952853AA3D
Authority key identifier: F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/8YGP0hkU08CaSTjLusnYfNoY0P4.roa
Signing time: Thu 02 Jan 2025 09:49:37 +0000
ROA not before: Thu 02 Jan 2025 09:49:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29670
IP address blocks: 185.177.204.0/22 maxlen: 24
192.109.21.0/24 maxlen: 24
192.109.42.0/24 maxlen: 24
192.109.82.0/24 maxlen: 24
193.29.188.0/24 maxlen: 24
217.197.80.0/20 maxlen: 24
2001:67c:1400::/45 maxlen: 48
2a0a:4580::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:a9:c3:af:ad:9b:50:15:4f:d4:95:28:53:aa:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8a966664ec96edbd12e8e82e940bfb9faec105e
Validity
Not Before: Jan 2 09:49:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f1818fd21914d3c09a4938cbbac9d87cda18d0fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:56:d1:cb:64:76:b4:88:81:88:9d:c8:2b:ec:
90:2e:6f:dc:8a:25:b3:8f:93:3f:77:af:42:2a:49:
2d:10:b0:b1:ee:26:c9:52:af:a6:0f:52:05:4d:06:
48:20:7f:05:f3:d0:f4:b0:13:6a:1a:ca:e1:32:d9:
4b:82:f2:99:8c:fb:4b:eb:e2:7f:9a:f5:33:c4:7a:
3b:40:c9:7d:e9:7a:80:b3:07:e3:39:bb:24:de:24:
4d:ee:36:a8:c9:62:d7:24:0a:c9:27:79:34:8d:18:
19:65:71:48:b7:72:66:b0:16:74:93:a2:7d:9a:ba:
dd:82:5b:b3:db:37:56:de:7b:86:d0:59:31:55:0c:
2a:3f:34:7b:29:ca:08:87:4d:c8:af:73:60:58:1f:
3d:0b:fa:2a:84:eb:ff:9f:f5:a7:38:36:3c:a5:b5:
46:19:0b:c1:34:94:c2:95:02:99:58:c0:b1:5a:b0:
59:59:19:ee:ff:c0:a1:c6:90:03:df:23:a8:c8:9f:
3f:66:5d:04:5d:de:62:62:db:cc:b6:60:c4:60:ba:
21:1a:41:06:aa:6d:b1:d4:be:ff:f2:8c:06:d6:11:
00:45:2a:13:96:21:98:9c:ba:a9:cc:ff:a3:37:84:
c8:ea:df:46:2e:4b:45:02:fc:6b:fb:bc:e7:c2:b5:
fe:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:81:8F:D2:19:14:D3:C0:9A:49:38:CB:BA:C9:D8:7C:DA:18:D0:FE
X509v3 Authority Key Identifier:
keyid:F8:A9:66:66:4E:C9:6E:DB:D1:2E:8E:82:E9:40:BF:B9:FA:EC:10:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/8YGP0hkU08CaSTjLusnYfNoY0P4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/64ab99-49aa-4aae-8dd5-382355fc2ff1/1/1-KlmZk7JbtvRLo6C6UC_ufrsEF4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.177.204.0/22
192.109.21.0/24
192.109.42.0/24
192.109.82.0/24
193.29.188.0/24
217.197.80.0/20
IPv6:
2001:67c:1400::/45
2a0a:4580::/29
Signature Algorithm: sha256WithRSAEncryption
49:2d:e6:e9:cb:c6:94:0f:3d:41:27:cb:18:93:44:79:1a:81:
3b:85:94:24:e8:d4:36:50:d6:ad:cd:86:80:22:b0:60:a3:16:
6d:75:8a:66:76:b2:e2:25:66:10:ee:dd:7d:79:a2:65:45:f2:
7c:2a:d1:0a:72:86:a3:64:37:7e:2a:16:5d:c2:e4:01:35:cd:
a2:b1:59:d1:44:e2:fd:28:37:79:6e:56:f3:c9:43:28:dc:33:
e1:53:cc:8c:2c:e4:60:88:f7:2a:95:aa:1a:93:74:26:f4:b8:
3d:0f:1f:f0:db:03:91:ee:3d:e7:48:d3:0e:0e:0a:0e:6e:f4:
8a:fe:bf:31:76:15:a7:5b:c8:88:d6:02:02:08:75:11:66:08:
cb:7d:b7:45:ae:66:b5:ec:20:ca:54:46:d2:d6:4a:69:16:cc:
b2:f7:f2:73:b3:aa:4c:41:b7:5b:04:5a:b1:64:39:5b:b2:30:
e8:e9:5b:e1:ce:23:da:1e:37:3e:8a:98:bf:df:91:0d:cb:87:
d5:44:78:54:c2:6c:b7:a6:76:0a:84:5d:7a:48:1b:ac:22:47:
f8:98:96:45:d9:c2:12:17:b8:eb:31:02:d6:1a:3c:96:05:09:
53:2a:51:18:c3:0e:93:88:af:cd:69:e1:f5:12:2e:43:f0:18:
f5:32:08:4a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQma6nDr62bUBVP1JUoU6o9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YTk2NjY2NGVjOTZlZGJkMTJlOGU4MmU5NDBiZmI5ZmFl
YzEwNWUwHhcNMjUwMTAyMDk0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTgxOGZkMjE5MTRkM2MwOWE0OTM4Y2JiYWM5ZDg3Y2RhMThkMGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFbRy2R2tIiBiJ3IK+yQLm/ciiWz
j5M/d69CKkktELCx7ibJUq+mD1IFTQZIIH8F89D0sBNqGsrhMtlLgvKZjPtL6+J/
mvUzxHo7QMl96XqAswfjObsk3iRN7jaoyWLXJArJJ3k0jRgZZXFIt3JmsBZ0k6J9
mrrdgluz2zdW3nuG0FkxVQwqPzR7KcoIh03Ir3NgWB89C/oqhOv/n/WnODY8pbVG
GQvBNJTClQKZWMCxWrBZWRnu/8ChxpAD3yOoyJ8/Zl0EXd5iYtvMtmDEYLohGkEG
qm2x1L7/8owG1hEARSoTliGYnLqpzP+jN4TI6t9GLktFAvxr+7znwrX+LwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFPGBj9IZFNPAmkk4y7rJ2HzaGND+MB8GA1UdIwQY
MBaAFPipZmZOyW7b0S6OgulAv7n67BBeMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LbG1aazdKYnR2UkxvNkM2VUNfdWZyc0VGNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1
LTM4MjM1NWZjMmZmMS8xLzhZR1AwaGtVMDhDYVNUakx1c25ZZk5vWTBQNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvNjRhYjk5LTQ5YWEtNGFhZS04ZGQ1LTM4MjM1NWZjMmZm
MS8xLzEtS2xtWms3SmJ0dlJMbzZDNlVDX3VmcnNFRjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwVQYIKwYBBQUHAQcBAf8ERjBEMCoEAgABMCQDBAK5scwD
BADAbRUDBADAbSoDBADAbVIDBADBHbwDBATZxVAwFgQCAAIwEAMHAyABBnwUAAMF
AyoKRYAwDQYJKoZIhvcNAQELBQADggEBAEkt5unLxpQPPUEnyxiTRHkagTuFlCTo
1DZQ1q3NhoAisGCjFm11imZ2suIlZhDu3X15omVF8nwq0QpyhqNkN34qFl3C5AE1
zaKxWdFE4v0oN3luVvPJQyjcM+FTzIws5GCI9yqVqhqTdCb0uD0PH/DbA5HuPedI
0w4OCg5u9Ir+vzF2FadbyIjWAgIIdRFmCMt9t0WuZrXsIMpURtLWSmkWzLL38nOz
qkxBt1sEWrFkOVuyMOjpW+HOI9oeNz6KmL/fkQ3Lh9VEeFTCbLemdgqEXXpIG6wi
R/iYlkXZwhIXuOsxAtYaPJYFCVMqURjDDpOIr81p4fUSLkPwGPUyCEo=
-----END CERTIFICATE-----
Generated at Wed Apr 9 13:33:25 2025 by rpki-client