Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/EFk1lNXwEBcRAFhoClA443_i5HA.roa
File: EFk1lNXwEBcRAFhoClA443_i5HA.roa (raw, json)
Hash identifier: xLW6nYf20kTwvvd9EPpkcVtHN4fslrZstANOcysv2Fs=
Subject key identifier: 10:59:35:94:D5:F0:10:17:11:00:58:68:0A:50:38:E3:7F:E2:E4:70
Certificate issuer: /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial: 01942827977949386C334B8C8FC0A1BDDB7C
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/EFk1lNXwEBcRAFhoClA443_i5HA.roa
Signing time: Thu 02 Jan 2025 17:54:30 +0000
ROA not before: Thu 02 Jan 2025 17:54:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39650
IP address blocks: 185.161.36.0/22 maxlen: 24
185.164.74.0/24 maxlen: 24
185.164.75.0/24 maxlen: 24
185.229.28.0/24 maxlen: 24
185.229.29.0/24 maxlen: 24
185.229.30.0/24 maxlen: 24
185.229.31.0/24 maxlen: 24
2a06:5a40::/29 maxlen: 29
2a0a:d400::/29 maxlen: 29
2a0d:6600::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:27:97:79:49:38:6c:33:4b:8c:8f:c0:a1:bd:db:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Validity
Not Before: Jan 2 17:54:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=10593594d5f01017110058680a5038e37fe2e470
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:49:92:58:38:49:a7:71:4d:cd:32:9d:be:a7:
de:8b:a0:14:17:a7:7a:be:9c:6e:9b:4b:a4:cb:04:
ab:0d:51:34:25:12:ca:32:39:77:d9:8e:54:d6:16:
ce:b5:2b:5f:af:ac:40:7a:96:48:65:a2:68:e9:0e:
79:fd:16:18:b3:9e:6f:d8:ae:7c:30:04:00:6d:47:
e2:dc:75:a7:84:ff:0c:2f:21:46:81:ab:8c:2a:c1:
90:c2:d0:2d:52:d0:e4:9c:45:ab:6b:b4:a9:ec:7f:
b1:4f:4f:a4:5c:88:dc:33:8a:14:17:77:4e:ca:5b:
b3:d7:49:d9:06:0d:a2:6a:f9:c4:b3:77:54:57:95:
07:95:a0:7f:2a:05:ba:2b:64:5a:8a:a0:19:2b:8f:
d4:77:87:69:c6:e9:7f:37:7d:4b:ad:37:8c:a9:01:
7b:2c:17:ab:88:7b:df:f2:33:5c:ef:a5:0c:3f:54:
81:23:13:44:49:a0:00:70:8f:fc:db:08:40:4c:a8:
2e:78:2a:6e:f7:ce:c8:59:97:61:8e:6d:02:5c:f7:
22:29:9f:6e:da:6b:4a:e8:cd:5e:46:07:0b:35:4b:
f7:c3:1e:7b:b7:0f:61:b9:13:f3:b9:20:be:85:8f:
5b:53:ce:a5:6b:aa:c4:d9:b8:60:b6:ae:d1:14:a1:
4e:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:59:35:94:D5:F0:10:17:11:00:58:68:0A:50:38:E3:7F:E2:E4:70
X509v3 Authority Key Identifier:
keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/EFk1lNXwEBcRAFhoClA443_i5HA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.36.0/22
185.164.74.0/23
185.229.28.0/22
IPv6:
2a06:5a40::/29
2a0a:d400::/29
2a0d:6600::/29
Signature Algorithm: sha256WithRSAEncryption
a3:a9:d4:17:49:76:b6:a8:75:8a:d4:ea:48:cf:87:65:71:91:
32:8d:bb:c9:0f:0f:94:fa:a5:d9:6d:61:17:2a:61:86:6e:eb:
a1:ef:9d:93:d9:c4:fc:72:9c:3b:96:5f:33:e2:a4:38:21:42:
bf:ab:fd:5d:45:22:60:a6:21:73:2d:de:1a:a3:c1:4a:fe:c5:
c9:c0:19:d6:96:ec:72:e7:67:8f:1d:05:6a:0c:b2:9c:69:d9:
bd:7b:42:02:b6:e1:57:e4:9c:d2:e5:d1:4c:b6:34:0d:9e:17:
6d:2a:6e:f6:d8:fe:18:8e:6b:84:de:b6:ce:d4:71:09:4f:d1:
67:dd:53:d0:15:58:0e:1d:fa:76:41:90:26:7d:c4:96:fc:86:
56:4f:81:53:b3:c8:61:ca:d2:e6:aa:10:b4:22:ca:95:36:26:
04:88:52:11:32:95:52:80:b3:2c:ba:3e:8a:a4:7f:61:e6:72:
08:ae:53:71:cf:bb:ad:83:80:13:77:bc:ae:29:be:6e:c5:de:
17:de:ba:8a:68:ba:82:d4:7b:df:2a:52:33:00:d2:cc:d5:9c:
d4:e2:55:ed:7b:f3:63:a0:0f:3d:7b:19:f6:66:7f:34:cd:d8:
33:be:ed:d3:25:51:18:3f:4a:29:8c:d9:1b:f5:9a:99:33:a8:
b7:83:bc:7a
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAZQoJ5d5SThsM0uMj8Chvdt8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTM4MWI2ZTc2Y2I5NTIwZThkOGY1Njc3NmVjYTBmZTE3
NmNjNDAwHhcNMjUwMTAyMTc1NDMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDU5MzU5NGQ1ZjAxMDE3MTEwMDU4NjgwYTUwMzhlMzdmZTJlNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEmSWDhJp3FNzTKdvqfei6AUF6d6
vpxum0ukywSrDVE0JRLKMjl32Y5U1hbOtStfr6xAepZIZaJo6Q55/RYYs55v2K58
MAQAbUfi3HWnhP8MLyFGgauMKsGQwtAtUtDknEWra7Sp7H+xT0+kXIjcM4oUF3dO
yluz10nZBg2iavnEs3dUV5UHlaB/KgW6K2RaiqAZK4/Ud4dpxul/N31LrTeMqQF7
LBeriHvf8jNc76UMP1SBIxNESaAAcI/82whATKgueCpu987IWZdhjm0CXPciKZ9u
2mtK6M1eRgcLNUv3wx57tw9huRPzuSC+hY9bU86la6rE2bhgtq7RFKFOiwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFBBZNZTV8BAXEQBYaApQOON/4uRwMB8GA1UdIwQY
MBaAFKDjgbbnbLlSDo2PVnduyg/hdsxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEt
YTljMzg0MTI4ZDQyLzEvRUZrMWxOWHdFQmNSQUZob0NsQTQ0M19pNUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEtYTljMzg0MTI4ZDQy
LzEvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQCuaEkAwQB
uaRKAwQCueUcMBsEAgACMBUDBQMqBlpAAwUDKgrUAAMFAyoNZgAwDQYJKoZIhvcN
AQELBQADggEBAKOp1BdJdraodYrU6kjPh2VxkTKNu8kPD5T6pdltYRcqYYZu66Hv
nZPZxPxynDuWXzPipDghQr+r/V1FImCmIXMt3hqjwUr+xcnAGdaW7HLnZ48dBWoM
spxp2b17QgK24VfknNLl0Uy2NA2eF20qbvbY/hiOa4Tets7UcQlP0WfdU9AVWA4d
+nZBkCZ9xJb8hlZPgVOzyGHK0uaqELQiypU2JgSIUhEylVKAsyy6Poqkf2Hmcgiu
U3HPu62DgBN3vK4pvm7F3hfeuopouoLUe98qUjMA0szVnNTiVe1782OgDz17GfZm
fzTN2DO+7dMlURg/SimM2Rv1mpkzqLeDvHo=
-----END CERTIFICATE-----
Generated at Tue Apr 8 12:22:58 2025 by rpki-client