Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/oyXaOgxI1N0gL-mT4wAa6DfHmfQ.roa
File: oyXaOgxI1N0gL-mT4wAa6DfHmfQ.roa (raw, json)
Hash identifier: 8sggfPG1wysa3rNvbgw+mJfeUSqlumTtEBYr1asLE8I=
Subject key identifier: A3:25:DA:3A:0C:48:D4:DD:20:2F:E9:93:E3:00:1A:E8:37:C7:99:F4
Certificate issuer: /CN=1f688f9857d9e440c1058dc8959e49f8b3183f61
Certificate serial: 0194228E32C72E7964304CA576B29DE04FC7
Authority key identifier: 1F:68:8F:98:57:D9:E4:40:C1:05:8D:C8:95:9E:49:F8:B3:18:3F:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/oyXaOgxI1N0gL-mT4wAa6DfHmfQ.roa
Signing time: Wed 01 Jan 2025 15:48:51 +0000
ROA not before: Wed 01 Jan 2025 15:48:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205581
IP address blocks: 85.209.240.0/24 maxlen: 24
85.209.241.0/24 maxlen: 24
85.209.242.0/24 maxlen: 24
85.209.243.0/24 maxlen: 24
2a0e:b780::/32 maxlen: 32
2a0e:b781::/32 maxlen: 32
2a0e:b782::/32 maxlen: 32
2a0e:b783::/32 maxlen: 32
2a0e:b784::/32 maxlen: 32
2a0e:b785::/32 maxlen: 32
2a0e:b786::/32 maxlen: 32
2a0e:b787::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:32:c7:2e:79:64:30:4c:a5:76:b2:9d:e0:4f:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f688f9857d9e440c1058dc8959e49f8b3183f61
Validity
Not Before: Jan 1 15:48:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a325da3a0c48d4dd202fe993e3001ae837c799f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:4d:ad:e3:f3:96:1d:d2:09:5a:7c:f1:ff:99:
32:02:7e:84:a0:16:a3:f2:2c:4e:88:94:06:05:e9:
23:b9:6c:00:dc:6e:dc:3e:73:53:61:23:20:7c:50:
d5:72:59:3d:b3:bf:c8:f6:39:80:d3:20:2d:3f:8f:
fb:79:1c:bd:75:d5:c4:54:e2:c2:d4:67:4f:40:dc:
23:8c:66:fe:fa:9e:af:9a:7e:35:64:04:ad:ee:34:
a8:39:c1:89:28:4a:42:8b:5b:4e:ea:8f:e4:49:7c:
f5:5e:bb:9c:29:67:56:51:97:9a:56:60:be:d7:e6:
09:57:4d:6c:6d:fc:2d:1a:03:b6:bb:f2:1f:9a:fd:
60:60:60:98:c4:5a:81:f3:d9:e2:2e:d3:33:fe:ef:
e4:44:d6:f2:de:73:80:e2:b0:19:8a:40:91:ea:97:
14:b4:31:ab:bd:76:cb:88:7f:79:2a:02:17:59:d7:
da:e9:97:cb:9f:47:cf:0c:ad:f3:75:9c:85:49:e8:
9b:70:8a:35:ed:ff:1d:c8:fb:8a:a3:41:bf:8a:c3:
cf:c0:14:9f:fb:39:9d:c1:a8:a3:14:63:85:36:78:
e6:5c:2c:64:90:d3:3c:20:36:b4:69:0f:33:fc:7d:
93:11:5f:05:b3:eb:63:a4:1c:f1:1e:75:75:f4:41:
84:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:25:DA:3A:0C:48:D4:DD:20:2F:E9:93:E3:00:1A:E8:37:C7:99:F4
X509v3 Authority Key Identifier:
keyid:1F:68:8F:98:57:D9:E4:40:C1:05:8D:C8:95:9E:49:F8:B3:18:3F:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/oyXaOgxI1N0gL-mT4wAa6DfHmfQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/057780-52e8-4777-8a25-021c2e0735b1/1/H2iPmFfZ5EDBBY3IlZ5J-LMYP2E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.209.240.0/22
IPv6:
2a0e:b780::/29
Signature Algorithm: sha256WithRSAEncryption
95:af:df:ff:66:ee:08:14:8c:23:89:24:4c:85:2b:16:ad:de:
70:ed:4b:b5:b1:cc:f5:e2:42:20:c4:ee:d9:45:34:6a:2e:fd:
98:5e:81:ce:f2:2b:ca:4f:38:4c:6b:0b:8b:87:89:bf:a4:21:
aa:b8:14:b2:41:c1:33:12:11:2a:0d:68:ab:6e:23:83:82:74:
2d:8c:d1:2e:38:00:61:14:d5:9d:ab:0f:76:a1:d7:66:8f:b2:
23:ff:2e:f7:79:6f:4b:ba:c4:1a:4d:3a:fe:c9:57:66:51:d7:
c8:b2:9f:bd:84:df:b1:30:e0:33:18:6d:e2:9d:83:16:87:eb:
f8:68:55:82:e0:94:ab:36:42:1d:07:d7:9f:21:ee:aa:7f:36:
4d:98:77:ac:89:08:be:1b:c3:d7:19:f4:fe:5a:f3:af:4e:b0:
d7:97:61:fc:0e:15:8a:d0:eb:a1:d9:66:91:a4:82:6e:34:90:
60:8c:52:57:93:f9:dd:ec:2a:35:21:82:56:cf:51:2f:15:70:
7e:2f:f8:30:09:02:5a:25:2b:9d:b3:e6:41:07:4c:31:cc:ef:
f5:c9:08:81:a5:3f:a1:7e:07:24:3c:e2:88:3c:fe:24:6d:a7:
a0:88:9e:f1:9b:c5:72:76:65:a0:99:b2:bd:a6:7b:4f:f1:12:
87:04:c5:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijjLHLnlkMEyldrKd4E/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjg4Zjk4NTdkOWU0NDBjMTA1OGRjODk1OWU0OWY4YjMx
ODNmNjEwHhcNMjUwMTAxMTU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzI1ZGEzYTBjNDhkNGRkMjAyZmU5OTNlMzAwMWFlODM3Yzc5OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvU2t4/OWHdIJWnzx/5kyAn6EoBaj
8ixOiJQGBekjuWwA3G7cPnNTYSMgfFDVclk9s7/I9jmA0yAtP4/7eRy9ddXEVOLC
1GdPQNwjjGb++p6vmn41ZASt7jSoOcGJKEpCi1tO6o/kSXz1XrucKWdWUZeaVmC+
1+YJV01sbfwtGgO2u/Ifmv1gYGCYxFqB89niLtMz/u/kRNby3nOA4rAZikCR6pcU
tDGrvXbLiH95KgIXWdfa6ZfLn0fPDK3zdZyFSeibcIo17f8dyPuKo0G/isPPwBSf
+zmdwaijFGOFNnjmXCxkkNM8IDa0aQ8z/H2TEV8Fs+tjpBzxHnV19EGEZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKMl2joMSNTdIC/pk+MAGug3x5n0MB8GA1UdIwQY
MBaAFB9oj5hX2eRAwQWNyJWeSfizGD9hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJpUG1GZlo1RURCQlkzSWxaNUotTE1ZUDJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8wNTc3ODAtNTJlOC00Nzc3LThhMjUt
MDIxYzJlMDczNWIxLzEvb3lYYU9neEkxTjBnTC1tVDR3QWE2RGZIbWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8wNTc3ODAtNTJlOC00Nzc3LThhMjUtMDIxYzJlMDczNWIx
LzEvSDJpUG1GZlo1RURCQlkzSWxaNUotTE1ZUDJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdHwMA0E
AgACMAcDBQMqDreAMA0GCSqGSIb3DQEBCwUAA4IBAQCVr9//Zu4IFIwjiSRMhSsW
rd5w7Uu1scz14kIgxO7ZRTRqLv2YXoHO8ivKTzhMawuLh4m/pCGquBSyQcEzEhEq
DWirbiODgnQtjNEuOABhFNWdqw92oddmj7Ij/y73eW9LusQaTTr+yVdmUdfIsp+9
hN+xMOAzGG3inYMWh+v4aFWC4JSrNkIdB9efIe6qfzZNmHesiQi+G8PXGfT+WvOv
TrDXl2H8DhWK0Ouh2WaRpIJuNJBgjFJXk/nd7Co1IYJWz1EvFXB+L/gwCQJaJSud
s+ZBB0wxzO/1yQiBpT+hfgckPOKIPP4kbaegiJ7xm8VydmWgmbK9pntP8RKHBMXu
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:55:06 2025 by rpki-client