Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/DQOkuUrc6Z5AruhjP4gq6QurkWg.roa
File: DQOkuUrc6Z5AruhjP4gq6QurkWg.roa (raw, json)
Hash identifier: JWoK+ZJnamyKWC7DrCjQEyQfY/RdDcsJ+CDLHSvBFLI=
Subject key identifier: 0D:03:A4:B9:4A:DC:E9:9E:40:AE:E8:63:3F:88:2A:E9:0B:AB:91:68
Certificate issuer: /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial: 0194228D2691D3B165FC2843FF1FE6CAB97B
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/DQOkuUrc6Z5AruhjP4gq6QurkWg.roa
Signing time: Wed 01 Jan 2025 15:47:43 +0000
ROA not before: Wed 01 Jan 2025 15:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 85.116.196.0/22 maxlen: 22
85.116.220.0/22 maxlen: 22
89.238.117.0/24 maxlen: 24
89.238.118.0/24 maxlen: 24
89.238.119.0/24 maxlen: 24
89.238.124.0/24 maxlen: 24
89.238.125.0/24 maxlen: 24
89.238.126.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:26:91:d3:b1:65:fc:28:43:ff:1f:e6:ca:b9:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Validity
Not Before: Jan 1 15:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0d03a4b94adce99e40aee8633f882ae90bab9168
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:84:70:2d:c9:7c:4f:b6:ec:96:d5:88:67:d9:
71:58:5c:51:e5:97:7f:80:7e:d9:93:d4:02:04:32:
ef:cf:15:b7:b6:ff:43:4b:4a:b7:23:01:7b:b8:d1:
9a:1b:b1:3a:27:9f:71:98:d6:1e:60:73:9d:d5:e1:
1b:e5:19:3d:50:98:ce:43:fd:b5:41:8c:ed:c6:85:
44:59:92:24:88:ad:98:ab:d3:d6:fb:b2:2e:22:12:
3c:83:72:27:b6:b4:27:46:de:16:91:35:73:44:83:
d6:bd:b9:8f:b5:c2:59:7b:6e:ba:9e:a9:05:3e:ee:
06:dd:2e:85:f8:2f:9e:e7:bc:df:25:2d:14:48:55:
c2:cd:67:db:44:2b:61:50:31:5d:41:c2:4a:fd:3c:
bb:4c:87:c9:b3:21:67:08:87:89:b0:55:46:58:6b:
71:fd:52:ca:cb:ec:83:d2:5c:f9:73:c3:5c:a8:4e:
a2:46:8f:5d:d4:31:95:e0:ea:2b:2f:41:b3:51:52:
c2:72:c5:71:bc:87:e4:36:bb:8e:c3:d9:c0:27:6b:
f7:59:79:cf:8f:d5:c0:8a:6b:d1:df:a6:88:c8:98:
f4:a5:fb:ec:9f:ed:b8:6d:7a:b6:29:93:c6:dd:0e:
5d:75:30:6f:ee:65:54:8d:1f:17:bb:64:f2:86:b6:
c5:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:03:A4:B9:4A:DC:E9:9E:40:AE:E8:63:3F:88:2A:E9:0B:AB:91:68
X509v3 Authority Key Identifier:
keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/DQOkuUrc6Z5AruhjP4gq6QurkWg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.196.0/22
85.116.220.0/22
89.238.117.0-89.238.119.255
89.238.124.0-89.238.126.255
Signature Algorithm: sha256WithRSAEncryption
22:a4:43:7c:87:34:b0:7f:d3:4e:90:05:b8:d1:56:4c:37:13:
5a:7e:2c:28:c4:b0:00:1b:ea:ab:67:99:1b:1a:c9:8c:ff:22:
0f:7e:25:11:93:a8:d4:57:2a:ce:5a:1f:1d:7d:81:1b:74:cd:
5d:63:6d:2c:d9:1a:50:a6:5b:1a:c4:a1:7c:d9:61:36:f4:2a:
4a:14:e5:8f:f9:78:b0:dc:58:ad:c7:f0:64:da:d4:25:59:66:
42:f1:6e:1c:f3:7b:d9:f7:99:bc:2f:dd:1b:42:dd:16:16:79:
6e:b8:37:cb:bf:24:97:14:1d:ed:87:2a:2e:d1:11:c9:2d:b3:
60:45:1e:d2:23:5a:96:da:85:ca:c7:f8:e3:8b:21:26:33:7b:
99:cd:d4:6d:9f:eb:c9:58:f0:3f:ba:4e:d4:19:1a:f7:af:b0:
cb:2e:6c:9e:0e:37:d0:1f:85:a1:23:6e:60:50:0f:13:45:51:
50:b9:44:e5:77:94:5b:92:86:94:4c:b0:5a:55:ba:96:4f:50:
a3:6c:a0:48:65:31:05:cf:c1:d9:82:1e:b7:d3:e7:94:54:1d:
07:be:2d:f1:78:97:b2:7b:72:41:72:63:53:41:aa:a0:0b:53:
ce:90:34:6c:4e:1a:29:03:f6:1c:64:d8:22:27:bf:98:58:0d:
59:fb:3a:60
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQijSaR07Fl/ChD/x/myrl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjUwMTAxMTU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDAzYTRiOTRhZGNlOTllNDBhZWU4NjMzZjg4MmFlOTBiYWI5MTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIRwLcl8T7bsltWIZ9lxWFxR5Zd/
gH7Zk9QCBDLvzxW3tv9DS0q3IwF7uNGaG7E6J59xmNYeYHOd1eEb5Rk9UJjOQ/21
QYztxoVEWZIkiK2Yq9PW+7IuIhI8g3IntrQnRt4WkTVzRIPWvbmPtcJZe266nqkF
Pu4G3S6F+C+e57zfJS0USFXCzWfbRCthUDFdQcJK/Ty7TIfJsyFnCIeJsFVGWGtx
/VLKy+yD0lz5c8NcqE6iRo9d1DGV4OorL0GzUVLCcsVxvIfkNruOw9nAJ2v3WXnP
j9XAimvR36aIyJj0pfvsn+24bXq2KZPG3Q5ddTBv7mVUjR8Xu2TyhrbF5QIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFA0DpLlK3OmeQK7oYz+IKukLq5FoMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvRFFPa3VVcmM2WjVBcnVoalA0Z3E2UXVya1dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCVXTEAwQC
VXTcMAwDBABZ7nUDBANZ7nAwDAMEAlnufAMEAFnufjANBgkqhkiG9w0BAQsFAAOC
AQEAIqRDfIc0sH/TTpAFuNFWTDcTWn4sKMSwABvqq2eZGxrJjP8iD34lEZOo1Fcq
zlofHX2BG3TNXWNtLNkaUKZbGsShfNlhNvQqShTlj/l4sNxYrcfwZNrUJVlmQvFu
HPN72feZvC/dG0LdFhZ5brg3y78klxQd7YcqLtERyS2zYEUe0iNaltqFysf444sh
JjN7mc3UbZ/ryVjwP7pO1Bka96+wyy5sng430B+FoSNuYFAPE0VRULlE5XeUW5KG
lEywWlW6lk9Qo2ygSGUxBc/B2YIet9PnlFQdB74t8XiXsntyQXJjU0GqoAtTzpA0
bE4aKQP2HGTYIie/mFgNWfs6YA==
-----END CERTIFICATE-----
Generated at Mon Apr 7 16:46:59 2025 by rpki-client