Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/nJiYZEpB1EgK05RNyHLNlPAVIA8.roa
File: nJiYZEpB1EgK05RNyHLNlPAVIA8.roa (raw, json)
Hash identifier: AlaLFQmqj+Z/cHGEWv8PdyAv4LrvAlOopVYBnZcKqZA=
Subject key identifier: 9C:98:98:64:4A:41:D4:48:0A:D3:94:4D:C8:72:CD:94:F0:15:20:0F
Certificate issuer: /CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Certificate serial: 019444F6E62FCD92614CEB068662CB541ED6
Authority key identifier: 6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/nJiYZEpB1EgK05RNyHLNlPAVIA8.roa
Signing time: Wed 08 Jan 2025 08:10:18 +0000
ROA not before: Wed 08 Jan 2025 08:10:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42831
IP address blocks: 85.116.196.0/22 maxlen: 22
85.116.220.0/22 maxlen: 22
89.238.114.0/24 maxlen: 24
89.238.115.0/24 maxlen: 24
89.238.116.0/24 maxlen: 24
89.238.117.0/24 maxlen: 24
89.238.118.0/24 maxlen: 24
89.238.119.0/24 maxlen: 24
89.238.124.0/24 maxlen: 24
89.238.125.0/24 maxlen: 24
89.238.126.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:44:f6:e6:2f:cd:92:61:4c:eb:06:86:62:cb:54:1e:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ed0392ac7660bd1460fa1d5031d1840d01b9412
Validity
Not Before: Jan 8 08:10:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c9898644a41d4480ad3944dc872cd94f015200f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:0c:d6:41:1b:fd:2a:cd:c5:2a:b0:30:87:e8:
aa:b6:ad:b4:73:c4:16:49:0c:49:1d:eb:9e:d2:d3:
b4:ab:45:83:29:b2:fd:48:27:b0:da:c6:7f:33:d6:
65:ee:c6:7e:0b:75:53:e0:92:9b:20:38:b8:fa:63:
fd:9f:eb:11:28:34:89:34:fc:b1:4c:39:20:9b:9b:
77:4c:9f:79:53:48:56:6e:58:37:e9:3a:84:f2:1f:
a7:00:ca:d9:62:32:2c:07:43:d4:91:4f:fc:05:3a:
ee:94:f4:80:2d:7f:3e:b4:9d:84:87:aa:0d:fe:f1:
e6:23:77:d3:3e:c5:dd:b5:91:bc:6a:cc:69:ad:08:
f8:24:02:fd:96:95:0d:17:a8:b9:dc:c4:5e:96:44:
bd:0b:94:ef:44:71:33:59:bc:04:4b:9f:33:db:08:
03:5d:5f:48:48:63:5f:a4:2f:5d:16:33:30:08:ab:
7d:46:78:df:c0:d3:14:bc:2f:1d:78:6b:bd:9b:5b:
c5:1b:69:26:0a:13:a3:c9:9d:3e:cd:5c:df:c4:73:
6b:89:2f:10:47:b3:56:08:6b:c5:3c:8d:fa:d2:af:
7e:42:ee:f1:c7:9d:e4:62:34:55:53:c8:a7:24:a9:
8a:2b:a8:f3:32:1e:35:09:a6:c5:53:19:4d:de:1a:
96:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:98:98:64:4A:41:D4:48:0A:D3:94:4D:C8:72:CD:94:F0:15:20:0F
X509v3 Authority Key Identifier:
keyid:6E:D0:39:2A:C7:66:0B:D1:46:0F:A1:D5:03:1D:18:40:D0:1B:94:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/btA5KsdmC9FGD6HVAx0YQNAblBI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/nJiYZEpB1EgK05RNyHLNlPAVIA8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/78e03c-c9c7-4c85-bfdd-e8baf9ffadf8/1/btA5KsdmC9FGD6HVAx0YQNAblBI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.116.196.0/22
85.116.220.0/22
89.238.114.0-89.238.119.255
89.238.124.0-89.238.126.255
Signature Algorithm: sha256WithRSAEncryption
97:6c:1b:0e:45:3f:b6:08:1a:af:a6:43:87:44:d4:29:b3:df:
d0:b3:ce:61:f7:53:74:2f:a2:e6:0f:c9:83:fa:f5:71:ff:1d:
33:cb:8f:7f:9f:9b:b1:36:52:30:16:c4:9b:dc:ea:72:22:ca:
c9:01:f4:66:72:61:ce:72:b5:2f:38:fb:71:80:c3:25:a5:da:
bc:41:4e:1d:48:02:f3:1e:0f:11:ec:d7:8f:c5:9f:99:e8:bd:
af:79:6c:74:4b:9a:f0:e9:f5:97:cd:1f:5f:4e:7d:60:4e:0d:
51:3b:ca:5e:b2:1b:43:86:1f:49:01:45:1f:df:53:95:36:cf:
d2:67:39:64:b9:ee:39:2d:76:1b:e3:dd:8a:bf:61:04:bd:da:
64:a3:83:d4:2e:bc:8b:61:5f:54:51:4c:7b:ef:55:f2:26:d2:
98:b1:2a:76:a5:32:51:9f:b1:34:15:71:d6:d7:6a:04:66:33:
8f:24:52:e9:72:8b:64:ac:96:8c:e3:33:1f:70:70:62:f6:32:
8d:be:9b:8c:60:f5:c5:47:f1:27:38:8d:c7:08:bb:dc:7a:67:
d2:ec:4c:7e:59:4f:8e:87:29:70:20:66:12:76:58:97:28:0a:
5a:aa:41:6c:f9:80:e4:db:5e:13:89:45:e5:56:ac:e5:26:07:
e2:01:9f:86
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZRE9uYvzZJhTOsGhmLLVB7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZDAzOTJhYzc2NjBiZDE0NjBmYTFkNTAzMWQxODQwZDAx
Yjk0MTIwHhcNMjUwMTA4MDgxMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzk4OTg2NDRhNDFkNDQ4MGFkMzk0NGRjODcyY2Q5NGYwMTUyMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgzWQRv9Ks3FKrAwh+iqtq20c8QW
SQxJHeue0tO0q0WDKbL9SCew2sZ/M9Zl7sZ+C3VT4JKbIDi4+mP9n+sRKDSJNPyx
TDkgm5t3TJ95U0hWblg36TqE8h+nAMrZYjIsB0PUkU/8BTrulPSALX8+tJ2Eh6oN
/vHmI3fTPsXdtZG8asxprQj4JAL9lpUNF6i53MRelkS9C5TvRHEzWbwES58z2wgD
XV9ISGNfpC9dFjMwCKt9RnjfwNMUvC8deGu9m1vFG2kmChOjyZ0+zVzfxHNriS8Q
R7NWCGvFPI360q9+Qu7xx53kYjRVU8inJKmKK6jzMh41CabFUxlN3hqWuQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJyYmGRKQdRICtOUTchyzZTwFSAPMB8GA1UdIwQY
MBaAFG7QOSrHZgvRRg+h1QMdGEDQG5QSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQt
ZThiYWY5ZmZhZGY4LzEvbkppWVpFcEIxRWdLMDVSTnlITE5sUEFWSUE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83OGUwM2MtYzljNy00Yzg1LWJmZGQtZThiYWY5ZmZhZGY4
LzEvYnRBNUtzZG1DOUZHRDZIVkF4MFlRTkFibEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoAwQCVXTEAwQC
VXTcMAwDBAFZ7nIDBANZ7nAwDAMEAlnufAMEAFnufjANBgkqhkiG9w0BAQsFAAOC
AQEAl2wbDkU/tggar6ZDh0TUKbPf0LPOYfdTdC+i5g/Jg/r1cf8dM8uPf5+bsTZS
MBbEm9zqciLKyQH0ZnJhznK1Lzj7cYDDJaXavEFOHUgC8x4PEezXj8Wfmei9r3ls
dEua8On1l80fX059YE4NUTvKXrIbQ4YfSQFFH99TlTbP0mc5ZLnuOS12G+Pdir9h
BL3aZKOD1C68i2FfVFFMe+9V8ibSmLEqdqUyUZ+xNBVx1tdqBGYzjyRS6XKLZKyW
jOMzH3BwYvYyjb6bjGD1xUfxJziNxwi73Hpn0uxMfllPjocpcCBmEnZYlygKWqpB
bPmA5NteE4lF5Vas5SYH4gGfhg==
-----END CERTIFICATE-----
Generated at Mon Apr 7 09:22:55 2025 by rpki-client