Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/3fbk5KZ8ThDjTTk1HUs_F8dpBIQ.roa
File: 3fbk5KZ8ThDjTTk1HUs_F8dpBIQ.roa (raw, json)
Hash identifier: QSUPjZJR7N2hLAV4a9vMxf89Cyng2AUNsEsGu9jShnE=
Subject key identifier: DD:F6:E4:E4:A6:7C:4E:10:E3:4D:39:35:1D:4B:3F:17:C7:69:04:84
Certificate issuer: /CN=c38c3a1c05c899ebfe15d2361909a63597c68078
Certificate serial: 0194282621E6924EF91936BB81839BCCB115
Authority key identifier: C3:8C:3A:1C:05:C8:99:EB:FE:15:D2:36:19:09:A6:35:97:C6:80:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4w6HAXImev-FdI2GQmmNZfGgHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/3fbk5KZ8ThDjTTk1HUs_F8dpBIQ.roa
Signing time: Thu 02 Jan 2025 17:52:55 +0000
ROA not before: Thu 02 Jan 2025 17:52:55 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43771
IP address blocks: 91.198.148.0/24 maxlen: 24
185.202.4.0/23 maxlen: 23
185.202.6.0/24 maxlen: 24
2a0a:cdc0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:26:21:e6:92:4e:f9:19:36:bb:81:83:9b:cc:b1:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38c3a1c05c899ebfe15d2361909a63597c68078
Validity
Not Before: Jan 2 17:52:55 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddf6e4e4a67c4e10e34d39351d4b3f17c7690484
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:7b:a0:81:f0:08:b5:7c:55:dc:90:bf:d6:65:
84:4b:8e:de:d5:46:2f:57:94:73:cf:1f:1d:fb:4e:
18:18:d7:06:19:1c:f0:3b:9c:04:f5:d3:78:a6:e4:
80:34:94:59:63:19:eb:18:d7:ad:89:16:26:2a:87:
4b:15:57:10:e2:0a:50:1b:1a:67:b4:08:2d:b8:23:
00:f2:5f:48:89:fd:e5:4a:27:c2:9f:e7:0f:cd:f5:
0d:b6:39:d9:ef:5f:76:4a:96:67:27:bd:06:97:79:
23:b6:ec:76:5c:dd:5c:99:43:e0:b2:f4:c9:5c:e5:
82:76:33:79:18:82:d9:fc:f6:62:84:bc:cd:94:f1:
fb:3d:a0:8d:33:a2:78:31:58:bb:f4:2d:13:f2:03:
66:60:8b:5e:93:9d:9d:d9:ec:2c:f2:ba:ed:87:ff:
d6:9f:86:72:a9:a0:9e:87:39:6c:8e:32:ea:20:86:
54:5d:2c:a5:5a:9e:b2:96:24:eb:23:c9:59:2e:9a:
93:e6:34:fe:07:e5:22:32:1d:60:c0:34:b3:8d:6e:
84:70:e2:92:6a:fb:c4:05:fb:bc:f0:26:01:62:1d:
f1:68:b3:0e:72:90:0b:39:7c:0d:8a:6b:c7:0e:89:
d0:fa:7f:0c:69:69:e2:08:1b:c6:41:78:b2:f3:8a:
f2:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:F6:E4:E4:A6:7C:4E:10:E3:4D:39:35:1D:4B:3F:17:C7:69:04:84
X509v3 Authority Key Identifier:
keyid:C3:8C:3A:1C:05:C8:99:EB:FE:15:D2:36:19:09:A6:35:97:C6:80:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4w6HAXImev-FdI2GQmmNZfGgHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/3fbk5KZ8ThDjTTk1HUs_F8dpBIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/w4w6HAXImev-FdI2GQmmNZfGgHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.148.0/24
185.202.4.0-185.202.6.255
IPv6:
2a0a:cdc0::/32
Signature Algorithm: sha256WithRSAEncryption
34:91:5d:50:ae:49:80:57:9e:61:51:f8:c3:78:61:4e:a7:75:
7a:73:5b:3e:39:38:e5:98:f0:cb:3a:70:28:0d:0c:e0:88:e0:
1c:5c:00:05:09:c2:57:ed:ae:2d:07:c1:97:21:a9:48:b7:1e:
28:25:17:c6:c1:ac:74:05:db:53:fb:08:80:24:4e:e8:7e:2c:
e9:c3:e7:7a:55:07:20:32:98:11:e5:64:1b:f5:d0:40:a1:ef:
1b:77:35:99:61:6d:20:ca:00:db:97:80:2e:db:63:43:96:3f:
69:ee:67:9a:bb:e3:44:d4:7c:8a:76:07:13:c9:a6:ad:d8:a3:
18:06:27:8f:8e:c7:10:ee:89:e0:ff:0c:86:47:3d:e8:47:3d:
bc:81:e0:59:fd:af:36:1b:0c:5a:fe:7e:e6:5e:0a:89:80:02:
6c:f9:3d:64:c9:55:e4:53:ff:9e:a8:93:68:4c:66:9a:46:03:
67:e0:c7:47:61:64:c6:c0:67:53:8a:37:b9:e7:2c:e3:b0:96:
1d:09:34:a6:da:30:e7:18:84:cd:c1:4b:d6:a1:1a:8b:35:89:
fc:c4:48:4f:fc:44:f4:0c:c3:d0:5f:16:2c:2d:0e:7b:8a:6a:
07:c0:63:31:06:f0:3b:fa:92:59:fb:ed:c3:30:4a:11:5f:d1:
4f:9b:e0:e6
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQoJiHmkk75GTa7gYObzLEVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzOGMzYTFjMDVjODk5ZWJmZTE1ZDIzNjE5MDlhNjM1OTdj
NjgwNzgwHhcNMjUwMTAyMTc1MjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGY2ZTRlNGE2N2M0ZTEwZTM0ZDM5MzUxZDRiM2YxN2M3NjkwNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXuggfAItXxV3JC/1mWES47e1UYv
V5Rzzx8d+04YGNcGGRzwO5wE9dN4puSANJRZYxnrGNetiRYmKodLFVcQ4gpQGxpn
tAgtuCMA8l9Iif3lSifCn+cPzfUNtjnZ7192SpZnJ70Gl3kjtux2XN1cmUPgsvTJ
XOWCdjN5GILZ/PZihLzNlPH7PaCNM6J4MVi79C0T8gNmYItek52d2ews8rrth//W
n4ZyqaCehzlsjjLqIIZUXSylWp6yliTrI8lZLpqT5jT+B+UiMh1gwDSzjW6EcOKS
avvEBfu88CYBYh3xaLMOcpALOXwNimvHDonQ+n8MaWniCBvGQXiy84ryywIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFN325OSmfE4Q4005NR1LPxfHaQSEMB8GA1UdIwQY
MBaAFMOMOhwFyJnr/hXSNhkJpjWXxoB4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzR3NkhBWEltZXYtRmRJMkdRbW1OWmZHZ0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85ZTg2YWItYmM3Zi00YmM0LWIxMjct
NDIyNjIxNjFlOTQwLzEvM2ZiazVLWjhUaERqVFRrMUhVc19GOGRwQklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85ZTg2YWItYmM3Zi00YmM0LWIxMjctNDIyNjIxNjFlOTQw
LzEvdzR3NkhBWEltZXYtRmRJMkdRbW1OWmZHZ0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQAW8aUMAwD
BAK5ygQDBAC5ygYwDQQCAAIwBwMFACoKzcAwDQYJKoZIhvcNAQELBQADggEBADSR
XVCuSYBXnmFR+MN4YU6ndXpzWz45OOWY8Ms6cCgNDOCI4BxcAAUJwlftri0HwZch
qUi3HiglF8bBrHQF21P7CIAkTuh+LOnD53pVByAymBHlZBv10ECh7xt3NZlhbSDK
ANuXgC7bY0OWP2nuZ5q740TUfIp2BxPJpq3YoxgGJ4+OxxDuieD/DIZHPehHPbyB
4Fn9rzYbDFr+fuZeComAAmz5PWTJVeRT/56ok2hMZppGA2fgx0dhZMbAZ1OKN7nn
LOOwlh0JNKbaMOcYhM3BS9ahGos1ifzESE/8RPQMw9BfFiwtDnuKagfAYzEG8Dv6
kln77cMwShFf0U+b4OY=
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:35:02 2025 by rpki-client