Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/PN-Xj496VaqTA8f0tVevxbBru-8.roa
File: PN-Xj496VaqTA8f0tVevxbBru-8.roa (raw, json)
Hash identifier: RxF+wzbj85kCCWJetIUBmMkVzJrNYB1HS6Qx3dn55T8=
Subject key identifier: 3C:DF:97:8F:8F:7A:55:AA:93:03:C7:F4:B5:57:AF:C5:B0:6B:BB:EF
Certificate issuer: /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial: 018CC34939D80A6E0521914B97C162DBEDC2
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/PN-Xj496VaqTA8f0tVevxbBru-8.roa
Signing time: Mon 01 Jan 2024 04:30:05 +0000
ROA not before: Mon 01 Jan 2024 04:30:05 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 33891
IP address blocks: 188.65.144.0/21 maxlen: 21
91.204.168.0/22 maxlen: 22
2a00:1aa0::/32 maxlen: 32
2a00:1aa0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:39:d8:0a:6e:05:21:91:4b:97:c1:62:db:ed:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
Validity
Not Before: Jan 1 04:30:05 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3cdf978f8f7a55aa9303c7f4b557afc5b06bbbef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:da:55:d6:6d:ad:c1:d9:b1:ac:79:71:03:07:
45:ce:f3:f0:2e:43:d5:96:48:57:ce:15:0a:ce:db:
6a:07:0b:2f:64:57:41:4b:45:44:2f:d5:cf:10:8e:
da:47:37:ca:98:82:a1:58:42:50:b3:73:91:9a:b0:
d1:61:e0:4e:71:38:8a:30:1e:fc:42:86:37:9b:f6:
66:01:94:c7:5f:77:3e:87:d7:ad:2e:35:be:34:93:
34:01:6c:b9:29:fa:e0:a8:ea:e5:e2:92:20:30:02:
42:fc:1d:6e:dd:3d:23:2a:dd:df:f5:5f:b6:25:36:
32:93:b5:91:fe:e8:59:2c:a3:74:7b:bd:b0:01:4a:
1d:69:49:91:e9:b3:22:6c:68:1a:60:e1:29:02:0b:
ec:18:14:4d:0c:68:5f:9d:e1:83:31:1b:62:6a:48:
14:25:31:a1:14:81:ca:de:df:a7:4b:b3:c1:43:6b:
88:f8:e7:5d:a6:6a:cc:3b:91:43:ae:e5:31:41:62:
17:1c:f6:e9:96:cf:09:b0:14:4d:1f:3d:ee:25:f3:
0d:37:92:97:a1:45:e2:4f:f7:67:b4:c4:0d:46:37:
dd:c5:90:93:52:78:e5:f5:f4:aa:a5:bc:ec:bc:01:
b7:31:0c:53:f6:5e:3b:77:ba:e4:63:17:b5:da:11:
2a:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:DF:97:8F:8F:7A:55:AA:93:03:C7:F4:B5:57:AF:C5:B0:6B:BB:EF
X509v3 Authority Key Identifier:
keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/PN-Xj496VaqTA8f0tVevxbBru-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.168.0/22
188.65.144.0/21
IPv6:
2a00:1aa0::/29
Signature Algorithm: sha256WithRSAEncryption
1f:80:9c:6e:08:8e:c9:13:bc:59:9a:9e:f0:eb:c7:87:50:1c:
4f:d2:64:82:c6:be:bd:3d:e8:e1:c6:ed:d2:94:a6:2f:de:d7:
66:42:96:2d:47:5e:4c:22:17:81:10:92:da:02:e7:49:27:84:
2d:91:f4:2b:5c:7d:ec:f4:9c:eb:8e:d9:5c:5b:2c:c5:7d:96:
97:be:89:8b:37:3e:35:80:c4:84:51:a4:d5:a4:16:0a:39:33:
69:7c:91:bc:43:4e:3d:73:55:2e:ce:a2:3d:62:05:45:a3:2a:
d7:1b:5e:cd:94:cf:03:5d:a9:0c:06:71:2b:d1:bf:7c:95:9f:
be:87:01:e8:91:f2:7a:6f:e5:dc:38:42:75:9b:8b:b4:f9:2d:
aa:58:d2:4f:04:3b:8a:95:2a:e9:e0:ec:47:80:f9:4b:e7:5f:
a5:66:65:2a:56:43:2c:38:90:2d:a1:49:37:66:31:7a:ce:f4:
11:0d:be:01:9c:5f:d7:24:fa:a8:38:d2:1e:2d:e4:5c:e2:66:
89:f4:30:09:9f:e8:81:d3:88:ed:ef:58:a5:35:f2:25:17:f4:
d9:b4:d1:b1:2b:8b:e2:aa:45:a1:b3:84:8d:69:47:b4:5e:99:
9a:e1:e4:c1:a4:d3:76:26:7c:d1:ee:e9:19:64:39:93:a0:2b:
db:18:af:e9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDSTnYCm4FIZFLl8Fi2+3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDYzNmM1MDVkNTZhZjQyYTQxNGMxNjdkNTI0MDdkMzU2
YjNkMGIwHhcNMjQwMTAxMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RmOTc4ZjhmN2E1NWFhOTMwM2M3ZjRiNTU3YWZjNWIwNmJiYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9pV1m2twdmxrHlxAwdFzvPwLkPV
lkhXzhUKzttqBwsvZFdBS0VEL9XPEI7aRzfKmIKhWEJQs3ORmrDRYeBOcTiKMB78
QoY3m/ZmAZTHX3c+h9etLjW+NJM0AWy5KfrgqOrl4pIgMAJC/B1u3T0jKt3f9V+2
JTYyk7WR/uhZLKN0e72wAUodaUmR6bMibGgaYOEpAgvsGBRNDGhfneGDMRtiakgU
JTGhFIHK3t+nS7PBQ2uI+OddpmrMO5FDruUxQWIXHPbpls8JsBRNHz3uJfMNN5KX
oUXiT/dntMQNRjfdxZCTUnjl9fSqpbzsvAG3MQxT9l47d7rkYxe12hEqvQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDzfl4+PelWqkwPH9LVXr8Wwa7vvMB8GA1UdIwQY
MBaAFHjWNsUF1Wr0KkFMFn1SQH01az0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTIt
ZGRjZDRkOTM1MDMwLzEvUE4tWGo0OTZWYXFUQThmMHRWZXZ4YkJydS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTItZGRjZDRkOTM1MDMw
LzEvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8yoAwQD
vEGQMA0EAgACMAcDBQMqABqgMA0GCSqGSIb3DQEBCwUAA4IBAQAfgJxuCI7JE7xZ
mp7w68eHUBxP0mSCxr69Pejhxu3SlKYv3tdmQpYtR15MIheBEJLaAudJJ4QtkfQr
XH3s9JzrjtlcWyzFfZaXvomLNz41gMSEUaTVpBYKOTNpfJG8Q049c1UuzqI9YgVF
oyrXG17NlM8DXakMBnEr0b98lZ++hwHokfJ6b+XcOEJ1m4u0+S2qWNJPBDuKlSrp
4OxHgPlL51+lZmUqVkMsOJAtoUk3ZjF6zvQRDb4BnF/XJPqoONIeLeRc4maJ9DAJ
n+iB04jt71ilNfIlF/TZtNGxK4viqkWhs4SNaUe0Xpma4eTBpNN2JnzR7ukZZDmT
oCvbGK/p
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:30:05 2025 by rpki-client