Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/kCUJ9WAB7xBAc1G-pOOiDkSMiSo.roa
File: kCUJ9WAB7xBAc1G-pOOiDkSMiSo.roa (raw, json)
Hash identifier: KGL1T9P6F84Qo2JuIQ3412zoZu2Jbm+oGbNsiWT9YQg=
Subject key identifier: 90:25:09:F5:60:01:EF:10:40:73:51:BE:A4:E3:A2:0E:44:8C:89:2A
Certificate issuer: /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial: 018570302A1E0D3C25B4592387718802F0A3
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/kCUJ9WAB7xBAc1G-pOOiDkSMiSo.roa
Signing time: Mon 02 Jan 2023 01:54:42 +0000
ROA not before: Mon 02 Jan 2023 01:54:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 33891
IP address blocks: 188.65.144.0/21 maxlen: 21
91.204.168.0/22 maxlen: 22
2a00:1aa0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:30:2a:1e:0d:3c:25:b4:59:23:87:71:88:02:f0:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
Validity
Not Before: Jan 2 01:54:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=902509f56001ef10407351bea4e3a20e448c892a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:74:13:07:21:54:27:9b:57:26:cf:08:18:a5:
68:5f:ac:e5:61:e4:e1:a8:40:09:53:bc:92:e5:27:
24:96:34:59:aa:16:14:4d:32:68:81:62:49:4a:61:
a8:1c:7f:59:57:e5:fc:92:b5:a2:5d:af:07:b8:68:
08:a2:05:3b:bd:fa:07:66:07:dc:f0:50:61:b4:f5:
c6:7c:b5:96:b7:78:b9:a4:18:f4:41:5f:ab:63:73:
3e:9b:60:58:14:ec:88:a4:29:66:11:ac:81:5e:63:
1f:d8:88:bf:89:f2:e9:7e:ac:4f:31:44:90:fd:4a:
c3:3c:3b:ef:42:ff:55:c8:71:a4:7c:57:b7:0d:7a:
28:11:87:a2:a0:98:eb:72:ea:c3:6e:50:ee:11:b6:
f7:28:48:9d:aa:ac:db:5e:92:7c:23:07:1f:ec:be:
22:be:16:b0:34:82:35:ab:35:08:a6:af:0e:9b:bb:
c0:5c:0d:34:f4:91:78:43:4e:81:ab:96:33:42:98:
11:27:a3:28:e5:01:17:31:38:92:2a:03:34:b5:e7:
46:38:49:d4:1b:1c:bd:06:68:7c:4b:ae:4a:0e:f5:
50:11:0c:c4:47:2c:ce:44:bf:b3:ad:f5:76:e3:41:
36:22:4e:a2:f8:54:ec:b5:9f:89:64:93:ba:15:73:
a2:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:25:09:F5:60:01:EF:10:40:73:51:BE:A4:E3:A2:0E:44:8C:89:2A
X509v3 Authority Key Identifier:
keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/kCUJ9WAB7xBAc1G-pOOiDkSMiSo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.168.0/22
188.65.144.0/21
IPv6:
2a00:1aa0::/32
Signature Algorithm: sha256WithRSAEncryption
15:5b:0c:81:86:7a:af:1c:ef:4f:ca:cc:38:d5:67:25:c6:1c:
b5:28:b8:ae:f9:18:93:03:dd:c8:04:9a:cd:2e:e0:9e:82:dd:
1d:7a:7a:a6:a8:d2:81:76:d4:09:9f:dc:9e:2c:a3:f7:d1:97:
a2:2f:58:5c:19:d7:cc:91:5d:78:70:90:0b:3e:63:ef:41:05:
37:69:42:76:84:8a:b7:03:f2:4d:b7:30:b4:59:44:89:f9:fb:
4e:94:1d:06:d2:2f:21:f3:c5:d3:ce:34:dd:f4:4b:5a:1c:a6:
48:d4:63:9c:7e:49:a1:00:7a:42:f3:0d:c8:25:c6:54:d9:51:
17:42:c6:58:9c:27:c6:8d:6b:3f:c2:ea:9f:24:b5:26:4c:e2:
17:76:3b:e2:52:60:65:1e:44:83:c9:bf:e4:be:05:45:c5:21:
d4:68:06:44:ac:c3:f7:52:18:e6:d4:f9:68:fa:c9:03:90:86:
80:d1:8b:6f:e7:4f:9a:bb:b4:85:d1:1c:ef:e8:78:6f:39:1a:
a6:ed:b5:8f:d4:e2:17:83:81:36:9e:3c:f3:f6:fc:fa:4a:9e:
7f:dd:94:fb:60:5e:7d:38:f1:f3:81:b7:b3:54:ac:54:cc:dd:
54:2e:67:ae:83:16:20:b3:48:82:dd:3d:fb:8d:27:99:d8:53:
0d:0c:53:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVwMCoeDTwltFkjh3GIAvCjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDYzNmM1MDVkNTZhZjQyYTQxNGMxNjdkNTI0MDdkMzU2
YjNkMGIwHhcNMjMwMTAyMDE1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDI1MDlmNTYwMDFlZjEwNDA3MzUxYmVhNGUzYTIwZTQ0OGM4OTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHQTByFUJ5tXJs8IGKVoX6zlYeTh
qEAJU7yS5SckljRZqhYUTTJogWJJSmGoHH9ZV+X8krWiXa8HuGgIogU7vfoHZgfc
8FBhtPXGfLWWt3i5pBj0QV+rY3M+m2BYFOyIpClmEayBXmMf2Ii/ifLpfqxPMUSQ
/UrDPDvvQv9VyHGkfFe3DXooEYeioJjrcurDblDuEbb3KEidqqzbXpJ8Iwcf7L4i
vhawNII1qzUIpq8Om7vAXA009JF4Q06Bq5YzQpgRJ6Mo5QEXMTiSKgM0tedGOEnU
Gxy9Bmh8S65KDvVQEQzERyzORL+zrfV240E2Ik6i+FTstZ+JZJO6FXOilwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJAlCfVgAe8QQHNRvqTjog5EjIkqMB8GA1UdIwQY
MBaAFHjWNsUF1Wr0KkFMFn1SQH01az0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTIt
ZGRjZDRkOTM1MDMwLzEva0NVSjlXQUI3eEJBYzFHLXBPT2lEa1NNaVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTItZGRjZDRkOTM1MDMw
LzEvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8yoAwQD
vEGQMA0EAgACMAcDBQAqABqgMA0GCSqGSIb3DQEBCwUAA4IBAQAVWwyBhnqvHO9P
ysw41Wclxhy1KLiu+RiTA93IBJrNLuCegt0denqmqNKBdtQJn9yeLKP30ZeiL1hc
GdfMkV14cJALPmPvQQU3aUJ2hIq3A/JNtzC0WUSJ+ftOlB0G0i8h88XTzjTd9Eta
HKZI1GOcfkmhAHpC8w3IJcZU2VEXQsZYnCfGjWs/wuqfJLUmTOIXdjviUmBlHkSD
yb/kvgVFxSHUaAZErMP3Uhjm1Plo+skDkIaA0Ytv50+au7SF0Rzv6HhvORqm7bWP
1OIXg4E2njzz9vz6Sp5/3ZT7YF59OPHzgbezVKxUzN1ULmeugxYgs0iC3T37jSeZ
2FMNDFMu
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:09:35 2025 by rpki-client