Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/kH7V3ExWW7SirsQEjxKn6TxTGx4.roa
File: kH7V3ExWW7SirsQEjxKn6TxTGx4.roa (raw, json)
Hash identifier: J2ZLkkIKBRZbKVlgKlQs3E3eqYzD9V5b+WTU4QZbVvk=
Subject key identifier: 90:7E:D5:DC:4C:56:5B:B4:A2:AE:C4:04:8F:12:A7:E9:3C:53:1B:1E
Certificate issuer: /CN=78d636c505d56af42a414c167d52407d356b3d0b
Certificate serial: 0191E7E547DA8EE57ECC41D10D349534CE7A
Authority key identifier: 78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/kH7V3ExWW7SirsQEjxKn6TxTGx4.roa
Signing time: Thu 12 Sep 2024 20:20:48 +0000
ROA not before: Thu 12 Sep 2024 20:20:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201011
IP address blocks: 91.204.168.0/22 maxlen: 24
188.65.144.0/21 maxlen: 21
2a00:1aa0::/29 maxlen: 29
2a00:1aa0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e7:e5:47:da:8e:e5:7e:cc:41:d1:0d:34:95:34:ce:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=78d636c505d56af42a414c167d52407d356b3d0b
Validity
Not Before: Sep 12 20:20:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=907ed5dc4c565bb4a2aec4048f12a7e93c531b1e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:a4:86:8f:d5:5e:57:9a:d4:69:1f:df:82:ac:
ea:2c:c5:98:92:4a:41:92:f4:03:23:1d:68:b3:fe:
03:c2:53:98:6d:8f:49:49:42:fa:21:89:ec:2f:4b:
3a:91:be:12:0a:78:a2:85:63:50:af:c6:b9:de:4f:
d8:3b:22:71:c1:9a:c5:31:7f:38:a0:19:47:90:20:
c9:e3:0a:3e:3b:4f:46:fc:65:36:58:2f:0b:3d:ba:
02:d3:b1:b1:c9:5b:3e:e0:e7:2a:40:92:9c:48:fe:
42:5b:2b:85:84:c8:83:a6:a8:da:24:03:81:7d:39:
db:f6:70:78:a4:8a:4d:e6:a4:2b:59:06:86:0f:1c:
9f:e2:e6:42:f2:49:c6:22:d0:64:92:8f:52:bb:d6:
70:07:1a:59:19:ce:0d:83:28:91:89:52:63:a8:4c:
b5:6b:91:44:f7:5d:c3:e3:c3:cc:e6:17:5f:56:8b:
63:d1:84:57:31:bb:89:61:14:91:13:76:3b:b6:4c:
ea:39:f3:68:9f:64:dc:1d:01:b5:64:25:6b:4a:0d:
5b:27:66:41:ba:37:86:2d:84:44:a8:84:e0:ab:b9:
b3:40:7d:9b:b6:e8:8f:36:19:44:55:e2:d1:43:f8:
f8:6a:8c:5f:ed:b3:48:71:ba:aa:ed:e8:89:50:6b:
0b:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:7E:D5:DC:4C:56:5B:B4:A2:AE:C4:04:8F:12:A7:E9:3C:53:1B:1E
X509v3 Authority Key Identifier:
keyid:78:D6:36:C5:05:D5:6A:F4:2A:41:4C:16:7D:52:40:7D:35:6B:3D:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eNY2xQXVavQqQUwWfVJAfTVrPQs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/kH7V3ExWW7SirsQEjxKn6TxTGx4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/1fa945-50e7-479a-9d92-ddcd4d935030/1/eNY2xQXVavQqQUwWfVJAfTVrPQs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.204.168.0/22
188.65.144.0/21
IPv6:
2a00:1aa0::/29
Signature Algorithm: sha256WithRSAEncryption
38:bd:b2:a2:9f:49:85:f6:a7:81:89:f9:9f:6e:6c:e9:85:27:
97:08:d1:2c:29:34:e8:e8:7c:51:d7:cf:5d:94:d2:d0:25:d6:
c1:f6:db:00:26:3c:f1:48:b8:ac:18:9d:aa:f9:b7:43:ac:31:
f2:6c:4a:4b:95:1d:11:70:a9:56:53:6b:84:7e:c7:37:1f:2a:
31:ba:2c:79:5c:87:8e:35:dd:39:23:56:d3:ba:a0:3b:08:8d:
82:01:74:c0:2c:11:c1:33:87:cf:e2:f7:ad:a8:e6:67:a8:db:
0a:35:26:41:a9:c7:ed:da:62:02:77:79:d8:f0:fb:dd:54:2f:
7b:bf:1a:17:d3:7a:fb:bf:ce:8a:43:65:be:4d:37:df:35:89:
08:b3:2b:e0:a8:d3:da:ce:2f:d0:8e:f8:f8:5c:c6:c7:ac:ae:
48:73:6a:ff:d9:dd:8b:3f:63:4b:cc:ca:65:4a:2d:60:23:22:
bc:45:c5:fc:b4:71:fe:e0:d3:92:49:1d:3a:a1:5a:ff:4d:fc:
6c:84:f3:f5:af:0e:81:9e:73:74:cc:66:55:2d:3b:c0:af:67:
7e:a8:56:02:98:da:9d:0f:3b:ad:aa:03:42:38:98:89:09:54:
89:2a:0a:0a:f4:fa:b1:7e:59:4f:2a:47:7d:ea:b0:ba:7c:6d:
cf:16:f7:59
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZHn5UfajuV+zEHRDTSVNM56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4ZDYzNmM1MDVkNTZhZjQyYTQxNGMxNjdkNTI0MDdkMzU2
YjNkMGIwHhcNMjQwOTEyMjAyMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDdlZDVkYzRjNTY1YmI0YTJhZWM0MDQ4ZjEyYTdlOTNjNTMxYjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqSGj9VeV5rUaR/fgqzqLMWYkkpB
kvQDIx1os/4DwlOYbY9JSUL6IYnsL0s6kb4SCniihWNQr8a53k/YOyJxwZrFMX84
oBlHkCDJ4wo+O09G/GU2WC8LPboC07GxyVs+4OcqQJKcSP5CWyuFhMiDpqjaJAOB
fTnb9nB4pIpN5qQrWQaGDxyf4uZC8knGItBkko9Su9ZwBxpZGc4NgyiRiVJjqEy1
a5FE913D48PM5hdfVotj0YRXMbuJYRSRE3Y7tkzqOfNon2TcHQG1ZCVrSg1bJ2ZB
ujeGLYREqITgq7mzQH2btuiPNhlEVeLRQ/j4aoxf7bNIcbqq7eiJUGsLBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJB+1dxMVlu0oq7EBI8Sp+k8UxseMB8GA1UdIwQY
MBaAFHjWNsUF1Wr0KkFMFn1SQH01az0LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTIt
ZGRjZDRkOTM1MDMwLzEva0g3VjNFeFdXN1NpcnNRRWp4S242VHhUR3g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8xZmE5NDUtNTBlNy00NzlhLTlkOTItZGRjZDRkOTM1MDMw
LzEvZU5ZMnhRWFZhdlFxUVV3V2ZWSkFmVFZyUFFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8yoAwQD
vEGQMA0EAgACMAcDBQMqABqgMA0GCSqGSIb3DQEBCwUAA4IBAQA4vbKin0mF9qeB
ifmfbmzphSeXCNEsKTTo6HxR189dlNLQJdbB9tsAJjzxSLisGJ2q+bdDrDHybEpL
lR0RcKlWU2uEfsc3Hyoxuix5XIeONd05I1bTuqA7CI2CAXTALBHBM4fP4vetqOZn
qNsKNSZBqcft2mICd3nY8PvdVC97vxoX03r7v86KQ2W+TTffNYkIsyvgqNPazi/Q
jvj4XMbHrK5Ic2r/2d2LP2NLzMplSi1gIyK8RcX8tHH+4NOSSR06oVr/TfxshPP1
rw6BnnN0zGZVLTvAr2d+qFYCmNqdDzutqgNCOJiJCVSJKgoK9PqxfllPKkd96rC6
fG3PFvdZ
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:40:19 2025 by rpki-client