Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/3b5OnsDcnCDs5QHkXGh05Hi3BI8.roa
File: 3b5OnsDcnCDs5QHkXGh05Hi3BI8.roa (raw, json)
Hash identifier: Se325K+ulV/8zZkLbg1zQKXRg/FxnxHfWtwK/Wl0FBc=
Subject key identifier: DD:BE:4E:9E:C0:DC:9C:20:EC:E5:01:E4:5C:68:74:E4:78:B7:04:8F
Certificate issuer: /CN=cf640b02311376dc96eebfeca755c3b0061140ec
Certificate serial: 01856DD40ADE6ED1ED677FEC6F363DB9DD99
Authority key identifier: CF:64:0B:02:31:13:76:DC:96:EE:BF:EC:A7:55:C3:B0:06:11:40:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z2QLAjETdtyW7r_sp1XDsAYRQOw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/3b5OnsDcnCDs5QHkXGh05Hi3BI8.roa
Signing time: Sun 01 Jan 2023 14:54:51 +0000
ROA not before: Sun 01 Jan 2023 14:54:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42158
IP address blocks: 94.198.28.0/22 maxlen: 24
85.158.164.0/22 maxlen: 22
85.158.160.0/22 maxlen: 24
94.198.24.0/22 maxlen: 24
2a00:1290:20::/48 maxlen: 48
2a00:1290:10::/48 maxlen: 48
2a00:1290:30::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:0a:de:6e:d1:ed:67:7f:ec:6f:36:3d:b9:dd:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf640b02311376dc96eebfeca755c3b0061140ec
Validity
Not Before: Jan 1 14:54:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ddbe4e9ec0dc9c20ece501e45c6874e478b7048f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:49:0f:6a:f5:cc:87:ce:b4:6d:d9:39:ad:e5:
a4:77:3d:e1:43:df:ba:c3:ab:10:85:36:93:98:53:
f2:51:79:e6:6d:4b:b1:d0:c6:2b:53:2d:5f:32:7c:
ca:4d:73:03:46:8e:4b:53:47:a6:d1:0c:2c:0b:ed:
7c:e4:18:c1:37:30:f8:aa:14:b1:b5:b7:ea:7d:a1:
1a:3b:d6:84:25:44:75:5e:eb:42:aa:c7:97:13:d7:
00:d9:b9:7f:47:28:7c:e9:d0:a3:28:26:95:5b:cd:
1e:47:a2:52:09:1d:32:e5:e6:e8:fb:d0:d5:65:46:
b1:0b:a6:51:1f:4b:67:2a:5d:37:51:7e:dd:95:a2:
cb:5e:73:9e:27:b9:2b:e9:5e:c6:a9:b8:ba:71:14:
0c:00:7a:46:1c:69:f9:af:fc:6d:95:69:2d:b7:50:
af:64:a4:40:a7:74:84:6f:4f:24:51:3c:04:32:c4:
55:15:a1:97:5f:85:93:90:c2:d0:5e:c3:0f:0c:42:
2d:65:fd:06:28:6b:70:82:57:88:0b:03:cc:40:37:
04:42:08:3a:77:9a:43:f5:94:ff:89:28:9d:85:11:
b4:20:53:02:b0:ef:2b:55:45:9b:1f:82:5a:69:b1:
e8:89:f0:ac:0b:e4:c2:a7:50:84:ef:a5:6f:a4:c4:
f3:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:BE:4E:9E:C0:DC:9C:20:EC:E5:01:E4:5C:68:74:E4:78:B7:04:8F
X509v3 Authority Key Identifier:
keyid:CF:64:0B:02:31:13:76:DC:96:EE:BF:EC:A7:55:C3:B0:06:11:40:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z2QLAjETdtyW7r_sp1XDsAYRQOw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/3b5OnsDcnCDs5QHkXGh05Hi3BI8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/z2QLAjETdtyW7r_sp1XDsAYRQOw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.158.160.0/21
94.198.24.0/21
IPv6:
2a00:1290:10::/48
2a00:1290:20::/48
2a00:1290:30::/48
Signature Algorithm: sha256WithRSAEncryption
10:d3:54:6d:6d:16:53:1a:8f:28:e1:91:56:c8:64:a9:1f:82:
e4:a5:5a:60:89:d5:ba:15:fe:68:09:a9:7a:27:59:cb:44:15:
cc:91:8c:74:1e:c2:f3:3f:e7:ce:bb:09:6a:10:59:84:68:19:
ef:de:15:30:ce:82:50:6a:f6:c9:81:35:5a:39:5a:81:7d:8b:
d0:76:08:a5:39:0f:f8:4b:d1:9f:af:f6:2f:73:69:85:e5:ed:
53:f3:fe:9c:2c:66:34:3b:02:24:a4:7b:8a:bf:91:04:0e:82:
b2:c6:96:d1:b3:e0:15:48:04:dc:9f:f6:be:97:95:75:06:9c:
75:99:39:5f:62:93:9a:8d:c3:ed:0c:ae:30:de:54:2b:ab:c1:
20:ed:f0:8b:d7:72:83:db:c7:c0:7c:a4:e7:91:e5:02:b7:78:
a6:91:7b:65:57:2f:a1:62:cb:cc:1e:79:b9:75:2c:1c:af:9f:
35:8b:ef:15:ee:99:f6:4b:b7:a9:a3:38:d0:b1:bd:18:79:c8:
9c:db:74:db:c0:8a:d6:a2:93:82:85:d0:73:40:30:3c:fe:36:
67:11:e7:68:9d:48:f8:65:04:db:fa:6e:63:b2:69:09:e7:33:
ee:74:f9:31:a2:c4:46:bd:b9:b5:39:8d:f3:9f:2b:ae:75:f0:
99:86:5d:d7
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVt1ArebtHtZ3/sbzY9ud2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNjQwYjAyMzExMzc2ZGM5NmVlYmZlY2E3NTVjM2IwMDYx
MTQwZWMwHhcNMjMwMTAxMTQ1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJlNGU5ZWMwZGM5YzIwZWNlNTAxZTQ1YzY4NzRlNDc4YjcwNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEkPavXMh860bdk5reWkdz3hQ9+6
w6sQhTaTmFPyUXnmbUux0MYrUy1fMnzKTXMDRo5LU0em0QwsC+185BjBNzD4qhSx
tbfqfaEaO9aEJUR1XutCqseXE9cA2bl/Ryh86dCjKCaVW80eR6JSCR0y5ebo+9DV
ZUaxC6ZRH0tnKl03UX7dlaLLXnOeJ7kr6V7Gqbi6cRQMAHpGHGn5r/xtlWktt1Cv
ZKRAp3SEb08kUTwEMsRVFaGXX4WTkMLQXsMPDEItZf0GKGtwgleICwPMQDcEQgg6
d5pD9ZT/iSidhRG0IFMCsO8rVUWbH4JaabHoifCsC+TCp1CE76VvpMTzbQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFN2+Tp7A3Jwg7OUB5FxodOR4twSPMB8GA1UdIwQY
MBaAFM9kCwIxE3bclu6/7KdVw7AGEUDsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejJRTEFqRVRkdHlXN3Jfc3AxWERzQVlSUU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMGVjNzgtN2U0NC00OWU0LTg0NDMt
OWRiNWJlNGQwZWZmLzEvM2I1T25zRGNuQ0RzNVFIa1hHaDA1SGkzQkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMGVjNzgtN2U0NC00OWU0LTg0NDMtOWRiNWJlNGQwZWZm
LzEvejJRTEFqRVRkdHlXN3Jfc3AxWERzQVlSUU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQDVZ6gAwQD
XsYYMCEEAgACMBsDBwAqABKQABADBwAqABKQACADBwAqABKQADAwDQYJKoZIhvcN
AQELBQADggEBABDTVG1tFlMajyjhkVbIZKkfguSlWmCJ1boV/mgJqXonWctEFcyR
jHQewvM/5867CWoQWYRoGe/eFTDOglBq9smBNVo5WoF9i9B2CKU5D/hL0Z+v9i9z
aYXl7VPz/pwsZjQ7AiSke4q/kQQOgrLGltGz4BVIBNyf9r6XlXUGnHWZOV9ik5qN
w+0MrjDeVCurwSDt8IvXcoPbx8B8pOeR5QK3eKaRe2VXL6Fiy8weebl1LByvnzWL
7xXumfZLt6mjONCxvRh5yJzbdNvAitaik4KF0HNAMDz+NmcR52idSPhlBNv6bmOy
aQnnM+50+TGixEa9ubU5jfOfK6518JmGXdc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:57 2024 by rpki-client on console-ams.rpki-client.org