Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/KIhLG8tKnutc8xL6XKJolVYysK8.roa
File: KIhLG8tKnutc8xL6XKJolVYysK8.roa (raw, json)
Hash identifier: Jp34jBmJYt5dEInB4FGDptIrcQRZUHNwXBaQsbVCh9c=
Subject key identifier: 28:88:4B:1B:CB:4A:9E:EB:5C:F3:12:FA:5C:A2:68:95:56:32:B0:AF
Certificate issuer: /CN=cf640b02311376dc96eebfeca755c3b0061140ec
Certificate serial: 15126C2B
Authority key identifier: CF:64:0B:02:31:13:76:DC:96:EE:BF:EC:A7:55:C3:B0:06:11:40:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z2QLAjETdtyW7r_sp1XDsAYRQOw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/KIhLG8tKnutc8xL6XKJolVYysK8.roa
Signing time: Thu 10 Mar 2022 12:16:18 +0000
ROA not before: Thu 10 Mar 2022 12:16:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8315
IP address blocks: 162.248.199.0/24 maxlen: 24
185.113.196.0/22 maxlen: 24
94.198.24.0/21 maxlen: 24
185.113.224.0/22 maxlen: 24
5.100.224.0/21 maxlen: 24
213.171.128.0/19 maxlen: 24
213.171.144.0/20 maxlen: 24
79.99.184.0/21 maxlen: 24
185.113.52.0/22 maxlen: 24
89.18.160.0/19 maxlen: 24
162.251.32.0/21 maxlen: 24
185.12.132.0/22 maxlen: 24
178.251.192.0/21 maxlen: 24
176.62.192.0/21 maxlen: 24
213.214.96.0/19 maxlen: 24
83.98.192.0/19 maxlen: 24
194.105.128.0/23 maxlen: 24
213.247.32.0/19 maxlen: 24
91.216.113.0/24 maxlen: 24
193.34.150.0/23 maxlen: 24
91.216.141.0/24 maxlen: 24
85.92.128.0/19 maxlen: 24
185.38.156.0/22 maxlen: 24
91.200.51.0/24 maxlen: 24
91.200.48.0/23 maxlen: 24
85.158.160.0/21 maxlen: 24
134.0.88.0/22 maxlen: 24
134.0.92.0/23 maxlen: 24
213.189.0.0/19 maxlen: 24
213.189.0.0/21 maxlen: 24
213.189.8.0/22 maxlen: 24
185.77.120.0/22 maxlen: 24
194.165.34.0/24 maxlen: 24
217.195.112.0/20 maxlen: 24
185.74.77.0/24 maxlen: 24
185.74.76.0/24 maxlen: 24
89.30.128.0/17 maxlen: 24
83.98.128.0/18 maxlen: 24
213.189.16.0/20 maxlen: 24
85.222.192.0/21 maxlen: 24
93.175.176.0/20 maxlen: 24
89.30.224.0/22 maxlen: 24
185.30.236.0/22 maxlen: 24
2a00:1bd8::/32 maxlen: 48
2a02:2858::/29 maxlen: 48
2a02:20b0::/32 maxlen: 48
2001:4198::/32 maxlen: 48
2a02:2858:500::/40 maxlen: 40
2001:16f8::/32 maxlen: 48
2a02:20b2::/32 maxlen: 48
2a02:20b1::/32 maxlen: 48
2a03:5500::/31 maxlen: 48
2a01:40e0::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 353528875 (0x15126c2b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf640b02311376dc96eebfeca755c3b0061140ec
Validity
Not Before: Mar 10 12:16:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=28884b1bcb4a9eeb5cf312fa5ca268955632b0af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:fd:33:22:be:17:84:11:0b:df:e5:65:15:26:
9b:72:85:5a:85:a8:15:34:84:4c:55:32:30:1a:59:
07:30:7a:7b:1a:a9:44:d6:50:2e:ed:40:e7:8a:ab:
33:dd:83:b2:5b:a7:10:e9:70:db:96:da:1f:db:7d:
71:7c:d5:fb:d4:8b:53:aa:b0:a1:b5:ab:f4:2d:cd:
79:c3:bd:44:ea:9b:89:de:d3:66:29:e0:b6:b3:4a:
c8:e7:86:d3:11:54:7f:0a:f1:18:be:99:06:e8:20:
0b:0d:30:56:7b:3b:3d:cb:28:2d:ea:c2:92:58:61:
d8:ac:9c:3c:4a:ef:74:5e:45:b7:f2:f5:dc:b0:fe:
a3:54:cf:2a:a8:44:4a:7f:18:7c:29:8f:31:d9:90:
1c:90:7d:46:bf:03:97:25:9e:94:55:a4:2e:fd:81:
d2:f4:bc:33:e1:b1:eb:70:1c:47:e1:1d:c6:5b:0b:
b5:8f:95:2d:19:46:93:51:f3:d6:5f:0c:3f:fe:1d:
c3:2d:32:b2:61:89:15:1b:9c:08:cc:8a:12:d9:73:
1f:a8:b0:b9:b4:a8:46:36:95:c5:cf:ec:39:be:03:
bb:fd:a8:19:b0:82:72:ad:5e:46:e8:40:18:88:56:
53:dd:ae:04:c8:8d:2a:29:e2:cb:70:2f:aa:ed:28:
8a:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:88:4B:1B:CB:4A:9E:EB:5C:F3:12:FA:5C:A2:68:95:56:32:B0:AF
X509v3 Authority Key Identifier:
keyid:CF:64:0B:02:31:13:76:DC:96:EE:BF:EC:A7:55:C3:B0:06:11:40:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z2QLAjETdtyW7r_sp1XDsAYRQOw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/KIhLG8tKnutc8xL6XKJolVYysK8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/00ec78-7e44-49e4-8443-9db5be4d0eff/1/z2QLAjETdtyW7r_sp1XDsAYRQOw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.100.224.0/21
79.99.184.0/21
83.98.128.0-83.98.223.255
85.92.128.0/19
85.158.160.0/21
85.222.192.0/21
89.18.160.0/19
89.30.128.0/17
91.200.48.0/23
91.200.51.0/24
91.216.113.0/24
91.216.141.0/24
93.175.176.0/20
94.198.24.0/21
134.0.88.0-134.0.93.255
162.248.199.0/24
162.251.32.0/21
176.62.192.0/21
178.251.192.0/21
185.12.132.0/22
185.30.236.0/22
185.38.156.0/22
185.74.76.0/23
185.77.120.0/22
185.113.52.0/22
185.113.196.0/22
185.113.224.0/22
193.34.150.0/23
194.105.128.0/23
194.165.34.0/24
213.171.128.0/19
213.189.0.0/19
213.214.96.0/19
213.247.32.0/19
217.195.112.0/20
IPv6:
2001:16f8::/32
2001:4198::/32
2a00:1bd8::/32
2a01:40e0::/32
2a02:20b0::-2a02:20b2:ffff:ffff:ffff:ffff:ffff:ffff
2a02:2858::/29
2a03:5500::/31
Signature Algorithm: sha256WithRSAEncryption
5f:22:ce:a8:43:30:ac:f2:f8:47:08:28:80:ae:64:80:55:ea:
2b:1d:8c:6c:8c:c6:9b:93:2a:38:aa:25:0e:be:1f:e3:3e:3f:
9b:7e:af:28:3c:49:5d:26:5c:27:37:5d:a1:95:b7:ce:67:f3:
12:9f:d7:ac:eb:0f:92:67:3f:c1:14:7a:72:61:1f:e8:24:1c:
43:c6:88:8d:f5:a2:9c:c6:94:fd:11:c4:f5:28:18:a7:8a:3c:
e2:33:14:e5:a8:9e:64:f0:25:14:51:44:1b:96:a3:ed:ef:83:
c1:f5:61:5f:59:67:34:15:b5:2e:e8:7a:33:bf:47:f5:b0:07:
58:90:ff:1c:0f:bf:43:6d:0e:f5:8a:bb:39:81:c3:22:46:8e:
8c:c4:2d:52:aa:d5:20:6d:3d:21:e3:b5:46:7d:75:05:2c:3a:
69:e1:a8:e1:78:02:f2:2d:50:ec:f0:f1:f2:e6:a6:38:76:a0:
1e:58:f8:e4:85:22:4a:62:54:79:f7:4f:f4:6e:87:68:8b:87:
cc:d1:4b:eb:83:60:ac:d6:7a:c6:a2:8e:f8:5d:b0:ef:2b:a7:
2a:2f:4b:76:fa:3e:5f:69:14:fa:b7:a4:f2:78:cf:48:ff:cb:
d5:0b:6d:a6:96:bf:33:97:fd:36:d8:47:47:c7:ad:68:f2:24:
6c:ff:f5:69
-----BEGIN CERTIFICATE-----
MIIGFTCCBP2gAwIBAgIEFRJsKzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZjY0MGIwMjMxMTM3NmRjOTZlZWJmZWNhNzU1YzNiMDA2MTE0MGVjMB4XDTIyMDMx
MDEyMTYxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjg4ODRiMWJjYjRh
OWVlYjVjZjMxMmZhNWNhMjY4OTU1NjMyYjBhZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN39MyK+F4QRC9/lZRUmm3KFWoWoFTSETFUyMBpZBzB6exqp
RNZQLu1A54qrM92DslunEOlw25baH9t9cXzV+9SLU6qwobWr9C3NecO9ROqbid7T
ZingtrNKyOeG0xFUfwrxGL6ZBuggCw0wVns7PcsoLerCklhh2KycPErvdF5Ft/L1
3LD+o1TPKqhESn8YfCmPMdmQHJB9Rr8DlyWelFWkLv2B0vS8M+Gx63AcR+EdxlsL
tY+VLRlGk1Hz1l8MP/4dwy0ysmGJFRucCMyKEtlzH6iwubSoRjaVxc/sOb4Du/2o
GbCCcq1eRuhAGIhWU92uBMiNKiniy3Avqu0oissCAwEAAaOCAy8wggMrMB0GA1Ud
DgQWBBQoiEsby0qe61zzEvpcomiVVjKwrzAfBgNVHSMEGDAWgBTPZAsCMRN23Jbu
v+ynVcOwBhFA7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3oyUUxBakVUZHR5VzdyX3NwMVhEc0FZUlFPdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjUvMDBlYzc4LTdlNDQtNDllNC04NDQzLTlkYjViZTRkMGVmZi8x
L0tJaExHOHRLbnV0Yzh4TDZYS0pvbFZZeXNLOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjUv
MDBlYzc4LTdlNDQtNDllNC04NDQzLTlkYjViZTRkMGVmZi8xL3oyUUxBakVUZHR5
VzdyX3NwMVhEc0FZUlFPdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AUMGCCsGAQUFBwEHAQH/BIIBMjCCAS4wgekEAgABMIHiAwQDBWTgAwQDT2O4MAwD
BAdTYoADBAVTYsADBAVVXIADBANVnqADBANV3sADBAVZEqADBAdZHoADBAFbyDAD
BABbyDMDBABb2HEDBABb2I0DBARdr7ADBANexhgwDAMEA4YAWAMEAYYAXAMEAKL4
xwMEA6L7IAMEA7A+wAMEA7L7wAMEArkMhAMEArke7AMEArkmnAMEAblKTAMEArlN
eAMEArlxNAMEArlxxAMEArlx4AMEAcEilgMEAcJpgAMEAMKlIgMEBdWrgAMEBdW9
AAMEBdXWYAMEBdX3IAMEBNnDcDBABAIAAjA6AwUAIAEW+AMFACABQZgDBQAqABvY
AwUAKgFA4DAOAwUEKgIgsAMFACoCILIDBQMqAihYAwUBKgNVADANBgkqhkiG9w0B
AQsFAAOCAQEAXyLOqEMwrPL4RwgogK5kgFXqKx2MbIzGm5MqOKolDr4f4z4/m36v
KDxJXSZcJzddoZW3zmfzEp/XrOsPkmc/wRR6cmEf6CQcQ8aIjfWinMaU/RHE9SgY
p4o84jMU5aieZPAlFFFEG5aj7e+DwfVhX1lnNBW1Luh6M79H9bAHWJD/HA+/Q20O
9Yq7OYHDIkaOjMQtUqrVIG09IeO1Rn11BSw6aeGo4XgC8i1Q7PDx8uamOHagHlj4
5IUiSmJUefdP9G6HaIuHzNFL64NgrNZ6xqKO+F2w7yunKi9Ldvo+X2kU+rek8njP
SP/L1Qttppa/M5f9NthHR8etaPIkbP/1aQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:55 2024 by rpki-client on console-fra.rpki-client.org