Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/f_EX85HOBo1BFyi_DG9f2TZgZig.roa
File: f_EX85HOBo1BFyi_DG9f2TZgZig.roa (raw, json)
Hash identifier: Ycw6wvF37nfpDEZFEWmzlexfu1BXO2hqjgXi2/ZENsQ=
Subject key identifier: 7F:F1:17:F3:91:CE:06:8D:41:17:28:BF:0C:6F:5F:D9:36:60:66:28
Certificate issuer: /CN=a09cd8c71a6e33282c045d8f88c3b378acf41bd9
Certificate serial: 019420681784A03DA82204EA1B9840BDB3FE
Authority key identifier: A0:9C:D8:C7:1A:6E:33:28:2C:04:5D:8F:88:C3:B3:78:AC:F4:1B:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oJzYxxpuMygsBF2PiMOzeKz0G9k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/f_EX85HOBo1BFyi_DG9f2TZgZig.roa
Signing time: Wed 01 Jan 2025 05:48:00 +0000
ROA not before: Wed 01 Jan 2025 05:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21419
IP address blocks: 178.21.160.0/21 maxlen: 21
178.21.161.0/24 maxlen: 24
178.21.162.0/24 maxlen: 24
178.21.163.0/24 maxlen: 24
178.21.164.0/24 maxlen: 24
178.21.166.0/24 maxlen: 24
178.21.167.0/24 maxlen: 26
185.4.1.0/24 maxlen: 24
185.4.2.0/24 maxlen: 24
185.4.3.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:17:84:a0:3d:a8:22:04:ea:1b:98:40:bd:b3:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a09cd8c71a6e33282c045d8f88c3b378acf41bd9
Validity
Not Before: Jan 1 05:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7ff117f391ce068d411728bf0c6f5fd936606628
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:7c:22:c6:91:5c:64:65:a0:7d:5f:71:aa:54:
1b:30:64:13:a2:30:4c:03:1d:ca:1f:9a:48:28:dd:
15:0a:f2:cb:bb:bf:f0:ea:b5:97:84:78:23:9a:c1:
09:e4:4e:b7:ed:e3:8d:27:0d:ba:61:b9:67:e8:dc:
ab:6f:b9:f0:6a:ca:94:13:1b:2e:f1:5b:32:48:cd:
38:cb:db:80:19:4b:a4:89:f7:c2:98:42:24:a1:b7:
17:79:06:8b:d8:72:c8:0b:68:5a:ec:aa:89:9d:3e:
01:28:7a:1f:80:4a:36:9f:b5:03:b0:c3:1e:79:4c:
b9:6a:52:38:50:d7:19:45:c2:e2:a7:68:9e:90:ef:
8f:3a:e9:ba:a0:e7:e6:05:0b:2a:d6:d2:01:74:9d:
43:1c:40:ab:8d:d3:7f:b8:76:1a:eb:48:d3:d5:fe:
83:00:46:c9:5f:4a:51:5f:bc:26:98:54:22:a9:c1:
86:f0:0c:96:84:2c:79:8b:2d:40:d8:db:d9:50:46:
74:6c:58:4c:4e:08:0c:cd:d9:ec:7b:05:3d:55:de:
45:36:4a:be:65:b4:84:52:3a:6b:6c:9b:da:b4:90:
b6:1f:de:7e:42:16:7c:50:c1:a7:5e:99:48:5b:9e:
50:78:ff:0b:06:42:f2:90:e9:39:eb:d4:36:04:7f:
57:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:F1:17:F3:91:CE:06:8D:41:17:28:BF:0C:6F:5F:D9:36:60:66:28
X509v3 Authority Key Identifier:
keyid:A0:9C:D8:C7:1A:6E:33:28:2C:04:5D:8F:88:C3:B3:78:AC:F4:1B:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJzYxxpuMygsBF2PiMOzeKz0G9k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/f_EX85HOBo1BFyi_DG9f2TZgZig.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/oJzYxxpuMygsBF2PiMOzeKz0G9k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.21.160.0/21
185.4.1.0-185.4.3.255
Signature Algorithm: sha256WithRSAEncryption
74:41:21:60:07:7f:ba:26:e5:91:7e:3a:a7:f9:84:a5:10:b8:
4b:48:a8:b7:f9:fd:70:21:02:c2:61:9b:5c:2f:a4:8d:b2:04:
70:51:43:e7:b4:6e:82:d1:dc:90:41:49:1f:cf:b2:be:df:a8:
b8:fa:54:cb:7c:82:1c:d8:35:73:18:1f:a0:7d:20:3e:bb:95:
cb:71:8c:94:61:bc:2f:e5:45:fd:f7:45:45:fe:a9:64:30:02:
50:1e:78:fe:12:13:ed:7b:4e:a5:56:d0:1c:03:73:04:89:c6:
83:0a:6e:14:92:75:7e:1e:e6:d7:15:36:2c:56:f1:64:90:59:
9a:ef:66:dd:c9:33:59:cd:1e:e6:58:d8:10:ff:86:c8:b8:cb:
a9:e3:38:1f:f8:60:78:d7:80:55:e1:23:ff:19:8b:d1:f2:cc:
12:fc:3f:e5:c8:ff:22:d4:7f:a3:3f:84:fe:81:4c:d2:ae:a7:
9a:b3:bb:dc:f1:61:d2:e8:e1:e3:85:f1:0e:12:20:38:e3:29:
12:fd:f3:ee:ff:4e:eb:d9:55:d9:bc:83:58:bd:d2:d6:fb:c2:
09:9f:8f:bb:a6:bd:84:f4:19:85:6f:20:35:e0:7e:97:65:53:
b9:ba:f9:0b:64:fc:3c:ea:d0:4e:8c:cc:b2:aa:8f:e3:23:4f:
36:c9:92:87
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQgaBeEoD2oIgTqG5hAvbP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOWNkOGM3MWE2ZTMzMjgyYzA0NWQ4Zjg4YzNiMzc4YWNm
NDFiZDkwHhcNMjUwMTAxMDU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmYxMTdmMzkxY2UwNjhkNDExNzI4YmYwYzZmNWZkOTM2NjA2NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3wixpFcZGWgfV9xqlQbMGQTojBM
Ax3KH5pIKN0VCvLLu7/w6rWXhHgjmsEJ5E637eONJw26Ybln6Nyrb7nwasqUExsu
8VsySM04y9uAGUukiffCmEIkobcXeQaL2HLIC2ha7KqJnT4BKHofgEo2n7UDsMMe
eUy5alI4UNcZRcLip2iekO+POum6oOfmBQsq1tIBdJ1DHECrjdN/uHYa60jT1f6D
AEbJX0pRX7wmmFQiqcGG8AyWhCx5iy1A2NvZUEZ0bFhMTggMzdnsewU9Vd5FNkq+
ZbSEUjprbJvatJC2H95+QhZ8UMGnXplIW55QeP8LBkLykOk569Q2BH9XqwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFH/xF/ORzgaNQRcovwxvX9k2YGYoMB8GA1UdIwQY
MBaAFKCc2McabjMoLARdj4jDs3is9BvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0p6WXh4cHVNeWdzQkYyUGlNT3plS3owRzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wZDYzNzUtNDc2NS00ZTBlLTkzNjMt
NmU4ZTA3ZDY2YzliLzEvZl9FWDg1SE9CbzFCRnlpX0RHOWYyVFpnWmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wZDYzNzUtNDc2NS00ZTBlLTkzNjMtNmU4ZTA3ZDY2Yzli
LzEvb0p6WXh4cHVNeWdzQkYyUGlNT3plS3owRzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDshWgMAwD
BAC5BAEDBAK5BAAwDQYJKoZIhvcNAQELBQADggEBAHRBIWAHf7om5ZF+Oqf5hKUQ
uEtIqLf5/XAhAsJhm1wvpI2yBHBRQ+e0boLR3JBBSR/Psr7fqLj6VMt8ghzYNXMY
H6B9ID67lctxjJRhvC/lRf33RUX+qWQwAlAeeP4SE+17TqVW0BwDcwSJxoMKbhSS
dX4e5tcVNixW8WSQWZrvZt3JM1nNHuZY2BD/hsi4y6njOB/4YHjXgFXhI/8Zi9Hy
zBL8P+XI/yLUf6M/hP6BTNKup5qzu9zxYdLo4eOF8Q4SIDjjKRL98+7/TuvZVdm8
g1i90tb7wgmfj7umvYT0GYVvIDXgfpdlU7m6+Qtk/Dzq0E6MzLKqj+MjTzbJkoc=
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:58:34 2025 by rpki-client