Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/Oic624JnJmz9lkyUCkfkxynrzXU.roa
File: Oic624JnJmz9lkyUCkfkxynrzXU.roa (raw, json)
Hash identifier: reuQNdNLE9OYq59c7HheLuUPxQ+GdUmZR0j+FA5WU8M=
Subject key identifier: 3A:27:3A:DB:82:67:26:6C:FD:96:4C:94:0A:47:E4:C7:29:EB:CD:75
Certificate issuer: /CN=d489a5ddd3002e800999b5c1867f786781baf13d
Certificate serial: 01942444CCF6AA8E697836BD424485DCB1A1
Authority key identifier: D4:89:A5:DD:D3:00:2E:80:09:99:B5:C1:86:7F:78:67:81:BA:F1:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Iml3dMALoAJmbXBhn94Z4G68T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/Oic624JnJmz9lkyUCkfkxynrzXU.roa
Signing time: Wed 01 Jan 2025 23:47:56 +0000
ROA not before: Wed 01 Jan 2025 23:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3301
IP address blocks: 193.161.236.0/22 maxlen: 22
193.161.236.0/24 maxlen: 24
193.161.237.0/24 maxlen: 24
193.161.238.0/24 maxlen: 24
193.161.239.0/24 maxlen: 24
194.35.82.0/23 maxlen: 23
194.35.82.0/24 maxlen: 24
194.35.83.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:cc:f6:aa:8e:69:78:36:bd:42:44:85:dc:b1:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d489a5ddd3002e800999b5c1867f786781baf13d
Validity
Not Before: Jan 1 23:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a273adb8267266cfd964c940a47e4c729ebcd75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:dd:bd:0d:4f:dc:fd:72:15:0f:45:7f:67:b4:
93:33:64:0d:af:0a:a7:73:36:77:1c:df:94:49:bf:
1c:56:4c:5a:4a:08:79:a2:53:1f:7e:fa:60:ad:d8:
4d:c5:32:cc:ba:4a:4d:ec:8b:4d:10:d1:ad:f5:68:
b7:63:ee:e8:95:89:5a:61:39:8c:7a:93:7d:9e:33:
7e:09:b6:3b:cb:37:90:a5:e1:28:52:37:28:65:49:
75:3f:98:59:13:c7:a9:38:83:91:46:d9:c4:1b:0b:
04:7b:68:3b:4d:6d:2f:3b:d8:07:1a:26:41:0f:0f:
89:92:b6:cd:db:0e:33:ad:5a:fc:ad:55:b6:da:88:
c6:28:2c:68:ff:c6:49:8c:97:3f:e8:ef:2b:06:3b:
4c:d5:4e:43:49:37:30:ff:07:fe:b3:77:a7:77:f6:
39:57:62:3f:8c:37:a6:33:5f:8f:e1:e9:5f:b8:92:
71:55:f7:3c:85:0e:07:66:02:ea:82:36:50:6d:b8:
a1:3a:d5:7b:8c:33:f6:47:74:57:ce:dd:1c:8d:5d:
a3:d0:ad:84:63:87:83:c0:ab:83:ce:18:13:13:e9:
45:b3:91:ed:37:77:e9:ef:a8:a1:f3:9a:85:bc:91:
9e:79:3d:da:68:e4:88:63:55:c2:e1:b9:36:7d:3b:
81:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:27:3A:DB:82:67:26:6C:FD:96:4C:94:0A:47:E4:C7:29:EB:CD:75
X509v3 Authority Key Identifier:
keyid:D4:89:A5:DD:D3:00:2E:80:09:99:B5:C1:86:7F:78:67:81:BA:F1:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Iml3dMALoAJmbXBhn94Z4G68T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/Oic624JnJmz9lkyUCkfkxynrzXU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/bfd2d4-6d45-44bb-ae6b-5259eedca07c/1/1Iml3dMALoAJmbXBhn94Z4G68T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.161.236.0/22
194.35.82.0/23
Signature Algorithm: sha256WithRSAEncryption
4c:76:a3:11:67:9d:43:07:2d:91:27:08:71:22:63:05:5c:e2:
7a:65:64:24:4c:c1:1b:8d:19:63:45:db:d6:8e:07:e4:df:a3:
b5:35:e9:aa:99:41:38:65:bc:30:92:71:38:4d:2e:31:8c:7d:
78:3b:26:cf:52:82:73:a0:3f:af:e7:4b:50:12:bc:cb:c7:32:
90:a8:9e:e6:80:d3:28:67:54:53:86:3d:e2:46:be:dc:44:4a:
34:8c:fe:3a:92:96:f2:81:9d:3f:55:ef:bf:fb:b5:f6:83:23:
25:4a:54:31:ac:35:fd:b3:72:ed:09:72:d9:c9:48:af:57:e0:
21:66:9d:e1:96:5b:c1:37:17:fc:b3:9d:d1:e7:05:76:6b:38:
0c:cf:cb:a2:e1:1c:ff:99:83:0c:91:48:c4:93:29:8b:46:cf:
3e:88:f3:9e:68:85:41:d3:ba:01:5d:1c:08:9a:e7:2a:7d:aa:
db:4f:8b:5a:12:6f:4b:aa:bc:ef:e7:5b:f7:2d:08:95:6a:d6:
08:91:37:ff:35:91:6a:5d:2a:c7:f9:e9:32:76:36:8d:0e:91:
3c:1a:1f:9e:e7:b9:8a:cc:c0:06:55:d1:9d:c7:bd:ee:e0:5a:
ce:3c:dc:2b:47:3d:5a:48:bb:05:67:95:64:e3:38:80:af:54:
fe:0a:ed:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRMz2qo5peDa9QkSF3LGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODlhNWRkZDMwMDJlODAwOTk5YjVjMTg2N2Y3ODY3ODFi
YWYxM2QwHhcNMjUwMTAxMjM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTI3M2FkYjgyNjcyNjZjZmQ5NjRjOTQwYTQ3ZTRjNzI5ZWJjZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzN29DU/c/XIVD0V/Z7STM2QNrwqn
czZ3HN+USb8cVkxaSgh5olMffvpgrdhNxTLMukpN7ItNENGt9Wi3Y+7olYlaYTmM
epN9njN+CbY7yzeQpeEoUjcoZUl1P5hZE8epOIORRtnEGwsEe2g7TW0vO9gHGiZB
Dw+JkrbN2w4zrVr8rVW22ojGKCxo/8ZJjJc/6O8rBjtM1U5DSTcw/wf+s3end/Y5
V2I/jDemM1+P4elfuJJxVfc8hQ4HZgLqgjZQbbihOtV7jDP2R3RXzt0cjV2j0K2E
Y4eDwKuDzhgTE+lFs5HtN3fp76ih85qFvJGeeT3aaOSIY1XC4bk2fTuB6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDonOtuCZyZs/ZZMlApH5Mcp6811MB8GA1UdIwQY
MBaAFNSJpd3TAC6ACZm1wYZ/eGeBuvE9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUltbDNkTUFMb0FKbWJYQmhuOTRaNEc2OFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iZmQyZDQtNmQ0NS00NGJiLWFlNmIt
NTI1OWVlZGNhMDdjLzEvT2ljNjI0Sm5KbXo5bGt5VUNrZmt4eW5yelhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iZmQyZDQtNmQ0NS00NGJiLWFlNmItNTI1OWVlZGNhMDdj
LzEvMUltbDNkTUFMb0FKbWJYQmhuOTRaNEc2OFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwaHsAwQB
wiNSMA0GCSqGSIb3DQEBCwUAA4IBAQBMdqMRZ51DBy2RJwhxImMFXOJ6ZWQkTMEb
jRljRdvWjgfk36O1NemqmUE4ZbwwknE4TS4xjH14OybPUoJzoD+v50tQErzLxzKQ
qJ7mgNMoZ1RThj3iRr7cREo0jP46kpbygZ0/Ve+/+7X2gyMlSlQxrDX9s3LtCXLZ
yUivV+AhZp3hllvBNxf8s53R5wV2azgMz8ui4Rz/mYMMkUjEkymLRs8+iPOeaIVB
07oBXRwImucqfarbT4taEm9Lqrzv51v3LQiVatYIkTf/NZFqXSrH+ekydjaNDpE8
Gh+e57mKzMAGVdGdx73u4FrOPNwrRz1aSLsFZ5Vk4ziAr1T+Cu0J
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:50:33 2025 by rpki-client