Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/oqPwLb9s_yTXppOqumlIBpRcoqQ.roa
File: oqPwLb9s_yTXppOqumlIBpRcoqQ.roa (raw, json)
Hash identifier: NrskC1STo/u/wDAYKBzO36jNJIma1QH3VTxqud6Ueuk=
Subject key identifier: A2:A3:F0:2D:BF:6C:FF:24:D7:A6:93:AA:BA:69:48:06:94:5C:A2:A4
Certificate issuer: /CN=65865968a1d8f4f377865c913af3b9af890d7cce
Certificate serial: 01856E2FB80DEF658B9F38EADCF71BB0B994
Authority key identifier: 65:86:59:68:A1:D8:F4:F3:77:86:5C:91:3A:F3:B9:AF:89:0D:7C:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZYZZaKHY9PN3hlyROvO5r4kNfM4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/oqPwLb9s_yTXppOqumlIBpRcoqQ.roa
Signing time: Sun 01 Jan 2023 16:34:59 +0000
ROA not before: Sun 01 Jan 2023 16:34:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8288
IP address blocks: 185.161.175.0/24 maxlen: 24
185.161.174.0/24 maxlen: 24
185.161.174.0/23 maxlen: 23
2a07:c387::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:2f:b8:0d:ef:65:8b:9f:38:ea:dc:f7:1b:b0:b9:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65865968a1d8f4f377865c913af3b9af890d7cce
Validity
Not Before: Jan 1 16:34:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a2a3f02dbf6cff24d7a693aaba694806945ca2a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:cb:61:94:a7:f1:9c:d7:5f:18:86:5e:e9:e9:
4e:d7:cd:52:00:d3:a1:2c:0b:19:f4:19:2d:8b:9c:
f5:e5:77:4d:01:58:3b:2f:e8:fa:f0:b6:6e:63:4d:
19:69:f5:94:2c:c4:59:33:3c:a4:98:28:be:cb:1d:
fd:78:af:56:66:b6:14:be:54:b6:17:57:55:68:11:
ef:d6:7a:d3:25:3d:3d:ab:89:10:16:e0:7f:a4:5f:
9d:6f:fa:a0:d8:db:4e:01:cb:07:bd:e6:ab:7c:2a:
7e:ea:c4:c1:df:a8:b0:db:26:a4:96:1c:66:6b:52:
9c:aa:6e:98:6e:11:48:56:d9:1c:3b:85:56:e2:69:
3c:fc:3a:83:0e:4e:4d:90:f9:f2:55:16:8a:12:7f:
41:02:fc:b9:36:ea:cf:1a:2e:66:12:ad:a8:d2:0d:
67:8a:05:e7:4d:f4:6b:22:57:d6:e6:db:fb:0c:f3:
bb:e9:93:1f:0a:cc:b0:4a:fa:a6:6f:d1:9c:72:66:
a5:ca:68:df:80:fd:5c:7b:c5:1b:1b:b6:8b:25:ff:
68:57:a4:89:af:9d:19:f1:35:df:b3:9e:a9:02:52:
37:22:91:71:48:51:58:46:3d:7f:a5:87:42:5f:00:
40:86:8e:60:78:00:21:0c:85:d2:07:5d:58:0e:c1:
1d:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:A3:F0:2D:BF:6C:FF:24:D7:A6:93:AA:BA:69:48:06:94:5C:A2:A4
X509v3 Authority Key Identifier:
keyid:65:86:59:68:A1:D8:F4:F3:77:86:5C:91:3A:F3:B9:AF:89:0D:7C:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYZZaKHY9PN3hlyROvO5r4kNfM4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/oqPwLb9s_yTXppOqumlIBpRcoqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/32c5ce-28b2-47d7-abd5-2e9d6ca08701/1/ZYZZaKHY9PN3hlyROvO5r4kNfM4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.174.0/23
IPv6:
2a07:c387::/32
Signature Algorithm: sha256WithRSAEncryption
18:e0:95:84:08:7f:7d:9b:9e:95:17:14:69:1a:e9:ad:5d:37:
00:6b:ba:06:34:91:ec:e6:29:b6:59:d6:7a:5b:d7:24:7b:8c:
df:85:01:79:c3:60:14:f5:c5:e8:69:68:7a:9a:2f:17:27:39:
95:e1:ff:49:4b:a3:97:fc:81:6f:29:89:d9:f7:f6:d0:dd:54:
e5:78:8b:81:36:bb:c4:c7:28:84:cd:c5:78:ed:5a:40:96:3f:
d7:80:7b:50:10:b3:9f:c8:19:be:7a:91:61:9c:51:05:17:26:
fc:b1:8d:0f:77:0d:5d:a9:9b:05:37:3d:bb:9f:94:d8:81:e1:
fa:33:c7:7e:92:5e:a5:ee:95:2e:68:37:62:06:a2:2b:54:4a:
c8:21:b6:c4:aa:66:4c:97:f4:7e:f3:e2:24:64:3c:c3:9d:ae:
9c:2b:77:4a:3a:aa:61:37:5b:54:80:26:7c:0f:d4:36:fc:ea:
06:79:c4:71:ff:b2:83:e1:14:ff:b3:d7:f6:cc:f6:ed:64:e6:
ad:b2:74:11:10:3e:a2:9b:c1:b3:2e:99:55:82:f1:8d:1b:bb:
bb:ac:7c:d3:fe:41:43:e4:c3:52:36:df:46:44:c6:64:e5:9a:
9f:13:9f:eb:7b:d9:10:5f:db:d4:58:9f:40:a6:02:bf:d7:e7:
a0:b6:c8:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuL7gN72WLnzjq3PcbsLmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODY1OTY4YTFkOGY0ZjM3Nzg2NWM5MTNhZjNiOWFmODkw
ZDdjY2UwHhcNMjMwMTAxMTYzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmEzZjAyZGJmNmNmZjI0ZDdhNjkzYWFiYTY5NDgwNjk0NWNhMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8thlKfxnNdfGIZe6elO181SANOh
LAsZ9Bkti5z15XdNAVg7L+j68LZuY00ZafWULMRZMzykmCi+yx39eK9WZrYUvlS2
F1dVaBHv1nrTJT09q4kQFuB/pF+db/qg2NtOAcsHvearfCp+6sTB36iw2yaklhxm
a1Kcqm6YbhFIVtkcO4VW4mk8/DqDDk5NkPnyVRaKEn9BAvy5NurPGi5mEq2o0g1n
igXnTfRrIlfW5tv7DPO76ZMfCsywSvqmb9GccmalymjfgP1ce8UbG7aLJf9oV6SJ
r50Z8TXfs56pAlI3IpFxSFFYRj1/pYdCXwBAho5geAAhDIXSB11YDsEdnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKKj8C2/bP8k16aTqrppSAaUXKKkMB8GA1UdIwQY
MBaAFGWGWWih2PTzd4ZckTrzua+JDXzOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllaWmFLSFk5UE4zaGx5Uk92TzVyNGtOZk00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8zMmM1Y2UtMjhiMi00N2Q3LWFiZDUt
MmU5ZDZjYTA4NzAxLzEvb3FQd0xiOXNfeVRYcHBPcXVtbElCcFJjb3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8zMmM1Y2UtMjhiMi00N2Q3LWFiZDUtMmU5ZDZjYTA4NzAx
LzEvWllaWmFLSFk5UE4zaGx5Uk92TzVyNGtOZk00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuaGuMA0E
AgACMAcDBQAqB8OHMA0GCSqGSIb3DQEBCwUAA4IBAQAY4JWECH99m56VFxRpGumt
XTcAa7oGNJHs5im2WdZ6W9cke4zfhQF5w2AU9cXoaWh6mi8XJzmV4f9JS6OX/IFv
KYnZ9/bQ3VTleIuBNrvExyiEzcV47VpAlj/XgHtQELOfyBm+epFhnFEFFyb8sY0P
dw1dqZsFNz27n5TYgeH6M8d+kl6l7pUuaDdiBqIrVErIIbbEqmZMl/R+8+IkZDzD
na6cK3dKOqphN1tUgCZ8D9Q2/OoGecRx/7KD4RT/s9f2zPbtZOatsnQRED6im8Gz
LplVgvGNG7u7rHzT/kFD5MNSNt9GRMZk5ZqfE5/re9kQX9vUWJ9ApgK/1+egtsgM
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:18:07 2025 by rpki-client