Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/6x7jPbmHAR3nXiTHCYVvspstJQA.roa
File: 6x7jPbmHAR3nXiTHCYVvspstJQA.roa (raw, json)
Hash identifier: dMCDn7tfJdIyaEGGGQ+8OXtcvObKJWVdmbCQacmx/dE=
Subject key identifier: EB:1E:E3:3D:B9:87:01:1D:E7:5E:24:C7:09:85:6F:B2:9B:2D:25:00
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 0194228DA30977421A53479ABEEF3B165FB6
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/6x7jPbmHAR3nXiTHCYVvspstJQA.roa
Signing time: Wed 01 Jan 2025 15:48:15 +0000
ROA not before: Wed 01 Jan 2025 15:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 52117
IP address blocks: 195.33.239.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:a3:09:77:42:1a:53:47:9a:be:ef:3b:16:5f:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 1 15:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=eb1ee33db987011de75e24c709856fb29b2d2500
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:e0:6e:01:84:b0:af:08:2e:b5:5b:dc:0f:43:
8c:be:b1:db:48:af:6c:17:f9:73:dc:e5:f4:a2:77:
3c:b1:ca:0f:f5:34:3c:2c:5b:72:d8:b6:8b:2b:bb:
5b:cf:40:dc:f3:f8:cc:9f:c5:3e:cb:de:7c:64:19:
92:76:a7:08:a3:b5:4d:04:51:01:85:11:01:0a:73:
fa:98:15:f5:26:5a:90:ce:34:dc:2a:85:ed:fc:80:
c5:85:51:ff:4e:60:e1:c5:77:2c:39:d3:05:46:a7:
c9:19:2b:7e:35:ad:14:ad:50:97:15:8e:ad:15:c6:
95:83:fd:5f:6c:de:c0:60:80:fc:89:b7:77:42:06:
75:a5:02:d4:ba:78:f8:cd:5b:03:fd:48:28:cd:de:
cc:6c:60:c4:b9:b2:fe:bf:f7:a0:44:16:c4:21:13:
86:0b:d8:ad:0a:93:a4:2e:e8:87:5d:7e:c7:ce:90:
e7:11:78:45:c3:e5:c3:be:8e:c9:40:b3:00:c0:c5:
55:a8:52:e4:9a:ce:c0:7e:e1:c3:61:e9:c2:66:16:
36:d5:79:65:e5:fe:aa:3b:82:35:fd:20:52:7c:78:
1a:cf:ce:d8:68:7c:9e:87:2b:db:34:8b:25:98:92:
ac:98:87:b8:f0:6c:f5:5b:8e:9d:ee:d8:ce:23:bd:
9d:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:1E:E3:3D:B9:87:01:1D:E7:5E:24:C7:09:85:6F:B2:9B:2D:25:00
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/6x7jPbmHAR3nXiTHCYVvspstJQA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.33.239.0/24
Signature Algorithm: sha256WithRSAEncryption
66:f8:cc:68:65:5e:55:49:43:70:c3:45:d4:9d:e6:9c:0e:c7:
eb:8d:b6:55:6f:b3:cf:df:a1:77:f7:d6:7d:38:cd:cc:91:1c:
18:dc:73:63:d4:26:1b:3f:1b:ef:e9:4c:f3:e7:da:96:95:dc:
0f:b6:42:57:7b:f3:1f:75:39:dc:64:5f:89:b1:41:70:55:46:
c0:73:5f:ab:92:50:4f:f3:4a:af:6a:54:f7:a1:d3:ce:91:d8:
ea:55:4f:20:8e:b9:a7:ed:95:51:f6:7e:e5:47:82:72:af:a8:
ba:b8:b8:cb:fe:eb:41:ae:f6:e9:14:8f:0e:4a:fd:e9:70:a2:
bc:10:0e:e6:c2:cb:74:00:c5:2a:3a:2f:c9:bc:fd:d8:03:23:
87:d9:6d:75:fc:a6:45:fa:73:62:93:25:52:86:55:71:11:1d:
8f:64:0f:f9:34:db:53:de:61:65:6c:42:3d:79:a1:72:2d:6b:
b7:82:f6:91:84:98:d5:ff:c1:22:87:aa:b4:26:22:26:59:fc:
67:60:a1:41:df:46:51:ce:01:34:b9:27:ed:c2:ab:7f:67:80:
69:30:2f:b2:f3:26:31:06:5f:8a:b0:63:26:db:65:86:9a:f2:
b0:5f:2c:57:78:45:17:f5:80:a2:3a:d0:4f:f5:4b:4e:99:2f:
19:79:49:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaMJd0IaU0eavu87Fl+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjFlZTMzZGI5ODcwMTFkZTc1ZTI0YzcwOTg1NmZiMjliMmQyNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuBuAYSwrwgutVvcD0OMvrHbSK9s
F/lz3OX0onc8scoP9TQ8LFty2LaLK7tbz0Dc8/jMn8U+y958ZBmSdqcIo7VNBFEB
hREBCnP6mBX1JlqQzjTcKoXt/IDFhVH/TmDhxXcsOdMFRqfJGSt+Na0UrVCXFY6t
FcaVg/1fbN7AYID8ibd3QgZ1pQLUunj4zVsD/Ugozd7MbGDEubL+v/egRBbEIROG
C9itCpOkLuiHXX7HzpDnEXhFw+XDvo7JQLMAwMVVqFLkms7AfuHDYenCZhY21Xll
5f6qO4I1/SBSfHgaz87YaHyehyvbNIslmJKsmIe48Gz1W46d7tjOI72d3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOse4z25hwEd514kxwmFb7KbLSUAMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvNng3alBibUhBUjNuWGlUSENZVnZzcHN0SlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwyHvMA0G
CSqGSIb3DQEBCwUAA4IBAQBm+MxoZV5VSUNww0XUneacDsfrjbZVb7PP36F399Z9
OM3MkRwY3HNj1CYbPxvv6Uzz59qWldwPtkJXe/MfdTncZF+JsUFwVUbAc1+rklBP
80qvalT3odPOkdjqVU8gjrmn7ZVR9n7lR4Jyr6i6uLjL/utBrvbpFI8OSv3pcKK8
EA7mwst0AMUqOi/JvP3YAyOH2W11/KZF+nNikyVShlVxER2PZA/5NNtT3mFlbEI9
eaFyLWu3gvaRhJjV/8Eih6q0JiImWfxnYKFB30ZRzgE0uSftwqt/Z4BpMC+y8yYx
Bl+KsGMm22WGmvKwXyxXeEUX9YCiOtBP9UtOmS8ZeUm0
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:32:09 2025 by rpki-client