Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/KHYzoNS7whQWhAX6wwWz5xsXODc.roa
File: KHYzoNS7whQWhAX6wwWz5xsXODc.roa (raw, json)
Hash identifier: INDmVEaHcrnM4+K9Zkf8Dd/5wuYRgb4Len9a/VGSdQQ=
Subject key identifier: 28:76:33:A0:D4:BB:C2:14:16:84:05:FA:C3:05:B3:E7:1B:17:38:37
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 0194228DAEF70C44BB1C592572E23079E688
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/KHYzoNS7whQWhAX6wwWz5xsXODc.roa
Signing time: Wed 01 Jan 2025 15:48:18 +0000
ROA not before: Wed 01 Jan 2025 15:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206595
IP address blocks: 176.235.96.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:ae:f7:0c:44:bb:1c:59:25:72:e2:30:79:e6:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 1 15:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=287633a0d4bbc214168405fac305b3e71b173837
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:b2:bb:fc:72:08:36:46:e2:33:4a:4e:ef:32:
d6:c9:d0:57:2c:ff:ee:51:4a:a8:9d:ba:30:13:97:
8d:12:d8:e5:2f:b0:ab:78:d9:0f:2f:d0:c1:ab:15:
3c:4a:e8:78:96:85:06:18:ca:7e:0d:24:f2:ff:38:
01:b9:0f:13:16:2c:3d:2e:e6:c2:ac:f6:44:d9:fa:
69:bd:79:7b:05:51:16:93:c1:27:a6:b3:e0:75:ba:
32:2e:b7:75:f0:5f:f6:09:2d:12:03:dc:e5:4c:78:
06:f9:1d:ca:ad:4f:3f:6b:15:11:d0:ef:60:1f:79:
21:06:ce:a9:e4:bd:2a:6c:f7:0e:b7:4d:34:ee:29:
f8:ad:c4:d7:fd:f5:8f:d5:fa:a6:7d:7b:a1:a2:99:
0f:4a:3e:17:2e:90:5c:2f:72:01:e3:8f:0f:9a:33:
53:f8:11:49:d1:ad:eb:12:81:ff:8f:be:09:c4:c1:
0a:00:4d:83:2b:c1:0b:f2:1d:75:e3:fc:e5:c0:51:
11:45:ee:f1:be:93:b8:b8:d6:2f:6b:cc:3d:a3:bc:
8e:5e:51:19:8f:d9:49:63:f6:ba:d3:f5:a4:3a:e5:
3f:ae:ad:e6:ef:28:66:3d:63:93:ef:62:e5:25:65:
fc:92:94:41:8c:ba:7a:3b:8a:57:2d:d1:63:ef:b0:
21:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:76:33:A0:D4:BB:C2:14:16:84:05:FA:C3:05:B3:E7:1B:17:38:37
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/KHYzoNS7whQWhAX6wwWz5xsXODc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.235.96.0/24
Signature Algorithm: sha256WithRSAEncryption
17:b6:9d:6b:97:83:20:f7:3d:c7:39:7f:82:07:79:e5:b5:66:
0e:55:8e:e6:7c:85:9e:9b:5f:0e:12:b3:1e:74:74:9a:34:87:
c5:4c:eb:ff:aa:0c:6d:86:5b:4f:e6:7c:6c:96:18:e4:25:f1:
c5:7a:14:72:b4:d2:96:6b:42:00:d5:03:42:90:dc:3f:0b:6e:
b1:72:01:6d:99:dd:f9:49:07:c3:46:3c:30:c1:d7:e9:58:f4:
e3:71:e1:1c:15:84:3d:ed:f7:13:66:5e:a6:6c:9c:7f:c1:e9:
9c:8b:4c:7f:dc:65:88:cc:58:23:49:42:c3:ea:56:5f:68:77:
9f:d5:5a:fa:c9:a8:be:86:d4:03:6c:05:e2:88:30:3d:a0:5d:
01:18:62:12:4f:fc:56:7e:44:51:15:d7:23:af:5b:4a:24:63:
d5:aa:05:95:7d:6c:10:15:fa:e4:49:1e:68:b5:59:a8:79:70:
d6:e0:5e:21:9e:82:f2:a7:07:15:a1:f0:e3:4b:27:6e:c7:0d:
af:66:e7:7c:20:c8:92:39:9d:e0:7e:ac:b0:78:5a:33:e8:fc:
7f:68:37:7c:94:5a:59:bc:7b:f9:c0:f5:9a:b2:48:bf:ff:69:
e3:64:14:14:a1:2a:3a:c9:1a:d8:32:da:6f:37:1c:24:13:1d:
b3:f6:8d:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQija73DES7HFklcuIweeaIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc2MzNhMGQ0YmJjMjE0MTY4NDA1ZmFjMzA1YjNlNzFiMTczODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7K7/HIINkbiM0pO7zLWydBXLP/u
UUqonbowE5eNEtjlL7CreNkPL9DBqxU8Suh4loUGGMp+DSTy/zgBuQ8TFiw9LubC
rPZE2fppvXl7BVEWk8EnprPgdboyLrd18F/2CS0SA9zlTHgG+R3KrU8/axUR0O9g
H3khBs6p5L0qbPcOt0007in4rcTX/fWP1fqmfXuhopkPSj4XLpBcL3IB448PmjNT
+BFJ0a3rEoH/j74JxMEKAE2DK8EL8h114/zlwFERRe7xvpO4uNYva8w9o7yOXlEZ
j9lJY/a60/WkOuU/rq3m7yhmPWOT72LlJWX8kpRBjLp6O4pXLdFj77AhGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCh2M6DUu8IUFoQF+sMFs+cbFzg3MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvS0hZem9OUzd3aFFXaEFYNnd3V3o1eHNYT0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOtgMA0G
CSqGSIb3DQEBCwUAA4IBAQAXtp1rl4Mg9z3HOX+CB3nltWYOVY7mfIWem18OErMe
dHSaNIfFTOv/qgxthltP5nxslhjkJfHFehRytNKWa0IA1QNCkNw/C26xcgFtmd35
SQfDRjwwwdfpWPTjceEcFYQ97fcTZl6mbJx/wemci0x/3GWIzFgjSULD6lZfaHef
1Vr6yai+htQDbAXiiDA9oF0BGGIST/xWfkRRFdcjr1tKJGPVqgWVfWwQFfrkSR5o
tVmoeXDW4F4hnoLypwcVofDjSyduxw2vZud8IMiSOZ3gfqyweFoz6Px/aDd8lFpZ
vHv5wPWaski//2njZBQUoSo6yRrYMtpvNxwkEx2z9o1P
-----END CERTIFICATE-----
Generated at Wed Apr 9 13:14:00 2025 by rpki-client