Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/LXS2q_efBkm47eksjaeAiqtvOCo.roa
File: LXS2q_efBkm47eksjaeAiqtvOCo.roa (raw, json)
Hash identifier: oVtrton7b79HRlpDE6W7iWblifK4EUoN8uBqv/ht2Ng=
Subject key identifier: 2D:74:B6:AB:F7:9F:06:49:B8:ED:E9:2C:8D:A7:80:8A:AB:6F:38:2A
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 01946E1CC4259B6F024BABCD6913DB305951
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/LXS2q_efBkm47eksjaeAiqtvOCo.roa
Signing time: Thu 16 Jan 2025 07:56:06 +0000
ROA not before: Thu 16 Jan 2025 07:56:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 33830
IP address blocks: 85.153.213.0/24 maxlen: 24
213.14.215.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6e:1c:c4:25:9b:6f:02:4b:ab:cd:69:13:db:30:59:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 16 07:56:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2d74b6abf79f0649b8ede92c8da7808aab6f382a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ce:53:71:73:b1:04:05:cf:26:af:11:df:0e:
54:89:8f:e6:c3:f4:68:2d:36:d7:e4:a0:3f:ab:a6:
39:84:98:2f:6f:6c:3e:ff:bc:86:e6:1e:af:fe:a9:
47:16:f6:9b:16:86:37:db:4f:87:b5:c0:5e:f6:69:
ea:56:77:26:30:08:43:4b:a6:63:ae:5b:2a:96:b9:
f1:ef:9f:85:20:a6:20:a6:da:ed:81:18:e9:9a:ee:
66:89:56:80:67:dc:ea:86:44:9c:2c:a2:d5:f0:66:
46:15:a6:45:d6:03:a3:ee:ac:08:65:15:17:23:bc:
b7:0d:68:2f:24:df:1b:ad:7d:e6:fa:ad:67:5f:a5:
46:c3:25:1a:7d:28:23:06:e8:bd:76:71:57:17:ac:
8d:4e:52:c7:a5:80:9e:d7:99:24:5f:b7:81:f1:ea:
a9:04:4a:97:98:8a:36:b5:2e:f4:61:b9:16:ea:9e:
9f:bb:06:98:41:99:de:21:22:47:c1:41:84:a0:31:
15:86:63:ff:a7:b9:f0:03:e6:b5:18:e3:e4:bf:4f:
bb:34:ca:76:e7:71:cc:1e:63:6b:9c:d3:0b:e3:17:
48:bf:b2:87:a2:ef:24:32:f1:0c:68:cc:6b:60:a9:
e5:93:7e:71:fd:76:09:3c:de:e8:4a:3b:da:08:c8:
d9:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:74:B6:AB:F7:9F:06:49:B8:ED:E9:2C:8D:A7:80:8A:AB:6F:38:2A
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/LXS2q_efBkm47eksjaeAiqtvOCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.153.213.0/24
213.14.215.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:18:87:e1:8d:f5:cf:05:e6:6a:d2:dc:56:a9:04:8d:76:ed:
15:e4:aa:a9:d4:69:fa:c0:61:fb:85:41:dc:5f:8f:bf:3c:23:
e5:ff:3f:60:f0:81:8e:61:b4:7d:61:45:ac:bc:e6:78:6b:9d:
8c:ad:1b:23:2d:5e:3e:de:78:8b:18:1d:07:e3:ef:f5:d9:d5:
60:ef:c1:c6:a1:4c:cf:ca:96:38:07:b0:d8:97:58:fb:a3:50:
4b:b6:78:73:51:20:51:a2:3a:be:a6:b2:48:80:a2:f1:64:9f:
f9:e7:37:ce:fc:e6:2c:5b:c3:3d:85:95:f1:58:4a:81:b5:d8:
6a:13:14:5d:66:83:b9:05:38:16:28:13:8b:bf:f1:b9:00:db:
64:1d:7f:0e:cf:b7:16:a4:f1:44:a6:f9:51:0b:dd:6b:69:37:
96:3f:b1:3c:d5:75:8a:94:b8:1a:9d:39:93:3d:79:d8:7f:0b:
3b:12:10:5b:1a:5b:0e:29:42:99:a8:9c:b5:cf:37:00:a2:f1:
db:f8:8f:d6:b5:53:c8:04:d5:19:e7:1f:6b:f0:65:3c:bd:5b:
19:89:c6:e1:23:bf:f0:a5:8e:ca:e0:04:91:7f:cd:61:6e:33:
f1:15:66:38:2e:e2:2d:aa:69:ec:e8:94:16:af:46:6c:09:e5:
6a:c8:b4:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRuHMQlm28CS6vNaRPbMFlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTE2MDc1NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc0YjZhYmY3OWYwNjQ5YjhlZGU5MmM4ZGE3ODA4YWFiNmYzODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc5TcXOxBAXPJq8R3w5UiY/mw/Ro
LTbX5KA/q6Y5hJgvb2w+/7yG5h6v/qlHFvabFoY320+HtcBe9mnqVncmMAhDS6Zj
rlsqlrnx75+FIKYgptrtgRjpmu5miVaAZ9zqhkScLKLV8GZGFaZF1gOj7qwIZRUX
I7y3DWgvJN8brX3m+q1nX6VGwyUafSgjBui9dnFXF6yNTlLHpYCe15kkX7eB8eqp
BEqXmIo2tS70YbkW6p6fuwaYQZneISJHwUGEoDEVhmP/p7nwA+a1GOPkv0+7NMp2
53HMHmNrnNML4xdIv7KHou8kMvEMaMxrYKnlk35x/XYJPN7oSjvaCMjZywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC10tqv3nwZJuO3pLI2ngIqrbzgqMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTFhTMnFfZWZCa200N2Vrc2phZUFpcXR2T0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVZnVAwQA
1Q7XMA0GCSqGSIb3DQEBCwUAA4IBAQCKGIfhjfXPBeZq0txWqQSNdu0V5Kqp1Gn6
wGH7hUHcX4+/PCPl/z9g8IGOYbR9YUWsvOZ4a52MrRsjLV4+3niLGB0H4+/12dVg
78HGoUzPypY4B7DYl1j7o1BLtnhzUSBRojq+prJIgKLxZJ/55zfO/OYsW8M9hZXx
WEqBtdhqExRdZoO5BTgWKBOLv/G5ANtkHX8Oz7cWpPFEpvlRC91raTeWP7E81XWK
lLganTmTPXnYfws7EhBbGlsOKUKZqJy1zzcAovHb+I/WtVPIBNUZ5x9r8GU8vVsZ
icbhI7/wpY7K4ASRf81hbjPxFWY4LuItqmns6JQWr0ZsCeVqyLRR
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:32:03 2025 by rpki-client