Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/MJpROYFYcY4fIUUe6OPvBVoZh2g.roa
File: MJpROYFYcY4fIUUe6OPvBVoZh2g.roa (raw, json)
Hash identifier: imMSKLBJvUdfZ9SIRkai/+5VibeeDQw4Db0FzbkbOzA=
Subject key identifier: 30:9A:51:39:81:58:71:8E:1F:21:45:1E:E8:E3:EF:05:5A:19:87:68
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 0194228DA545B24C9F5A16FEE3781CD01613
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/MJpROYFYcY4fIUUe6OPvBVoZh2g.roa
Signing time: Wed 01 Jan 2025 15:48:15 +0000
ROA not before: Wed 01 Jan 2025 15:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60146
IP address blocks: 85.153.145.0/24 maxlen: 24
213.14.223.0/24 maxlen: 24
213.14.250.0/24 maxlen: 24
213.74.242.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:a5:45:b2:4c:9f:5a:16:fe:e3:78:1c:d0:16:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 1 15:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=309a51398158718e1f21451ee8e3ef055a198768
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:e0:c4:03:ba:49:b3:9b:62:51:5d:6a:73:41:
d4:5d:f5:8d:70:22:38:3e:0b:e8:b9:67:87:f8:44:
fe:61:00:2b:82:05:3b:1c:9b:8f:cb:02:b2:e9:31:
3c:b2:62:60:2c:05:b1:e4:1b:ae:ea:07:34:f5:69:
e3:22:57:3c:07:58:1d:ba:cb:0e:53:5b:9d:d7:da:
6d:3b:39:dd:62:7c:b3:e5:65:60:21:fc:45:87:c4:
e4:9e:26:31:8b:80:b1:8f:19:1f:8f:17:ae:b3:ac:
eb:02:e2:72:f1:dd:27:d5:b0:43:fb:35:ae:1f:3f:
4e:a9:c3:54:ad:44:e6:61:5f:67:8a:2d:ea:86:a0:
30:13:4f:c2:e1:f8:f2:f8:1d:2d:02:61:5a:1d:8e:
b5:36:4b:97:d5:71:06:ac:76:71:ca:4c:7d:a9:ae:
d0:3a:d5:22:ae:57:1a:5a:b7:6c:fa:74:31:c3:77:
7d:79:a2:5d:06:07:a6:9b:fc:d8:51:31:fa:68:55:
e8:93:74:9c:74:62:4b:b0:e5:d7:23:e3:88:dd:38:
f7:39:b3:b4:05:0e:3f:2f:e9:8b:61:27:5e:69:db:
cc:41:7f:57:3a:0c:65:f4:d5:5b:bd:40:e6:df:3f:
52:0d:e5:3b:6f:d1:03:05:3f:6c:bc:57:f4:43:d0:
f6:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:9A:51:39:81:58:71:8E:1F:21:45:1E:E8:E3:EF:05:5A:19:87:68
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/MJpROYFYcY4fIUUe6OPvBVoZh2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.153.145.0/24
213.14.223.0/24
213.14.250.0/24
213.74.242.0/24
Signature Algorithm: sha256WithRSAEncryption
86:93:77:8f:b9:fd:8c:c1:21:27:55:98:d2:db:03:48:d9:c0:
6d:c9:ce:01:f8:30:25:46:e1:5b:8c:6f:1f:9a:12:32:33:4f:
00:11:73:ac:4e:f5:a1:c1:43:a5:5b:2f:1f:01:ba:88:30:75:
9e:9c:6c:7b:1d:53:63:bf:8f:3c:99:34:f4:19:e9:69:6b:bd:
04:a6:29:d3:ad:82:d1:39:59:0a:88:5a:cf:be:ec:54:9c:b3:
fe:97:89:00:b0:58:98:ac:10:c5:1d:ea:69:ba:58:f1:b9:81:
1e:68:d5:69:9e:cf:af:49:71:8f:30:49:d8:69:b3:ce:64:0d:
c2:f3:fd:98:45:ad:fe:e1:2b:93:a2:96:78:5e:cc:a1:aa:78:
51:89:80:6b:22:01:59:d7:f1:8a:25:38:b1:46:5b:1c:f7:c4:
77:6e:bd:39:fc:2c:16:51:61:db:be:e6:4c:3d:7b:ba:29:35:
35:e8:85:2f:84:ea:35:e3:2c:c2:07:56:10:33:2c:3c:60:91:
21:37:31:b7:55:e9:96:e3:90:33:c8:af:93:3e:96:29:57:9a:
1d:0f:2d:3e:29:99:3f:76:30:b5:0e:be:a6:7e:ef:b1:77:e4:
33:5e:ca:07:14:c1:e9:b5:f8:e9:77:b5:ab:f1:e7:0f:d0:9a:
a2:e4:4f:4b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQijaVFskyfWhb+43gc0BYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDlhNTEzOTgxNTg3MThlMWYyMTQ1MWVlOGUzZWYwNTVhMTk4NzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmODEA7pJs5tiUV1qc0HUXfWNcCI4
PgvouWeH+ET+YQArggU7HJuPywKy6TE8smJgLAWx5Buu6gc09WnjIlc8B1gdussO
U1ud19ptOzndYnyz5WVgIfxFh8TkniYxi4Cxjxkfjxeus6zrAuJy8d0n1bBD+zWu
Hz9OqcNUrUTmYV9nii3qhqAwE0/C4fjy+B0tAmFaHY61NkuX1XEGrHZxykx9qa7Q
OtUirlcaWrds+nQxw3d9eaJdBgemm/zYUTH6aFXok3ScdGJLsOXXI+OI3Tj3ObO0
BQ4/L+mLYSdeadvMQX9XOgxl9NVbvUDm3z9SDeU7b9EDBT9svFf0Q9D2nQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDCaUTmBWHGOHyFFHujj7wVaGYdoMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTUpwUk9ZRlljWTRmSVVVZTZPUHZCVm9aaDJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVZmRAwQA
1Q7fAwQA1Q76AwQA1UryMA0GCSqGSIb3DQEBCwUAA4IBAQCGk3ePuf2MwSEnVZjS
2wNI2cBtyc4B+DAlRuFbjG8fmhIyM08AEXOsTvWhwUOlWy8fAbqIMHWenGx7HVNj
v488mTT0Gelpa70EpinTrYLROVkKiFrPvuxUnLP+l4kAsFiYrBDFHeppuljxuYEe
aNVpns+vSXGPMEnYabPOZA3C8/2YRa3+4SuTopZ4XsyhqnhRiYBrIgFZ1/GKJTix
Rlsc98R3br05/CwWUWHbvuZMPXu6KTU16IUvhOo14yzCB1YQMyw8YJEhNzG3VemW
45AzyK+TPpYpV5odDy0+KZk/djC1Dr6mfu+xd+QzXsoHFMHptfjpd7Wr8ecP0Jqi
5E9L
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:29:43 2025 by rpki-client