Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/6MAb7XbUcfI0nmCljWI1JayLaQM.roa
File: 6MAb7XbUcfI0nmCljWI1JayLaQM.roa (raw, json)
Hash identifier: XXUfeTIlPWq5G9p6BkglpVM7BjdGKnRP75ZBcmeUA+w=
Subject key identifier: E8:C0:1B:ED:76:D4:71:F2:34:9E:60:A5:8D:62:35:25:AC:8B:69:03
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 01914BAC77ADDDD4C5B1E8D2E51EE7EC910E
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/6MAb7XbUcfI0nmCljWI1JayLaQM.roa
Signing time: Tue 13 Aug 2024 12:17:59 +0000
ROA not before: Tue 13 Aug 2024 12:17:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2914
IP address blocks: 86.38.25.0/24 maxlen: 24
86.38.57.0/24 maxlen: 24
86.38.128.0/24 maxlen: 24
86.38.129.0/24 maxlen: 24
86.38.130.0/24 maxlen: 24
86.38.158.0/24 maxlen: 24
86.38.159.0/24 maxlen: 24
86.38.160.0/24 maxlen: 24
89.117.240.0/24 maxlen: 24
89.117.242.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:4b:ac:77:ad:dd:d4:c5:b1:e8:d2:e5:1e:e7:ec:91:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Aug 13 12:17:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e8c01bed76d471f2349e60a58d623525ac8b6903
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:43:7c:0e:5d:0f:bc:f5:b3:03:c2:50:0a:5e:
11:6b:3b:78:27:e5:f7:e4:3d:49:3a:3d:8d:98:4c:
cd:e1:1e:67:0d:ec:4d:e9:b3:64:89:ee:85:d5:28:
08:fb:97:31:c4:16:e6:99:2d:28:bf:fc:3c:53:0a:
1b:0a:70:ee:26:8d:bd:c7:d4:f1:bd:d5:c7:dd:56:
eb:cf:cf:4e:ca:8e:6b:c8:fd:9d:20:59:cb:8e:87:
13:e4:04:b2:72:3e:af:46:df:a2:ec:df:54:23:2f:
d5:79:d1:4f:e7:73:19:a0:ba:96:c2:69:a8:f0:d8:
b1:f5:a1:86:7d:38:82:23:06:da:05:8d:cb:da:a3:
ab:70:6b:43:76:15:10:f4:b9:47:4c:6c:6e:6c:83:
58:91:bf:7d:c5:a3:ad:65:b8:2b:be:55:ae:5f:f0:
08:41:8a:c1:8a:4b:df:ef:6d:a1:9c:5f:85:41:9c:
02:c9:7e:a4:87:06:d9:0b:44:bd:b7:20:14:ef:74:
d2:cd:1f:2e:7c:d7:90:01:1f:57:53:ff:05:74:db:
ea:7a:dd:03:df:dc:9e:e8:ee:3a:a7:3a:45:9f:dd:
cc:06:76:43:8f:bb:61:57:66:44:08:7d:93:ac:6d:
10:3a:2c:37:c6:b8:fa:a1:ea:b7:98:be:e3:ef:cc:
b3:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:C0:1B:ED:76:D4:71:F2:34:9E:60:A5:8D:62:35:25:AC:8B:69:03
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/6MAb7XbUcfI0nmCljWI1JayLaQM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.25.0/24
86.38.57.0/24
86.38.128.0-86.38.130.255
86.38.158.0-86.38.160.255
89.117.240.0/24
89.117.242.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:13:5b:48:32:20:bc:02:4e:9e:61:e4:f3:9e:a2:ff:5b:56:
07:8b:79:a0:c6:e8:d0:80:fa:9c:7c:ca:60:9d:d1:75:07:b3:
c6:2b:4d:6a:6c:4b:1c:8d:31:b6:80:df:26:5c:53:f1:a0:9a:
e1:de:cd:66:e7:8f:1e:b2:70:43:3a:3d:ac:d4:32:49:21:c8:
9e:e6:12:44:39:74:83:37:c5:c7:22:95:aa:49:7e:f7:73:af:
d3:0b:94:54:6c:5d:66:00:1e:2b:e9:3e:53:20:21:5f:e5:29:
00:9e:45:85:e8:18:6c:c9:3a:6c:d1:0b:dd:df:15:d0:d1:b1:
21:69:15:54:6b:7e:38:e9:53:ca:2f:71:7b:65:da:0e:d5:d9:
46:06:f3:6a:78:46:a9:04:aa:c6:e7:fc:14:80:26:23:5d:b3:
2f:5e:f1:7a:04:df:65:77:65:75:66:80:02:b9:52:41:bb:80:
53:9d:88:50:a3:51:c1:2c:51:bd:f3:a1:df:83:3e:ce:98:d3:
af:28:a4:35:20:60:fe:67:20:b4:3b:1b:b3:a0:0e:d1:a9:e4:
ec:e7:89:09:af:7c:ef:a5:e3:76:de:44:48:f8:be:03:a6:6b:
7b:58:0f:e1:0f:03:13:02:5a:69:64:6a:a9:1e:b8:89:0b:ab:
52:1a:3f:3a
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZFLrHet3dTFsejS5R7n7JEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjQwODEzMTIxNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGMwMWJlZDc2ZDQ3MWYyMzQ5ZTYwYTU4ZDYyMzUyNWFjOGI2OTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0N8Dl0PvPWzA8JQCl4Razt4J+X3
5D1JOj2NmEzN4R5nDexN6bNkie6F1SgI+5cxxBbmmS0ov/w8UwobCnDuJo29x9Tx
vdXH3Vbrz89Oyo5ryP2dIFnLjocT5ASycj6vRt+i7N9UIy/VedFP53MZoLqWwmmo
8Nix9aGGfTiCIwbaBY3L2qOrcGtDdhUQ9LlHTGxubINYkb99xaOtZbgrvlWuX/AI
QYrBikvf722hnF+FQZwCyX6khwbZC0S9tyAU73TSzR8ufNeQAR9XU/8FdNvqet0D
39ye6O46pzpFn93MBnZDj7thV2ZECH2TrG0QOiw3xrj6oeq3mL7j78yzLwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFOjAG+121HHyNJ5gpY1iNSWsi2kDMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvNk1BYjdYYlVjZkkwbm1DbGpXSTFKYXlMYVFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQAViYZAwQA
ViY5MAwDBAdWJoADBABWJoIwDAMEAVYmngMEAFYmoAMEAFl18AMEAFl18jANBgkq
hkiG9w0BAQsFAAOCAQEAjBNbSDIgvAJOnmHk856i/1tWB4t5oMbo0ID6nHzKYJ3R
dQezxitNamxLHI0xtoDfJlxT8aCa4d7NZuePHrJwQzo9rNQySSHInuYSRDl0gzfF
xyKVqkl+93Ov0wuUVGxdZgAeK+k+UyAhX+UpAJ5FhegYbMk6bNEL3d8V0NGxIWkV
VGt+OOlTyi9xe2XaDtXZRgbzanhGqQSqxuf8FIAmI12zL17xegTfZXdldWaAArlS
QbuAU52IUKNRwSxRvfOh34M+zpjTryikNSBg/mcgtDsbs6AO0ank7OeJCa9876Xj
dt5ESPi+A6Zre1gP4Q8DEwJaaWRqqR64iQurUho/Og==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:02:39 2025 by rpki-client