Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/U3eAzBYqlS5ny3loqC6d-X4pjFc.roa
File: U3eAzBYqlS5ny3loqC6d-X4pjFc.roa (raw, json)
Hash identifier: EJBjhB6YSDKCWSO1xn35SUiNwifHM1pCOrpPoOsV3vc=
Subject key identifier: 53:77:80:CC:16:2A:95:2E:67:CB:79:68:A8:2E:9D:F9:7E:29:8C:57
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 019427B429CBF0402C1EFB5580C38FFFAEB9
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/U3eAzBYqlS5ny3loqC6d-X4pjFc.roa
Signing time: Thu 02 Jan 2025 15:48:26 +0000
ROA not before: Thu 02 Jan 2025 15:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199527
IP address blocks: 86.38.163.0/24 maxlen: 24
185.189.152.0/24 maxlen: 24
213.252.208.0/24 maxlen: 24
213.252.209.0/24 maxlen: 24
213.252.242.0/24 maxlen: 24
213.252.250.0/24 maxlen: 24
213.252.251.0/24 maxlen: 24
213.252.253.0/24 maxlen: 24
2a00:f501:a001::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b4:29:cb:f0:40:2c:1e:fb:55:80:c3:8f:ff:ae:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Jan 2 15:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=537780cc162a952e67cb7968a82e9df97e298c57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:56:6b:65:8a:c8:d5:cc:a1:48:8c:b0:68:e4:
3d:2a:4d:57:9b:ee:67:7f:0c:75:8d:fa:bc:60:84:
af:2b:f9:17:3f:83:e6:ec:bf:f1:39:c6:9a:28:0e:
ff:39:b4:00:9d:2c:01:8a:2d:f1:73:b1:e5:26:ab:
1e:4c:b7:bc:21:55:3d:2e:b0:bd:2a:1c:06:f0:fb:
86:9a:88:0c:9e:36:e5:40:0a:3b:6b:dc:e8:04:26:
04:90:64:94:6d:4d:a5:ab:05:46:93:97:f7:19:a4:
f0:ad:d5:aa:e4:60:32:82:fd:7e:02:32:a3:d8:2f:
a0:96:b8:1d:b2:cf:88:28:55:6a:51:08:b9:b1:60:
c0:f9:43:b5:6a:b8:4a:47:82:db:c1:b8:84:7f:ca:
6f:6e:5e:d1:da:8c:88:74:53:76:6b:48:d1:ef:2e:
75:6e:c7:09:44:2e:09:b1:91:92:8f:3e:88:59:1d:
ee:c1:1f:55:19:4e:4a:8c:8e:c4:ce:9e:8d:8d:c8:
6d:3d:ce:82:75:ea:bb:b1:54:99:19:2a:21:c0:f4:
ed:8f:86:40:d5:92:88:d4:6e:fb:1d:2e:12:28:ae:
0a:12:43:a2:70:18:f3:64:52:3b:69:3d:03:3a:59:
12:74:f2:8d:1d:8d:e1:4b:48:64:d1:e9:eb:45:d4:
9f:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:77:80:CC:16:2A:95:2E:67:CB:79:68:A8:2E:9D:F9:7E:29:8C:57
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/U3eAzBYqlS5ny3loqC6d-X4pjFc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.163.0/24
185.189.152.0/24
213.252.208.0/23
213.252.242.0/24
213.252.250.0/23
213.252.253.0/24
IPv6:
2a00:f501:a001::/48
Signature Algorithm: sha256WithRSAEncryption
a1:ce:b8:ed:07:18:49:6e:70:6f:20:fa:bd:c7:19:af:59:95:
66:2d:d3:33:04:99:d3:97:f5:d6:83:fe:28:eb:28:0b:cd:c3:
01:75:3f:07:77:fa:e4:19:3e:5c:4f:57:56:7d:f9:7f:96:83:
50:85:7c:ef:7d:da:88:6f:02:21:ff:22:53:1b:a8:bd:48:ae:
80:d1:de:f3:6f:40:8a:2b:fe:d8:38:63:48:a8:96:dc:ce:81:
70:00:7b:5c:31:70:68:02:09:5f:47:10:78:11:81:58:a8:b8:
c4:e4:26:8a:ea:a9:f6:12:4f:d0:49:50:ba:26:ad:79:6e:35:
4b:70:2c:21:3e:6e:e1:7d:ed:56:a3:23:1b:d2:07:69:0e:0a:
8e:b0:c0:64:99:0d:01:a9:ef:d1:9c:dd:9b:83:0b:d5:ac:88:
f5:42:2a:75:b4:a6:23:d8:f9:8b:80:31:49:2a:64:8d:61:0d:
0a:dd:a7:85:86:f9:b2:75:4d:d7:02:9b:f8:42:a2:7a:e2:bf:
66:6e:4d:ae:86:e5:1b:00:b8:6d:19:11:70:52:25:17:75:38:
a9:ae:f0:ae:ef:12:78:55:a0:2a:9a:ee:ea:bc:2b:8b:57:4e:
12:d5:b0:b1:5c:38:fe:b1:72:11:1c:3c:2e:27:c5:5b:9a:fd:
44:c6:e3:55
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZQntCnL8EAsHvtVgMOP/665MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjUwMTAyMTU0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mzc3ODBjYzE2MmE5NTJlNjdjYjc5NjhhODJlOWRmOTdlMjk4YzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVZrZYrI1cyhSIywaOQ9Kk1Xm+5n
fwx1jfq8YISvK/kXP4Pm7L/xOcaaKA7/ObQAnSwBii3xc7HlJqseTLe8IVU9LrC9
KhwG8PuGmogMnjblQAo7a9zoBCYEkGSUbU2lqwVGk5f3GaTwrdWq5GAygv1+AjKj
2C+glrgdss+IKFVqUQi5sWDA+UO1arhKR4LbwbiEf8pvbl7R2oyIdFN2a0jR7y51
bscJRC4JsZGSjz6IWR3uwR9VGU5KjI7Ezp6NjchtPc6Cdeq7sVSZGSohwPTtj4ZA
1ZKI1G77HS4SKK4KEkOicBjzZFI7aT0DOlkSdPKNHY3hS0hk0enrRdSfxQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFFN3gMwWKpUuZ8t5aKgunfl+KYxXMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvVTNlQXpCWXFsUzVueTNsb3FDNmQtWDRwakZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQAViajAwQA
ub2YAwQB1fzQAwQA1fzyAwQB1fz6AwQA1fz9MA8EAgACMAkDBwAqAPUBoAEwDQYJ
KoZIhvcNAQELBQADggEBAKHOuO0HGElucG8g+r3HGa9ZlWYt0zMEmdOX9daD/ijr
KAvNwwF1Pwd3+uQZPlxPV1Z9+X+Wg1CFfO992ohvAiH/IlMbqL1IroDR3vNvQIor
/tg4Y0ioltzOgXAAe1wxcGgCCV9HEHgRgViouMTkJorqqfYST9BJULomrXluNUtw
LCE+buF97VajIxvSB2kOCo6wwGSZDQGp79Gc3ZuDC9WsiPVCKnW0piPY+YuAMUkq
ZI1hDQrdp4WG+bJ1TdcCm/hConriv2ZuTa6G5RsAuG0ZEXBSJRd1OKmu8K7vEnhV
oCqa7uq8K4tXThLVsLFcOP6xchEcPC4nxVua/UTG41U=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:07:07 2025 by rpki-client