Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/JfYfytnPvytrAgnWdGl4VWwuQu8.roa
File: JfYfytnPvytrAgnWdGl4VWwuQu8.roa (raw, json)
Hash identifier: PJQ895+ADdYzbDQ25ZZP1Bb0xkfVzmx/OUn4iJnvzMY=
Subject key identifier: 25:F6:1F:CA:D9:CF:BF:2B:6B:02:09:D6:74:69:78:55:6C:2E:42:EF
Certificate issuer: /CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Certificate serial: 0194221FC70A52370852A05020863AF0AAAB
Authority key identifier: 11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/JfYfytnPvytrAgnWdGl4VWwuQu8.roa
Signing time: Wed 01 Jan 2025 13:48:15 +0000
ROA not before: Wed 01 Jan 2025 13:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43647
IP address blocks: 82.148.0.0/21 maxlen: 24
89.232.184.0/22 maxlen: 24
94.154.128.0/22 maxlen: 24
185.76.12.0/22 maxlen: 24
185.228.88.0/22 maxlen: 24
213.232.225.0/24 maxlen: 24
213.232.245.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:c7:0a:52:37:08:52:a0:50:20:86:3a:f0:aa:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11b69b59d19f2987e49f1852d60bb1777f80a301
Validity
Not Before: Jan 1 13:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=25f61fcad9cfbf2b6b0209d6746978556c2e42ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d7:1c:e9:9e:13:ca:d0:bc:c1:c2:28:13:86:
fc:ae:9a:20:83:db:3c:c1:5b:c7:7c:25:58:72:02:
7b:25:2c:26:aa:c3:3a:1e:5e:d6:e8:a9:e8:15:a3:
82:4d:bb:9b:5b:92:4e:6b:54:ac:74:e3:49:ec:79:
54:79:62:de:5d:a9:f6:e1:6f:85:f0:6b:33:7e:59:
f1:a8:16:01:9f:a2:53:a2:52:c9:c0:17:2b:41:9c:
0b:de:16:30:d0:70:04:a5:c1:c1:33:c7:0a:58:52:
b1:84:74:da:c9:35:45:6f:66:c6:ba:ec:76:21:c0:
a7:f3:98:07:14:a0:92:83:24:1b:a0:e7:0a:59:6e:
29:7e:61:fd:2c:00:6c:0f:22:d1:9a:ee:d9:f0:2c:
93:a8:0c:56:03:82:85:64:7b:4c:ec:61:51:bc:a1:
7a:c4:b5:f9:b8:80:6b:bd:71:cd:e4:4f:71:09:e4:
87:1b:0b:4b:96:3a:d7:ec:f8:52:90:a3:b5:e7:5b:
53:4a:a2:01:10:ce:2a:d9:f1:cd:4a:29:e3:b0:e0:
cf:28:ea:eb:0e:e3:dc:91:f8:87:a7:27:9a:90:1c:
db:b1:48:d0:c5:0f:db:4a:5d:37:62:7d:54:87:b4:
b8:7c:3b:32:f9:21:51:3d:48:34:f5:c8:a9:e7:c7:
86:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:F6:1F:CA:D9:CF:BF:2B:6B:02:09:D6:74:69:78:55:6C:2E:42:EF
X509v3 Authority Key Identifier:
keyid:11:B6:9B:59:D1:9F:29:87:E4:9F:18:52:D6:0B:B1:77:7F:80:A3:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EbabWdGfKYfknxhS1guxd3-AowE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/JfYfytnPvytrAgnWdGl4VWwuQu8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/5edf7a-ab9a-45e7-a612-d169c088b412/1/EbabWdGfKYfknxhS1guxd3-AowE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.148.0.0/21
89.232.184.0/22
94.154.128.0/22
185.76.12.0/22
185.228.88.0/22
213.232.225.0/24
213.232.245.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:ac:94:68:37:1a:be:1b:84:a5:b4:57:ae:f8:47:64:47:bd:
08:e0:b4:04:da:51:ea:7e:89:e0:17:96:3d:0d:91:dc:d2:f2:
5f:c9:fe:4d:bb:20:35:c8:e7:49:d8:92:36:02:55:10:f7:94:
09:c5:ef:87:92:33:af:6f:c5:fe:48:99:3f:e2:39:34:75:c4:
0b:de:6d:fa:bd:0b:44:db:75:e8:ab:89:e3:a9:03:30:45:97:
5d:54:1d:0f:56:ef:05:0c:c0:b5:f0:4a:6a:08:51:d6:50:31:
98:a3:c9:62:9f:6b:07:0d:5f:ff:95:24:a8:f7:68:b7:4a:5b:
d0:8f:c0:4e:74:6b:58:51:66:f2:e0:7b:15:43:cb:d7:26:f1:
68:0f:29:d6:1f:60:42:1c:1e:27:e9:c7:88:9f:25:fa:2c:34:
3a:b8:ef:bb:a3:b7:79:f6:b1:8e:0b:0b:71:84:65:bc:3f:9f:
61:ad:5f:8c:de:ff:88:de:70:5e:53:06:c3:ad:73:6e:0a:6b:
3c:64:aa:87:e5:ae:ac:62:93:57:1c:c1:b5:be:c5:48:2a:91:
34:3f:68:76:1d:9e:1e:23:97:39:15:de:c9:16:bb:bc:88:85:
cc:ff:37:ce:34:a4:da:07:b0:03:71:8a:e1:9f:ed:6c:c0:82:
77:49:c8:01
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQiH8cKUjcIUqBQIIY68KqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYjY5YjU5ZDE5ZjI5ODdlNDlmMTg1MmQ2MGJiMTc3N2Y4
MGEzMDEwHhcNMjUwMTAxMTM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWY2MWZjYWQ5Y2ZiZjJiNmIwMjA5ZDY3NDY5Nzg1NTZjMmU0MmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtcc6Z4TytC8wcIoE4b8rpogg9s8
wVvHfCVYcgJ7JSwmqsM6Hl7W6KnoFaOCTbubW5JOa1SsdONJ7HlUeWLeXan24W+F
8GszflnxqBYBn6JTolLJwBcrQZwL3hYw0HAEpcHBM8cKWFKxhHTayTVFb2bGuux2
IcCn85gHFKCSgyQboOcKWW4pfmH9LABsDyLRmu7Z8CyTqAxWA4KFZHtM7GFRvKF6
xLX5uIBrvXHN5E9xCeSHGwtLljrX7PhSkKO151tTSqIBEM4q2fHNSinjsODPKOrr
DuPckfiHpyeakBzbsUjQxQ/bSl03Yn1Uh7S4fDsy+SFRPUg09cip58eG7wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCX2H8rZz78rawIJ1nRpeFVsLkLvMB8GA1UdIwQY
MBaAFBG2m1nRnymH5J8YUtYLsXd/gKMBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTIt
ZDE2OWMwODhiNDEyLzEvSmZZZnl0blB2eXRyQWduV2RHbDRWV3d1UXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC81ZWRmN2EtYWI5YS00NWU3LWE2MTItZDE2OWMwODhiNDEy
LzEvRWJhYldkR2ZLWWZrbnhoUzFndXhkMy1Bb3dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDUpQAAwQC
Wei4AwQCXpqAAwQCuUwMAwQCueRYAwQA1ejhAwQA1ej1MA0GCSqGSIb3DQEBCwUA
A4IBAQAPrJRoNxq+G4SltFeu+EdkR70I4LQE2lHqfongF5Y9DZHc0vJfyf5NuyA1
yOdJ2JI2AlUQ95QJxe+HkjOvb8X+SJk/4jk0dcQL3m36vQtE23Xoq4njqQMwRZdd
VB0PVu8FDMC18EpqCFHWUDGYo8lin2sHDV//lSSo92i3SlvQj8BOdGtYUWby4HsV
Q8vXJvFoDynWH2BCHB4n6ceInyX6LDQ6uO+7o7d59rGOCwtxhGW8P59hrV+M3v+I
3nBeUwbDrXNuCms8ZKqH5a6sYpNXHMG1vsVIKpE0P2h2HZ4eI5c5Fd7JFru8iIXM
/zfONKTaB7ADcYrhn+1swIJ3ScgB
-----END CERTIFICATE-----
Generated at Wed Apr 9 04:39:16 2025 by rpki-client