Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/1cf3f0-a036-4c76-8b09-5c535b746353/1/oRfW2FP4FbeYSI3kehqgncp9gcc.roa
File: oRfW2FP4FbeYSI3kehqgncp9gcc.roa (raw, json)
Hash identifier: XwGX8naDPDNcbpgigNakMaNKC6NSSrDBYhs82eP32R4=
Subject key identifier: A1:17:D6:D8:53:F8:15:B7:98:48:8D:E4:7A:1A:A0:9D:CA:7D:81:C7
Certificate issuer: /CN=9706aa905465586424f387fdbd83648b72d946de
Certificate serial: 01942825DEE1C01F9955A93E73EF1B220E89
Authority key identifier: 97:06:AA:90:54:65:58:64:24:F3:87:FD:BD:83:64:8B:72:D9:46:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lwaqkFRlWGQk84f9vYNki3LZRt4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/1cf3f0-a036-4c76-8b09-5c535b746353/1/oRfW2FP4FbeYSI3kehqgncp9gcc.roa
Signing time: Thu 02 Jan 2025 17:52:37 +0000
ROA not before: Thu 02 Jan 2025 17:52:37 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29243
IP address blocks: 80.83.0.0/20 maxlen: 20
109.163.208.0/21 maxlen: 21
185.168.212.0/22 maxlen: 22
2001:1430::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:de:e1:c0:1f:99:55:a9:3e:73:ef:1b:22:0e:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9706aa905465586424f387fdbd83648b72d946de
Validity
Not Before: Jan 2 17:52:37 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a117d6d853f815b798488de47a1aa09dca7d81c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:27:08:91:f6:3a:73:2c:ef:2b:e5:6d:59:23:
ce:a8:47:d9:65:a1:a5:6d:c8:6e:f6:85:57:fc:50:
aa:23:8f:f5:ee:ac:9f:27:09:ec:c1:27:0f:98:bc:
e4:72:e7:2e:f5:7f:ca:a8:df:6d:25:8e:e8:67:45:
ac:79:04:96:84:8e:46:40:9e:6b:a2:7b:33:28:f9:
ba:b3:41:a1:48:23:f9:52:b2:53:88:c7:67:ec:34:
38:d7:b8:aa:83:04:be:67:4e:70:f1:de:13:11:cf:
2f:f1:6f:05:8c:fc:cc:ea:f9:6c:ff:04:d5:93:8e:
c0:41:a0:16:fa:7a:2f:03:02:77:eb:08:7b:61:9f:
12:ed:0e:8b:da:8d:4f:10:a9:0e:96:83:1a:02:ad:
1b:d7:bd:ca:3d:17:a8:92:15:93:9f:fc:a7:3c:f3:
6b:f4:06:ca:d8:42:0c:d0:d3:83:58:63:33:c0:48:
cf:4b:92:53:76:65:e0:d3:74:34:17:1b:7b:6d:5c:
cc:9c:62:19:12:8d:0f:03:28:af:2f:82:ce:68:70:
a6:c2:fe:b9:63:52:2d:88:25:db:9f:a3:19:74:9f:
33:ac:9f:0d:b1:39:2d:90:a6:38:2a:25:7a:6a:b2:
8a:96:15:ef:fb:6e:24:4a:61:1c:ac:d8:f2:0b:da:
90:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:17:D6:D8:53:F8:15:B7:98:48:8D:E4:7A:1A:A0:9D:CA:7D:81:C7
X509v3 Authority Key Identifier:
keyid:97:06:AA:90:54:65:58:64:24:F3:87:FD:BD:83:64:8B:72:D9:46:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwaqkFRlWGQk84f9vYNki3LZRt4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/1cf3f0-a036-4c76-8b09-5c535b746353/1/oRfW2FP4FbeYSI3kehqgncp9gcc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/1cf3f0-a036-4c76-8b09-5c535b746353/1/lwaqkFRlWGQk84f9vYNki3LZRt4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.83.0.0/20
109.163.208.0/21
185.168.212.0/22
IPv6:
2001:1430::/32
Signature Algorithm: sha256WithRSAEncryption
40:af:0e:a3:ec:44:3f:a6:6d:6e:bc:93:1e:4f:b1:c2:5f:c1:
3d:e6:3b:c0:1c:41:dd:e2:7e:9d:65:30:a5:ae:bc:81:f1:ed:
d0:93:b8:71:44:4a:f5:d5:49:05:14:da:bc:d7:ad:57:06:67:
86:1f:70:4a:9c:81:58:7f:f0:b5:da:05:8d:a4:67:19:e2:96:
f8:8c:c9:e0:f7:fd:99:75:27:20:7d:7f:7f:be:be:47:cd:31:
e8:17:c9:e1:ec:28:91:85:b2:4e:f4:33:4f:f2:ec:1c:23:23:
07:0b:15:d3:75:36:b2:db:b7:cc:37:a1:16:93:21:13:b5:14:
a3:e2:42:5c:45:fe:62:d6:bd:f7:8d:4e:63:d7:df:b3:c6:47:
a4:f2:7c:be:3e:ca:5e:0b:38:7c:a6:59:c2:e5:60:c6:65:b7:
bc:87:47:8a:86:2f:6e:d3:fb:7c:80:d6:73:b2:5c:a5:80:3f:
28:7d:b8:a7:12:84:60:0d:90:ce:3d:15:ee:9d:50:32:a0:f3:
4b:0c:3c:02:e8:b2:f4:c2:8a:bf:cc:b3:a9:cd:8c:43:a5:3b:
c5:85:41:d5:4b:e9:1e:57:fb:98:74:33:2e:68:04:6e:c8:5e:
2f:bb:97:b4:54:23:cd:b2:9d:e5:09:30:8b:5d:b8:12:c3:ef:
57:08:47:c2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQoJd7hwB+ZVak+c+8bIg6JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDZhYTkwNTQ2NTU4NjQyNGYzODdmZGJkODM2NDhiNzJk
OTQ2ZGUwHhcNMjUwMTAyMTc1MjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTE3ZDZkODUzZjgxNWI3OTg0ODhkZTQ3YTFhYTA5ZGNhN2Q4MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyycIkfY6cyzvK+VtWSPOqEfZZaGl
bchu9oVX/FCqI4/17qyfJwnswScPmLzkcucu9X/KqN9tJY7oZ0WseQSWhI5GQJ5r
onszKPm6s0GhSCP5UrJTiMdn7DQ417iqgwS+Z05w8d4TEc8v8W8FjPzM6vls/wTV
k47AQaAW+novAwJ36wh7YZ8S7Q6L2o1PEKkOloMaAq0b173KPReokhWTn/ynPPNr
9AbK2EIM0NODWGMzwEjPS5JTdmXg03Q0Fxt7bVzMnGIZEo0PAyivL4LOaHCmwv65
Y1ItiCXbn6MZdJ8zrJ8NsTktkKY4KiV6arKKlhXv+24kSmEcrNjyC9qQjQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKEX1thT+BW3mEiN5HoaoJ3KfYHHMB8GA1UdIwQY
MBaAFJcGqpBUZVhkJPOH/b2DZIty2UbeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdhcWtGUmxXR1FrODRmOXZZTmtpM0xaUnQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8xY2YzZjAtYTAzNi00Yzc2LThiMDkt
NWM1MzViNzQ2MzUzLzEvb1JmVzJGUDRGYmVZU0kza2VocWduY3A5Z2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8xY2YzZjAtYTAzNi00Yzc2LThiMDktNWM1MzViNzQ2MzUz
LzEvbHdhcWtGUmxXR1FrODRmOXZZTmtpM0xaUnQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEUFMAAwQD
baPQAwQCuajUMA0EAgACMAcDBQAgARQwMA0GCSqGSIb3DQEBCwUAA4IBAQBArw6j
7EQ/pm1uvJMeT7HCX8E95jvAHEHd4n6dZTClrryB8e3Qk7hxREr11UkFFNq8161X
BmeGH3BKnIFYf/C12gWNpGcZ4pb4jMng9/2ZdScgfX9/vr5HzTHoF8nh7CiRhbJO
9DNP8uwcIyMHCxXTdTay27fMN6EWkyETtRSj4kJcRf5i1r33jU5j19+zxkek8ny+
PspeCzh8plnC5WDGZbe8h0eKhi9u0/t8gNZzslylgD8ofbinEoRgDZDOPRXunVAy
oPNLDDwC6LL0woq/zLOpzYxDpTvFhUHVS+keV/uYdDMuaARuyF4vu5e0VCPNsp3l
CTCLXbgSw+9XCEfC
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:13:04 2025 by rpki-client