Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/h08qThk92uEgyuq7GcGhQWPFWn0.roa
File: h08qThk92uEgyuq7GcGhQWPFWn0.roa (raw, json)
Hash identifier: mAaqDUSvffRyxBJOynNblz2mwjsNbpllToGiv/FbVwg=
Subject key identifier: 87:4F:2A:4E:19:3D:DA:E1:20:CA:EA:BB:19:C1:A1:41:63:C5:5A:7D
Certificate issuer: /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial: 019423698B16AAD23A819DA82D3650FEEECA
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/h08qThk92uEgyuq7GcGhQWPFWn0.roa
Signing time: Wed 01 Jan 2025 19:48:26 +0000
ROA not before: Wed 01 Jan 2025 19:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34358
IP address blocks: 89.34.107.0/24 maxlen: 24
89.35.204.0/24 maxlen: 24
89.39.189.0/24 maxlen: 24
176.223.166.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:8b:16:aa:d2:3a:81:9d:a8:2d:36:50:fe:ee:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Validity
Not Before: Jan 1 19:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=874f2a4e193ddae120caeabb19c1a14163c55a7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:86:96:42:55:43:92:8a:53:31:ee:af:a7:df:
0a:81:91:b7:33:ab:5d:86:4d:c3:1a:f4:55:26:f7:
87:8b:4f:21:09:eb:2d:43:3a:d5:98:aa:af:da:d9:
b0:d1:c6:4f:86:90:fa:85:5d:a1:27:a0:4e:72:6d:
79:f5:ad:7c:a4:f1:78:3a:31:b4:94:c9:3f:23:d0:
92:3e:ce:b5:20:62:8f:98:0e:fa:74:f7:88:27:ab:
2a:90:eb:f0:4a:d2:ec:f4:d0:12:3d:b9:80:24:4e:
11:9d:c4:d2:a5:03:e0:70:b5:72:78:0d:e8:fa:9f:
f0:7d:9e:ef:8f:26:94:24:8f:1c:f3:98:0f:b4:48:
cb:04:c2:85:44:c6:da:c0:54:0a:46:3c:3d:6a:18:
3f:13:aa:8c:b1:e6:79:8b:7c:53:92:4d:08:6b:a1:
92:4e:94:b3:c1:91:63:63:59:dd:61:60:71:60:fc:
14:b3:e7:95:59:bf:6d:13:d6:58:49:a8:d5:b4:04:
e6:83:57:ad:42:bb:68:a6:d0:20:63:ba:7c:cf:dd:
86:c3:f8:5a:7e:37:79:bb:51:30:71:a6:12:2c:6c:
3b:84:1d:e5:a2:c1:b0:d5:75:ec:93:70:37:76:bd:
de:90:67:2e:a2:2c:1e:1c:c2:a9:54:b2:c4:6a:c5:
56:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:4F:2A:4E:19:3D:DA:E1:20:CA:EA:BB:19:C1:A1:41:63:C5:5A:7D
X509v3 Authority Key Identifier:
keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/h08qThk92uEgyuq7GcGhQWPFWn0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.107.0/24
89.35.204.0/24
89.39.189.0/24
176.223.166.0/24
Signature Algorithm: sha256WithRSAEncryption
83:c9:40:7d:d6:4c:55:3c:d1:d6:07:49:a0:fa:2d:92:ea:df:
51:3a:e1:94:1f:5d:3b:f5:fd:43:63:af:98:32:ec:ec:9e:08:
fb:54:41:f1:2f:1f:e4:0a:70:3a:61:fe:3b:d6:43:84:8b:de:
5b:15:95:9b:8c:0a:08:72:a8:3e:a6:07:02:b9:b3:c5:c2:7f:
dd:96:7d:22:f4:57:60:36:f9:3a:0f:97:65:42:c1:97:85:0c:
8e:60:c3:7f:6a:45:aa:85:75:a4:4a:47:4a:5c:0b:95:63:e9:
23:9b:74:15:09:43:3f:c3:56:6f:a2:c0:09:9c:eb:8c:30:ec:
39:e5:c6:a3:2e:6c:d5:10:69:8c:44:12:de:fb:bf:f8:1e:8e:
ea:7c:de:b7:62:12:e6:1c:1f:be:c9:e6:d5:e7:06:70:4f:4f:
f4:bb:93:e8:78:bb:3d:8c:16:11:9e:94:b9:6b:be:75:5f:cf:
0f:da:e1:b9:0b:3f:4f:65:7f:8c:4a:5d:60:48:58:bf:2d:eb:
ec:fb:e2:f4:cc:77:25:c2:c8:b5:4e:40:2a:b8:0a:7b:42:02:
08:27:c0:9f:f0:6c:22:31:8f:11:eb:3c:a6:ed:07:25:26:f3:
40:30:a4:45:aa:ba:60:83:a1:27:48:e7:49:d9:89:47:5c:46:
ca:c5:02:83
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQjaYsWqtI6gZ2oLTZQ/u7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRmMmE0ZTE5M2RkYWUxMjBjYWVhYmIxOWMxYTE0MTYzYzU1YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4aWQlVDkopTMe6vp98KgZG3M6td
hk3DGvRVJveHi08hCestQzrVmKqv2tmw0cZPhpD6hV2hJ6BOcm159a18pPF4OjG0
lMk/I9CSPs61IGKPmA76dPeIJ6sqkOvwStLs9NASPbmAJE4RncTSpQPgcLVyeA3o
+p/wfZ7vjyaUJI8c85gPtEjLBMKFRMbawFQKRjw9ahg/E6qMseZ5i3xTkk0Ia6GS
TpSzwZFjY1ndYWBxYPwUs+eVWb9tE9ZYSajVtATmg1etQrtoptAgY7p8z92Gw/ha
fjd5u1EwcaYSLGw7hB3losGw1XXsk3A3dr3ekGcuoiweHMKpVLLEasVWcwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIdPKk4ZPdrhIMrquxnBoUFjxVp9MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2gwOHFUaGs5MnVFZ3l1cTdHY0doUVdQRlduMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBABZImsD
BABZI8wDBABZJ70DBACw36YwDQYJKoZIhvcNAQELBQADggEBAIPJQH3WTFU80dYH
SaD6LZLq31E64ZQfXTv1/UNjr5gy7OyeCPtUQfEvH+QKcDph/jvWQ4SL3lsVlZuM
CghyqD6mBwK5s8XCf92WfSL0V2A2+ToPl2VCwZeFDI5gw39qRaqFdaRKR0pcC5Vj
6SObdBUJQz/DVm+iwAmc64ww7DnlxqMubNUQaYxEEt77v/gejup83rdiEuYcH77J
5tXnBnBPT/S7k+h4uz2MFhGelLlrvnVfzw/a4bkLP09lf4xKXWBIWL8t6+z74vTM
dyXCyLVOQCq4CntCAggnwJ/wbCIxjxHrPKbtByUm80AwpEWqumCDoSdI50nZiUdc
RsrFAoM=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:42:06 2025 by rpki-client