Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/ad0241-1ae3-4d5b-b0d1-85c5d5302d88/1/HZdIrchIDCiQCwbuPhc70E8YbWU.roa
File: HZdIrchIDCiQCwbuPhc70E8YbWU.roa (raw, json)
Hash identifier: uDrefFzWXlfoxlCxsdKnI68bX6+lo8xUQyNPFxh8fsk=
Subject key identifier: 1D:97:48:AD:C8:48:0C:28:90:0B:06:EE:3E:17:3B:D0:4F:18:6D:65
Certificate issuer: /CN=5d16dccfb2e2c88cf09f487c421fc8af7bbd3574
Certificate serial: 019421B252470299FFBED1E1FC3614018538
Authority key identifier: 5D:16:DC:CF:B2:E2:C8:8C:F0:9F:48:7C:42:1F:C8:AF:7B:BD:35:74
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XRbcz7LiyIzwn0h8Qh_Ir3u9NXQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/ad0241-1ae3-4d5b-b0d1-85c5d5302d88/1/HZdIrchIDCiQCwbuPhc70E8YbWU.roa
Signing time: Wed 01 Jan 2025 11:48:42 +0000
ROA not before: Wed 01 Jan 2025 11:48:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200931
IP address blocks: 185.91.4.0/22 maxlen: 22
185.91.4.0/24 maxlen: 24
185.91.5.0/24 maxlen: 24
185.91.6.0/24 maxlen: 24
2a03:8860::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:52:47:02:99:ff:be:d1:e1:fc:36:14:01:85:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5d16dccfb2e2c88cf09f487c421fc8af7bbd3574
Validity
Not Before: Jan 1 11:48:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1d9748adc8480c28900b06ee3e173bd04f186d65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:95:7d:20:4f:cb:81:26:1b:96:37:09:c0:39:
f5:b2:09:aa:de:5f:07:44:e1:1a:c7:6a:c7:50:9d:
1e:fa:33:2e:2c:6c:e0:45:4a:79:8a:81:ce:c1:d1:
cb:a4:e1:9c:cf:4a:5e:fc:15:01:4b:ce:26:8d:57:
5a:fb:6b:bb:4a:c0:31:95:4f:93:d7:a6:4e:4d:ce:
04:95:b4:b6:d3:d6:6e:b9:08:1a:f3:0a:95:8f:4f:
5c:58:88:49:c3:eb:cc:06:61:75:29:39:f2:d3:a8:
6e:e8:b4:07:c4:90:26:40:77:04:f0:d3:77:e1:68:
bf:b5:9c:a1:45:9e:b4:20:3d:74:b1:a5:ff:d9:b0:
a4:ad:19:ad:6f:16:bb:5e:0c:7b:93:17:24:77:ad:
d7:ae:52:ee:16:e3:dc:c8:ad:0a:63:79:67:dd:7f:
cb:1c:98:c9:d0:19:c5:69:3e:ed:5f:3d:52:66:4e:
2f:16:19:59:3d:aa:15:d1:13:4f:ea:fe:be:53:c7:
5a:cf:63:cd:0c:11:45:d1:9d:58:07:41:c1:50:46:
14:92:43:19:66:f8:17:17:75:23:82:ee:f5:d2:44:
f0:b7:0d:51:ae:72:9c:d1:a0:67:a7:88:4b:a7:4d:
82:92:2d:62:15:df:87:77:42:a1:13:84:84:36:8e:
cb:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:97:48:AD:C8:48:0C:28:90:0B:06:EE:3E:17:3B:D0:4F:18:6D:65
X509v3 Authority Key Identifier:
keyid:5D:16:DC:CF:B2:E2:C8:8C:F0:9F:48:7C:42:1F:C8:AF:7B:BD:35:74
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XRbcz7LiyIzwn0h8Qh_Ir3u9NXQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/ad0241-1ae3-4d5b-b0d1-85c5d5302d88/1/HZdIrchIDCiQCwbuPhc70E8YbWU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/ad0241-1ae3-4d5b-b0d1-85c5d5302d88/1/XRbcz7LiyIzwn0h8Qh_Ir3u9NXQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.91.4.0/22
IPv6:
2a03:8860::/32
Signature Algorithm: sha256WithRSAEncryption
42:ad:24:ac:21:a0:a2:68:db:9f:8c:b1:57:5f:0c:16:61:66:
2c:b6:ff:28:cb:f2:d2:21:1d:03:bc:aa:31:71:b2:64:59:78:
77:c8:9e:fa:7e:1f:9b:35:83:b1:53:ee:5b:ff:f8:1c:78:97:
b1:f6:60:df:d7:7a:8d:c3:f2:98:bc:da:cd:67:98:18:52:17:
11:02:d4:2b:f8:36:78:ff:e2:c7:0a:20:ff:a7:ad:9c:1a:ea:
f8:38:8c:a4:93:1e:95:85:1f:f3:b9:43:73:52:77:8e:94:38:
73:ee:2a:7d:25:fb:71:c1:ff:d0:83:91:3b:ce:ef:11:02:3b:
83:04:a4:d5:55:58:86:c5:9c:21:e7:83:31:c2:aa:4d:4c:7a:
dd:72:76:40:78:15:d2:bb:7b:e4:2e:76:c9:9f:e9:07:f7:ff:
90:0f:c7:0e:7d:b0:88:9a:3d:eb:0d:50:6d:22:25:8c:b7:9c:
d4:09:4a:5d:5e:43:c0:10:85:f9:c5:05:91:d0:4c:ae:a6:7c:
42:53:b2:6b:d4:20:3e:7f:36:4d:21:ad:36:3d:ad:43:4c:54:
bf:89:b6:b5:a1:49:65:bf:0b:5e:5d:b0:d6:fb:9a:c3:6b:a3:
09:77:98:14:9f:6f:19:e9:64:b2:de:e5:71:c8:17:55:d6:0c:
5f:e0:80:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhslJHApn/vtHh/DYUAYU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkMTZkY2NmYjJlMmM4OGNmMDlmNDg3YzQyMWZjOGFmN2Ji
ZDM1NzQwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDk3NDhhZGM4NDgwYzI4OTAwYjA2ZWUzZTE3M2JkMDRmMTg2ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpV9IE/LgSYbljcJwDn1sgmq3l8H
ROEax2rHUJ0e+jMuLGzgRUp5ioHOwdHLpOGcz0pe/BUBS84mjVda+2u7SsAxlU+T
16ZOTc4ElbS209ZuuQga8wqVj09cWIhJw+vMBmF1KTny06hu6LQHxJAmQHcE8NN3
4Wi/tZyhRZ60ID10saX/2bCkrRmtbxa7Xgx7kxckd63XrlLuFuPcyK0KY3ln3X/L
HJjJ0BnFaT7tXz1SZk4vFhlZPaoV0RNP6v6+U8daz2PNDBFF0Z1YB0HBUEYUkkMZ
ZvgXF3Ujgu710kTwtw1RrnKc0aBnp4hLp02Cki1iFd+Hd0KhE4SENo7LHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB2XSK3ISAwokAsG7j4XO9BPGG1lMB8GA1UdIwQY
MBaAFF0W3M+y4siM8J9IfEIfyK97vTV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFJiY3o3TGl5SXp3bjBoOFFoX0lyM3U5TlhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9hZDAyNDEtMWFlMy00ZDViLWIwZDEt
ODVjNWQ1MzAyZDg4LzEvSFpkSXJjaElEQ2lRQ3didVBoYzcwRThZYldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9hZDAyNDEtMWFlMy00ZDViLWIwZDEtODVjNWQ1MzAyZDg4
LzEvWFJiY3o3TGl5SXp3bjBoOFFoX0lyM3U5TlhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVsEMA0E
AgACMAcDBQAqA4hgMA0GCSqGSIb3DQEBCwUAA4IBAQBCrSSsIaCiaNufjLFXXwwW
YWYstv8oy/LSIR0DvKoxcbJkWXh3yJ76fh+bNYOxU+5b//gceJex9mDf13qNw/KY
vNrNZ5gYUhcRAtQr+DZ4/+LHCiD/p62cGur4OIykkx6VhR/zuUNzUneOlDhz7ip9
Jftxwf/Qg5E7zu8RAjuDBKTVVViGxZwh54MxwqpNTHrdcnZAeBXSu3vkLnbJn+kH
9/+QD8cOfbCImj3rDVBtIiWMt5zUCUpdXkPAEIX5xQWR0EyupnxCU7Jr1CA+fzZN
Ia02Pa1DTFS/iba1oUllvwteXbDW+5rDa6MJd5gUn28Z6WSy3uVxyBdV1gxf4IDw
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:55:08 2025 by rpki-client