Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/Kz3po1HxXV0o_QrY9XITSTFXVJI.roa
File: Kz3po1HxXV0o_QrY9XITSTFXVJI.roa (raw, json)
Hash identifier: VAFUPoAe7hllDMdDCgHvMZTasRHVjamq6QvBPj1A6Gs=
Subject key identifier: 2B:3D:E9:A3:51:F1:5D:5D:28:FD:0A:D8:F5:72:13:49:31:57:54:92
Certificate issuer: /CN=d9f90449509ebf9e3b0f42c1cdc22e3ef4007426
Certificate serial: 019425FC4C22A2DABA7E0D9E46E58A00C97B
Authority key identifier: D9:F9:04:49:50:9E:BF:9E:3B:0F:42:C1:CD:C2:2E:3E:F4:00:74:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2fkESVCev547D0LBzcIuPvQAdCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/Kz3po1HxXV0o_QrY9XITSTFXVJI.roa
Signing time: Thu 02 Jan 2025 07:47:59 +0000
ROA not before: Thu 02 Jan 2025 07:47:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206102
IP address blocks: 152.89.136.0/24 maxlen: 24
152.89.137.0/24 maxlen: 24
152.89.138.0/24 maxlen: 24
152.89.139.0/24 maxlen: 24
185.195.96.0/23 maxlen: 23
185.195.96.0/24 maxlen: 24
185.195.97.0/24 maxlen: 24
185.195.98.0/23 maxlen: 23
185.195.98.0/24 maxlen: 24
185.195.99.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:4c:22:a2:da:ba:7e:0d:9e:46:e5:8a:00:c9:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9f90449509ebf9e3b0f42c1cdc22e3ef4007426
Validity
Not Before: Jan 2 07:47:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b3de9a351f15d5d28fd0ad8f572134931575492
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:41:cf:92:3b:4a:8c:e4:51:3b:7a:b2:38:ab:
9d:42:b5:8b:1b:93:11:c9:10:66:02:ae:09:3e:3d:
0a:cc:57:39:50:ef:56:1e:a1:5d:04:f3:e8:e8:5c:
af:ee:19:e6:85:d6:d5:d8:82:0e:fd:a3:bf:1d:22:
03:36:39:5d:41:49:a2:8e:2d:ef:2d:29:d3:23:ad:
33:60:4d:84:63:7d:b0:1b:3e:4d:50:fa:e6:f5:c0:
e6:2f:12:3f:02:d0:9f:ec:40:f9:3c:08:37:b8:37:
14:fd:11:5c:a4:3a:8a:f8:43:13:0f:06:b1:f6:68:
70:c3:86:1d:2e:d9:e5:78:15:e3:6c:f8:14:90:c8:
3f:ce:13:29:4f:90:b3:a8:aa:6e:5b:8f:4c:d1:3a:
93:c4:d0:c9:a8:d6:62:2d:8e:fe:20:a8:ee:aa:f3:
7e:04:06:22:89:cb:ca:f4:a4:07:f3:ef:36:20:e1:
31:cf:5a:51:9b:a0:b2:8b:6b:c7:96:0b:21:37:b8:
ce:c0:1f:f9:cb:49:3d:ce:39:d6:38:19:c8:66:fa:
38:48:68:11:98:10:6c:54:8b:23:d6:89:48:c7:33:
1d:a3:3d:34:c3:9a:48:61:70:b7:4d:43:48:7f:48:
4e:42:75:5d:4f:41:e6:69:a2:cf:66:19:df:16:94:
73:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:3D:E9:A3:51:F1:5D:5D:28:FD:0A:D8:F5:72:13:49:31:57:54:92
X509v3 Authority Key Identifier:
keyid:D9:F9:04:49:50:9E:BF:9E:3B:0F:42:C1:CD:C2:2E:3E:F4:00:74:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fkESVCev547D0LBzcIuPvQAdCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/Kz3po1HxXV0o_QrY9XITSTFXVJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/2fkESVCev547D0LBzcIuPvQAdCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.136.0/22
185.195.96.0/22
Signature Algorithm: sha256WithRSAEncryption
57:2b:db:4d:a7:47:d5:6e:02:3c:5b:cd:5e:e3:44:e7:20:96:
05:e7:98:7f:8d:ab:6b:08:dd:e0:9d:2f:09:96:b3:d2:90:a2:
d4:1e:21:19:37:4f:11:bf:3c:e2:9a:09:7a:40:f5:14:2a:f5:
26:bf:aa:48:4c:af:01:eb:d9:63:af:19:2e:5f:55:45:44:f0:
07:9d:8b:ab:05:9c:be:78:5c:97:6d:44:2d:aa:f2:40:ca:15:
7e:a1:b2:1f:91:b1:88:c2:1a:ec:55:42:6c:34:df:a4:1c:dc:
f7:37:cc:25:3f:9e:a6:8e:d2:19:fa:2f:59:94:7c:5c:96:f1:
c3:39:51:09:ca:7b:f1:23:9d:94:d3:ba:23:ca:dc:bd:e1:11:
24:4e:57:80:16:fa:32:b5:a1:12:3c:76:b3:e9:8c:c3:a9:02:
e1:e9:75:57:1d:77:15:3d:59:9c:ef:62:82:99:0d:59:e6:10:
6d:91:f4:bc:9e:b6:5b:63:af:e9:73:aa:2d:e3:8e:e5:ed:04:
60:55:3a:74:78:28:60:8e:91:3d:23:5a:69:df:a6:03:c4:75:
20:07:2c:1e:65:81:1b:0a:b8:f2:65:83:a8:e3:7c:63:df:f2:
08:4e:76:08:67:23:78:77:aa:27:b8:b3:d9:74:5a:ef:93:9c:
b2:35:3b:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/Ewiotq6fg2eRuWKAMl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjkwNDQ5NTA5ZWJmOWUzYjBmNDJjMWNkYzIyZTNlZjQw
MDc0MjYwHhcNMjUwMTAyMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjNkZTlhMzUxZjE1ZDVkMjhmZDBhZDhmNTcyMTM0OTMxNTc1NDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkHPkjtKjORRO3qyOKudQrWLG5MR
yRBmAq4JPj0KzFc5UO9WHqFdBPPo6Fyv7hnmhdbV2IIO/aO/HSIDNjldQUmiji3v
LSnTI60zYE2EY32wGz5NUPrm9cDmLxI/AtCf7ED5PAg3uDcU/RFcpDqK+EMTDwax
9mhww4YdLtnleBXjbPgUkMg/zhMpT5CzqKpuW49M0TqTxNDJqNZiLY7+IKjuqvN+
BAYiicvK9KQH8+82IOExz1pRm6Cyi2vHlgshN7jOwB/5y0k9zjnWOBnIZvo4SGgR
mBBsVIsj1olIxzMdoz00w5pIYXC3TUNIf0hOQnVdT0HmaaLPZhnfFpRzBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCs96aNR8V1dKP0K2PVyE0kxV1SSMB8GA1UdIwQY
MBaAFNn5BElQnr+eOw9Cwc3CLj70AHQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZrRVNWQ2V2NTQ3RDBMQnpjSXVQdlFBZENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My85YzVjZWYtZDRlNC00NGUxLWFiZjUt
YmI0ODgyOGM5ZjA1LzEvS3ozcG8xSHhYVjBvX1FyWTlYSVRTVEZYVkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My85YzVjZWYtZDRlNC00NGUxLWFiZjUtYmI0ODgyOGM5ZjA1
LzEvMmZrRVNWQ2V2NTQ3RDBMQnpjSXVQdlFBZENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCmFmIAwQC
ucNgMA0GCSqGSIb3DQEBCwUAA4IBAQBXK9tNp0fVbgI8W81e40TnIJYF55h/jatr
CN3gnS8JlrPSkKLUHiEZN08Rvzzimgl6QPUUKvUmv6pITK8B69ljrxkuX1VFRPAH
nYurBZy+eFyXbUQtqvJAyhV+obIfkbGIwhrsVUJsNN+kHNz3N8wlP56mjtIZ+i9Z
lHxclvHDOVEJynvxI52U07ojyty94REkTleAFvoytaESPHaz6YzDqQLh6XVXHXcV
PVmc72KCmQ1Z5hBtkfS8nrZbY6/pc6ot447l7QRgVTp0eChgjpE9I1pp36YDxHUg
ByweZYEbCrjyZYOo43xj3/IITnYIZyN4d6onuLPZdFrvk5yyNTve
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:14:20 2025 by rpki-client