Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/PYq1HAQzPx7M7fdPhklvX0GStbk.roa
File: PYq1HAQzPx7M7fdPhklvX0GStbk.roa (raw, json)
Hash identifier: HQ1rnmgYkh6S7nDcm+R94ykQLYw/alLJJRY1NxJAQWs=
Subject key identifier: 3D:8A:B5:1C:04:33:3F:1E:CC:ED:F7:4F:86:49:6F:5F:41:92:B5:B9
Certificate issuer: /CN=3728f29cd37d775cd64b225205c3833c3e44d661
Certificate serial: 01942369CF851BA237D33DDF418D261B1341
Authority key identifier: 37:28:F2:9C:D3:7D:77:5C:D6:4B:22:52:05:C3:83:3C:3E:44:D6:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NyjynNN9d1zWSyJSBcODPD5E1mE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/PYq1HAQzPx7M7fdPhklvX0GStbk.roa
Signing time: Wed 01 Jan 2025 19:48:44 +0000
ROA not before: Wed 01 Jan 2025 19:48:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25220
IP address blocks: 91.220.148.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:cf:85:1b:a2:37:d3:3d:df:41:8d:26:1b:13:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3728f29cd37d775cd64b225205c3833c3e44d661
Validity
Not Before: Jan 1 19:48:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3d8ab51c04333f1eccedf74f86496f5f4192b5b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ca:d2:c1:9a:96:27:44:0a:a7:26:97:18:13:
00:c3:5e:4e:26:31:9b:54:3c:ec:f2:71:ed:bb:59:
96:27:b0:77:de:33:56:f9:5f:7e:45:58:15:27:98:
60:4a:27:cf:11:3f:a3:c4:88:83:cd:20:c6:d1:a7:
89:c8:44:a4:cb:30:d5:e2:54:22:72:03:90:a4:f4:
70:2c:aa:b7:9d:ff:7c:95:c2:6b:72:73:9a:e7:e1:
60:1a:c1:73:96:d3:8a:c1:25:c7:82:66:65:c0:68:
03:e6:d7:e5:2d:4f:5e:56:15:a2:26:91:32:f1:ec:
15:9f:8e:5c:8a:ba:7b:4d:e2:88:7b:ce:10:66:7f:
29:1c:e7:95:b4:94:8f:86:1e:01:cd:e5:df:77:16:
cb:d9:46:da:00:f7:75:5c:9f:36:df:ba:a9:ff:a7:
d7:31:69:74:dd:5f:94:26:31:3e:b1:e9:eb:6b:2f:
72:36:39:39:45:de:c6:e9:0f:2c:a7:d6:a5:ef:a1:
c6:c4:a7:ee:bd:60:af:e5:58:4b:6d:c8:44:2b:6b:
69:cb:be:39:ec:c9:72:b8:32:28:dd:95:10:04:96:
be:cf:ab:8a:47:e3:83:b7:99:b4:ff:22:bf:ef:40:
c0:e7:e9:5b:4a:1e:db:5d:ad:6b:bf:58:c3:e4:9f:
e1:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:8A:B5:1C:04:33:3F:1E:CC:ED:F7:4F:86:49:6F:5F:41:92:B5:B9
X509v3 Authority Key Identifier:
keyid:37:28:F2:9C:D3:7D:77:5C:D6:4B:22:52:05:C3:83:3C:3E:44:D6:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyjynNN9d1zWSyJSBcODPD5E1mE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/PYq1HAQzPx7M7fdPhklvX0GStbk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12dfdd-b06b-4937-b8e8-13817fdbec04/1/NyjynNN9d1zWSyJSBcODPD5E1mE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.220.148.0/24
Signature Algorithm: sha256WithRSAEncryption
09:4f:bb:34:a5:dd:8a:3d:f6:7b:45:a9:c8:e3:3e:a6:77:b3:
31:30:a1:bf:06:bc:cb:42:82:38:25:ee:84:3c:f3:ac:3f:aa:
79:f6:cc:36:2a:a5:e4:5d:c8:ca:07:66:bf:a7:9e:4b:d5:9d:
cc:d8:e7:34:dd:93:a4:6c:a7:7f:fc:73:33:cf:a4:f4:d2:d2:
b1:df:a2:26:0c:24:aa:f7:f1:f0:2c:26:06:de:8a:97:41:54:
83:21:9a:36:ca:b7:77:ab:88:f0:a2:34:ee:ed:3d:7a:6d:ee:
8b:6d:47:86:4e:7e:35:97:df:f2:da:c3:92:f3:39:f2:60:2b:
cc:c6:5b:87:5c:7c:e6:27:ce:47:ce:53:ca:e5:fb:4e:a3:a2:
31:e3:f0:d0:00:41:fa:4c:79:e4:40:11:f1:49:4a:d9:fe:46:
06:40:32:81:7c:be:0a:9f:d5:db:d9:02:12:74:82:02:79:e0:
9a:8e:a2:5d:bb:80:fe:bf:5e:94:97:2f:f7:fe:33:ee:86:75:
a1:5b:56:e8:36:f2:01:fd:f2:3f:69:ba:93:20:47:a6:ae:c7:
3c:b6:a2:61:d3:5e:b6:3d:16:60:0e:06:3b:9d:4c:91:e5:5a:
64:be:44:97:4c:f5:10:6e:c8:00:3c:6c:04:aa:4a:32:0d:11:
36:3b:23:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjac+FG6I30z3fQY0mGxNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MjhmMjljZDM3ZDc3NWNkNjRiMjI1MjA1YzM4MzNjM2U0
NGQ2NjEwHhcNMjUwMTAxMTk0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhhYjUxYzA0MzMzZjFlY2NlZGY3NGY4NjQ5NmY1ZjQxOTJiNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcrSwZqWJ0QKpyaXGBMAw15OJjGb
VDzs8nHtu1mWJ7B33jNW+V9+RVgVJ5hgSifPET+jxIiDzSDG0aeJyESkyzDV4lQi
cgOQpPRwLKq3nf98lcJrcnOa5+FgGsFzltOKwSXHgmZlwGgD5tflLU9eVhWiJpEy
8ewVn45cirp7TeKIe84QZn8pHOeVtJSPhh4BzeXfdxbL2UbaAPd1XJ8237qp/6fX
MWl03V+UJjE+senray9yNjk5Rd7G6Q8sp9al76HGxKfuvWCv5VhLbchEK2tpy745
7MlyuDIo3ZUQBJa+z6uKR+ODt5m0/yK/70DA5+lbSh7bXa1rv1jD5J/hqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2KtRwEMz8ezO33T4ZJb19BkrW5MB8GA1UdIwQY
MBaAFDco8pzTfXdc1ksiUgXDgzw+RNZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlqeW5OTjlkMXpXU3lKU0JjT0RQRDVFMW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMmRmZGQtYjA2Yi00OTM3LWI4ZTgt
MTM4MTdmZGJlYzA0LzEvUFlxMUhBUXpQeDdNN2ZkUGhrbHZYMEdTdGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMmRmZGQtYjA2Yi00OTM3LWI4ZTgtMTM4MTdmZGJlYzA0
LzEvTnlqeW5OTjlkMXpXU3lKU0JjT0RQRDVFMW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yUMA0G
CSqGSIb3DQEBCwUAA4IBAQAJT7s0pd2KPfZ7RanI4z6md7MxMKG/BrzLQoI4Je6E
PPOsP6p59sw2KqXkXcjKB2a/p55L1Z3M2Oc03ZOkbKd//HMzz6T00tKx36ImDCSq
9/HwLCYG3oqXQVSDIZo2yrd3q4jwojTu7T16be6LbUeGTn41l9/y2sOS8znyYCvM
xluHXHzmJ85HzlPK5ftOo6Ix4/DQAEH6THnkQBHxSUrZ/kYGQDKBfL4Kn9Xb2QIS
dIICeeCajqJdu4D+v16Uly/3/jPuhnWhW1boNvIB/fI/abqTIEemrsc8tqJh0162
PRZgDgY7nUyR5VpkvkSXTPUQbsgAPGwEqkoyDRE2OyOO
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:48:02 2025 by rpki-client