Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/R2zForXg41Xz6ZiOvoYxYCONTtc.roa
File: R2zForXg41Xz6ZiOvoYxYCONTtc.roa (raw, json)
Hash identifier: w6iKooFVAmcB+szcwr+F/c/HtbTWkbLs+qqPbY5EcAA=
Subject key identifier: 47:6C:C5:A2:B5:E0:E3:55:F3:E9:98:8E:BE:86:31:60:23:8D:4E:D7
Certificate issuer: /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial: 019421B1CE529715B21A50A286C119F4F271
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/R2zForXg41Xz6ZiOvoYxYCONTtc.roa
Signing time: Wed 01 Jan 2025 11:48:08 +0000
ROA not before: Wed 01 Jan 2025 11:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12301
IP address blocks: 84.1.236.0/24 maxlen: 24
84.2.54.0/24 maxlen: 24
195.228.4.0/24 maxlen: 24
195.228.112.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:ce:52:97:15:b2:1a:50:a2:86:c1:19:f4:f2:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Validity
Not Before: Jan 1 11:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=476cc5a2b5e0e355f3e9988ebe863160238d4ed7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:d9:f7:8e:c2:16:7d:da:0c:29:f0:74:30:a4:
df:40:82:64:48:ba:2f:31:3f:6d:a4:e8:e1:e4:0a:
a5:a5:7c:82:a7:bc:4e:48:23:31:07:2a:41:26:f7:
51:4c:88:a6:71:56:d0:1a:58:30:08:dd:65:5f:1f:
23:63:1d:23:30:40:b4:7c:e8:19:05:db:5c:ab:ff:
1d:02:9f:aa:f4:d5:7b:e2:39:2f:20:28:54:44:9d:
77:71:5c:3c:17:58:2b:d6:46:fa:76:78:6e:89:92:
f0:61:94:40:7d:84:dd:d7:5f:7a:ac:1d:8c:48:71:
e7:11:0f:99:9d:b7:4a:7e:1f:34:60:51:c4:ea:98:
7f:85:78:21:1b:85:f1:16:82:27:08:cb:83:25:78:
77:2e:e6:59:30:8f:04:dd:6e:b9:3a:b3:52:86:13:
41:a3:de:6f:43:28:75:8f:4b:32:8d:30:d5:76:1e:
b1:01:af:71:a9:84:80:20:8d:e5:3b:67:ee:9c:b7:
02:ab:64:29:66:70:f7:3e:77:40:81:74:4b:45:82:
b4:fd:d8:4d:e8:4b:d3:d5:30:73:58:e5:14:27:69:
d1:ec:9a:8e:e0:8f:98:49:82:c9:e0:64:77:75:36:
6a:22:a2:92:26:db:9c:c1:7a:09:c3:ae:51:a3:e1:
4a:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:6C:C5:A2:B5:E0:E3:55:F3:E9:98:8E:BE:86:31:60:23:8D:4E:D7
X509v3 Authority Key Identifier:
keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/R2zForXg41Xz6ZiOvoYxYCONTtc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.1.236.0/24
84.2.54.0/24
195.228.4.0/24
195.228.112.0/24
Signature Algorithm: sha256WithRSAEncryption
07:da:94:b9:90:a3:13:79:2a:17:e2:07:55:fe:8a:bb:42:e1:
5d:ac:b3:ab:49:38:51:f4:5c:c9:59:74:32:13:ab:6b:29:03:
92:56:27:14:17:da:b9:c4:59:32:bc:f6:c0:bd:f8:f8:c3:5e:
18:55:a5:3b:06:36:bc:70:85:84:89:a0:61:a3:1a:df:70:60:
e3:cd:56:c1:7a:70:03:82:59:fe:2c:37:e6:cb:a5:a4:14:d1:
07:37:1b:d2:74:ac:fc:46:43:a2:ef:15:9b:0a:24:cf:3b:a4:
fc:f7:59:60:91:d1:66:b6:33:19:1f:8b:dc:19:ec:11:5d:9f:
b3:f9:f7:66:cb:a3:18:f7:9f:41:7f:d0:dd:67:21:6d:26:40:
51:0a:e4:78:e0:0b:2c:a6:98:51:c7:a7:bf:b9:d5:7e:1f:47:
23:21:a1:da:ff:97:9b:2a:0f:c7:1b:17:06:a8:9e:0b:50:2b:
33:c3:fc:2a:78:9e:94:85:bd:32:8a:0d:fc:af:e8:6b:60:c8:
89:88:2d:e6:28:33:54:90:22:93:b6:ef:15:66:38:09:a7:ba:
90:b0:8f:9b:d9:dd:21:c7:ee:f8:9f:c6:c9:d5:0f:3e:8f:51:
d1:36:a5:ac:9e:16:55:ca:fe:a7:8e:15:cf:a4:15:69:83:21:
69:a5:e0:03
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhsc5SlxWyGlCihsEZ9PJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZjYzVhMmI1ZTBlMzU1ZjNlOTk4OGViZTg2MzE2MDIzOGQ0ZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9n3jsIWfdoMKfB0MKTfQIJkSLov
MT9tpOjh5AqlpXyCp7xOSCMxBypBJvdRTIimcVbQGlgwCN1lXx8jYx0jMEC0fOgZ
Bdtcq/8dAp+q9NV74jkvIChURJ13cVw8F1gr1kb6dnhuiZLwYZRAfYTd1196rB2M
SHHnEQ+ZnbdKfh80YFHE6ph/hXghG4XxFoInCMuDJXh3LuZZMI8E3W65OrNShhNB
o95vQyh1j0syjTDVdh6xAa9xqYSAII3lO2funLcCq2QpZnD3PndAgXRLRYK0/dhN
6EvT1TBzWOUUJ2nR7JqO4I+YSYLJ4GR3dTZqIqKSJtucwXoJw65Ro+FKcwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEdsxaK14ONV8+mYjr6GMWAjjU7XMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvUjJ6Rm9yWGc0MVh6NlppT3ZvWXhZQ09OVHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVAHsAwQA
VAI2AwQAw+QEAwQAw+RwMA0GCSqGSIb3DQEBCwUAA4IBAQAH2pS5kKMTeSoX4gdV
/oq7QuFdrLOrSThR9FzJWXQyE6trKQOSVicUF9q5xFkyvPbAvfj4w14YVaU7Bja8
cIWEiaBhoxrfcGDjzVbBenADgln+LDfmy6WkFNEHNxvSdKz8RkOi7xWbCiTPO6T8
91lgkdFmtjMZH4vcGewRXZ+z+fdmy6MY959Bf9DdZyFtJkBRCuR44AsspphRx6e/
udV+H0cjIaHa/5ebKg/HGxcGqJ4LUCszw/wqeJ6Uhb0yig38r+hrYMiJiC3mKDNU
kCKTtu8VZjgJp7qQsI+b2d0hx+74n8bJ1Q8+j1HRNqWsnhZVyv6njhXPpBVpgyFp
peAD
-----END CERTIFICATE-----
Generated at Tue Apr 8 03:53:12 2025 by rpki-client