Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/015f44-0f4c-4714-8615-23b072f5b188/1/nviSdssjYgt-RNqWiJYwHvfb714.roa
File: nviSdssjYgt-RNqWiJYwHvfb714.roa (raw, json)
Hash identifier: TUtWEnN3ESUPBvwOVRZT7sbsv9Ui5ONzzmRezoJDX+o=
Subject key identifier: 9E:F8:92:76:CB:23:62:0B:7E:44:DA:96:88:96:30:1E:F7:DB:EF:5E
Certificate issuer: /CN=3adeea3b6aac4d834b4fd7c2e5d3c397f61f43d6
Certificate serial: 018570708A7F0AE454C5D39DE4FBF6231676
Authority key identifier: 3A:DE:EA:3B:6A:AC:4D:83:4B:4F:D7:C2:E5:D3:C3:97:F6:1F:43:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ot7qO2qsTYNLT9fC5dPDl_YfQ9Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/015f44-0f4c-4714-8615-23b072f5b188/1/nviSdssjYgt-RNqWiJYwHvfb714.roa
Signing time: Mon 02 Jan 2023 03:05:01 +0000
ROA not before: Mon 02 Jan 2023 03:05:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9009
IP address blocks: 91.108.216.0/22 maxlen: 22
91.108.220.0/22 maxlen: 22
91.108.204.0/22 maxlen: 22
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:70:8a:7f:0a:e4:54:c5:d3:9d:e4:fb:f6:23:16:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3adeea3b6aac4d834b4fd7c2e5d3c397f61f43d6
Validity
Not Before: Jan 2 03:05:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ef89276cb23620b7e44da968896301ef7dbef5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:e8:be:dd:c7:65:f7:9c:56:d9:f0:20:af:43:
c5:26:5a:b7:c7:96:8f:36:37:e6:a5:3f:dc:c4:41:
ff:db:cb:0a:0b:2f:a6:52:02:f7:0f:0b:90:60:4b:
ad:36:86:89:91:56:8a:92:cb:66:2a:42:1e:50:2c:
1b:77:35:09:45:59:bc:34:c0:05:42:12:c1:47:4d:
ab:d0:4d:59:51:a8:84:dd:7a:4e:ea:7b:65:a3:03:
34:5d:06:7a:3a:23:c5:05:38:07:56:ee:ec:96:dd:
b1:1d:a5:90:4d:ae:44:f3:9b:5f:84:3a:d3:c4:f3:
f3:64:7f:03:ea:7e:78:c5:cb:9c:db:28:de:9a:3c:
1c:c7:8d:5b:9a:b1:dc:9d:ca:97:a5:e1:11:c3:c0:
de:8f:05:82:5d:61:54:1e:ba:51:66:02:31:e5:d1:
57:e8:8b:00:0e:ee:56:12:15:5d:f9:29:70:17:9a:
b4:ae:8c:8a:7e:29:89:5b:a0:8d:8e:f6:01:17:ae:
50:43:00:b5:42:47:08:e5:c9:9a:5a:ba:30:75:52:
55:f6:98:3a:af:93:39:74:19:d9:1c:36:db:f6:c0:
d5:be:63:81:b6:cf:ec:a0:0f:a6:bd:7d:47:a7:aa:
b2:4d:03:82:7d:2d:9b:d0:24:89:e6:5e:4e:36:a5:
f0:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:F8:92:76:CB:23:62:0B:7E:44:DA:96:88:96:30:1E:F7:DB:EF:5E
X509v3 Authority Key Identifier:
keyid:3A:DE:EA:3B:6A:AC:4D:83:4B:4F:D7:C2:E5:D3:C3:97:F6:1F:43:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ot7qO2qsTYNLT9fC5dPDl_YfQ9Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/015f44-0f4c-4714-8615-23b072f5b188/1/nviSdssjYgt-RNqWiJYwHvfb714.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/015f44-0f4c-4714-8615-23b072f5b188/1/Ot7qO2qsTYNLT9fC5dPDl_YfQ9Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.204.0/22
91.108.216.0/21
Signature Algorithm: sha256WithRSAEncryption
af:77:f0:99:13:54:9a:bb:10:e2:ae:ca:a1:0b:f4:a0:95:5f:
25:ed:4c:2c:bf:5b:6f:7f:14:b8:9e:3f:71:02:e4:0d:c1:a4:
d5:e0:17:50:ee:ac:bd:aa:34:72:a0:f3:75:2c:af:fd:5c:3f:
ce:19:eb:6a:42:53:7b:aa:60:b1:49:64:b2:17:65:b9:7b:ba:
20:d4:ea:50:d3:69:0b:c7:0d:ed:35:80:8b:8d:4a:b7:61:b0:
76:b5:db:75:65:71:69:b8:3d:2a:d9:ef:b2:58:36:cf:d7:4c:
3f:71:52:df:cd:c1:60:40:95:33:64:aa:cf:f9:de:ea:e2:ce:
d9:fc:08:52:1d:5d:26:ca:af:52:49:5f:63:db:33:65:23:24:
00:cd:a7:e4:8d:af:13:11:b6:9e:bd:9a:92:95:a1:c0:45:32:
e0:18:7e:7b:da:3e:2a:32:ec:f3:b5:b7:3b:14:0e:fa:8d:c1:
75:13:8e:b8:83:ae:31:4f:5c:b2:cd:c0:d1:c9:e8:00:38:32:
82:af:9c:3d:81:54:24:e0:45:b4:36:44:91:4a:ac:79:b0:e4:
d1:5f:e4:45:0b:41:c1:40:01:92:a9:18:67:eb:f7:10:95:a6:
ca:aa:ae:3e:23:f7:f5:d2:4e:a3:f7:af:c0:4d:06:c3:7f:ad:
53:11:90:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwcIp/CuRUxdOd5Pv2IxZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGVlYTNiNmFhYzRkODM0YjRmZDdjMmU1ZDNjMzk3ZjYx
ZjQzZDYwHhcNMjMwMTAyMDMwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY4OTI3NmNiMjM2MjBiN2U0NGRhOTY4ODk2MzAxZWY3ZGJlZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+i+3cdl95xW2fAgr0PFJlq3x5aP
NjfmpT/cxEH/28sKCy+mUgL3DwuQYEutNoaJkVaKkstmKkIeUCwbdzUJRVm8NMAF
QhLBR02r0E1ZUaiE3XpO6ntlowM0XQZ6OiPFBTgHVu7slt2xHaWQTa5E85tfhDrT
xPPzZH8D6n54xcuc2yjemjwcx41bmrHcncqXpeERw8DejwWCXWFUHrpRZgIx5dFX
6IsADu5WEhVd+SlwF5q0royKfimJW6CNjvYBF65QQwC1QkcI5cmaWrowdVJV9pg6
r5M5dBnZHDbb9sDVvmOBts/soA+mvX1Hp6qyTQOCfS2b0CSJ5l5ONqXwwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ74knbLI2ILfkTaloiWMB732+9eMB8GA1UdIwQY
MBaAFDre6jtqrE2DS0/XwuXTw5f2H0PWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3Q3cU8ycXNUWU5MVDlmQzVkUERsX1lmUTlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8wMTVmNDQtMGY0Yy00NzE0LTg2MTUt
MjNiMDcyZjViMTg4LzEvbnZpU2Rzc2pZZ3QtUk5xV2lKWXdIdmZiNzE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8wMTVmNDQtMGY0Yy00NzE0LTg2MTUtMjNiMDcyZjViMTg4
LzEvT3Q3cU8ycXNUWU5MVDlmQzVkUERsX1lmUTlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW2zMAwQD
W2zYMA0GCSqGSIb3DQEBCwUAA4IBAQCvd/CZE1SauxDirsqhC/SglV8l7Uwsv1tv
fxS4nj9xAuQNwaTV4BdQ7qy9qjRyoPN1LK/9XD/OGetqQlN7qmCxSWSyF2W5e7og
1OpQ02kLxw3tNYCLjUq3YbB2tdt1ZXFpuD0q2e+yWDbP10w/cVLfzcFgQJUzZKrP
+d7q4s7Z/AhSHV0myq9SSV9j2zNlIyQAzafkja8TEbaevZqSlaHARTLgGH572j4q
Muzztbc7FA76jcF1E464g64xT1yyzcDRyegAODKCr5w9gVQk4EW0NkSRSqx5sOTR
X+RFC0HBQAGSqRhn6/cQlabKqq4+I/f10k6j96/ATQbDf61TEZDU
-----END CERTIFICATE-----
Generated at Mon Apr 21 01:24:12 2025 by rpki-client