Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/kSIH-t1YlaXWMTafK3y9G8k2BtE.roa
File: kSIH-t1YlaXWMTafK3y9G8k2BtE.roa (raw, json)
Hash identifier: u8I0qLPnotq4HtUH8xPoZUCuSzCQZnlgK1v3TzivBbU=
Subject key identifier: 91:22:07:FA:DD:58:95:A5:D6:31:36:9F:2B:7C:BD:1B:C9:36:06:D1
Certificate issuer: /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial: 019498D867CAF71C1FA23E6BF47A8908EB1A
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/kSIH-t1YlaXWMTafK3y9G8k2BtE.roa
Signing time: Fri 24 Jan 2025 15:05:06 +0000
ROA not before: Fri 24 Jan 2025 15:05:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212238
IP address blocks: 86.104.0.0/24 maxlen: 24
86.104.1.0/24 maxlen: 24
188.208.109.0/24 maxlen: 24
188.214.94.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:98:d8:67:ca:f7:1c:1f:a2:3e:6b:f4:7a:89:08:eb:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
Validity
Not Before: Jan 24 15:05:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=912207fadd5895a5d631369f2b7cbd1bc93606d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:38:87:49:1c:22:45:50:ba:3f:5d:cf:7a:f9:
3c:d7:67:a3:f8:16:89:60:01:20:d8:93:16:3a:84:
5d:68:f4:0b:b0:1c:d0:29:1d:9c:45:80:05:97:20:
9f:08:a5:5d:4d:25:25:98:90:8b:c1:ea:dc:c5:fd:
97:9c:82:14:cf:50:a9:fd:6e:66:a6:c8:d7:8e:08:
00:31:0a:84:8b:b9:55:7d:18:6a:34:ed:1a:ce:3e:
b3:0b:d1:b4:c6:21:6e:1f:d8:9d:5e:13:6f:93:dd:
0b:5d:0d:c2:d4:b4:d9:81:b9:60:ae:25:b3:5e:99:
31:1e:06:6b:6c:0c:89:4f:a8:c5:92:85:ec:73:a1:
ea:a4:60:8c:f9:9a:96:10:91:5f:03:2f:43:43:e7:
39:90:ff:e7:18:79:04:77:4a:2b:33:e7:02:ca:06:
b7:45:f8:9d:d6:a7:ac:c1:7e:d7:0b:cf:09:af:9e:
b0:d4:29:d3:ce:0c:1b:cc:95:61:93:69:58:9e:2b:
2a:83:ee:53:a1:91:28:f8:9e:31:a7:25:51:b1:a9:
8c:ed:65:ee:6b:f9:c2:08:be:0d:ec:50:97:7e:cc:
80:da:a5:29:f5:2e:b6:f3:f9:96:5b:0c:4b:f8:08:
0c:d7:a3:b2:38:b4:6a:73:19:fb:29:42:d7:94:b3:
18:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:22:07:FA:DD:58:95:A5:D6:31:36:9F:2B:7C:BD:1B:C9:36:06:D1
X509v3 Authority Key Identifier:
keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/kSIH-t1YlaXWMTafK3y9G8k2BtE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.104.0.0/23
188.208.109.0/24
188.214.94.0/24
Signature Algorithm: sha256WithRSAEncryption
44:c0:e7:1c:4b:a1:1e:59:f7:4c:48:42:e7:af:f1:90:fb:dd:
5b:f2:87:6f:3a:e5:45:04:b4:3e:bd:34:80:4c:0f:1b:14:3f:
7f:7c:75:a0:5b:7b:0a:4d:3a:df:d7:21:02:1b:ce:97:69:2b:
45:8c:64:44:9d:b0:66:57:c6:52:96:7a:ad:63:97:df:fd:3e:
69:ac:85:bf:b5:d7:6c:19:15:9c:34:a5:ab:aa:6f:f4:5d:99:
8b:5e:5f:e0:9a:a0:6f:d3:f8:18:09:91:9f:9e:68:03:ee:92:
00:c8:42:2d:dc:be:f8:0c:8b:20:fa:24:a2:22:ab:32:e2:90:
d9:0d:ac:a5:4d:6d:86:e7:6b:37:20:00:4e:2e:fd:0d:c8:16:
5f:dd:30:cf:07:8a:b5:7d:05:03:fb:04:58:bc:95:09:fa:cb:
c7:3a:a2:42:b6:00:5a:f4:11:01:11:d1:0b:b4:ff:a2:bb:cd:
05:3a:d9:2b:b4:c7:be:57:e6:b0:b2:7e:1b:33:21:1f:08:45:
42:20:f6:71:ad:ad:9f:bb:b6:a7:59:4e:cc:42:e5:0a:91:88:
03:a5:9c:ea:af:ae:e8:e6:9d:c6:84:88:44:11:55:1b:1d:f5:
0f:9c:07:62:4f:a7:da:ad:86:c7:c3:2d:26:2c:13:f2:c8:58:
06:f9:f0:1c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZSY2GfK9xwfoj5r9HqJCOsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjUwMTI0MTUwNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTIyMDdmYWRkNTg5NWE1ZDYzMTM2OWYyYjdjYmQxYmM5MzYwNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjiHSRwiRVC6P13Pevk812ej+BaJ
YAEg2JMWOoRdaPQLsBzQKR2cRYAFlyCfCKVdTSUlmJCLwercxf2XnIIUz1Cp/W5m
psjXjggAMQqEi7lVfRhqNO0azj6zC9G0xiFuH9idXhNvk90LXQ3C1LTZgblgriWz
XpkxHgZrbAyJT6jFkoXsc6HqpGCM+ZqWEJFfAy9DQ+c5kP/nGHkEd0orM+cCyga3
Rfid1qeswX7XC88Jr56w1CnTzgwbzJVhk2lYnisqg+5ToZEo+J4xpyVRsamM7WXu
a/nCCL4N7FCXfsyA2qUp9S628/mWWwxL+AgM16OyOLRqcxn7KULXlLMY1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJEiB/rdWJWl1jE2nyt8vRvJNgbRMB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEva1NJSC10MVlsYVhXTVRhZkszeTlHOGsyQnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVmgAAwQA
vNBtAwQAvNZeMA0GCSqGSIb3DQEBCwUAA4IBAQBEwOccS6EeWfdMSELnr/GQ+91b
8odvOuVFBLQ+vTSATA8bFD9/fHWgW3sKTTrf1yECG86XaStFjGREnbBmV8ZSlnqt
Y5ff/T5prIW/tddsGRWcNKWrqm/0XZmLXl/gmqBv0/gYCZGfnmgD7pIAyEIt3L74
DIsg+iSiIqsy4pDZDaylTW2G52s3IABOLv0NyBZf3TDPB4q1fQUD+wRYvJUJ+svH
OqJCtgBa9BEBEdELtP+iu80FOtkrtMe+V+awsn4bMyEfCEVCIPZxra2fu7anWU7M
QuUKkYgDpZzqr67o5p3GhIhEEVUbHfUPnAdiT6farYbHwy0mLBPyyFgG+fAc
-----END CERTIFICATE-----
Generated at Sat Apr 5 13:14:59 2025 by rpki-client