Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1-sHKT_emMPKn6ppMHhNfZKHNrLg.roa
File: 1-sHKT_emMPKn6ppMHhNfZKHNrLg.roa (raw, json)
Hash identifier: aGSdjSm1K2zdkxGvsABE+Phgeo7PCnwN3lan4Up11tQ=
Subject key identifier: FA:C1:CA:4F:F7:A6:30:F2:A7:EA:9A:4C:1E:13:5F:64:A1:CD:AC:B8
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 019423D6BB8D992B142BCE4663F10C9AFBE2
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1-sHKT_emMPKn6ppMHhNfZKHNrLg.roa
Signing time: Wed 01 Jan 2025 21:47:42 +0000
ROA not before: Wed 01 Jan 2025 21:47:42 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39345
IP address blocks: 89.34.24.0/23 maxlen: 23
188.214.88.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:bb:8d:99:2b:14:2b:ce:46:63:f1:0c:9a:fb:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Jan 1 21:47:42 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fac1ca4ff7a630f2a7ea9a4c1e135f64a1cdacb8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:ff:98:3d:55:cf:fe:8d:85:15:23:42:c3:02:
5b:b3:69:98:74:b1:86:b3:95:88:fd:15:04:98:5e:
e4:9b:0d:76:bc:77:4d:09:1a:95:5f:b1:b4:02:f1:
6d:e2:9c:7a:cc:5f:09:ca:f7:97:0f:ee:18:3e:61:
f4:d9:c0:33:8c:6a:d8:7d:4c:81:f9:43:e1:0d:bf:
a5:4b:eb:a7:eb:4f:15:27:9d:46:d9:71:8e:c2:09:
73:a6:be:56:31:6d:3d:24:01:77:6f:88:1a:48:90:
9d:0d:73:7b:6b:ed:d1:f4:58:e4:4b:dd:1c:13:7d:
d1:07:eb:7d:2d:e0:ba:a3:2f:8d:57:3b:74:5c:03:
75:ba:d8:5d:74:5d:a4:91:36:f1:7c:b3:9e:a0:95:
45:71:28:9f:d9:89:90:ff:bd:41:90:e0:c6:03:c0:
db:82:8a:a3:1b:e9:6f:27:ba:cb:5f:38:cc:05:cf:
46:9e:7a:c9:f4:0b:7c:77:b7:92:52:30:6f:76:1f:
63:50:a8:8c:a0:ad:fd:2f:37:d7:4d:1d:b9:9c:c5:
ee:ee:e1:2c:6b:5d:9c:34:30:63:bf:7f:4c:5c:7c:
3f:c1:6e:2f:c8:22:dd:bb:90:65:f1:61:1d:e6:4c:
eb:ba:4c:23:14:1c:79:1c:30:dc:bd:c2:6a:49:a0:
1e:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:C1:CA:4F:F7:A6:30:F2:A7:EA:9A:4C:1E:13:5F:64:A1:CD:AC:B8
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/1-sHKT_emMPKn6ppMHhNfZKHNrLg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.24.0/23
188.214.88.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:de:a0:a6:55:ab:4a:36:8c:72:1f:c1:fe:74:19:45:cf:b5:
0e:64:f3:fb:1d:76:68:87:45:95:93:6c:80:27:e0:cc:9a:f4:
6c:cc:84:2d:46:cf:14:23:c9:0e:96:2d:7d:8e:c4:4f:4b:ee:
43:50:ee:d2:aa:ca:be:12:17:e2:3c:4d:d2:0a:ad:ea:f8:3f:
37:2e:dc:8e:b3:77:11:6f:a2:c0:8a:16:5c:d3:06:47:00:fd:
71:a7:cb:cf:8b:1c:d2:e2:e9:5c:f0:8c:43:03:0c:50:b8:ce:
a8:16:23:cf:a0:24:77:f4:6f:40:a9:4a:3d:41:4e:49:7f:f4:
f0:81:79:e5:00:3a:30:f9:5d:a4:0c:bd:3a:d2:99:36:09:cd:
41:fe:fe:13:71:ae:e8:bb:41:b3:b9:fd:20:ae:ab:1c:4d:d6:
a1:ca:d8:fc:42:f5:4a:47:03:a3:33:f1:ab:b2:e8:5a:83:20:
0e:ea:e0:5d:ae:fa:c7:30:74:55:ff:d6:ec:61:53:7d:41:a8:
6d:0a:54:45:08:b0:63:f9:6f:a6:d8:25:a0:b1:80:63:cd:22:
35:39:09:9b:de:52:77:36:ee:6d:bc:91:ce:9f:6e:d5:3b:20:
8f:67:5f:a4:92:31:b5:8e:d7:1d:b8:d5:4d:62:c1:6f:cb:3a:
11:b2:72:50
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQj1ruNmSsUK85GY/EMmvviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjUwMTAxMjE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWMxY2E0ZmY3YTYzMGYyYTdlYTlhNGMxZTEzNWY2NGExY2RhY2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1f+YPVXP/o2FFSNCwwJbs2mYdLGG
s5WI/RUEmF7kmw12vHdNCRqVX7G0AvFt4px6zF8JyveXD+4YPmH02cAzjGrYfUyB
+UPhDb+lS+un608VJ51G2XGOwglzpr5WMW09JAF3b4gaSJCdDXN7a+3R9FjkS90c
E33RB+t9LeC6oy+NVzt0XAN1uthddF2kkTbxfLOeoJVFcSif2YmQ/71BkODGA8Db
goqjG+lvJ7rLXzjMBc9GnnrJ9At8d7eSUjBvdh9jUKiMoK39LzfXTR25nMXu7uEs
a12cNDBjv39MXHw/wW4vyCLdu5Bl8WEd5kzrukwjFBx5HDDcvcJqSaAe6QIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPrByk/3pjDyp+qaTB4TX2Shzay4MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMS1zSEtUX2VtTVBLbjZwcE1IaE5mWktITnJMZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWIvODRlYjQ0LWJiZGYtNDZjMS1iMDQzLWI0MmYyM2Q4Mjhj
My8xLzhkUnVEajZNcXE3VXBTbTlmWE1JdlI3d0hCMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAVkiGAME
ALzWWDANBgkqhkiG9w0BAQsFAAOCAQEADt6gplWrSjaMch/B/nQZRc+1DmTz+x12
aIdFlZNsgCfgzJr0bMyELUbPFCPJDpYtfY7ET0vuQ1Du0qrKvhIX4jxN0gqt6vg/
Ny7cjrN3EW+iwIoWXNMGRwD9cafLz4sc0uLpXPCMQwMMULjOqBYjz6Akd/RvQKlK
PUFOSX/08IF55QA6MPldpAy9OtKZNgnNQf7+E3Gu6LtBs7n9IK6rHE3WocrY/EL1
SkcDozPxq7LoWoMgDurgXa76xzB0Vf/W7GFTfUGobQpURQiwY/lvptgloLGAY80i
NTkJm95SdzbubbyRzp9u1Tsgj2dfpJIxtY7XHbjVTWLBb8s6EbJyUA==
-----END CERTIFICATE-----
Generated at Sun Apr 6 04:46:41 2025 by rpki-client