Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/3YzdWC1-OHsCFDGBCk0z_qod-0o.roa
File: 3YzdWC1-OHsCFDGBCk0z_qod-0o.roa (raw, json)
Hash identifier: Wgcxaraf2JRbUtWXLyr7XM6X2sBAI7xWSstwb+lrQf4=
Subject key identifier: DD:8C:DD:58:2D:7E:38:7B:02:14:31:81:0A:4D:33:FE:AA:1D:FB:4A
Certificate issuer: /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial: 09A08A31
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/3YzdWC1-OHsCFDGBCk0z_qod-0o.roa
Signing time: Fri 18 Feb 2022 11:21:07 +0000
ROA not before: Fri 18 Feb 2022 11:21:07 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211975
IP address blocks: 86.38.151.0/24 maxlen: 24
84.46.171.0/24 maxlen: 24
89.117.118.0/24 maxlen: 24
89.117.124.0/24 maxlen: 24
89.116.168.0/24 maxlen: 24
89.117.136.0/24 maxlen: 24
89.117.38.0/24 maxlen: 24
86.38.7.0/24 maxlen: 24
89.116.96.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 161516081 (0x9a08a31)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Validity
Not Before: Feb 18 11:21:07 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dd8cdd582d7e387b021431810a4d33feaa1dfb4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:38:cf:f6:2b:8b:79:a8:1f:09:16:6c:a6:95:
a0:07:13:93:50:22:3d:0e:be:bf:2c:f1:5a:c0:8f:
93:47:dd:16:e2:ab:09:83:66:09:ad:60:b7:ef:16:
a2:1f:1b:e5:6e:0b:c0:73:98:90:65:a9:25:d2:3a:
2c:05:5d:1a:d8:da:20:6f:e0:84:00:50:8f:e2:d5:
30:b1:6f:95:11:8b:4a:71:e8:3c:9e:26:76:48:79:
cf:fe:fb:59:88:e4:d1:f3:dc:93:14:3a:51:2a:a7:
cc:35:7e:b2:d6:09:c0:5e:24:02:a2:59:09:42:53:
85:dc:0f:0e:ac:e8:d3:23:d1:71:65:94:05:f5:c9:
db:76:86:b4:32:cd:56:45:6c:f0:76:5d:a6:9e:c9:
95:6f:0d:54:ba:9d:1c:fa:ef:54:ea:8c:5c:66:94:
90:5d:66:9b:2a:82:d0:f1:59:6e:45:de:7f:d2:b5:
46:9d:96:13:b2:89:68:9c:b4:7e:b3:4b:05:48:78:
a8:d1:88:c5:be:fb:b1:9b:01:4a:37:14:b9:7e:5d:
ac:98:22:43:80:f7:d9:2e:49:9f:65:da:50:1a:d9:
9a:d4:b3:93:7e:0e:59:da:d5:c8:48:c3:2a:b0:c9:
30:95:80:4e:0e:51:17:4f:ff:c5:71:0b:50:4f:74:
d8:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:8C:DD:58:2D:7E:38:7B:02:14:31:81:0A:4D:33:FE:AA:1D:FB:4A
X509v3 Authority Key Identifier:
keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/3YzdWC1-OHsCFDGBCk0z_qod-0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.46.171.0/24
86.38.7.0/24
86.38.151.0/24
89.116.96.0/24
89.116.168.0/24
89.117.38.0/24
89.117.118.0/24
89.117.124.0/24
89.117.136.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:79:f2:42:6a:d0:c4:83:24:12:f3:69:42:ba:ad:00:67:58:
a8:95:cc:38:9a:73:72:e8:e5:13:e1:2f:f5:3e:d4:28:06:6c:
e6:b8:b5:21:5d:b9:8e:97:a5:31:a7:86:8f:05:da:a0:2c:ad:
a5:e5:18:3b:c7:24:08:f1:ba:66:53:a1:02:b9:97:7f:92:d2:
81:7f:16:ff:cc:9f:45:38:01:93:6d:81:7c:24:67:ac:e4:a6:
32:a3:ca:8b:64:3b:9d:84:81:1c:e3:7c:82:4f:49:69:d7:33:
ad:c2:f7:e8:cb:b8:2e:0f:f5:e1:14:40:a3:92:61:23:c5:14:
d5:bc:41:56:38:31:d2:72:32:6e:70:06:7f:2a:30:cc:ed:06:
80:03:a3:e6:83:26:b5:80:38:73:ad:2c:c5:7f:9e:a2:f2:ed:
0f:85:73:7e:97:a0:05:ed:a9:c6:eb:e5:81:df:42:80:0d:8d:
30:2e:c0:c5:c5:35:40:48:52:f8:09:75:30:41:f1:7b:94:8a:
97:d0:17:97:0d:a5:f9:68:14:85:ae:d9:11:74:47:58:93:70:
b5:d8:40:a3:62:e5:a2:2d:5a:6c:6f:42:7b:cc:8c:51:f1:49:
56:d5:10:56:6b:35:da:f0:bb:10:95:54:15:99:a3:c1:ff:e5:
04:b1:e9:ff
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIECaCKMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
NDY5ODU4NWU1ZWJkMTFjOTY5YzdlZDRhMzIwZWRhZmM5ZDE3ODIyMB4XDTIyMDIx
ODExMjEwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGQ4Y2RkNTgyZDdl
Mzg3YjAyMTQzMTgxMGE0ZDMzZmVhYTFkZmI0YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJg4z/Yri3moHwkWbKaVoAcTk1AiPQ6+vyzxWsCPk0fdFuKr
CYNmCa1gt+8Woh8b5W4LwHOYkGWpJdI6LAVdGtjaIG/ghABQj+LVMLFvlRGLSnHo
PJ4mdkh5z/77WYjk0fPckxQ6USqnzDV+stYJwF4kAqJZCUJThdwPDqzo0yPRcWWU
BfXJ23aGtDLNVkVs8HZdpp7JlW8NVLqdHPrvVOqMXGaUkF1mmyqC0PFZbkXef9K1
Rp2WE7KJaJy0frNLBUh4qNGIxb77sZsBSjcUuX5drJgiQ4D32S5Jn2XaUBrZmtSz
k34OWdrVyEjDKrDJMJWATg5RF0//xXELUE902OUCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBTdjN1YLX44ewIUMYEKTTP+qh37SjAfBgNVHSMEGDAWgBTEaYWF5evRHJac
ftSjIO2vydF4IjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3hHbUZoZVhyMFJ5V25IN1VveUR0cjhuUmVDSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvNTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8x
LzNZemRXQzEtT0hzQ0ZER0JDazB6X3FvZC0wby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
NTMxMGRhLTY4MjEtNDY3My05ZTk4LTlkNjAwMWY3OGE3MC8xL3hHbUZoZVhyMFJ5
V25IN1VveUR0cjhuUmVDSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAFQuqwMEAFYmBwMEAFYmlwMEAFl0
YAMEAFl0qAMEAFl1JgMEAFl1dgMEAFl1fAMEAFl1iDANBgkqhkiG9w0BAQsFAAOC
AQEAa3nyQmrQxIMkEvNpQrqtAGdYqJXMOJpzcujlE+Ev9T7UKAZs5ri1IV25jpel
MaeGjwXaoCytpeUYO8ckCPG6ZlOhArmXf5LSgX8W/8yfRTgBk22BfCRnrOSmMqPK
i2Q7nYSBHON8gk9JadczrcL36Mu4Lg/14RRAo5JhI8UU1bxBVjgx0nIybnAGfyow
zO0GgAOj5oMmtYA4c60sxX+eovLtD4VzfpegBe2pxuvlgd9CgA2NMC7AxcU1QEhS
+Al1MEHxe5SKl9AXlw2l+WgUha7ZEXRHWJNwtdhAo2Lloi1abG9Ce8yMUfFJVtUQ
Vms12vC7EJVUFZmjwf/lBLHp/w==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:24 2023 by rpki-client on console-fra.rpki-client.org