Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/kbNG0b_tgWMH1PBXxDKxyn_zuLQ.roa
File: kbNG0b_tgWMH1PBXxDKxyn_zuLQ.roa (raw, json)
Hash identifier: l1rsSeZi10vRR4lkxEDhexnH40xelfWzw/ZsIq4UzKM=
Subject key identifier: 91:B3:46:D1:BF:ED:81:63:07:D4:F0:57:C4:32:B1:CA:7F:F3:B8:B4
Certificate issuer: /CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Certificate serial: 01831C2B4D9FA369976ACEACE4713F33FDA5
Authority key identifier: C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/kbNG0b_tgWMH1PBXxDKxyn_zuLQ.roa
Signing time: Thu 08 Sep 2022 08:15:43 +0000
ROA not before: Thu 08 Sep 2022 08:15:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 49999
IP address blocks: 89.117.72.0/21 maxlen: 24
89.116.123.0/24 maxlen: 24
89.117.88.0/22 maxlen: 24
89.116.250.0/24 maxlen: 24
89.117.112.0/22 maxlen: 24
89.117.120.0/22 maxlen: 24
89.116.76.0/24 maxlen: 24
89.116.186.0/24 maxlen: 24
86.38.216.0/22 maxlen: 24
89.116.91.0/24 maxlen: 24
89.116.212.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:1c:2b:4d:9f:a3:69:97:6a:ce:ac:e4:71:3f:33:fd:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4698585e5ebd11c969c7ed4a320edafc9d17822
Validity
Not Before: Sep 8 08:15:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=91b346d1bfed816307d4f057c432b1ca7ff3b8b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:c9:6d:26:3f:bd:7f:9c:a2:e8:c2:76:12:68:
70:5b:55:6f:d2:ce:f3:1e:dc:f1:d7:57:71:41:d2:
65:d1:36:be:b3:28:b4:c7:68:bb:8d:40:10:b5:91:
4d:d2:03:b4:22:a5:c1:b1:9e:00:c5:82:5f:bd:1d:
8c:b8:fb:bd:15:e9:9e:ac:12:ce:41:06:84:66:84:
85:fc:bc:2d:ca:09:ff:eb:ce:c2:97:de:44:69:35:
10:40:9f:92:f9:34:25:f8:42:51:33:27:f9:33:44:
b1:ca:83:29:8b:11:72:5a:0a:36:4b:b7:71:2f:65:
6b:35:64:b6:85:76:3a:72:ed:6b:a3:5c:bf:24:9e:
f4:bc:d5:d9:9e:d4:ff:e1:ce:79:c9:48:5b:2d:04:
bf:23:a7:4d:32:b3:df:b0:19:0c:56:a6:07:53:e3:
7c:e3:3c:54:bd:39:ad:d3:96:52:6c:54:c8:22:bb:
61:62:b6:ae:0e:62:f4:d3:cb:e8:54:79:fe:c4:b7:
58:67:61:50:ed:99:cf:00:64:2c:c9:ea:1d:ae:70:
d7:e8:15:2d:df:8e:0c:1a:ea:a5:e8:04:84:5e:f7:
6e:3a:99:a1:2c:0e:ca:81:53:4d:84:96:9c:1d:e3:
dc:2f:a8:27:8f:3c:31:34:2e:f5:a8:8b:e7:c4:c3:
d6:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:B3:46:D1:BF:ED:81:63:07:D4:F0:57:C4:32:B1:CA:7F:F3:B8:B4
X509v3 Authority Key Identifier:
keyid:C4:69:85:85:E5:EB:D1:1C:96:9C:7E:D4:A3:20:ED:AF:C9:D1:78:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xGmFheXr0RyWnH7UoyDtr8nReCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/kbNG0b_tgWMH1PBXxDKxyn_zuLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/5310da-6821-4673-9e98-9d6001f78a70/1/xGmFheXr0RyWnH7UoyDtr8nReCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.216.0/22
89.116.76.0/24
89.116.91.0/24
89.116.123.0/24
89.116.186.0/24
89.116.212.0/22
89.116.250.0/24
89.117.72.0/21
89.117.88.0/22
89.117.112.0/22
89.117.120.0/22
Signature Algorithm: sha256WithRSAEncryption
37:4e:b7:f2:f1:5f:0b:a5:b7:ac:d9:ae:8e:0a:24:25:7a:42:
6e:f6:b7:81:6f:85:2c:0e:cc:69:95:d2:63:a2:7f:29:c4:4b:
ae:a5:79:25:53:4a:27:38:47:24:5b:b6:bd:0b:e3:33:3d:23:
54:70:cd:91:ac:33:63:d4:d1:c7:fc:5f:7d:df:fd:58:e7:c6:
39:90:1c:0d:77:7b:c5:ac:00:41:e9:0f:de:48:74:1c:c1:05:
f9:c7:c6:a9:b2:4b:92:e5:b1:0b:24:88:b6:5b:a7:7b:41:9a:
23:1e:48:5a:55:74:b7:4d:f5:fb:19:fc:94:96:7a:11:91:8c:
c3:45:48:23:d3:b2:16:13:25:ac:fa:d5:12:c9:2f:f9:a1:2d:
76:1b:3d:da:ce:ba:2f:05:9b:97:76:97:5f:dc:3c:57:79:e3:
47:f7:ab:da:16:cd:8d:33:fe:71:78:2b:1f:54:c3:7b:dd:9e:
eb:25:0d:c7:5c:32:31:f3:ee:0e:2e:60:ae:25:96:89:cb:92:
df:5e:36:5c:fd:5b:9a:de:56:70:ab:0e:50:07:2e:0f:25:98:
7f:3d:9d:19:d5:06:6a:a3:f2:5e:bd:06:0e:4c:e3:93:73:3b:
09:ae:b0:2f:48:36:7a:64:9a:82:14:c2:33:a0:b7:6b:a5:e0:
82:eb:fb:29
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYMcK02fo2mXas6s5HE/M/2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0Njk4NTg1ZTVlYmQxMWM5NjljN2VkNGEzMjBlZGFmYzlk
MTc4MjIwHhcNMjIwOTA4MDgxNTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWIzNDZkMWJmZWQ4MTYzMDdkNGYwNTdjNDMyYjFjYTdmZjNiOGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncltJj+9f5yi6MJ2EmhwW1Vv0s7z
Htzx11dxQdJl0Ta+syi0x2i7jUAQtZFN0gO0IqXBsZ4AxYJfvR2MuPu9FemerBLO
QQaEZoSF/Lwtygn/687Cl95EaTUQQJ+S+TQl+EJRMyf5M0SxyoMpixFyWgo2S7dx
L2VrNWS2hXY6cu1ro1y/JJ70vNXZntT/4c55yUhbLQS/I6dNMrPfsBkMVqYHU+N8
4zxUvTmt05ZSbFTIIrthYrauDmL008voVHn+xLdYZ2FQ7ZnPAGQsyeodrnDX6BUt
344MGuql6ASEXvduOpmhLA7KgVNNhJacHePcL6gnjzwxNC71qIvnxMPWNwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFJGzRtG/7YFjB9TwV8Qyscp/87i0MB8GA1UdIwQY
MBaAFMRphYXl69Eclpx+1KMg7a/J0XgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgt
OWQ2MDAxZjc4YTcwLzEva2JORzBiX3RnV01IMVBCWHhES3h5bl96dUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS81MzEwZGEtNjgyMS00NjczLTllOTgtOWQ2MDAxZjc4YTcw
LzEveEdtRmhlWHIwUnlXbkg3VW95RHRyOG5SZUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQCVibYAwQA
WXRMAwQAWXRbAwQAWXR7AwQAWXS6AwQCWXTUAwQAWXT6AwQDWXVIAwQCWXVYAwQC
WXVwAwQCWXV4MA0GCSqGSIb3DQEBCwUAA4IBAQA3Trfy8V8Lpbes2a6OCiQlekJu
9reBb4UsDsxpldJjon8pxEuupXklU0onOEckW7a9C+MzPSNUcM2RrDNj1NHH/F99
3/1Y58Y5kBwNd3vFrABB6Q/eSHQcwQX5x8apskuS5bELJIi2W6d7QZojHkhaVXS3
TfX7GfyUlnoRkYzDRUgj07IWEyWs+tUSyS/5oS12Gz3azrovBZuXdpdf3DxXeeNH
96vaFs2NM/5xeCsfVMN73Z7rJQ3HXDIx8+4OLmCuJZaJy5LfXjZc/Vua3lZwqw5Q
By4PJZh/PZ0Z1QZqo/JevQYOTOOTczsJrrAvSDZ6ZJqCFMIzoLdrpeCC6/sp
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:25 2023 by rpki-client on console-fra.rpki-client.org