Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/NfNxh6P1uZhDH6XoBFouc3RXHCs.roa
File: NfNxh6P1uZhDH6XoBFouc3RXHCs.roa (raw, json)
Hash identifier: qkk+5kxxRuEkhJwe+gYaKfgrph8xFe5jspGXDjsvcA0=
Subject key identifier: 35:F3:71:87:A3:F5:B9:98:43:1F:A5:E8:04:5A:2E:73:74:57:1C:2B
Certificate issuer: /CN=0d8be474c155fc13847b859501a553cffc3ac4b2
Certificate serial: 019425FC43D37BAD27D2F94D78E79E3FAC9F
Authority key identifier: 0D:8B:E4:74:C1:55:FC:13:84:7B:85:95:01:A5:53:CF:FC:3A:C4:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DYvkdMFV_BOEe4WVAaVTz_w6xLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/NfNxh6P1uZhDH6XoBFouc3RXHCs.roa
Signing time: Thu 02 Jan 2025 07:47:56 +0000
ROA not before: Thu 02 Jan 2025 07:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214815
IP address blocks: 91.90.166.0/24 maxlen: 24
147.189.163.0/24 maxlen: 24
2001:67c:328::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:43:d3:7b:ad:27:d2:f9:4d:78:e7:9e:3f:ac:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d8be474c155fc13847b859501a553cffc3ac4b2
Validity
Not Before: Jan 2 07:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35f37187a3f5b998431fa5e8045a2e7374571c2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:64:7d:0e:37:03:9b:35:d8:2e:2f:58:3b:cf:
4e:89:8e:1d:81:30:5c:7b:b2:2c:f4:cc:e6:b0:7a:
e5:4e:26:79:6d:41:76:b7:45:9d:e7:d8:c8:5a:35:
0f:b7:2f:c8:fa:ca:f5:e4:f9:87:f7:b3:4e:79:36:
98:b8:e1:7c:59:3d:3c:c2:cb:b4:bd:ec:65:36:37:
ac:63:2d:d2:ee:92:9a:d5:6f:87:83:e4:12:e5:81:
e5:37:5b:64:7c:55:6b:15:ba:d3:76:0b:f6:e1:66:
96:f8:7f:a2:37:2f:20:d5:3d:f9:0e:a2:2e:aa:66:
84:af:38:85:82:c3:1f:91:b2:da:5e:2d:ba:40:f8:
88:a0:af:80:db:90:b8:f4:f4:35:04:4b:5f:b3:ba:
f0:0c:fc:fb:f7:32:1a:80:27:42:82:92:ae:05:5b:
be:7a:d8:6e:59:1f:79:08:31:7d:bc:b9:99:0d:91:
8d:73:87:1a:bb:a4:c0:e8:e8:c1:4e:38:32:62:cf:
84:9c:f8:f3:1c:3d:52:bf:d5:e0:81:fb:bf:a7:40:
35:f5:6b:e1:a7:bc:0d:d2:09:26:dd:8e:34:f7:d4:
8b:21:cb:97:e7:b6:94:d9:19:1f:81:28:74:af:75:
e8:44:87:ca:8a:18:51:81:dd:83:69:77:2d:16:84:
72:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:F3:71:87:A3:F5:B9:98:43:1F:A5:E8:04:5A:2E:73:74:57:1C:2B
X509v3 Authority Key Identifier:
keyid:0D:8B:E4:74:C1:55:FC:13:84:7B:85:95:01:A5:53:CF:FC:3A:C4:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DYvkdMFV_BOEe4WVAaVTz_w6xLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/NfNxh6P1uZhDH6XoBFouc3RXHCs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/fd2efe-1471-42d8-9347-4861d43e24ef/1/DYvkdMFV_BOEe4WVAaVTz_w6xLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.90.166.0/24
147.189.163.0/24
IPv6:
2001:67c:328::/48
Signature Algorithm: sha256WithRSAEncryption
87:bf:58:09:22:2b:19:fc:91:0c:8c:0c:4c:13:c9:a7:0c:60:
cb:e5:a0:e7:38:46:e4:9b:ae:12:8a:ab:c7:78:49:9f:9d:7c:
36:84:e8:e4:e3:6b:e8:fe:53:dc:30:76:ac:29:1b:a7:56:5b:
c4:d1:42:95:a9:28:30:e1:8b:ea:8a:38:5d:84:86:ef:3e:aa:
66:cc:82:c3:7f:ec:8b:75:c7:3d:57:ba:6b:f5:38:77:b1:5c:
87:52:d0:f5:49:f1:42:e0:e4:59:39:cc:e1:4f:3b:55:a6:62:
42:5a:b9:d2:4c:e3:d6:e4:fb:24:00:b5:2b:2a:0c:1d:27:ca:
40:74:47:f9:0d:7e:5e:31:1a:a3:f0:ab:74:57:71:47:de:7f:
be:01:ab:9a:f3:62:b8:59:40:70:c3:67:8d:b5:e8:4f:cf:0d:
5c:52:b2:ac:77:d0:9c:7d:fb:e0:4c:12:a3:de:a7:b6:db:45:
e1:43:14:cb:1b:4a:bf:f0:1b:1e:15:a6:cf:2c:05:9a:6c:9d:
7b:1b:7b:48:3a:e3:90:34:ac:7c:09:50:c9:b5:00:69:31:df:
12:ea:8c:b8:69:e3:fe:56:f0:0d:47:4b:12:b2:4a:89:1f:a6:
a7:b5:16:78:94:15:25:02:3d:eb:a3:ab:32:b1:fc:39:9a:3b:
50:ad:24:d1
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQl/EPTe60n0vlNeOeeP6yfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOGJlNDc0YzE1NWZjMTM4NDdiODU5NTAxYTU1M2NmZmMz
YWM0YjIwHhcNMjUwMTAyMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYzNzE4N2EzZjViOTk4NDMxZmE1ZTgwNDVhMmU3Mzc0NTcxYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGR9DjcDmzXYLi9YO89OiY4dgTBc
e7Is9MzmsHrlTiZ5bUF2t0Wd59jIWjUPty/I+sr15PmH97NOeTaYuOF8WT08wsu0
vexlNjesYy3S7pKa1W+Hg+QS5YHlN1tkfFVrFbrTdgv24WaW+H+iNy8g1T35DqIu
qmaErziFgsMfkbLaXi26QPiIoK+A25C49PQ1BEtfs7rwDPz79zIagCdCgpKuBVu+
ethuWR95CDF9vLmZDZGNc4cau6TA6OjBTjgyYs+EnPjzHD1Sv9Xggfu/p0A19Wvh
p7wN0gkm3Y4099SLIcuX57aU2RkfgSh0r3XoRIfKihhRgd2DaXctFoRyIwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDXzcYej9bmYQx+l6ARaLnN0VxwrMB8GA1UdIwQY
MBaAFA2L5HTBVfwThHuFlQGlU8/8OsSyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFl2a2RNRlZfQk9FZTRXVkFhVlR6X3c2eExJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9mZDJlZmUtMTQ3MS00MmQ4LTkzNDct
NDg2MWQ0M2UyNGVmLzEvTmZOeGg2UDF1WmhESDZYb0JGb3VjM1JYSENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9mZDJlZmUtMTQ3MS00MmQ4LTkzNDctNDg2MWQ0M2UyNGVm
LzEvRFl2a2RNRlZfQk9FZTRXVkFhVlR6X3c2eExJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW1qmAwQA
k72jMA8EAgACMAkDBwAgAQZ8AygwDQYJKoZIhvcNAQELBQADggEBAIe/WAkiKxn8
kQyMDEwTyacMYMvloOc4RuSbrhKKq8d4SZ+dfDaE6OTja+j+U9wwdqwpG6dWW8TR
QpWpKDDhi+qKOF2Ehu8+qmbMgsN/7It1xz1Xumv1OHexXIdS0PVJ8ULg5Fk5zOFP
O1WmYkJaudJM49bk+yQAtSsqDB0nykB0R/kNfl4xGqPwq3RXcUfef74Bq5rzYrhZ
QHDDZ4216E/PDVxSsqx30Jx9++BMEqPep7bbReFDFMsbSr/wGx4Vps8sBZpsnXsb
e0g645A0rHwJUMm1AGkx3xLqjLhp4/5W8A1HSxKySokfpqe1FniUFSUCPeujqzKx
/DmaO1CtJNE=
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:17:50 2025 by rpki-client