Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/060859-7707-412a-9810-dbb2931a0f64/1/CPqSq0ytAxDio98lkjeb_dYwRZ4.roa
File: CPqSq0ytAxDio98lkjeb_dYwRZ4.roa (raw, json)
Hash identifier: DBQ2P8ThG/7CNm8RF8WiO7psAqOGJ9hYf3OIiBNBEtw=
Subject key identifier: 08:FA:92:AB:4C:AD:03:10:E2:A3:DF:25:92:37:9B:FD:D6:30:45:9E
Certificate issuer: /CN=9d239c08ead94bb04fc3e6b4a65e6e1c7dcf38f4
Certificate serial: 0194D56531E097938141B89A9FD89970E60B
Authority key identifier: 9D:23:9C:08:EA:D9:4B:B0:4F:C3:E6:B4:A6:5E:6E:1C:7D:CF:38:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSOcCOrZS7BPw-a0pl5uHH3POPQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/060859-7707-412a-9810-dbb2931a0f64/1/CPqSq0ytAxDio98lkjeb_dYwRZ4.roa
Signing time: Wed 05 Feb 2025 09:16:06 +0000
ROA not before: Wed 05 Feb 2025 09:16:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202918
IP address blocks: 185.150.156.0/22 maxlen: 24
185.150.156.0/24 maxlen: 24
185.150.157.0/24 maxlen: 24
185.150.158.0/24 maxlen: 24
185.150.159.0/24 maxlen: 24
185.246.28.0/23 maxlen: 24
2a07:71c0::/29 maxlen: 48
2a0d:7380::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:d5:65:31:e0:97:93:81:41:b8:9a:9f:d8:99:70:e6:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d239c08ead94bb04fc3e6b4a65e6e1c7dcf38f4
Validity
Not Before: Feb 5 09:16:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08fa92ab4cad0310e2a3df2592379bfdd630459e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:ef:91:48:9c:27:60:7d:99:ad:0c:91:54:58:
36:bd:bb:9f:3e:a5:95:b1:0f:e5:fb:c8:38:c8:b5:
21:d7:3e:00:ec:5f:81:f4:5c:90:0c:1a:3a:9f:92:
31:40:48:41:15:4d:3a:33:a7:17:07:39:3b:10:3e:
d6:68:cc:2b:e4:c9:f6:0e:95:ed:33:7d:ef:0d:f7:
d1:11:5a:af:40:3b:89:4d:5a:c5:ce:a6:62:e9:29:
14:98:cd:14:ad:94:32:bf:3e:20:d8:4b:0e:97:fe:
4d:05:a7:0f:e4:25:d1:bd:01:dd:20:92:44:ff:ae:
2a:f3:7b:cf:74:9e:65:2c:59:99:23:94:86:23:26:
4c:0a:c4:8c:74:91:d1:54:a7:c1:07:8b:0d:40:0d:
51:e7:02:1c:48:fb:b9:2d:65:67:f8:48:eb:b6:1f:
52:8a:6d:60:24:ee:45:77:b2:6b:f9:e6:31:5b:7f:
11:67:4c:cb:06:07:ae:44:52:ef:74:8e:93:d3:01:
7f:2f:66:6e:e3:74:09:e3:1d:63:38:d3:af:42:36:
10:04:54:b5:6e:03:07:d6:7e:71:9e:cf:a4:d0:ac:
bd:75:84:d4:da:9a:82:01:5b:65:94:b5:74:66:1c:
7f:32:f6:4d:b9:70:2e:ba:ac:5c:fd:8a:ae:3b:f9:
2b:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:FA:92:AB:4C:AD:03:10:E2:A3:DF:25:92:37:9B:FD:D6:30:45:9E
X509v3 Authority Key Identifier:
keyid:9D:23:9C:08:EA:D9:4B:B0:4F:C3:E6:B4:A6:5E:6E:1C:7D:CF:38:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSOcCOrZS7BPw-a0pl5uHH3POPQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/060859-7707-412a-9810-dbb2931a0f64/1/CPqSq0ytAxDio98lkjeb_dYwRZ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/060859-7707-412a-9810-dbb2931a0f64/1/nSOcCOrZS7BPw-a0pl5uHH3POPQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.150.156.0/22
185.246.28.0/23
IPv6:
2a07:71c0::/29
2a0d:7380::/29
Signature Algorithm: sha256WithRSAEncryption
22:c0:9f:6c:94:79:7f:df:b2:0f:da:ff:ff:99:84:7f:9a:d2:
7e:5f:03:d6:3b:01:a7:4e:09:5c:dd:ca:50:8d:33:f5:ae:e6:
28:36:05:22:26:d2:c5:62:2b:52:78:b1:c5:5c:fa:da:56:b7:
91:4a:63:2e:49:9a:2d:4a:d0:a6:fc:ce:27:c4:4a:50:81:00:
bc:6d:c6:04:16:44:a3:7c:0e:04:ae:19:e4:d0:17:a1:de:d8:
db:80:77:dc:cb:02:14:85:49:7e:da:bd:95:1f:44:7f:78:f1:
e8:17:54:97:79:22:b9:2a:3a:aa:2d:54:ea:70:d9:f4:37:ad:
38:d0:4d:17:76:bb:f8:59:68:64:98:51:d9:06:04:b6:e8:de:
29:6d:00:dc:2f:3b:69:b9:6e:75:f2:41:5a:ee:93:6c:c5:d2:
66:57:de:32:77:91:e1:a6:19:7d:35:54:bd:87:4c:8a:b3:6b:
6a:22:94:e0:09:aa:6e:b8:38:c5:09:dc:e5:12:6f:7d:24:1e:
ba:2b:6b:cd:98:4f:c3:ba:cf:61:d4:1f:d7:a6:7b:c0:e3:e6:
46:f6:42:25:6c:b5:37:1d:c0:44:f9:16:98:99:09:c2:98:7d:
c6:cd:ed:fc:ca:4d:8b:78:62:42:71:56:34:15:da:e2:ca:72:
fe:35:a5:1d
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAZTVZTHgl5OBQbian9iZcOYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjM5YzA4ZWFkOTRiYjA0ZmMzZTZiNGE2NWU2ZTFjN2Rj
ZjM4ZjQwHhcNMjUwMjA1MDkxNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGZhOTJhYjRjYWQwMzEwZTJhM2RmMjU5MjM3OWJmZGQ2MzA0NTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu+RSJwnYH2ZrQyRVFg2vbufPqWV
sQ/l+8g4yLUh1z4A7F+B9FyQDBo6n5IxQEhBFU06M6cXBzk7ED7WaMwr5Mn2DpXt
M33vDffREVqvQDuJTVrFzqZi6SkUmM0UrZQyvz4g2EsOl/5NBacP5CXRvQHdIJJE
/64q83vPdJ5lLFmZI5SGIyZMCsSMdJHRVKfBB4sNQA1R5wIcSPu5LWVn+Ejrth9S
im1gJO5Fd7Jr+eYxW38RZ0zLBgeuRFLvdI6T0wF/L2Zu43QJ4x1jONOvQjYQBFS1
bgMH1n5xns+k0Ky9dYTU2pqCAVtllLV0Zhx/MvZNuXAuuqxc/YquO/kr2QIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFAj6kqtMrQMQ4qPfJZI3m/3WMEWeMB8GA1UdIwQY
MBaAFJ0jnAjq2UuwT8PmtKZebhx9zzj0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNPY0NPclpTN0JQdy1hMHBsNXVISDNQT1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8wNjA4NTktNzcwNy00MTJhLTk4MTAt
ZGJiMjkzMWEwZjY0LzEvQ1BxU3EweXRBeERpbzk4bGtqZWJfZFl3Ulo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8wNjA4NTktNzcwNy00MTJhLTk4MTAtZGJiMjkzMWEwZjY0
LzEvblNPY0NPclpTN0JQdy1hMHBsNXVISDNQT1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCuZacAwQB
ufYcMBQEAgACMA4DBQMqB3HAAwUDKg1zgDANBgkqhkiG9w0BAQsFAAOCAQEAIsCf
bJR5f9+yD9r//5mEf5rSfl8D1jsBp04JXN3KUI0z9a7mKDYFIibSxWIrUnixxVz6
2la3kUpjLkmaLUrQpvzOJ8RKUIEAvG3GBBZEo3wOBK4Z5NAXod7Y24B33MsCFIVJ
ftq9lR9Ef3jx6BdUl3kiuSo6qi1U6nDZ9DetONBNF3a7+FloZJhR2QYEtujeKW0A
3C87abludfJBWu6TbMXSZlfeMneR4aYZfTVUvYdMirNraiKU4Amqbrg4xQnc5RJv
fSQeuitrzZhPw7rPYdQf16Z7wOPmRvZCJWy1Nx3ARPkWmJkJwph9xs3t/MpNi3hi
QnFWNBXa4spy/jWlHQ==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:54:35 2025 by rpki-client