Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/XxlBbuzHE251PVWYt8IDfDvm0wk.roa
File: XxlBbuzHE251PVWYt8IDfDvm0wk.roa (raw, json)
Hash identifier: nVVabXK7sQQ4tz6ONtNrZy+JOjU5+yR5hZWs5BNXx1Y=
Subject key identifier: 5F:19:41:6E:EC:C7:13:6E:75:3D:55:98:B7:C2:03:7C:3B:E6:D3:09
Certificate issuer: /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial: 01942369155CDDBB4199D3634A93B7C821BF
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/XxlBbuzHE251PVWYt8IDfDvm0wk.roa
Signing time: Wed 01 Jan 2025 19:47:56 +0000
ROA not before: Wed 01 Jan 2025 19:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3257
IP address blocks: 146.19.50.0/24 maxlen: 24
185.214.166.0/24 maxlen: 24
185.253.3.0/24 maxlen: 24
194.26.218.0/24 maxlen: 24
213.134.25.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:15:5c:dd:bb:41:99:d3:63:4a:93:b7:c8:21:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Validity
Not Before: Jan 1 19:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f19416eecc7136e753d5598b7c2037c3be6d309
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:79:fc:84:40:c8:c8:4c:d9:06:bf:dc:b5:5d:
73:e5:c8:b0:02:32:9f:b8:cf:05:3a:82:a3:1b:2f:
fe:ea:c5:3d:6c:d9:a6:ae:29:39:88:b5:b5:65:39:
37:0e:64:92:52:fb:9f:2b:d2:8f:96:0f:5a:5d:49:
7b:c0:0f:90:79:91:8b:a7:73:44:25:c3:2d:70:ed:
74:ef:bd:d0:c7:07:ec:d6:a1:28:d7:55:41:f4:c4:
cb:71:b4:ce:2b:74:7b:75:9c:42:a1:fc:d9:e5:01:
3d:96:22:64:03:32:ed:8e:bb:52:4a:f9:0f:44:b5:
f1:e6:a0:d4:c5:e8:88:59:10:08:af:00:37:8f:d9:
78:47:d5:b5:4b:45:05:05:58:10:71:3d:29:a4:ce:
0f:49:4d:50:5f:a3:e8:da:36:e4:85:a8:00:85:e0:
f9:42:ed:09:a1:29:a0:ba:51:79:a9:cc:21:50:67:
23:42:86:07:25:c3:0b:02:ea:e3:9c:64:48:a3:ae:
0e:86:0a:38:36:74:86:95:50:f8:dd:f6:52:63:83:
17:e5:bc:cf:f2:e4:04:95:de:33:f5:00:d9:54:0d:
8f:ee:e4:cc:ef:f9:e7:31:1e:86:8b:68:89:69:a6:
f3:98:ff:14:5f:f5:54:1f:a8:17:78:d7:9d:45:41:
2f:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:19:41:6E:EC:C7:13:6E:75:3D:55:98:B7:C2:03:7C:3B:E6:D3:09
X509v3 Authority Key Identifier:
keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/XxlBbuzHE251PVWYt8IDfDvm0wk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.19.50.0/24
185.214.166.0/24
185.253.3.0/24
194.26.218.0/24
213.134.25.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:22:d6:02:53:63:c9:e1:4b:ce:5e:4e:d8:d4:16:84:97:cf:
a3:ca:15:4f:62:46:2b:b8:2c:27:ad:71:4f:ae:cb:9d:25:fe:
2e:94:10:d3:ea:61:5e:ab:4e:eb:1d:1f:9d:13:4b:50:73:95:
10:65:45:95:83:16:7f:f7:7a:96:eb:ba:67:a1:22:2e:60:24:
62:b1:28:4a:cd:65:2d:d7:0b:f3:fa:67:b6:d2:32:a8:75:2d:
c7:48:6b:f1:b9:89:8d:56:8c:28:be:b8:bb:1d:01:30:57:84:
f5:31:14:4b:73:34:a8:55:6c:0b:30:ac:a0:e0:b1:88:95:b4:
48:de:2b:67:ee:3b:94:27:d9:de:25:d0:42:60:9b:99:0a:02:
de:9c:7b:95:3b:25:49:0c:8b:e9:4b:f4:c1:d7:cd:1e:db:74:
38:e9:d9:a4:3a:da:68:5b:15:87:38:59:07:cb:46:ad:d4:83:
43:4d:38:6c:58:c0:ef:4b:b5:4a:a1:47:ce:50:8a:17:13:a8:
a0:3e:7e:ae:17:44:3b:fa:a2:2a:19:e5:72:e6:bc:f3:ba:71:
24:28:ed:f5:6b:e6:9c:02:30:05:21:77:90:ff:b6:15:a9:26:
2a:1b:bb:65:b6:e6:87:f3:0e:c5:79:a2:32:e0:69:a1:58:45:
15:b4:fe:72
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQjaRVc3btBmdNjSpO3yCG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjUwMTAxMTk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjE5NDE2ZWVjYzcxMzZlNzUzZDU1OThiN2MyMDM3YzNiZTZkMzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXn8hEDIyEzZBr/ctV1z5ciwAjKf
uM8FOoKjGy/+6sU9bNmmrik5iLW1ZTk3DmSSUvufK9KPlg9aXUl7wA+QeZGLp3NE
JcMtcO10773Qxwfs1qEo11VB9MTLcbTOK3R7dZxCofzZ5QE9liJkAzLtjrtSSvkP
RLXx5qDUxeiIWRAIrwA3j9l4R9W1S0UFBVgQcT0ppM4PSU1QX6Po2jbkhagAheD5
Qu0JoSmgulF5qcwhUGcjQoYHJcMLAurjnGRIo64Ohgo4NnSGlVD43fZSY4MX5bzP
8uQEld4z9QDZVA2P7uTM7/nnMR6Gi2iJaabzmP8UX/VUH6gXeNedRUEvHwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFF8ZQW7sxxNudT1VmLfCA3w75tMJMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvWHhsQmJ1ekhFMjUxUFZXWXQ4SURmRHZtMHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAkhMyAwQA
udamAwQAuf0DAwQAwhraAwQA1YYZMA0GCSqGSIb3DQEBCwUAA4IBAQB/ItYCU2PJ
4UvOXk7Y1BaEl8+jyhVPYkYruCwnrXFPrsudJf4ulBDT6mFeq07rHR+dE0tQc5UQ
ZUWVgxZ/93qW67pnoSIuYCRisShKzWUt1wvz+me20jKodS3HSGvxuYmNVowovri7
HQEwV4T1MRRLczSoVWwLMKyg4LGIlbRI3itn7juUJ9neJdBCYJuZCgLenHuVOyVJ
DIvpS/TB180e23Q46dmkOtpoWxWHOFkHy0at1INDTThsWMDvS7VKoUfOUIoXE6ig
Pn6uF0Q7+qIqGeVy5rzzunEkKO31a+acAjAFIXeQ/7YVqSYqG7tltuaH8w7FeaIy
4GmhWEUVtP5y
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:18:44 2025 by rpki-client