Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/hQfBOJiwn67aSoJWp93qU44vTMU.roa
File: hQfBOJiwn67aSoJWp93qU44vTMU.roa (raw, json)
Hash identifier: 4RO47gva9L4ROZNasHO8ur8OWLfEZdVYIwqKeE6UPNg=
Subject key identifier: 85:07:C1:38:98:B0:9F:AE:DA:4A:82:56:A7:DD:EA:53:8E:2F:4C:C5
Certificate issuer: /CN=b467367967dc763349fd0b50e31f75b823028590
Certificate serial: 01959C21B5B61586DBBD40F6DDE012EFC8A6
Authority key identifier: B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/hQfBOJiwn67aSoJWp93qU44vTMU.roa
Signing time: Sat 15 Mar 2025 23:26:49 +0000
ROA not before: Sat 15 Mar 2025 23:26:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201178
IP address blocks: 185.81.236.0/22 maxlen: 24
185.81.236.0/24 maxlen: 24
185.81.237.0/24 maxlen: 24
185.81.238.0/24 maxlen: 24
185.81.239.0/24 maxlen: 24
185.153.248.0/22 maxlen: 24
185.155.148.0/22 maxlen: 24
185.155.148.0/24 maxlen: 24
185.155.149.0/24 maxlen: 24
185.155.150.0/24 maxlen: 24
185.155.151.0/24 maxlen: 24
2a05:8a00::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:9c:21:b5:b6:15:86:db:bd:40:f6:dd:e0:12:ef:c8:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b467367967dc763349fd0b50e31f75b823028590
Validity
Not Before: Mar 15 23:26:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8507c13898b09faeda4a8256a7ddea538e2f4cc5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:09:79:35:24:21:08:b4:86:a9:bf:c9:f5:fc:
ce:bf:e1:1d:67:de:8c:52:0e:47:a7:44:3b:bd:5b:
e1:35:16:b6:f7:fc:22:4c:6d:ea:95:1d:6c:21:c4:
45:1e:d9:cc:ed:42:7b:62:3b:13:47:2f:c1:78:d3:
de:36:b0:97:70:01:97:6f:d5:38:53:e8:2b:1b:f0:
d6:39:0a:ea:09:be:ea:7a:c9:c7:07:50:76:39:42:
29:65:5a:9b:d9:cd:d0:f9:8b:48:b5:1e:d1:78:8e:
9e:3a:c5:6e:d7:d3:46:fd:4a:f4:22:28:2c:a0:a7:
ec:0b:a0:a7:50:1b:28:31:33:21:3b:3c:4a:c4:bb:
f7:84:5b:55:d8:e8:ae:ea:62:5e:6b:a2:b8:a9:dd:
ff:c3:3d:b8:e8:79:eb:d4:df:8c:8d:0d:eb:22:f7:
cf:ee:4b:3b:9d:ce:43:8c:15:c6:d1:8a:f1:91:2c:
b6:6d:1a:f5:80:c3:44:04:24:36:5a:93:50:47:fd:
b8:e1:15:d7:b4:3b:71:47:8a:e0:1d:ae:92:96:a2:
dd:f2:0d:1e:1c:f5:fc:99:8e:c4:36:de:db:d0:02:
67:5c:56:8d:26:2c:f0:c5:df:af:93:ef:ab:80:d3:
68:ae:26:9f:4d:76:17:55:ce:d8:2d:af:ae:bb:0c:
5f:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:07:C1:38:98:B0:9F:AE:DA:4A:82:56:A7:DD:EA:53:8E:2F:4C:C5
X509v3 Authority Key Identifier:
keyid:B4:67:36:79:67:DC:76:33:49:FD:0B:50:E3:1F:75:B8:23:02:85:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGc2eWfcdjNJ_QtQ4x91uCMChZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/hQfBOJiwn67aSoJWp93qU44vTMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/dfc4f2-ed7d-4610-860c-b81373c40dc9/1/tGc2eWfcdjNJ_QtQ4x91uCMChZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.81.236.0/22
185.153.248.0/22
185.155.148.0/22
IPv6:
2a05:8a00::/29
Signature Algorithm: sha256WithRSAEncryption
49:61:c4:61:28:0b:39:fb:64:49:e4:ef:85:19:89:cf:df:f2:
2c:60:d7:ef:3e:8d:32:6a:bc:53:3f:a9:3b:15:ce:2c:80:9e:
de:1d:af:d2:fd:4e:41:fd:90:70:2a:bd:fa:63:f0:bc:82:71:
07:76:ab:89:18:80:91:03:6f:2e:88:64:6d:20:53:93:b7:3f:
bc:c1:62:85:77:e1:70:88:6a:65:d8:41:f8:8e:e9:ce:54:7c:
63:21:c5:b9:87:06:79:46:00:96:4e:74:7e:6b:be:a7:f3:02:
08:10:e6:a2:42:b4:95:9f:16:1f:36:74:c1:63:56:00:00:e0:
e6:dc:a7:11:3f:f5:24:73:ef:04:5f:e8:9c:89:62:df:5f:8e:
24:9d:40:fd:b1:0c:22:e1:8e:48:4f:73:10:c0:42:36:c7:18:
78:90:32:10:ba:6b:1e:e8:b4:52:f7:ed:a9:1c:73:30:bf:0e:
5a:b5:d3:b6:15:04:dc:f3:55:8e:2d:86:e6:ad:f4:e7:59:f8:
dc:d8:07:be:8a:f4:0d:f3:1d:e4:17:ec:0f:0e:f7:fb:f3:26:
43:b2:03:c0:60:f6:31:18:ce:28:d6:44:3e:9e:61:47:5a:96:
9b:50:fe:43:8c:c0:54:53:75:4f:e7:da:37:c4:51:e3:ce:53:
aa:67:ff:85
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZWcIbW2FYbbvUD23eAS78imMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjczNjc5NjdkYzc2MzM0OWZkMGI1MGUzMWY3NWI4MjMw
Mjg1OTAwHhcNMjUwMzE1MjMyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTA3YzEzODk4YjA5ZmFlZGE0YTgyNTZhN2RkZWE1MzhlMmY0Y2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgl5NSQhCLSGqb/J9fzOv+EdZ96M
Ug5Hp0Q7vVvhNRa29/wiTG3qlR1sIcRFHtnM7UJ7YjsTRy/BeNPeNrCXcAGXb9U4
U+grG/DWOQrqCb7qesnHB1B2OUIpZVqb2c3Q+YtItR7ReI6eOsVu19NG/Ur0Iigs
oKfsC6CnUBsoMTMhOzxKxLv3hFtV2Oiu6mJea6K4qd3/wz246Hnr1N+MjQ3rIvfP
7ks7nc5DjBXG0YrxkSy2bRr1gMNEBCQ2WpNQR/244RXXtDtxR4rgHa6SlqLd8g0e
HPX8mY7ENt7b0AJnXFaNJizwxd+vk++rgNNoriafTXYXVc7YLa+uuwxfaQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIUHwTiYsJ+u2kqCVqfd6lOOL0zFMB8GA1UdIwQY
MBaAFLRnNnln3HYzSf0LUOMfdbgjAoWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMt
YjgxMzczYzQwZGM5LzEvaFFmQk9KaXduNjdhU29KV3A5M3FVNDR2VE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kZmM0ZjItZWQ3ZC00NjEwLTg2MGMtYjgxMzczYzQwZGM5
LzEvdEdjMmVXZmNkak5KX1F0UTR4OTF1Q01DaFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuVHsAwQC
uZn4AwQCuZuUMA0EAgACMAcDBQMqBYoAMA0GCSqGSIb3DQEBCwUAA4IBAQBJYcRh
KAs5+2RJ5O+FGYnP3/IsYNfvPo0yarxTP6k7Fc4sgJ7eHa/S/U5B/ZBwKr36Y/C8
gnEHdquJGICRA28uiGRtIFOTtz+8wWKFd+FwiGpl2EH4junOVHxjIcW5hwZ5RgCW
TnR+a76n8wIIEOaiQrSVnxYfNnTBY1YAAODm3KcRP/Ukc+8EX+iciWLfX44knUD9
sQwi4Y5IT3MQwEI2xxh4kDIQumse6LRS9+2pHHMwvw5atdO2FQTc81WOLYbmrfTn
Wfjc2Ae+ivQN8x3kF+wPDvf78yZDsgPAYPYxGM4o1kQ+nmFHWpabUP5DjMBUU3VP
59o3xFHjzlOqZ/+F
-----END CERTIFICATE-----
Generated at Tue Apr 8 09:44:26 2025 by rpki-client