Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/f3ebce-9608-4180-a891-dce0d0ae6703/1/1DoYkDk6VB1DydvoGJned_1EE8g.roa
File: 1DoYkDk6VB1DydvoGJned_1EE8g.roa (raw, json)
Hash identifier: T7r+r79TCu4+XikO7S1iTJNMTQrM/7K7RhY9jjHdoCM=
Subject key identifier: D4:3A:18:90:39:3A:54:1D:43:C9:DB:E8:18:99:DE:77:FD:44:13:C8
Certificate issuer: /CN=3b11583aca1e8059fd31e267e8302d0c2fe008d6
Certificate serial: 018BF69DD835150D0E119211E11EB3BC101A
Authority key identifier: 3B:11:58:3A:CA:1E:80:59:FD:31:E2:67:E8:30:2D:0C:2F:E0:08:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OxFYOsoegFn9MeJn6DAtDC_gCNY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cc/f3ebce-9608-4180-a891-dce0d0ae6703/1/1DoYkDk6VB1DydvoGJned_1EE8g.roa
Signing time: Wed 22 Nov 2023 10:40:21 +0000
ROA not before: Wed 22 Nov 2023 10:40:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29684
IP address blocks: 185.10.112.0/22 maxlen: 24
178.20.144.0/21 maxlen: 24
88.85.224.0/19 maxlen: 24
62.204.48.0/24 maxlen: 24
46.235.88.0/21 maxlen: 24
212.12.160.0/19 maxlen: 24
176.241.184.0/21 maxlen: 24
212.12.166.0/23 maxlen: 24
2a00:1560::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f6:9d:d8:35:15:0d:0e:11:92:11:e1:1e:b3:bc:10:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b11583aca1e8059fd31e267e8302d0c2fe008d6
Validity
Not Before: Nov 22 10:40:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d43a1890393a541d43c9dbe81899de77fd4413c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:be:05:af:d4:12:80:43:7c:20:f8:f4:01:1b:
29:28:b3:da:c5:ce:6f:fb:83:fe:c2:2d:07:ae:fb:
ba:61:3b:c5:f1:dc:cc:84:80:9b:5d:24:1d:f7:5f:
e6:42:31:ac:2e:0c:58:c1:99:b3:6e:1d:15:ae:da:
11:c4:ce:e1:99:7b:0e:02:a2:7d:e1:06:40:07:e8:
e2:e3:67:b7:cd:a8:64:1a:f0:55:6b:2c:1f:58:59:
86:c5:b7:79:c0:95:3b:fc:46:fd:37:c0:ed:3d:4d:
4a:85:44:a5:bd:fd:8d:2f:84:a7:81:89:a0:43:57:
62:27:16:0e:13:e1:13:17:3c:52:c8:f8:df:f7:94:
68:34:32:74:2d:f9:c0:b7:d8:b6:0c:a4:ad:11:f0:
8b:77:81:3e:e0:7e:dc:68:9e:76:51:22:fb:2c:27:
29:57:72:d9:b2:b8:b1:5f:12:f3:fc:f2:86:d4:f6:
c7:76:71:37:45:eb:cd:b9:5a:bf:53:de:37:94:66:
9f:bc:52:54:d8:1f:30:f5:c9:40:06:2a:7f:33:33:
3f:1d:80:48:21:e3:cd:2d:94:27:51:5c:55:d3:d6:
61:93:1d:6b:23:5d:a7:78:86:d3:eb:83:72:09:57:
61:01:d4:8c:a4:3a:20:92:c3:a6:53:c6:19:e4:58:
24:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:3A:18:90:39:3A:54:1D:43:C9:DB:E8:18:99:DE:77:FD:44:13:C8
X509v3 Authority Key Identifier:
keyid:3B:11:58:3A:CA:1E:80:59:FD:31:E2:67:E8:30:2D:0C:2F:E0:08:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OxFYOsoegFn9MeJn6DAtDC_gCNY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f3ebce-9608-4180-a891-dce0d0ae6703/1/1DoYkDk6VB1DydvoGJned_1EE8g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/f3ebce-9608-4180-a891-dce0d0ae6703/1/OxFYOsoegFn9MeJn6DAtDC_gCNY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.235.88.0/21
62.204.48.0/24
88.85.224.0/19
176.241.184.0/21
178.20.144.0/21
185.10.112.0/22
212.12.160.0/19
IPv6:
2a00:1560::/32
Signature Algorithm: sha256WithRSAEncryption
13:b3:64:be:4d:71:d9:e9:fb:2d:e9:13:c9:0a:32:a8:cc:7a:
30:38:66:d7:92:96:72:97:9b:34:d8:c7:89:39:0e:4d:fd:86:
9b:38:b3:42:75:cc:77:b9:9d:56:2d:a3:a6:e4:1c:05:57:71:
33:e6:55:e5:2b:77:05:70:9c:64:f3:a1:8e:3c:9a:1e:83:2c:
2b:8e:c3:76:67:01:7f:a4:df:93:9c:7c:c4:e0:09:14:23:2e:
66:d9:ea:41:e2:00:5f:f4:dc:83:a3:14:dc:48:aa:b5:74:50:
96:74:b7:4d:12:d0:8e:19:16:e4:47:2c:0b:9f:15:cb:da:3b:
bd:1b:77:8d:ae:97:73:07:16:85:24:7b:37:93:f5:fb:9c:38:
49:0a:01:fe:83:aa:58:15:ef:ff:6d:ef:3d:91:e7:0b:86:c3:
90:8f:4b:33:44:42:09:46:b1:d2:ce:30:9e:19:5c:bc:41:57:
cf:bf:71:0a:34:08:c5:84:23:d2:82:ff:5a:41:1f:a3:06:a4:
d8:f5:6e:0c:1b:98:10:e8:29:9d:68:5e:36:ca:93:3f:46:7a:
94:55:4f:b9:e1:59:e3:7e:fa:b0:2d:c0:b8:f0:35:c3:ec:8d:
30:95:a7:68:f0:e9:6d:c9:1e:90:cb:23:21:38:bd:2c:bf:a9:
a3:6d:5a:ef
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYv2ndg1FQ0OEZIR4R6zvBAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMTE1ODNhY2ExZTgwNTlmZDMxZTI2N2U4MzAyZDBjMmZl
MDA4ZDYwHhcNMjMxMTIyMTA0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDNhMTg5MDM5M2E1NDFkNDNjOWRiZTgxODk5ZGU3N2ZkNDQxM2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlL4Fr9QSgEN8IPj0ARspKLPaxc5v
+4P+wi0Hrvu6YTvF8dzMhICbXSQd91/mQjGsLgxYwZmzbh0VrtoRxM7hmXsOAqJ9
4QZAB+ji42e3zahkGvBVaywfWFmGxbd5wJU7/Eb9N8DtPU1KhUSlvf2NL4SngYmg
Q1diJxYOE+ETFzxSyPjf95RoNDJ0LfnAt9i2DKStEfCLd4E+4H7caJ52USL7LCcp
V3LZsrixXxLz/PKG1PbHdnE3RevNuVq/U943lGafvFJU2B8w9clABip/MzM/HYBI
IePNLZQnUVxV09Zhkx1rI12neIbT64NyCVdhAdSMpDogksOmU8YZ5FgkJwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNQ6GJA5OlQdQ8nb6BiZ3nf9RBPIMB8GA1UdIwQY
MBaAFDsRWDrKHoBZ/THiZ+gwLQwv4AjWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3hGWU9zb2VnRm45TWVKbjZEQXREQ19nQ05ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mM2ViY2UtOTYwOC00MTgwLWE4OTEt
ZGNlMGQwYWU2NzAzLzEvMURvWWtEazZWQjFEeWR2b0dKbmVkXzFFRThnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mM2ViY2UtOTYwOC00MTgwLWE4OTEtZGNlMGQwYWU2NzAz
LzEvT3hGWU9zb2VnRm45TWVKbjZEQXREQ19nQ05ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLutYAwQA
PswwAwQFWFXgAwQDsPG4AwQDshSQAwQCuQpwAwQF1AygMA0EAgACMAcDBQAqABVg
MA0GCSqGSIb3DQEBCwUAA4IBAQATs2S+TXHZ6fst6RPJCjKozHowOGbXkpZyl5s0
2MeJOQ5N/YabOLNCdcx3uZ1WLaOm5BwFV3Ez5lXlK3cFcJxk86GOPJoegywrjsN2
ZwF/pN+TnHzE4AkUIy5m2epB4gBf9NyDoxTcSKq1dFCWdLdNEtCOGRbkRywLnxXL
2ju9G3eNrpdzBxaFJHs3k/X7nDhJCgH+g6pYFe//be89kecLhsOQj0szREIJRrHS
zjCeGVy8QVfPv3EKNAjFhCPSgv9aQR+jBqTY9W4MG5gQ6CmdaF42ypM/RnqUVU+5
4VnjfvqwLcC48DXD7I0wlado8OltyR6QyyMhOL0sv6mjbVrv
-----END CERTIFICATE-----
Generated at Mon Apr 21 03:57:19 2025 by rpki-client