Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/8vDMjaVS40emmzGFVsGL0I8-fQo.roa
File: 8vDMjaVS40emmzGFVsGL0I8-fQo.roa (raw, json)
Hash identifier: ZQlfpvu51NDsYdzNjhzj60BOHewjbF75+WG+cK0BDP8=
Subject key identifier: F2:F0:CC:8D:A5:52:E3:47:A6:9B:31:85:56:C1:8B:D0:8F:3E:7D:0A
Certificate issuer: /CN=2f88a53fcb96777f99e02df8940dd040b454cd1c
Certificate serial: 01941FFA3866E866A5976CCB312C25DF15E8
Authority key identifier: 2F:88:A5:3F:CB:96:77:7F:99:E0:2D:F8:94:0D:D0:40:B4:54:CD:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4ilP8uWd3-Z4C34lA3QQLRUzRw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/8vDMjaVS40emmzGFVsGL0I8-fQo.roa
Signing time: Wed 01 Jan 2025 03:47:59 +0000
ROA not before: Wed 01 Jan 2025 03:47:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49770
IP address blocks: 95.143.192.0/20 maxlen: 24
185.154.108.0/22 maxlen: 24
2a03:d780::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:38:66:e8:66:a5:97:6c:cb:31:2c:25:df:15:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f88a53fcb96777f99e02df8940dd040b454cd1c
Validity
Not Before: Jan 1 03:47:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f2f0cc8da552e347a69b318556c18bd08f3e7d0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:1b:2d:2c:95:86:7c:19:a9:43:60:ac:3e:36:
18:c7:67:68:bd:a1:aa:aa:6a:24:12:9b:28:1d:55:
a0:75:df:95:6e:35:7a:cd:94:e6:fc:e8:f7:3c:7e:
d9:70:74:e5:3c:82:54:18:ad:c9:94:e9:f7:02:22:
5e:a4:9a:7e:41:3f:4a:7d:fd:da:1c:09:77:80:ce:
c8:17:3f:ff:48:e9:c5:d3:12:a6:80:d5:0b:62:f9:
d5:fb:a9:5f:3a:f1:b6:d2:4c:59:2a:7e:d2:48:53:
ca:dd:4b:0a:33:3c:b9:b6:7a:8f:ee:fd:e5:2a:9a:
4d:64:c6:f7:90:c9:cf:db:56:56:0f:80:c2:48:37:
0f:60:98:be:78:11:5a:0b:96:78:33:7d:12:70:29:
e1:f8:99:ba:08:57:3f:c6:96:d1:1a:48:27:19:72:
af:ce:ed:0c:7c:2b:b7:4f:2f:a2:4d:6d:f5:4b:93:
8c:a1:02:af:fa:ae:5c:71:73:80:20:81:2b:5e:cd:
a4:0d:e7:d2:61:d8:04:f3:55:21:e9:60:36:b4:8a:
df:a6:01:26:64:d1:86:c8:d4:a2:32:1b:d0:bf:13:
a0:ec:f8:96:7d:3f:0e:32:83:10:e8:6a:09:bf:5a:
b9:29:7c:d4:23:47:49:68:d7:95:24:85:9c:26:16:
c3:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:F0:CC:8D:A5:52:E3:47:A6:9B:31:85:56:C1:8B:D0:8F:3E:7D:0A
X509v3 Authority Key Identifier:
keyid:2F:88:A5:3F:CB:96:77:7F:99:E0:2D:F8:94:0D:D0:40:B4:54:CD:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4ilP8uWd3-Z4C34lA3QQLRUzRw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/8vDMjaVS40emmzGFVsGL0I8-fQo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/L4ilP8uWd3-Z4C34lA3QQLRUzRw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.143.192.0/20
185.154.108.0/22
IPv6:
2a03:d780::/32
Signature Algorithm: sha256WithRSAEncryption
2d:9f:63:e0:69:e9:50:cc:bf:9c:a8:09:e3:e8:74:74:c7:fb:
90:79:27:02:43:e8:3b:60:b8:c3:ca:24:c5:c1:57:80:04:11:
86:4e:9d:48:5d:93:84:41:f7:9f:1d:49:e8:03:89:96:3e:d4:
33:2f:1b:4d:bd:3d:33:0c:66:b7:83:57:b3:69:0f:64:88:81:
fb:2d:6a:3b:bd:ea:74:0b:9f:71:9e:a2:9b:78:fb:b7:04:26:
c0:66:f7:9c:00:de:22:55:e2:ca:37:b2:29:10:e7:8e:f0:b6:
07:32:f0:4c:d4:ca:4e:e5:b0:91:19:d3:28:b0:87:18:b1:a1:
da:e8:c2:c5:91:e3:f3:79:a5:52:21:c1:27:7d:1e:13:64:4b:
ab:39:7e:d3:72:6a:89:ed:cf:7c:48:80:7f:35:3d:0e:1d:c8:
5c:5a:ff:d5:94:5e:a3:97:e5:b1:7c:44:1b:cd:74:63:2b:36:
5c:41:f3:a7:21:43:eb:ea:90:51:05:b3:23:e4:48:c4:8d:79:
ca:02:cd:65:f7:fc:22:50:38:80:4f:58:9f:65:54:89:44:de:
fb:58:a0:44:f0:02:e0:d1:6a:49:b8:7e:bb:19:6f:ed:e9:d4:
d7:9d:f0:74:53:eb:34:30:4f:ac:28:f6:26:2c:11:a8:30:71:
02:8f:a5:14
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+jhm6Gall2zLMSwl3xXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODhhNTNmY2I5Njc3N2Y5OWUwMmRmODk0MGRkMDQwYjQ1
NGNkMWMwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmYwY2M4ZGE1NTJlMzQ3YTY5YjMxODU1NmMxOGJkMDhmM2U3ZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBstLJWGfBmpQ2CsPjYYx2dovaGq
qmokEpsoHVWgdd+VbjV6zZTm/Oj3PH7ZcHTlPIJUGK3JlOn3AiJepJp+QT9Kff3a
HAl3gM7IFz//SOnF0xKmgNULYvnV+6lfOvG20kxZKn7SSFPK3UsKMzy5tnqP7v3l
KppNZMb3kMnP21ZWD4DCSDcPYJi+eBFaC5Z4M30ScCnh+Jm6CFc/xpbRGkgnGXKv
zu0MfCu3Ty+iTW31S5OMoQKv+q5ccXOAIIErXs2kDefSYdgE81Uh6WA2tIrfpgEm
ZNGGyNSiMhvQvxOg7PiWfT8OMoMQ6GoJv1q5KXzUI0dJaNeVJIWcJhbDVQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPLwzI2lUuNHppsxhVbBi9CPPn0KMB8GA1UdIwQY
MBaAFC+IpT/Llnd/meAt+JQN0EC0VM0cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRpbFA4dVdkMy1aNEMzNGxBM1FRTFJVelJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81NTJmMGQtMDFjMi00MThhLWFhM2Mt
YWNjNGFhYzc4ZDBkLzEvOHZETWphVlM0MGVtbXpHRlZzR0wwSTgtZlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81NTJmMGQtMDFjMi00MThhLWFhM2MtYWNjNGFhYzc4ZDBk
LzEvTDRpbFA4dVdkMy1aNEMzNGxBM1FRTFJVelJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEX4/AAwQC
uZpsMA0EAgACMAcDBQAqA9eAMA0GCSqGSIb3DQEBCwUAA4IBAQAtn2PgaelQzL+c
qAnj6HR0x/uQeScCQ+g7YLjDyiTFwVeABBGGTp1IXZOEQfefHUnoA4mWPtQzLxtN
vT0zDGa3g1ezaQ9kiIH7LWo7vep0C59xnqKbePu3BCbAZvecAN4iVeLKN7IpEOeO
8LYHMvBM1MpO5bCRGdMosIcYsaHa6MLFkePzeaVSIcEnfR4TZEurOX7TcmqJ7c98
SIB/NT0OHchcWv/VlF6jl+WxfEQbzXRjKzZcQfOnIUPr6pBRBbMj5EjEjXnKAs1l
9/wiUDiAT1ifZVSJRN77WKBE8ALg0WpJuH67GW/t6dTXnfB0U+s0ME+sKPYmLBGo
MHECj6UU
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:36:12 2025 by rpki-client