Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/nkfCSWUvCW7FY40XhyMRcJ704RE.roa
File: nkfCSWUvCW7FY40XhyMRcJ704RE.roa (raw, json)
Hash identifier: vjf+lqRxe3CwjBQAzlOMh4hBEdJ/D5BYCMhzXqXvm2k=
Subject key identifier: 9E:47:C2:49:65:2F:09:6E:C5:63:8D:17:87:23:11:70:9E:F4:E1:11
Certificate issuer: /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial: 01946B1CD964AFDDC5A8A662CB0A11C21BEA
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/nkfCSWUvCW7FY40XhyMRcJ704RE.roa
Signing time: Wed 15 Jan 2025 17:57:20 +0000
ROA not before: Wed 15 Jan 2025 17:57:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215727
IP address blocks: 45.136.0.0/24 maxlen: 32
45.136.1.0/24 maxlen: 32
45.136.2.0/24 maxlen: 32
45.136.3.0/24 maxlen: 32
128.0.119.0/24 maxlen: 32
185.117.20.0/24 maxlen: 32
185.117.21.0/24 maxlen: 32
185.117.22.0/24 maxlen: 32
185.117.23.0/24 maxlen: 32
185.211.48.0/24 maxlen: 32
185.211.49.0/24 maxlen: 32
185.211.50.0/24 maxlen: 32
195.85.68.0/24 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6b:1c:d9:64:af:dd:c5:a8:a6:62:cb:0a:11:c2:1b:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Validity
Not Before: Jan 15 17:57:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9e47c249652f096ec5638d17872311709ef4e111
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:00:32:ae:df:d0:39:50:50:25:3f:7d:4f:90:
f9:21:1b:ab:a3:ac:57:a3:6e:33:ee:78:5d:6b:29:
6f:ff:73:1f:9d:e8:aa:b3:ea:83:1b:84:87:e4:72:
51:18:85:5f:a3:72:2d:85:a2:54:dd:b6:91:e5:88:
9c:50:a5:0b:ab:3a:30:38:ae:13:45:ef:ae:1c:f6:
5d:00:5d:d7:ea:14:dc:a4:94:10:b9:b3:7d:1a:a2:
eb:45:12:19:a7:2f:b9:e0:0f:1e:29:0b:84:6c:25:
12:52:83:59:09:db:e6:a2:ac:40:78:3b:81:34:92:
02:7c:76:6c:45:07:4e:52:cc:b0:fd:6e:1e:1a:f9:
a0:3d:33:b7:28:e1:99:69:79:63:b7:17:a8:f3:c9:
20:ad:4a:83:fc:1a:8d:fa:d4:22:61:d0:9b:c4:ef:
b3:4c:2c:fc:6c:6a:ee:4e:12:4b:d7:ac:b5:69:57:
04:60:1c:03:c9:81:fe:06:60:9c:cc:93:46:8c:5f:
f2:70:f1:58:f5:32:6e:92:7b:c4:94:fc:60:92:28:
2f:1a:a9:8a:1d:db:21:91:5f:79:7c:8a:36:a7:7e:
a7:f5:6b:ad:af:3a:77:a7:07:e3:37:06:85:e2:b0:
b5:82:36:25:d9:a9:7c:d4:e8:64:e0:39:3a:6e:dc:
9e:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:47:C2:49:65:2F:09:6E:C5:63:8D:17:87:23:11:70:9E:F4:E1:11
X509v3 Authority Key Identifier:
keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/nkfCSWUvCW7FY40XhyMRcJ704RE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.136.0.0/22
128.0.119.0/24
185.117.20.0/22
185.211.48.0-185.211.50.255
195.85.68.0/24
Signature Algorithm: sha256WithRSAEncryption
17:d3:e5:76:a9:cb:0e:95:86:47:84:76:6c:88:55:63:12:65:
8a:ae:06:8b:98:60:9c:34:29:b4:29:2a:8a:34:21:d7:78:04:
92:9f:80:b3:c9:ac:88:09:c9:dd:68:7b:2d:86:78:aa:6b:f6:
f4:52:0a:9f:8f:50:3d:c8:3d:5b:7d:d8:b2:d5:8c:69:17:b0:
6a:11:a4:13:a0:15:13:c0:85:31:b2:45:6e:e2:51:a6:d0:74:
bd:9a:56:9c:0e:42:40:fd:6e:81:df:30:23:db:b8:6a:15:71:
f5:5d:4e:d9:df:c1:46:eb:61:53:47:36:d9:bb:82:90:18:21:
b3:54:46:de:4a:3a:2a:6c:34:af:b3:d1:22:7d:38:79:6b:a2:
1d:bf:86:2c:e1:e7:ea:19:01:e3:43:c0:c6:60:df:45:ed:40:
53:03:44:3e:7f:9a:87:9e:f3:b9:80:a9:ba:07:bd:f7:bf:86:
53:18:d9:17:39:13:18:fa:27:2d:8c:4f:33:ce:fb:84:28:c7:
e2:84:24:d8:d6:35:6c:a3:cf:69:9c:b2:1a:6b:e0:5e:f6:98:
9c:0d:1b:19:37:2c:ab:e4:bb:36:64:b3:e1:69:ee:75:b0:71:
73:f5:ef:fb:5c:60:27:c8:54:a8:69:39:0b:ab:cc:8b:4d:cb:
c4:81:a7:84
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZRrHNlkr93FqKZiywoRwhvqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTE1MTc1NzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQ3YzI0OTY1MmYwOTZlYzU2MzhkMTc4NzIzMTE3MDllZjRlMTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAAyrt/QOVBQJT99T5D5IRuro6xX
o24z7nhdaylv/3Mfneiqs+qDG4SH5HJRGIVfo3IthaJU3baR5YicUKULqzowOK4T
Re+uHPZdAF3X6hTcpJQQubN9GqLrRRIZpy+54A8eKQuEbCUSUoNZCdvmoqxAeDuB
NJICfHZsRQdOUsyw/W4eGvmgPTO3KOGZaXljtxeo88kgrUqD/BqN+tQiYdCbxO+z
TCz8bGruThJL16y1aVcEYBwDyYH+BmCczJNGjF/ycPFY9TJuknvElPxgkigvGqmK
HdshkV95fIo2p36n9Wutrzp3pwfjNwaF4rC1gjYl2al81Ohk4Dk6btyeowIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFJ5HwkllLwluxWONF4cjEXCe9OERMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvbmtmQ1NXVXZDVzdGWTQwWGh5TVJjSjcwNFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCLYgAAwQA
gAB3AwQCuXUUMAwDBAS50zADBAC50zIDBADDVUQwDQYJKoZIhvcNAQELBQADggEB
ABfT5Xapyw6VhkeEdmyIVWMSZYquBouYYJw0KbQpKoo0Idd4BJKfgLPJrIgJyd1o
ey2GeKpr9vRSCp+PUD3IPVt92LLVjGkXsGoRpBOgFRPAhTGyRW7iUabQdL2aVpwO
QkD9boHfMCPbuGoVcfVdTtnfwUbrYVNHNtm7gpAYIbNURt5KOipsNK+z0SJ9OHlr
oh2/hizh5+oZAeNDwMZg30XtQFMDRD5/moee87mAqboHvfe/hlMY2Rc5Exj6Jy2M
TzPO+4Qox+KEJNjWNWyjz2mcshpr4F72mJwNGxk3LKvkuzZks+Fp7nWwcXP17/tc
YCfIVKhpOQurzItNy8SBp4Q=
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:22:09 2025 by rpki-client