Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/HgthMxkS4sDwbR55naZPb4wMFxg.roa
File: HgthMxkS4sDwbR55naZPb4wMFxg.roa (raw, json)
Hash identifier: olhiAups10lhQdjGyUNsFlprQflRZuGgamB+OfGmreI=
Subject key identifier: 1E:0B:61:33:19:12:E2:C0:F0:6D:1E:79:9D:A6:4F:6F:8C:0C:17:18
Certificate issuer: /CN=67cfd7fae20d1d34b779dab669b8f0f07c9c34f8
Certificate serial: 01852BDC276DB234C0375B8D8079F7DEE04F
Authority key identifier: 67:CF:D7:FA:E2:0D:1D:34:B7:79:DA:B6:69:B8:F0:F0:7C:9C:34:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z8_X-uINHTS3edq2abjw8HycNPg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/HgthMxkS4sDwbR55naZPb4wMFxg.roa
Signing time: Mon 19 Dec 2022 19:28:46 +0000
ROA not before: Mon 19 Dec 2022 19:28:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 57152
IP address blocks: 195.85.207.0/24 maxlen: 24
195.85.216.0/24 maxlen: 24
185.242.162.0/24 maxlen: 24
185.242.161.0/24 maxlen: 24
185.242.160.0/24 maxlen: 24
185.242.163.0/24 maxlen: 24
2.56.152.0/24 maxlen: 24
2.56.155.0/24 maxlen: 24
2.56.154.0/24 maxlen: 24
2.56.153.0/24 maxlen: 24
2a09:cfc0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2b:dc:27:6d:b2:34:c0:37:5b:8d:80:79:f7:de:e0:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67cfd7fae20d1d34b779dab669b8f0f07c9c34f8
Validity
Not Before: Dec 19 19:28:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1e0b61331912e2c0f06d1e799da64f6f8c0c1718
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:66:a2:78:28:fe:3a:f7:41:b9:8f:15:58:bf:
39:ca:1f:51:ab:e2:91:4e:bb:16:39:86:67:2c:86:
b4:4f:77:29:13:16:e8:14:e9:93:75:8e:aa:1b:0f:
a9:c3:d5:71:b9:28:f6:aa:a7:aa:e6:ba:2f:de:0e:
fe:e8:4e:68:ad:10:e6:47:d0:5a:1f:0a:0b:2c:ac:
3c:1b:59:22:d3:e3:2c:d4:ca:21:b7:8a:f0:73:d4:
04:f4:9b:cf:7b:24:b2:1c:ea:22:68:9f:4a:6e:04:
7b:fb:14:3a:77:24:1c:ee:c7:ad:91:53:c7:8a:46:
dc:7a:98:c5:78:1b:d3:d5:ad:76:5b:85:10:1d:fd:
0d:ab:3d:19:73:09:af:55:ff:33:66:45:25:38:be:
bf:e4:44:8a:df:e1:6d:34:03:7a:f4:92:6a:af:35:
f1:bc:43:a0:37:21:38:f6:00:0a:e3:af:5e:3d:5e:
24:fd:2b:1f:34:a8:3d:d5:51:64:d4:9e:52:52:4d:
c7:7b:97:6c:61:b9:67:48:48:be:29:8c:e9:85:c0:
cd:19:86:36:64:52:59:6e:fa:fd:34:80:a8:f9:6a:
63:f0:5c:2d:e3:06:c0:f1:b0:43:1f:99:93:99:5d:
19:04:cf:ee:89:9e:fb:a1:f5:10:da:19:ad:40:b5:
c2:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:0B:61:33:19:12:E2:C0:F0:6D:1E:79:9D:A6:4F:6F:8C:0C:17:18
X509v3 Authority Key Identifier:
keyid:67:CF:D7:FA:E2:0D:1D:34:B7:79:DA:B6:69:B8:F0:F0:7C:9C:34:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8_X-uINHTS3edq2abjw8HycNPg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/HgthMxkS4sDwbR55naZPb4wMFxg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/Z8_X-uINHTS3edq2abjw8HycNPg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.152.0/22
185.242.160.0/22
195.85.207.0/24
195.85.216.0/24
IPv6:
2a09:cfc0::/29
Signature Algorithm: sha256WithRSAEncryption
90:01:46:84:4b:b5:cd:09:f7:a1:68:3b:9b:3e:9e:98:ca:46:
c0:f7:6e:17:0d:6d:74:d5:93:aa:8b:d1:4b:60:a6:c6:97:5b:
6a:4f:5f:b3:46:fb:e9:48:9e:b8:f0:2a:a3:45:3e:7a:03:66:
16:34:77:74:a0:51:d5:cf:33:0a:29:08:0a:0c:d6:b6:1e:99:
30:83:e2:86:49:87:8c:53:93:8c:10:14:81:50:b7:4a:85:7e:
9a:6f:17:0f:79:a5:0d:98:47:9a:a9:a7:00:13:99:56:ae:f6:
0c:50:93:f6:53:60:2b:aa:89:eb:93:5b:8e:8e:74:90:db:86:
98:0c:fd:01:66:ac:f7:03:17:48:ae:16:a0:7b:9f:69:ba:64:
06:85:b3:a6:12:78:f7:b1:cf:d5:07:ba:20:d6:0f:7c:a1:d0:
09:1f:fd:99:ab:ee:16:e0:b3:fc:05:57:33:7c:95:40:13:04:
e0:03:0e:85:89:ea:89:c4:6d:56:1c:3f:e2:f9:55:1a:9a:3d:
68:e0:2e:87:50:84:7f:02:36:93:16:6c:e8:d4:1d:fc:47:2a:
76:df:4e:8e:5d:dc:a5:29:fb:b1:e6:6a:19:0c:01:ef:96:e5:
a6:46:d8:93:d2:9d:5d:d7:d0:58:7b:61:65:d8:8d:4d:43:58:
2b:be:2a:85
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYUr3CdtsjTAN1uNgHn33uBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2ZkN2ZhZTIwZDFkMzRiNzc5ZGFiNjY5YjhmMGYwN2M5
YzM0ZjgwHhcNMjIxMjE5MTkyODQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTBiNjEzMzE5MTJlMmMwZjA2ZDFlNzk5ZGE2NGY2ZjhjMGMxNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmaieCj+OvdBuY8VWL85yh9Rq+KR
TrsWOYZnLIa0T3cpExboFOmTdY6qGw+pw9VxuSj2qqeq5rov3g7+6E5orRDmR9Ba
HwoLLKw8G1ki0+Ms1Moht4rwc9QE9JvPeySyHOoiaJ9KbgR7+xQ6dyQc7setkVPH
ikbcepjFeBvT1a12W4UQHf0Nqz0ZcwmvVf8zZkUlOL6/5ESK3+FtNAN69JJqrzXx
vEOgNyE49gAK469ePV4k/SsfNKg91VFk1J5SUk3He5dsYblnSEi+KYzphcDNGYY2
ZFJZbvr9NICo+Wpj8Fwt4wbA8bBDH5mTmV0ZBM/uiZ77ofUQ2hmtQLXCUQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFB4LYTMZEuLA8G0eeZ2mT2+MDBcYMB8GA1UdIwQY
MBaAFGfP1/riDR00t3natmm48PB8nDT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhfWC11SU5IVFMzZWRxMmFianc4SHljTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82MjM0M2QtZDkyNC00Mzc4LWExMjEt
MmI2OGFiMmFkMmU5LzEvSGd0aE14a1M0c0R3YlI1NW5hWlBiNHdNRnhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82MjM0M2QtZDkyNC00Mzc4LWExMjEtMmI2OGFiMmFkMmU5
LzEvWjhfWC11SU5IVFMzZWRxMmFianc4SHljTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCAjiYAwQC
ufKgAwQAw1XPAwQAw1XYMA0EAgACMAcDBQMqCc/AMA0GCSqGSIb3DQEBCwUAA4IB
AQCQAUaES7XNCfehaDubPp6YykbA924XDW101ZOqi9FLYKbGl1tqT1+zRvvpSJ64
8CqjRT56A2YWNHd0oFHVzzMKKQgKDNa2Hpkwg+KGSYeMU5OMEBSBULdKhX6abxcP
eaUNmEeaqacAE5lWrvYMUJP2U2Arqonrk1uOjnSQ24aYDP0BZqz3AxdIrhage59p
umQGhbOmEnj3sc/VB7og1g98odAJH/2Zq+4W4LP8BVczfJVAEwTgAw6FieqJxG1W
HD/i+VUamj1o4C6HUIR/AjaTFmzo1B38Ryp2306OXdylKfux5moZDAHvluWmRtiT
0p1d19BYe2Fl2I1NQ1grviqF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:19 2024 by rpki-client on console-fra.rpki-client.org