Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/jyrC-t0H_GkAg2c88y9tSfnyeDQ.roa
File: jyrC-t0H_GkAg2c88y9tSfnyeDQ.roa (raw, json)
Hash identifier: QuK2j2bldMS2fMD4ill15moXvawQIfM3BSjaK9rkpUw=
Subject key identifier: 8F:2A:C2:FA:DD:07:FC:69:00:83:67:3C:F3:2F:6D:49:F9:F2:78:34
Certificate issuer: /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial: 0194228D50BE90253E3BAB0C65627A5A8A3B
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/jyrC-t0H_GkAg2c88y9tSfnyeDQ.roa
Signing time: Wed 01 Jan 2025 15:47:54 +0000
ROA not before: Wed 01 Jan 2025 15:47:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15830
IP address blocks: 88.84.128.0/21 maxlen: 24
88.84.136.0/21 maxlen: 24
88.84.144.0/21 maxlen: 24
88.84.152.0/21 maxlen: 24
89.202.0.0/17 maxlen: 24
193.110.116.0/22 maxlen: 24
217.68.144.0/20 maxlen: 24
217.79.208.0/20 maxlen: 24
2001:4c68::/32 maxlen: 48
2a02:20a8::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8d:50:be:90:25:3e:3b:ab:0c:65:62:7a:5a:8a:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
Validity
Not Before: Jan 1 15:47:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8f2ac2fadd07fc690083673cf32f6d49f9f27834
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:5b:74:7e:db:83:25:23:a1:21:e6:02:d7:a0:
8c:e5:c3:2e:b2:09:f2:9f:68:d8:54:58:8e:62:d9:
42:e7:56:7c:f5:56:56:6b:75:f5:e7:e6:74:2a:11:
1c:6d:72:1d:ed:d1:d7:31:aa:34:4d:97:1c:bd:94:
2b:4f:21:2c:9e:6b:b6:58:33:21:f0:00:48:cf:27:
3d:06:fc:55:bf:ff:eb:e2:67:8b:4e:c8:8e:13:bb:
75:6e:fc:d9:01:70:27:ac:60:f3:fd:d8:54:00:9f:
21:44:7c:f4:8b:a6:e2:41:2a:d8:cc:4b:33:a6:93:
7d:e6:99:1c:bf:e6:e9:4b:05:b2:c9:99:a5:e9:31:
e8:13:2d:2a:38:99:ad:93:fd:a6:7a:97:b8:c5:ce:
59:08:5b:c5:c7:39:da:aa:ee:95:3b:36:c0:bd:70:
f5:1d:b7:de:cf:2e:c9:8a:7c:5d:3f:11:72:b1:30:
6e:e8:21:f9:70:16:ef:c1:c8:1c:6d:58:59:93:f7:
c2:53:9d:37:a6:05:94:4a:3a:9a:12:0e:76:e5:70:
81:3a:3a:e0:40:2b:7b:6e:39:6a:ba:58:59:09:59:
83:d5:05:f8:b5:c9:cd:88:4a:f3:b4:fd:50:6e:66:
03:42:24:05:fe:1b:39:97:97:35:c0:b5:8b:92:25:
21:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:2A:C2:FA:DD:07:FC:69:00:83:67:3C:F3:2F:6D:49:F9:F2:78:34
X509v3 Authority Key Identifier:
keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/jyrC-t0H_GkAg2c88y9tSfnyeDQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.84.128.0/19
89.202.0.0/17
193.110.116.0/22
217.68.144.0/20
217.79.208.0/20
IPv6:
2001:4c68::/32
2a02:20a8::/29
Signature Algorithm: sha256WithRSAEncryption
47:ee:f4:5e:ae:f9:ca:50:bb:cd:ea:80:35:f2:a3:f7:68:99:
da:45:0f:25:d7:16:ea:2b:97:c7:b4:7d:48:b2:86:5a:55:f3:
c7:fb:19:51:a7:e6:b6:d9:90:bd:af:44:cb:c6:24:fe:0b:1f:
81:97:04:a8:da:08:21:60:34:bd:dd:a5:4b:89:45:87:c7:5e:
f3:f9:b3:64:d3:31:53:c3:b8:c0:8c:08:1a:f4:99:a6:56:0a:
87:2a:2a:29:0a:a4:f8:98:6c:33:5e:2a:ad:74:5d:2c:45:78:
bf:ce:fd:20:46:84:de:20:5f:01:1f:54:4c:61:f5:59:fe:89:
7b:1d:8a:f8:83:ae:bc:d7:6c:c7:4b:51:36:30:0e:3f:6c:84:
a4:4e:cc:76:c8:23:4e:46:6d:6d:e7:c7:16:95:e4:25:e6:37:
41:8d:0d:2c:12:64:47:ac:ca:0a:87:6b:2c:1b:f7:59:c4:db:
d8:ec:52:4e:c0:89:04:8a:9b:27:6f:20:65:1b:4f:f4:fb:92:
90:0e:6e:50:71:22:c3:44:7b:20:53:54:34:85:ac:fb:e8:e0:
5e:47:9f:7c:9d:44:6a:a5:72:75:a3:3b:19:6e:60:ae:a4:53:
44:9a:d4:1d:c8:64:2e:f7:06:91:85:85:2b:95:84:f5:14:a4:
1b:ac:de:19
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQijVC+kCU+O6sMZWJ6Woo7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjUwMTAxMTU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjJhYzJmYWRkMDdmYzY5MDA4MzY3M2NmMzJmNmQ0OWY5ZjI3ODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01t0ftuDJSOhIeYC16CM5cMusgny
n2jYVFiOYtlC51Z89VZWa3X15+Z0KhEcbXId7dHXMao0TZccvZQrTyEsnmu2WDMh
8ABIzyc9BvxVv//r4meLTsiOE7t1bvzZAXAnrGDz/dhUAJ8hRHz0i6biQSrYzEsz
ppN95pkcv+bpSwWyyZml6THoEy0qOJmtk/2mepe4xc5ZCFvFxznaqu6VOzbAvXD1
Hbfezy7JinxdPxFysTBu6CH5cBbvwcgcbVhZk/fCU503pgWUSjqaEg525XCBOjrg
QCt7bjlqulhZCVmD1QX4tcnNiErztP1QbmYDQiQF/hs5l5c1wLWLkiUhxwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFI8qwvrdB/xpAINnPPMvbUn58ng0MB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvanlyQy10MEhfR2tBZzJjODh5OXRTZm55ZURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQFWFSAAwQH
WcoAAwQCwW50AwQE2USQAwQE2U/QMBQEAgACMA4DBQAgAUxoAwUDKgIgqDANBgkq
hkiG9w0BAQsFAAOCAQEAR+70Xq75ylC7zeqANfKj92iZ2kUPJdcW6iuXx7R9SLKG
WlXzx/sZUafmttmQva9Ey8Yk/gsfgZcEqNoIIWA0vd2lS4lFh8de8/mzZNMxU8O4
wIwIGvSZplYKhyoqKQqk+JhsM14qrXRdLEV4v879IEaE3iBfAR9UTGH1Wf6Jex2K
+IOuvNdsx0tRNjAOP2yEpE7MdsgjTkZtbefHFpXkJeY3QY0NLBJkR6zKCodrLBv3
WcTb2OxSTsCJBIqbJ28gZRtP9PuSkA5uUHEiw0R7IFNUNIWs++jgXkeffJ1EaqVy
daM7GW5grqRTRJrUHchkLvcGkYWFK5WE9RSkG6zeGQ==
-----END CERTIFICATE-----
Generated at Sat Apr 5 19:03:36 2025 by rpki-client