Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/ced9b5-9440-4d0b-be1f-1b2e4105eb7e/1/XlhaEzLsA7jWqPOILfz8Yhd9kdk.roa
File: XlhaEzLsA7jWqPOILfz8Yhd9kdk.roa (raw, json)
Hash identifier: fE0R2m8vpEkHRD5syUluKcIvECTiC6hfTnpdsOL+n0Y=
Subject key identifier: 5E:58:5A:13:32:EC:03:B8:D6:A8:F3:88:2D:FC:FC:62:17:7D:91:D9
Certificate issuer: /CN=07248b52d23ebd237b8a8b6e63edd02dfeef984c
Certificate serial: 019423D7BEA5A18F82B28B9DE20704B0E98E
Authority key identifier: 07:24:8B:52:D2:3E:BD:23:7B:8A:8B:6E:63:ED:D0:2D:FE:EF:98:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BySLUtI-vSN7iotuY-3QLf7vmEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/ced9b5-9440-4d0b-be1f-1b2e4105eb7e/1/XlhaEzLsA7jWqPOILfz8Yhd9kdk.roa
Signing time: Wed 01 Jan 2025 21:48:49 +0000
ROA not before: Wed 01 Jan 2025 21:48:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197697
IP address blocks: 95.156.240.0/21 maxlen: 22
95.214.4.0/22 maxlen: 23
185.54.56.0/22 maxlen: 23
185.122.96.0/22 maxlen: 23
185.122.104.0/22 maxlen: 23
192.162.92.0/22 maxlen: 23
193.186.204.0/22 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:be:a5:a1:8f:82:b2:8b:9d:e2:07:04:b0:e9:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07248b52d23ebd237b8a8b6e63edd02dfeef984c
Validity
Not Before: Jan 1 21:48:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e585a1332ec03b8d6a8f3882dfcfc62177d91d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:61:9c:2a:22:86:55:a0:7e:f2:71:27:74:d4:
77:99:36:19:79:f4:1b:8b:79:35:42:de:e7:1b:e3:
45:b5:d6:19:13:00:90:0c:c2:51:be:dc:8b:0e:04:
e1:20:cc:c7:e0:f5:cc:0c:f4:f5:10:5d:59:eb:0f:
af:52:c3:b3:e0:66:70:f3:14:65:4b:12:b4:f7:d4:
ee:68:15:cf:cc:1b:6f:0a:c2:b8:df:af:b2:c7:86:
49:e2:7d:1a:b3:8f:0c:a2:9a:a9:2c:6f:df:dc:95:
f7:93:fd:26:81:68:f8:f0:34:d1:b2:d1:fc:b3:98:
dd:42:99:13:bd:fa:85:3c:11:82:d2:81:96:e2:80:
84:9f:c7:00:a7:0a:3c:36:06:e9:5f:51:25:ba:64:
29:7d:52:e5:62:4f:bb:1a:a1:67:26:cc:af:e6:14:
51:c1:54:b9:57:b8:23:f0:5e:b3:f6:a5:36:6e:0d:
e8:9c:1e:21:ba:63:db:65:60:a8:54:00:fb:f3:1a:
d4:4d:a1:aa:ce:c2:3a:ca:ef:15:66:39:8d:57:61:
10:90:97:8e:78:7c:b7:70:2a:81:d2:ba:42:cf:5e:
9e:3f:20:30:8a:24:ce:a7:10:08:9a:95:4a:59:15:
df:78:77:9d:dd:66:7b:8f:c5:da:c1:1b:a9:4c:31:
a1:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:58:5A:13:32:EC:03:B8:D6:A8:F3:88:2D:FC:FC:62:17:7D:91:D9
X509v3 Authority Key Identifier:
keyid:07:24:8B:52:D2:3E:BD:23:7B:8A:8B:6E:63:ED:D0:2D:FE:EF:98:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BySLUtI-vSN7iotuY-3QLf7vmEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ced9b5-9440-4d0b-be1f-1b2e4105eb7e/1/XlhaEzLsA7jWqPOILfz8Yhd9kdk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/ced9b5-9440-4d0b-be1f-1b2e4105eb7e/1/BySLUtI-vSN7iotuY-3QLf7vmEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.156.240.0/21
95.214.4.0/22
185.54.56.0/22
185.122.96.0/22
185.122.104.0/22
192.162.92.0/22
193.186.204.0/22
Signature Algorithm: sha256WithRSAEncryption
87:70:e4:2a:4c:00:49:aa:7b:c0:22:ae:21:40:e7:35:48:51:
71:4e:10:85:04:0d:46:2a:31:9b:da:cf:b6:05:b0:4a:0d:2b:
4f:68:e4:ad:a5:28:49:f5:9d:78:05:b4:3b:66:d4:26:b5:e4:
ee:7a:60:a5:47:50:f6:5e:bf:fc:02:3b:62:91:fa:70:b9:b2:
9c:c4:58:1e:45:f4:6b:ed:2c:7b:43:86:24:d7:7f:7f:77:e0:
2f:0d:17:0f:95:e8:93:fe:55:f4:3f:48:13:a4:c5:be:35:32:
34:c3:93:84:96:7c:cf:ef:16:a6:e8:a1:7a:a3:29:e2:1f:86:
50:a3:65:c1:e2:14:eb:6f:8b:36:70:b8:50:2a:ec:b3:61:9e:
86:e0:68:fe:51:2e:85:ba:e3:1f:2f:3e:05:90:df:69:cc:45:
89:8c:05:cf:54:db:eb:36:af:9d:67:9b:88:63:74:98:04:43:
78:52:1c:12:71:33:c4:de:f1:d8:f7:82:16:36:8f:c0:34:ca:
81:8a:d8:25:69:1f:a1:0e:9b:6f:6a:08:4a:3d:65:47:56:16:
32:df:3a:05:4d:01:57:07:f3:18:33:c1:4e:87:be:a3:12:8a:
9a:53:7e:d5:75:39:78:97:75:8c:4d:de:df:41:cc:e6:7c:c7:
51:09:7c:dc
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQj176loY+Csoud4gcEsOmOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3MjQ4YjUyZDIzZWJkMjM3YjhhOGI2ZTYzZWRkMDJkZmVl
Zjk4NGMwHhcNMjUwMTAxMjE0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTU4NWExMzMyZWMwM2I4ZDZhOGYzODgyZGZjZmM2MjE3N2Q5MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWGcKiKGVaB+8nEndNR3mTYZefQb
i3k1Qt7nG+NFtdYZEwCQDMJRvtyLDgThIMzH4PXMDPT1EF1Z6w+vUsOz4GZw8xRl
SxK099TuaBXPzBtvCsK436+yx4ZJ4n0as48MopqpLG/f3JX3k/0mgWj48DTRstH8
s5jdQpkTvfqFPBGC0oGW4oCEn8cApwo8NgbpX1ElumQpfVLlYk+7GqFnJsyv5hRR
wVS5V7gj8F6z9qU2bg3onB4humPbZWCoVAD78xrUTaGqzsI6yu8VZjmNV2EQkJeO
eHy3cCqB0rpCz16ePyAwiiTOpxAImpVKWRXfeHed3WZ7j8XawRupTDGhdQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFF5YWhMy7AO41qjziC38/GIXfZHZMB8GA1UdIwQY
MBaAFAcki1LSPr0je4qLbmPt0C3+75hMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnlTTFV0SS12U043aW90dVktM1FMZjd2bUV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jZWQ5YjUtOTQ0MC00ZDBiLWJlMWYt
MWIyZTQxMDVlYjdlLzEvWGxoYUV6THNBN2pXcVBPSUxmejhZaGQ5a2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jZWQ5YjUtOTQ0MC00ZDBiLWJlMWYtMWIyZTQxMDVlYjdl
LzEvQnlTTFV0SS12U043aW90dVktM1FMZjd2bUV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDX5zwAwQC
X9YEAwQCuTY4AwQCuXpgAwQCuXpoAwQCwKJcAwQCwbrMMA0GCSqGSIb3DQEBCwUA
A4IBAQCHcOQqTABJqnvAIq4hQOc1SFFxThCFBA1GKjGb2s+2BbBKDStPaOStpShJ
9Z14BbQ7ZtQmteTuemClR1D2Xr/8AjtikfpwubKcxFgeRfRr7Sx7Q4Yk139/d+Av
DRcPleiT/lX0P0gTpMW+NTI0w5OElnzP7xam6KF6oyniH4ZQo2XB4hTrb4s2cLhQ
KuyzYZ6G4Gj+US6FuuMfLz4FkN9pzEWJjAXPVNvrNq+dZ5uIY3SYBEN4UhwScTPE
3vHY94IWNo/ANMqBitglaR+hDptvaghKPWVHVhYy3zoFTQFXB/MYM8FOh76jEoqa
U37VdTl4l3WMTd7fQczmfMdRCXzc
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:39:18 2025 by rpki-client