Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/Q-wq6VOridyReiBozWYMVIfjz8k.roa
File: Q-wq6VOridyReiBozWYMVIfjz8k.roa (raw, json)
Hash identifier: DDh8EVQVG+njJh6BgA3lXz+NicCjbriCCtrTuBXokE8=
Subject key identifier: 43:EC:2A:E9:53:AB:89:DC:91:7A:20:68:CD:66:0C:54:87:E3:CF:C9
Certificate issuer: /CN=07f2a175be20108641c649553213f212511667a5
Certificate serial: 01856F824D67F3A6CD990E69D3AF8E6803B9
Authority key identifier: 07:F2:A1:75:BE:20:10:86:41:C6:49:55:32:13:F2:12:51:16:67:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/Q-wq6VOridyReiBozWYMVIfjz8k.roa
Signing time: Sun 01 Jan 2023 22:44:48 +0000
ROA not before: Sun 01 Jan 2023 22:44:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39806
IP address blocks: 195.190.149.0/24 maxlen: 24
195.190.150.0/24 maxlen: 24
195.190.154.0/24 maxlen: 24
195.190.157.0/24 maxlen: 24
185.166.232.0/23 maxlen: 24
185.166.235.0/24 maxlen: 24
185.166.234.0/24 maxlen: 24
2a0b:2200::/29 maxlen: 64
2a0f:c140::/29 maxlen: 64
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:82:4d:67:f3:a6:cd:99:0e:69:d3:af:8e:68:03:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=07f2a175be20108641c649553213f212511667a5
Validity
Not Before: Jan 1 22:44:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43ec2ae953ab89dc917a2068cd660c5487e3cfc9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:f0:4c:45:d6:b2:31:44:18:6f:73:4d:05:78:
81:c2:52:ba:21:f5:91:c1:2c:62:42:66:11:f2:f4:
f8:3c:90:a5:bc:30:7a:d8:3a:14:d3:21:c9:29:97:
13:0e:85:56:66:6a:7e:ad:33:7c:78:21:77:1c:09:
43:1e:27:8d:cd:19:83:da:54:a0:eb:71:03:65:b8:
3d:8e:36:cc:5a:fa:fc:2e:a8:1d:01:c0:ca:12:16:
5c:a5:b1:fc:af:fa:b9:e7:f2:42:25:eb:69:35:8f:
16:aa:f3:91:9b:ad:d6:6c:01:4c:f2:7e:0b:e4:f7:
15:5d:fd:41:dd:cf:c3:5a:36:ae:28:7a:2e:8f:25:
ca:ff:91:60:73:4d:51:e8:62:79:58:29:b2:db:8e:
f8:11:05:d5:0e:81:c3:9a:9f:92:c0:64:8b:c4:1d:
e0:10:1b:da:3b:3d:4f:25:b6:56:15:b4:74:4c:5a:
1c:2f:5a:be:24:29:0d:7b:52:d5:53:ac:79:a4:96:
31:c8:05:31:59:04:96:83:68:7e:08:1e:b3:48:60:
08:11:78:e8:7e:84:82:5a:23:05:2f:df:93:9d:4a:
e9:3e:4a:4d:ae:1b:05:9b:06:78:fb:23:36:74:dc:
58:a1:24:ff:03:10:2e:39:e0:54:89:ca:be:b7:ce:
11:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:EC:2A:E9:53:AB:89:DC:91:7A:20:68:CD:66:0C:54:87:E3:CF:C9
X509v3 Authority Key Identifier:
keyid:07:F2:A1:75:BE:20:10:86:41:C6:49:55:32:13:F2:12:51:16:67:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/Q-wq6VOridyReiBozWYMVIfjz8k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.232.0/22
195.190.149.0-195.190.150.255
195.190.154.0/24
195.190.157.0/24
IPv6:
2a0b:2200::/29
2a0f:c140::/29
Signature Algorithm: sha256WithRSAEncryption
a3:06:35:c7:50:b1:f4:44:05:e5:a1:8c:2c:43:b9:03:f4:f0:
58:c2:bd:54:f2:a9:db:e6:ab:3e:41:18:62:92:f9:c2:d2:70:
64:f1:df:39:24:02:c0:38:a0:86:20:da:c6:4a:e5:f2:8e:ac:
b5:73:90:ca:ac:05:6e:44:d6:73:18:b5:a2:b5:65:73:2f:af:
19:c3:e9:99:18:82:66:ca:8b:9d:ca:ab:2d:a1:f6:b1:89:11:
29:ad:09:3e:dc:c7:72:c4:0e:32:59:c8:c6:b0:7e:07:f9:b7:
d2:fc:2c:7b:fc:a3:1d:bf:63:0a:27:ab:90:10:9d:cb:7b:12:
5c:ce:af:4f:ad:df:3a:28:ed:5c:fe:a6:14:b7:6b:64:1d:fc:
66:84:a9:7e:55:e4:af:bd:65:db:2d:47:34:b2:24:d1:f5:1e:
c2:51:19:89:ea:4e:7e:e0:d2:36:2d:be:a8:0c:f5:d1:55:85:
74:e4:2f:54:26:cf:e5:7a:f1:ac:a7:79:52:ed:25:ab:19:db:
83:0a:d2:a6:35:6f:db:4f:e6:e6:e1:33:70:23:c3:90:3a:1e:
be:b1:f9:0e:94:76:c7:98:59:ed:56:f5:38:85:82:20:6b:fb:
ea:1d:c6:b5:48:26:39:38:5f:01:bf:2e:85:94:8d:33:bb:59:
be:6b:3f:28
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVvgk1n86bNmQ5p06+OaAO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjJhMTc1YmUyMDEwODY0MWM2NDk1NTMyMTNmMjEyNTEx
NjY3YTUwHhcNMjMwMTAxMjI0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2VjMmFlOTUzYWI4OWRjOTE3YTIwNjhjZDY2MGM1NDg3ZTNjZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfBMRdayMUQYb3NNBXiBwlK6IfWR
wSxiQmYR8vT4PJClvDB62DoU0yHJKZcTDoVWZmp+rTN8eCF3HAlDHieNzRmD2lSg
63EDZbg9jjbMWvr8LqgdAcDKEhZcpbH8r/q55/JCJetpNY8WqvORm63WbAFM8n4L
5PcVXf1B3c/DWjauKHoujyXK/5Fgc01R6GJ5WCmy2474EQXVDoHDmp+SwGSLxB3g
EBvaOz1PJbZWFbR0TFocL1q+JCkNe1LVU6x5pJYxyAUxWQSWg2h+CB6zSGAIEXjo
foSCWiMFL9+TnUrpPkpNrhsFmwZ4+yM2dNxYoST/AxAuOeBUicq+t84RZQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEPsKulTq4nckXogaM1mDFSH48/JMB8GA1UdIwQY
MBaAFAfyoXW+IBCGQcZJVTIT8hJRFmelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9LaGRiNGdFSVpCeGtsVk1oUHlFbEVXWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8zNmIwODUtMWE1Yi00YWY5LTg3OGIt
Mzc2NDI2ZmZkNjYyLzEvUS13cTZWT3JpZHlSZWlCb3pXWU1WSWZqejhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8zNmIwODUtMWE1Yi00YWY5LTg3OGItMzc2NDI2ZmZkNjYy
LzEvQl9LaGRiNGdFSVpCeGtsVk1oUHlFbEVXWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAmBAIAATAgAwQCuaboMAwD
BADDvpUDBADDvpYDBADDvpoDBADDvp0wFAQCAAIwDgMFAyoLIgADBQMqD8FAMA0G
CSqGSIb3DQEBCwUAA4IBAQCjBjXHULH0RAXloYwsQ7kD9PBYwr1U8qnb5qs+QRhi
kvnC0nBk8d85JALAOKCGINrGSuXyjqy1c5DKrAVuRNZzGLWitWVzL68Zw+mZGIJm
youdyqstofaxiREprQk+3MdyxA4yWcjGsH4H+bfS/Cx7/KMdv2MKJ6uQEJ3LexJc
zq9Prd86KO1c/qYUt2tkHfxmhKl+VeSvvWXbLUc0siTR9R7CURmJ6k5+4NI2Lb6o
DPXRVYV05C9UJs/levGsp3lS7SWrGduDCtKmNW/bT+bm4TNwI8OQOh6+sfkOlHbH
mFntVvU4hYIga/vqHca1SCY5OF8Bvy6FlI0zu1m+az8o
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:36:35 2025 by rpki-client