Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/4af64a-57f8-4643-87ba-d87b7026a3ff/1/hdN3TWiGF-v4lVfB-_MZbJp6BC0.roa
File: hdN3TWiGF-v4lVfB-_MZbJp6BC0.roa (raw, json)
Hash identifier: FBzq8JkLasFx9OYifFuQNiKO30TthScuWNWKtgQWVSE=
Subject key identifier: 85:D3:77:4D:68:86:17:EB:F8:95:57:C1:FB:F3:19:6C:9A:7A:04:2D
Certificate issuer: /CN=8dff1b0ce9f486a67e63d3f0d0e688a24f700c7c
Certificate serial: 019427B577555E23F88790014F44D7DD7597
Authority key identifier: 8D:FF:1B:0C:E9:F4:86:A6:7E:63:D3:F0:D0:E6:88:A2:4F:70:0C:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jf8bDOn0hqZ-Y9Pw0OaIok9wDHw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/4af64a-57f8-4643-87ba-d87b7026a3ff/1/hdN3TWiGF-v4lVfB-_MZbJp6BC0.roa
Signing time: Thu 02 Jan 2025 15:49:51 +0000
ROA not before: Thu 02 Jan 2025 15:49:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51733
IP address blocks: 91.209.254.0/24 maxlen: 24
91.221.58.0/23 maxlen: 23
91.221.58.0/24 maxlen: 24
91.221.59.0/24 maxlen: 24
185.156.84.0/22 maxlen: 22
185.156.84.0/23 maxlen: 23
185.156.84.0/24 maxlen: 24
185.156.85.0/24 maxlen: 24
185.156.86.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:77:55:5e:23:f8:87:90:01:4f:44:d7:dd:75:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8dff1b0ce9f486a67e63d3f0d0e688a24f700c7c
Validity
Not Before: Jan 2 15:49:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85d3774d688617ebf89557c1fbf3196c9a7a042d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ff:72:39:a8:f1:b7:8f:d0:f0:2a:f3:d7:04:
50:97:d9:b3:a1:3d:b7:04:78:66:f4:32:51:ae:0b:
e7:0c:4e:f9:f3:45:30:85:7c:87:90:23:19:d5:2c:
6c:c0:0a:ad:a5:b1:29:c9:c1:e2:d1:3e:44:f7:5d:
dc:ec:d9:d6:5c:b6:a4:6c:a3:0d:fb:34:b2:27:5f:
5c:ab:2f:69:98:9e:eb:3a:c2:08:0a:95:0e:ed:22:
00:86:7c:6a:03:bb:22:99:49:a5:d1:e0:8e:1d:1f:
88:e6:41:b3:e8:08:10:9d:db:1e:ea:9b:49:c2:72:
23:ca:93:42:fd:74:7b:53:f1:61:64:87:e5:4a:d0:
3a:39:32:4a:7e:c2:fe:a5:11:83:6e:25:73:28:01:
80:82:c5:b1:c5:96:f3:0d:33:c0:5b:dc:9a:72:55:
91:55:ef:c1:60:f8:9e:31:0a:1a:f5:86:21:79:72:
f8:64:bf:54:0a:4d:64:e6:7e:1f:ac:21:f2:9c:03:
8f:bf:37:05:70:90:5a:96:56:a9:8f:0c:de:d7:00:
14:80:94:32:19:1c:99:58:3c:e4:09:c6:74:51:7e:
bb:22:0a:51:69:ef:bb:a2:92:86:c8:a2:bc:04:cb:
17:88:79:e9:9d:93:53:b6:01:8a:f8:bf:93:ca:1e:
bc:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:D3:77:4D:68:86:17:EB:F8:95:57:C1:FB:F3:19:6C:9A:7A:04:2D
X509v3 Authority Key Identifier:
keyid:8D:FF:1B:0C:E9:F4:86:A6:7E:63:D3:F0:D0:E6:88:A2:4F:70:0C:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jf8bDOn0hqZ-Y9Pw0OaIok9wDHw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/4af64a-57f8-4643-87ba-d87b7026a3ff/1/hdN3TWiGF-v4lVfB-_MZbJp6BC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/4af64a-57f8-4643-87ba-d87b7026a3ff/1/jf8bDOn0hqZ-Y9Pw0OaIok9wDHw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.209.254.0/24
91.221.58.0/23
185.156.84.0/22
Signature Algorithm: sha256WithRSAEncryption
8f:66:bc:c9:a8:0a:92:55:15:6a:bd:ee:3c:57:d9:a4:e8:e8:
82:0d:b3:ab:a1:16:15:b3:05:f0:b3:a6:aa:3e:4b:6e:dd:e9:
9e:a3:e2:e1:fb:a2:63:b1:68:a9:80:1a:16:df:54:ea:51:c8:
58:01:b7:bc:19:6a:40:f5:50:37:a4:e5:7a:ce:35:02:3d:e3:
fa:f4:2a:99:33:33:23:c1:d6:e7:21:5e:ed:2f:55:52:04:4e:
6b:35:5f:20:fa:71:e1:cd:23:8d:d0:fa:d3:e3:94:1c:d7:bd:
93:47:df:90:22:9f:e4:cf:0d:63:b2:87:da:15:9b:ef:f3:e0:
64:c1:1f:b1:c9:4a:09:cc:12:fb:f7:05:37:27:e2:d1:ae:51:
04:46:2b:80:56:99:9f:8a:51:77:c8:7c:1d:1e:4d:48:a9:2e:
9a:b0:01:dd:74:05:6e:d7:91:6e:83:08:c2:11:72:91:bc:d6:
b4:0a:17:a2:36:fc:a7:16:3e:b9:bb:d1:71:26:18:a4:be:73:
cd:83:f2:5a:80:7f:1e:64:45:6b:78:23:bd:ef:bd:67:30:c4:
03:b5:ea:6c:b3:4c:3c:c7:7b:90:41:e7:ee:45:2c:f3:3a:32:
75:ce:d8:41:e6:27:de:75:5a:00:09:73:15:8a:d0:c8:8d:a8:
cc:b3:fa:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntXdVXiP4h5ABT0TX3XWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZmYxYjBjZTlmNDg2YTY3ZTYzZDNmMGQwZTY4OGEyNGY3
MDBjN2MwHhcNMjUwMTAyMTU0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWQzNzc0ZDY4ODYxN2ViZjg5NTU3YzFmYmYzMTk2YzlhN2EwNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyf9yOajxt4/Q8Crz1wRQl9mzoT23
BHhm9DJRrgvnDE7580UwhXyHkCMZ1SxswAqtpbEpycHi0T5E913c7NnWXLakbKMN
+zSyJ19cqy9pmJ7rOsIICpUO7SIAhnxqA7simUml0eCOHR+I5kGz6AgQndse6ptJ
wnIjypNC/XR7U/FhZIflStA6OTJKfsL+pRGDbiVzKAGAgsWxxZbzDTPAW9yaclWR
Ve/BYPieMQoa9YYheXL4ZL9UCk1k5n4frCHynAOPvzcFcJBallapjwze1wAUgJQy
GRyZWDzkCcZ0UX67IgpRae+7opKGyKK8BMsXiHnpnZNTtgGK+L+Tyh68OQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIXTd01ohhfr+JVXwfvzGWyaegQtMB8GA1UdIwQY
MBaAFI3/Gwzp9IamfmPT8NDmiKJPcAx8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamY4YkRPbjBocVotWTlQdzBPYUlvazl3REh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80YWY2NGEtNTdmOC00NjQzLTg3YmEt
ZDg3YjcwMjZhM2ZmLzEvaGROM1RXaUdGLXY0bFZmQi1fTVpiSnA2QkMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80YWY2NGEtNTdmOC00NjQzLTg3YmEtZDg3YjcwMjZhM2Zm
LzEvamY4YkRPbjBocVotWTlQdzBPYUlvazl3REh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9H+AwQB
W906AwQCuZxUMA0GCSqGSIb3DQEBCwUAA4IBAQCPZrzJqAqSVRVqve48V9mk6OiC
DbOroRYVswXws6aqPktu3emeo+Lh+6JjsWipgBoW31TqUchYAbe8GWpA9VA3pOV6
zjUCPeP69CqZMzMjwdbnIV7tL1VSBE5rNV8g+nHhzSON0PrT45Qc172TR9+QIp/k
zw1jsofaFZvv8+BkwR+xyUoJzBL79wU3J+LRrlEERiuAVpmfilF3yHwdHk1IqS6a
sAHddAVu15FugwjCEXKRvNa0CheiNvynFj65u9FxJhikvnPNg/JagH8eZEVreCO9
771nMMQDtepss0w8x3uQQefuRSzzOjJ1zthB5ifedVoACXMVitDIjajMs/rj
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:09:54 2025 by rpki-client