Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/bdfe17-91ad-4f31-aecd-81ed12ddf175/1/uDXgZr4d7paw0tQnlQAuxTAiQJ4.roa
File: uDXgZr4d7paw0tQnlQAuxTAiQJ4.roa (raw, json)
Hash identifier: ZLVG9qnKbapzUcUyG3vXPFRhsGi/6YqVmyuunmvWt4g=
Subject key identifier: B8:35:E0:66:BE:1D:EE:96:B0:D2:D4:27:95:00:2E:C5:30:22:40:9E
Certificate issuer: /CN=1b9e417bb9ecb1ace9491ebc2823bb78934b2cdf
Certificate serial: 019596D7A552852C3C9CEC0D6CC0FFC58450
Authority key identifier: 1B:9E:41:7B:B9:EC:B1:AC:E9:49:1E:BC:28:23:BB:78:93:4B:2C:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G55Be7nssazpSR68KCO7eJNLLN8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/bdfe17-91ad-4f31-aecd-81ed12ddf175/1/uDXgZr4d7paw0tQnlQAuxTAiQJ4.roa
Signing time: Fri 14 Mar 2025 22:47:49 +0000
ROA not before: Fri 14 Mar 2025 22:47:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30931
IP address blocks: 185.109.140.0/22 maxlen: 22
185.109.140.0/23 maxlen: 23
185.109.140.0/24 maxlen: 24
185.109.141.0/24 maxlen: 24
185.109.142.0/24 maxlen: 24
185.109.143.0/24 maxlen: 24
185.233.4.0/22 maxlen: 22
185.233.4.0/23 maxlen: 23
185.233.6.0/23 maxlen: 23
2a0c:c900::/29 maxlen: 29
2a0c:c900::/48 maxlen: 48
2a0c:c900:1::/48 maxlen: 48
2a0c:c900:2::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:96:d7:a5:52:85:2c:3c:9c:ec:0d:6c:c0:ff:c5:84:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1b9e417bb9ecb1ace9491ebc2823bb78934b2cdf
Validity
Not Before: Mar 14 22:47:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b835e066be1dee96b0d2d42795002ec53022409e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:0d:33:94:b6:09:ff:37:e4:61:44:fe:df:95:
69:35:12:44:ba:ea:95:27:3f:fa:5d:d1:55:0c:19:
a9:6d:1f:cb:ec:f1:91:3b:88:42:a0:8b:07:02:bc:
92:63:3a:7d:8a:cb:97:24:cc:fa:59:32:8d:cd:ca:
72:13:9a:ff:b8:0c:a1:05:99:17:4c:94:30:ff:2f:
77:e4:87:54:df:d7:cd:93:14:1a:1f:8e:df:b2:67:
4a:40:f2:ed:21:08:d7:ee:28:b5:88:b5:fc:d4:46:
dd:30:8b:f6:09:3a:7b:aa:df:d1:28:8b:79:0f:75:
e4:74:a1:b3:c0:b7:7b:be:a0:e6:40:29:bf:f1:fe:
ff:dd:06:5b:f8:78:32:25:b7:33:81:aa:8c:b8:e2:
15:d0:3e:84:97:dc:4c:4b:46:71:71:37:ae:cc:17:
b7:64:45:e6:bf:85:69:c7:3a:54:3e:55:c2:0c:d8:
40:f2:92:a3:9b:d1:9f:bf:73:24:94:87:e5:26:94:
b5:9b:59:05:b1:82:63:f7:61:0f:14:35:18:3b:9a:
e8:fd:1a:77:81:fa:9b:61:60:10:bc:90:16:bf:1d:
54:7c:dd:0c:91:db:b7:06:81:02:23:7a:ae:f7:a1:
a0:5d:f6:72:72:c5:48:34:22:b1:24:1c:a5:d8:d6:
78:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:35:E0:66:BE:1D:EE:96:B0:D2:D4:27:95:00:2E:C5:30:22:40:9E
X509v3 Authority Key Identifier:
keyid:1B:9E:41:7B:B9:EC:B1:AC:E9:49:1E:BC:28:23:BB:78:93:4B:2C:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G55Be7nssazpSR68KCO7eJNLLN8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/bdfe17-91ad-4f31-aecd-81ed12ddf175/1/uDXgZr4d7paw0tQnlQAuxTAiQJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/bdfe17-91ad-4f31-aecd-81ed12ddf175/1/G55Be7nssazpSR68KCO7eJNLLN8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.109.140.0/22
185.233.4.0/22
IPv6:
2a0c:c900::/29
Signature Algorithm: sha256WithRSAEncryption
51:e0:ca:1e:29:f9:db:c8:61:78:c3:a4:95:ec:9d:58:eb:61:
60:85:de:58:f2:64:19:00:a4:d2:82:f1:59:97:2f:98:0e:4d:
d0:03:6f:22:3c:c9:5f:62:e6:c2:7f:ce:e4:1f:6f:d7:c2:9b:
8d:0d:c3:11:07:3b:c7:81:70:c1:f0:ff:74:e0:51:09:34:dd:
f6:28:db:01:45:88:e7:5a:a7:ab:77:94:8b:a3:6d:61:8a:f1:
a8:34:d6:df:2d:46:44:71:c2:1a:51:65:25:85:49:31:15:d3:
65:ff:26:da:50:31:2d:50:fc:c4:eb:ac:44:d0:ff:26:19:7e:
d6:21:fb:af:74:bd:20:2f:a7:9e:95:31:0d:0b:2f:7a:0e:f9:
d2:ed:27:a9:f8:2b:ba:90:4c:73:bf:59:bb:18:7c:ed:68:c5:
61:78:69:17:95:2e:51:ee:08:c3:84:23:7c:e8:2e:f1:ed:ce:
24:7a:85:87:b1:5f:2c:78:ad:a0:9b:b3:7c:c9:71:38:7c:63:
08:1a:24:50:1e:2b:da:7b:07:4c:f4:c3:20:00:51:ab:fa:22:
84:1f:8b:46:79:95:00:1f:c9:84:17:89:38:d1:e5:56:d2:51:
4c:d3:69:ba:34:00:ea:fd:a9:45:91:21:b5:cd:55:c1:4f:ef:
53:69:14:aa
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZWW16VShSw8nOwNbMD/xYRQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWU0MTdiYjllY2IxYWNlOTQ5MWViYzI4MjNiYjc4OTM0
YjJjZGYwHhcNMjUwMzE0MjI0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODM1ZTA2NmJlMWRlZTk2YjBkMmQ0Mjc5NTAwMmVjNTMwMjI0MDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg0zlLYJ/zfkYUT+35VpNRJEuuqV
Jz/6XdFVDBmpbR/L7PGRO4hCoIsHArySYzp9isuXJMz6WTKNzcpyE5r/uAyhBZkX
TJQw/y935IdU39fNkxQaH47fsmdKQPLtIQjX7ii1iLX81EbdMIv2CTp7qt/RKIt5
D3XkdKGzwLd7vqDmQCm/8f7/3QZb+HgyJbczgaqMuOIV0D6El9xMS0ZxcTeuzBe3
ZEXmv4VpxzpUPlXCDNhA8pKjm9Gfv3MklIflJpS1m1kFsYJj92EPFDUYO5ro/Rp3
gfqbYWAQvJAWvx1UfN0Mkdu3BoECI3qu96GgXfZycsVINCKxJByl2NZ4zwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLg14Ga+He6WsNLUJ5UALsUwIkCeMB8GA1UdIwQY
MBaAFBueQXu57LGs6UkevCgju3iTSyzfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU1QmU3bnNzYXpwU1I2OEtDTzdlSk5MTE44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9iZGZlMTctOTFhZC00ZjMxLWFlY2Qt
ODFlZDEyZGRmMTc1LzEvdURYZ1pyNGQ3cGF3MHRRbmxRQXV4VEFpUUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9iZGZlMTctOTFhZC00ZjMxLWFlY2QtODFlZDEyZGRmMTc1
LzEvRzU1QmU3bnNzYXpwU1I2OEtDTzdlSk5MTE44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuW2MAwQC
uekEMA0EAgACMAcDBQMqDMkAMA0GCSqGSIb3DQEBCwUAA4IBAQBR4MoeKfnbyGF4
w6SV7J1Y62Fghd5Y8mQZAKTSgvFZly+YDk3QA28iPMlfYubCf87kH2/XwpuNDcMR
BzvHgXDB8P904FEJNN32KNsBRYjnWqerd5SLo21hivGoNNbfLUZEccIaUWUlhUkx
FdNl/ybaUDEtUPzE66xE0P8mGX7WIfuvdL0gL6eelTENCy96DvnS7Sep+Cu6kExz
v1m7GHztaMVheGkXlS5R7gjDhCN86C7x7c4keoWHsV8seK2gm7N8yXE4fGMIGiRQ
HivaewdM9MMgAFGr+iKEH4tGeZUAH8mEF4k40eVW0lFM02m6NADq/alFkSG1zVXB
T+9TaRSq
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:00:51 2025 by rpki-client