Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/XQRW4hC6egq6X6BxwUNnVpgvblo.roa
File: XQRW4hC6egq6X6BxwUNnVpgvblo.roa (raw, json)
Hash identifier: PhRVE0d3jHpqQEE7GI6sFR1qHTQDk+IvXmg/HiU9evE=
Subject key identifier: 5D:04:56:E2:10:BA:7A:0A:BA:5F:A0:71:C1:43:67:56:98:2F:6E:5A
Certificate issuer: /CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
Certificate serial: 019624F6DB909F30F406F731B6BF95992782
Authority key identifier: B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/XQRW4hC6egq6X6BxwUNnVpgvblo.roa
Signing time: Fri 11 Apr 2025 13:07:59 +0000
ROA not before: Fri 11 Apr 2025 13:07:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60175
IP address blocks: 89.63.0.0/16 maxlen: 24
89.63.0.0/20 maxlen: 20
89.63.16.0/20 maxlen: 20
89.63.20.0/24 maxlen: 24
89.63.240.0/20 maxlen: 21
185.35.12.0/22 maxlen: 22
195.4.128.0/19 maxlen: 19
195.4.145.0/24 maxlen: 24
195.4.160.0/20 maxlen: 20
195.4.184.0/21 maxlen: 21
195.4.192.0/20 maxlen: 20
195.4.199.0/24 maxlen: 24
195.4.208.0/21 maxlen: 21
2a00:dca0::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:24:f6:db:90:9f:30:f4:06:f7:31:b6:bf:95:99:27:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b32ee2b39712377b4bfec9e66ac7e6e908efceec
Validity
Not Before: Apr 11 13:07:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d0456e210ba7a0aba5fa071c1436756982f6e5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c5:ec:70:ae:ad:a1:e3:fe:24:6d:ae:a2:72:
d0:46:b1:b2:3d:f8:4a:75:e2:c1:39:46:73:78:cd:
43:6d:d6:66:6e:fe:28:9d:1d:a5:61:8c:02:9d:6c:
12:ec:03:27:96:54:69:e8:a0:13:2b:2b:1f:63:ae:
a5:da:dd:fd:66:4b:0f:e3:ec:92:dc:6e:47:b9:ad:
31:56:58:f1:51:1d:7c:a9:2d:5c:a8:65:c6:51:2e:
59:c4:aa:c9:4f:d1:08:2b:a7:b2:89:56:6e:75:87:
33:03:5a:e0:d4:3e:3f:53:b9:77:e8:72:79:f0:59:
4e:d4:d8:57:ab:44:c1:48:03:bc:8c:2f:ac:bf:e1:
d6:2a:13:40:7c:f6:6f:9c:ff:ab:a2:24:ac:f9:33:
8a:11:ff:d4:83:7f:de:52:b5:96:b6:67:06:c4:75:
7d:e3:d8:d2:a4:be:98:ef:55:12:29:7b:55:c0:75:
b3:2f:b5:1a:10:35:ce:50:38:27:d3:df:0c:23:d4:
1b:cf:c3:f5:29:29:2d:60:1c:e8:4d:0a:cd:85:ee:
ac:2e:1a:29:83:d6:56:80:2e:5e:d9:90:dd:7f:28:
d2:b1:61:a8:78:aa:c1:2a:e5:64:a7:80:12:30:73:
78:a3:43:4c:c1:5d:6d:41:34:21:d5:1c:1a:b9:49:
56:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:04:56:E2:10:BA:7A:0A:BA:5F:A0:71:C1:43:67:56:98:2F:6E:5A
X509v3 Authority Key Identifier:
keyid:B3:2E:E2:B3:97:12:37:7B:4B:FE:C9:E6:6A:C7:E6:E9:08:EF:CE:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sy7is5cSN3tL_snmasfm6Qjvzuw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/XQRW4hC6egq6X6BxwUNnVpgvblo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/dfa51b-46aa-4084-a343-f016ca5da219/1/sy7is5cSN3tL_snmasfm6Qjvzuw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.63.0.0/16
185.35.12.0/22
195.4.128.0-195.4.175.255
195.4.184.0-195.4.215.255
IPv6:
2a00:dca0::/29
Signature Algorithm: sha256WithRSAEncryption
45:89:d6:1b:e8:aa:18:41:a1:b3:e0:36:36:94:9b:28:3b:72:
f7:93:a8:6a:e8:51:6a:c2:39:8f:37:88:a2:57:66:4b:fc:a4:
c7:d9:fe:a5:4a:18:41:1a:37:67:06:25:d0:33:85:9c:44:cf:
4c:44:eb:2e:27:0f:7e:d3:73:4a:6e:61:cf:c4:13:8c:aa:c3:
af:61:be:b5:f6:9e:4b:b5:55:04:15:5e:59:06:d1:7a:c4:aa:
85:f8:97:eb:43:ab:fa:59:1d:f9:1a:a3:01:d0:27:9b:d1:cc:
72:99:4e:70:26:9b:57:14:74:30:ef:f3:18:18:1b:50:be:a9:
02:47:5d:0e:59:ba:77:ee:c4:01:2b:7e:55:ab:77:0e:4e:b4:
a3:29:bb:32:19:43:e8:c6:e2:fe:be:f4:8f:db:2d:c3:54:e0:
cf:28:d7:e1:35:3f:90:7b:4a:0b:8a:f3:f5:62:f5:99:be:fa:
fb:88:9c:58:60:ee:cd:ea:bb:be:fb:d6:f8:da:a0:77:7e:13:
3b:ba:a9:c8:04:a0:bb:d7:09:6a:85:d9:94:a2:ac:6a:5b:ab:
a2:fd:57:16:e5:1c:d4:21:8a:dd:74:c6:a8:43:a2:83:f4:2f:
ed:7a:bd:81:a1:2e:02:b4:e6:c6:b6:17:b7:91:9b:c2:a2:74:
a3:40:43:c9
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZYk9tuQnzD0Bvcxtr+VmSeCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmVlMmIzOTcxMjM3N2I0YmZlYzllNjZhYzdlNmU5MDhl
ZmNlZWMwHhcNMjUwNDExMTMwNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA0NTZlMjEwYmE3YTBhYmE1ZmEwNzFjMTQzNjc1Njk4MmY2ZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcXscK6toeP+JG2uonLQRrGyPfhK
deLBOUZzeM1DbdZmbv4onR2lYYwCnWwS7AMnllRp6KATKysfY66l2t39ZksP4+yS
3G5Hua0xVljxUR18qS1cqGXGUS5ZxKrJT9EIK6eyiVZudYczA1rg1D4/U7l36HJ5
8FlO1NhXq0TBSAO8jC+sv+HWKhNAfPZvnP+roiSs+TOKEf/Ug3/eUrWWtmcGxHV9
49jSpL6Y71USKXtVwHWzL7UaEDXOUDgn098MI9Qbz8P1KSktYBzoTQrNhe6sLhop
g9ZWgC5e2ZDdfyjSsWGoeKrBKuVkp4ASMHN4o0NMwV1tQTQh1RwauUlWaQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFF0EVuIQunoKul+gccFDZ1aYL25aMB8GA1UdIwQY
MBaAFLMu4rOXEjd7S/7J5mrH5ukI787sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMt
ZjAxNmNhNWRhMjE5LzEvWFFSVzRoQzZlZ3E2WDZCeHdVTm5WcGd2YmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZmE1MWItNDZhYS00MDg0LWEzNDMtZjAxNmNhNWRhMjE5
LzEvc3k3aXM1Y1NOM3RMX3NubWFzZm02UWp2enV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAtBAIAATAnAwMAWT8DBAK5
IwwwDAMEB8MEgAMEBMMEoDAMAwQDwwS4AwQDwwTQMA0EAgACMAcDBQMqANygMA0G
CSqGSIb3DQEBCwUAA4IBAQBFidYb6KoYQaGz4DY2lJsoO3L3k6hq6FFqwjmPN4ii
V2ZL/KTH2f6lShhBGjdnBiXQM4WcRM9MROsuJw9+03NKbmHPxBOMqsOvYb619p5L
tVUEFV5ZBtF6xKqF+JfrQ6v6WR35GqMB0Ceb0cxymU5wJptXFHQw7/MYGBtQvqkC
R10OWbp37sQBK35Vq3cOTrSjKbsyGUPoxuL+vvSP2y3DVODPKNfhNT+Qe0oLivP1
YvWZvvr7iJxYYO7N6ru++9b42qB3fhM7uqnIBKC71wlqhdmUoqxqW6ui/VcW5RzU
IYrddMaoQ6KD9C/ter2BoS4CtObGthe3kZvConSjQEPJ
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:26:43 2025 by rpki-client on console.sobornost.net