Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/sQyECaaIBBJuTWR_GAKRUGY2zLs.roa
File: sQyECaaIBBJuTWR_GAKRUGY2zLs.roa (raw, json)
Hash identifier: a7MHGEIK7Syni3DpYI0UPL4y49isayDX/P6hkOd4qq4=
Subject key identifier: B1:0C:84:09:A6:88:04:12:6E:4D:64:7F:18:02:91:50:66:36:CC:BB
Certificate issuer: /CN=951d493b1bc0a8c852dd11cfc937891dac3f07c2
Certificate serial: 019426D96644C1BF3E6B0446ABDCAA79D044
Authority key identifier: 95:1D:49:3B:1B:C0:A8:C8:52:DD:11:CF:C9:37:89:1D:AC:3F:07:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lR1JOxvAqMhS3RHPyTeJHaw_B8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/sQyECaaIBBJuTWR_GAKRUGY2zLs.roa
Signing time: Thu 02 Jan 2025 11:49:29 +0000
ROA not before: Thu 02 Jan 2025 11:49:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204180
IP address blocks: 185.111.248.0/22 maxlen: 22
185.111.248.0/24 maxlen: 24
185.111.249.0/24 maxlen: 24
185.111.250.0/24 maxlen: 24
185.111.251.0/24 maxlen: 24
2a06:6080::/29 maxlen: 29
2a06:6080::/32 maxlen: 32
2a06:6080::/40 maxlen: 40
2a06:6080::/48 maxlen: 48
2a06:6080:1::/48 maxlen: 48
2a06:6080:2::/48 maxlen: 48
2a06:6081::/32 maxlen: 32
2a06:6082::/32 maxlen: 32
2a06:6083::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:66:44:c1:bf:3e:6b:04:46:ab:dc:aa:79:d0:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=951d493b1bc0a8c852dd11cfc937891dac3f07c2
Validity
Not Before: Jan 2 11:49:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b10c8409a68804126e4d647f180291506636ccbb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:fc:4e:0c:14:4d:2d:55:fc:ac:4f:d2:74:4e:
20:9a:35:90:1c:98:62:22:d2:c3:b6:bf:7c:6e:91:
43:61:09:f5:d3:80:82:34:11:f0:4b:59:b4:0a:37:
5d:3b:1c:e6:a6:38:8e:37:bb:0c:3e:89:74:51:ea:
17:6a:7b:d0:57:81:12:b9:a7:a6:dc:62:1e:37:f6:
0b:a9:0a:b9:65:04:c6:d7:17:de:19:02:f0:8e:eb:
53:09:3e:40:57:3a:19:93:c4:00:ac:4f:a6:72:0c:
b2:68:17:67:c4:d2:81:9f:5d:99:2b:b1:a4:f7:52:
a4:c8:ec:5a:3c:d3:5a:c4:22:a9:66:0d:2a:21:83:
80:9b:c8:6d:1e:74:65:67:2a:a8:47:17:ca:3d:09:
b6:c1:d7:9f:01:6a:19:20:a3:d6:1d:77:d9:46:8b:
2d:c1:e6:fd:43:b6:91:4f:98:1f:e1:71:19:1d:d3:
1a:63:7b:a9:36:2d:e5:79:22:36:d2:ed:a7:e6:27:
aa:c7:db:ff:79:32:36:83:a9:c1:ad:ad:ae:a2:c1:
69:06:35:86:41:76:08:cd:19:c0:2a:45:d2:83:a6:
0b:d5:3d:ec:b3:21:3b:22:d1:2e:67:7c:75:05:0d:
75:f9:cd:d4:1d:2d:73:88:58:a1:1b:f1:59:3e:7f:
dd:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:0C:84:09:A6:88:04:12:6E:4D:64:7F:18:02:91:50:66:36:CC:BB
X509v3 Authority Key Identifier:
keyid:95:1D:49:3B:1B:C0:A8:C8:52:DD:11:CF:C9:37:89:1D:AC:3F:07:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lR1JOxvAqMhS3RHPyTeJHaw_B8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/sQyECaaIBBJuTWR_GAKRUGY2zLs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/06/89bf3a-bf90-467a-a90b-22e248ed2014/1/lR1JOxvAqMhS3RHPyTeJHaw_B8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.111.248.0/22
IPv6:
2a06:6080::/29
Signature Algorithm: sha256WithRSAEncryption
71:f5:b7:8f:88:10:97:9d:97:ea:92:ce:01:74:62:2a:87:3d:
3c:a1:0f:43:53:9d:d5:9e:9f:ba:97:b2:87:c5:93:ad:23:a0:
f0:75:85:ff:d2:e4:75:e9:31:83:d7:0a:39:c4:5f:f3:f2:26:
ec:b9:48:d8:64:63:76:3e:83:dc:99:ac:cf:99:96:ca:8d:43:
c9:69:02:d6:3e:11:1d:40:80:a6:6a:30:c6:7b:e0:ea:2f:a2:
4d:0b:1f:6c:92:f2:20:8d:22:2e:35:88:40:41:f2:1a:76:b2:
4e:8f:d7:0a:2b:23:c6:4c:9f:c2:ba:16:f2:23:29:84:74:f9:
3b:3d:d2:eb:ec:9c:c5:40:3f:be:4c:1a:b8:42:e6:54:a2:6d:
7b:ea:f6:74:0c:90:06:3a:cf:0e:0d:12:36:fc:c3:d2:4a:b0:
ca:6b:90:93:f5:cf:47:41:72:f9:c1:d1:c2:53:ca:12:21:86:
d7:19:fc:55:0b:22:88:72:f6:e5:6d:05:ea:e8:4a:85:bd:db:
d6:da:a6:0e:a7:ab:3f:73:a0:19:da:30:6d:68:e7:4d:12:31:
02:ed:5d:39:af:69:af:65:54:46:f9:a6:08:03:98:75:7c:57:
be:5d:75:d5:ce:78:77:4a:03:4e:b2:9a:1a:24:f8:ec:d2:ff:
a5:fc:77:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2WZEwb8+awRGq9yqedBEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MWQ0OTNiMWJjMGE4Yzg1MmRkMTFjZmM5Mzc4OTFkYWMz
ZjA3YzIwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTBjODQwOWE2ODgwNDEyNmU0ZDY0N2YxODAyOTE1MDY2MzZjY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fxODBRNLVX8rE/SdE4gmjWQHJhi
ItLDtr98bpFDYQn104CCNBHwS1m0CjddOxzmpjiON7sMPol0UeoXanvQV4ESuaem
3GIeN/YLqQq5ZQTG1xfeGQLwjutTCT5AVzoZk8QArE+mcgyyaBdnxNKBn12ZK7Gk
91KkyOxaPNNaxCKpZg0qIYOAm8htHnRlZyqoRxfKPQm2wdefAWoZIKPWHXfZRost
web9Q7aRT5gf4XEZHdMaY3upNi3leSI20u2n5ieqx9v/eTI2g6nBra2uosFpBjWG
QXYIzRnAKkXSg6YL1T3ssyE7ItEuZ3x1BQ11+c3UHS1ziFihG/FZPn/d8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLEMhAmmiAQSbk1kfxgCkVBmNsy7MB8GA1UdIwQY
MBaAFJUdSTsbwKjIUt0Rz8k3iR2sPwfCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFIxSk94dkFxTWhTM1JIUHlUZUpIYXdfQjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84OWJmM2EtYmY5MC00NjdhLWE5MGIt
MjJlMjQ4ZWQyMDE0LzEvc1F5RUNhYUlCQkp1VFdSX0dBS1JVR1kyekxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84OWJmM2EtYmY5MC00NjdhLWE5MGItMjJlMjQ4ZWQyMDE0
LzEvbFIxSk94dkFxTWhTM1JIUHlUZUpIYXdfQjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuW/4MA0E
AgACMAcDBQMqBmCAMA0GCSqGSIb3DQEBCwUAA4IBAQBx9bePiBCXnZfqks4BdGIq
hz08oQ9DU53Vnp+6l7KHxZOtI6DwdYX/0uR16TGD1wo5xF/z8ibsuUjYZGN2PoPc
mazPmZbKjUPJaQLWPhEdQICmajDGe+DqL6JNCx9skvIgjSIuNYhAQfIadrJOj9cK
KyPGTJ/CuhbyIymEdPk7PdLr7JzFQD++TBq4QuZUom176vZ0DJAGOs8ODRI2/MPS
SrDKa5CT9c9HQXL5wdHCU8oSIYbXGfxVCyKIcvblbQXq6EqFvdvW2qYOp6s/c6AZ
2jBtaOdNEjEC7V05r2mvZVRG+aYIA5h1fFe+XXXVznh3SgNOspoaJPjs0v+l/Hci
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:26:46 2025 by rpki-client on console.sobornost.net