Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1a3d5c-e49a-4d4d-a70d-b6d427a3b106/1/kIXnwAZaqxSkvqbg9t7ubRyRzbE.roa
File: kIXnwAZaqxSkvqbg9t7ubRyRzbE.roa (raw, json)
Hash identifier: aGxL7YPu/D1mPc2/SJff8UiO/oaF6oKi4Ha7FFv09dk=
Subject key identifier: 90:85:E7:C0:06:5A:AB:14:A4:BE:A6:E0:F6:DE:EE:6D:1C:91:CD:B1
Certificate issuer: /CN=68395fb8f4524b8a6f945bbfa938b8f61694052f
Certificate serial: 0184A916BD2DCE0BA43B95D5737986717718
Authority key identifier: 68:39:5F:B8:F4:52:4B:8A:6F:94:5B:BF:A9:38:B8:F6:16:94:05:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aDlfuPRSS4pvlFu_qTi49haUBS8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/1a3d5c-e49a-4d4d-a70d-b6d427a3b106/1/kIXnwAZaqxSkvqbg9t7ubRyRzbE.roa
Signing time: Thu 24 Nov 2022 10:02:30 +0000
ROA not before: Thu 24 Nov 2022 10:02:30 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197706
IP address blocks: 81.21.232.0/24 maxlen: 24
81.21.232.0/22 maxlen: 22
91.217.73.0/24 maxlen: 24
81.21.235.0/24 maxlen: 24
91.217.72.0/24 maxlen: 24
91.217.7.0/24 maxlen: 24
91.217.6.0/24 maxlen: 24
2a09:6ec0::/29 maxlen: 29
2a0e:3f07::/48 maxlen: 48
2a0d:27c0::/29 maxlen: 29
2a0e:3f00::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:a9:16:bd:2d:ce:0b:a4:3b:95:d5:73:79:86:71:77:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68395fb8f4524b8a6f945bbfa938b8f61694052f
Validity
Not Before: Nov 24 10:02:30 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9085e7c0065aab14a4bea6e0f6deee6d1c91cdb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d1:7b:7f:29:27:38:b4:aa:37:7f:80:99:64:
20:8a:ea:ea:c1:45:53:0d:ee:9c:72:39:f2:ad:d6:
00:a8:16:c2:3e:1b:cf:a1:eb:87:a6:48:90:2b:f5:
48:43:d2:f2:0e:58:f3:23:a3:27:f4:73:b7:02:42:
8f:71:23:6c:35:7b:14:77:b2:f1:ca:4c:0d:f9:04:
94:40:4f:6d:19:ae:d8:17:f0:6c:dc:4c:71:9a:7e:
eb:7a:fb:31:38:95:a0:01:de:a6:03:10:84:61:58:
f9:05:6d:eb:fa:cc:87:14:73:da:a5:30:ba:fc:e5:
3c:1a:d5:8b:88:1f:db:7d:d3:a6:ea:92:b1:7b:12:
c5:79:de:d5:b7:d0:33:32:74:d9:ae:81:1b:ab:8b:
c7:e5:c6:99:b8:b7:cf:c2:6a:a8:c5:1c:46:09:96:
02:d2:45:22:7c:38:2f:64:fa:f1:7f:19:91:bf:65:
6e:22:a3:9c:48:e4:ee:39:8c:eb:ea:69:6f:ba:52:
55:ba:33:59:3f:2e:69:b3:4c:83:dd:ca:17:7c:c5:
91:41:9e:17:f7:06:06:81:00:95:ed:6a:a3:b3:de:
f2:22:5a:6c:63:75:af:b1:bd:50:7e:38:ad:f2:bb:
35:1b:a7:c2:31:c7:88:f7:bb:4c:1a:da:c8:34:e3:
4a:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:85:E7:C0:06:5A:AB:14:A4:BE:A6:E0:F6:DE:EE:6D:1C:91:CD:B1
X509v3 Authority Key Identifier:
keyid:68:39:5F:B8:F4:52:4B:8A:6F:94:5B:BF:A9:38:B8:F6:16:94:05:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDlfuPRSS4pvlFu_qTi49haUBS8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1a3d5c-e49a-4d4d-a70d-b6d427a3b106/1/kIXnwAZaqxSkvqbg9t7ubRyRzbE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1a3d5c-e49a-4d4d-a70d-b6d427a3b106/1/aDlfuPRSS4pvlFu_qTi49haUBS8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.232.0/22
91.217.6.0/23
91.217.72.0/23
IPv6:
2a09:6ec0::/29
2a0d:27c0::/29
2a0e:3f00::/29
Signature Algorithm: sha256WithRSAEncryption
26:d3:75:ae:ca:bd:d9:26:be:5e:67:91:9f:54:05:6f:de:60:
54:1a:8b:8b:d7:69:bb:c1:88:29:28:6b:d4:a8:a4:be:66:88:
77:b9:43:c8:b8:ec:96:39:5f:fd:44:a4:77:d0:4c:c8:bc:c1:
c2:ba:74:0a:fc:61:ca:92:fc:5b:37:48:33:a0:06:5f:78:c7:
8f:66:af:9e:11:6e:b7:da:0e:18:24:93:ba:e1:1a:02:ad:03:
d5:c6:ab:86:a7:d2:a4:ec:73:2f:89:a8:62:de:71:34:15:77:
1b:65:3e:7a:98:ce:aa:42:9c:7d:21:8c:ef:66:07:a1:eb:cc:
bf:79:18:0e:3e:09:d1:7b:6e:fb:32:a1:db:2c:77:dc:b1:84:
27:b9:e4:5a:f5:c0:8c:5a:5e:9a:77:e7:58:60:ca:07:d9:74:
f4:b0:d7:c8:54:b8:23:9e:90:e6:72:77:2d:71:2a:42:df:66:
f7:7f:5d:a4:dd:8c:7e:ac:45:64:bf:ac:aa:73:85:40:cf:69:
76:c2:7f:aa:fc:72:f4:88:59:ed:6d:18:19:c6:72:3b:bd:76:
d4:c3:de:82:d9:ef:f6:ad:a8:e4:44:f8:f2:06:2d:09:8e:7c:
cb:2a:8b:98:54:71:f1:17:f4:d0:78:f0:2e:7b:f5:9e:64:87:
ca:e2:f9:4d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYSpFr0tzgukO5XVc3mGcXcYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Mzk1ZmI4ZjQ1MjRiOGE2Zjk0NWJiZmE5MzhiOGY2MTY5
NDA1MmYwHhcNMjIxMTI0MTAwMjMwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDg1ZTdjMDA2NWFhYjE0YTRiZWE2ZTBmNmRlZWU2ZDFjOTFjZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdF7fyknOLSqN3+AmWQgiurqwUVT
De6ccjnyrdYAqBbCPhvPoeuHpkiQK/VIQ9LyDljzI6Mn9HO3AkKPcSNsNXsUd7Lx
ykwN+QSUQE9tGa7YF/Bs3Exxmn7revsxOJWgAd6mAxCEYVj5BW3r+syHFHPapTC6
/OU8GtWLiB/bfdOm6pKxexLFed7Vt9AzMnTZroEbq4vH5caZuLfPwmqoxRxGCZYC
0kUifDgvZPrxfxmRv2VuIqOcSOTuOYzr6mlvulJVujNZPy5ps0yD3coXfMWRQZ4X
9wYGgQCV7Wqjs97yIlpsY3Wvsb1Qfjit8rs1G6fCMceI97tMGtrINONKkQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJCF58AGWqsUpL6m4Pbe7m0ckc2xMB8GA1UdIwQY
MBaAFGg5X7j0UkuKb5Rbv6k4uPYWlAUvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURsZnVQUlNTNHB2bEZ1X3FUaTQ5aGFVQlM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xYTNkNWMtZTQ5YS00ZDRkLWE3MGQt
YjZkNDI3YTNiMTA2LzEva0lYbndBWmFxeFNrdnFiZzl0N3ViUnlSemJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xYTNkNWMtZTQ5YS00ZDRkLWE3MGQtYjZkNDI3YTNiMTA2
LzEvYURsZnVQUlNTNHB2bEZ1X3FUaTQ5aGFVQlM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQCURXoAwQB
W9kGAwQBW9lIMBsEAgACMBUDBQMqCW7AAwUDKg0nwAMFAyoOPwAwDQYJKoZIhvcN
AQELBQADggEBACbTda7Kvdkmvl5nkZ9UBW/eYFQai4vXabvBiCkoa9SopL5miHe5
Q8i47JY5X/1EpHfQTMi8wcK6dAr8YcqS/Fs3SDOgBl94x49mr54RbrfaDhgkk7rh
GgKtA9XGq4an0qTscy+JqGLecTQVdxtlPnqYzqpCnH0hjO9mB6HrzL95GA4+CdF7
bvsyodssd9yxhCe55Fr1wIxaXpp351hgygfZdPSw18hUuCOekOZydy1xKkLfZvd/
XaTdjH6sRWS/rKpzhUDPaXbCf6r8cvSIWe1tGBnGcju9dtTD3oLZ7/atqORE+PIG
LQmOfMsqi5hUcfEX9NB48C579Z5kh8ri+U0=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:40:39 2023 by rpki-client on console.sobornost.net