Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/rDlkyigziSazpq7KkBehs1Ktw-g.roa
File: rDlkyigziSazpq7KkBehs1Ktw-g.roa (raw, json)
Hash identifier: 0blcMDi8SQKGoP7zdqimF2o0peaDeYPg+Ie2kFh43K4=
Subject key identifier: AC:39:64:CA:28:33:89:26:B3:A6:AE:CA:90:17:A1:B3:52:AD:C3:E8
Certificate issuer: /CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
Certificate serial: 0195B399666FADEEDB7C07D9465A9E215E2D
Authority key identifier: 8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/rDlkyigziSazpq7KkBehs1Ktw-g.roa
Signing time: Thu 20 Mar 2025 12:48:49 +0000
ROA not before: Thu 20 Mar 2025 12:48:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31477
IP address blocks: 83.137.144.0/21 maxlen: 24
87.238.168.0/21 maxlen: 24
89.188.0.0/19 maxlen: 24
89.200.200.0/21 maxlen: 24
91.196.104.0/24 maxlen: 24
91.196.105.0/24 maxlen: 24
185.80.245.0/24 maxlen: 24
193.138.248.0/22 maxlen: 24
2a01:1b0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b3:99:66:6f:ad:ee:db:7c:07:d9:46:5a:9e:21:5e:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8cfff21538e225618314615e4f0d0688b7b0dd5a
Validity
Not Before: Mar 20 12:48:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ac3964ca28338926b3a6aeca9017a1b352adc3e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:3f:58:5e:5e:a2:c6:b8:9b:60:03:90:ac:6f:
8e:1f:7f:c3:ce:1f:03:1a:fe:7b:5a:7d:4d:0b:03:
c0:77:c0:43:04:2e:85:b8:e0:af:75:c1:e1:d0:04:
ec:ec:99:de:cd:4f:ad:cb:18:a6:14:88:f6:ad:fa:
35:26:b6:d0:f1:95:60:dd:02:df:4f:ad:f7:77:6c:
7d:5c:06:f3:cf:36:a2:8a:3b:c8:ad:46:d0:95:59:
91:d5:7b:41:24:44:9e:d7:f1:09:64:78:61:04:23:
ff:4c:5f:a3:4b:5d:f2:68:b8:db:aa:0c:a4:8a:da:
73:ed:06:de:8d:19:d3:30:cc:52:05:c1:1f:1a:5e:
21:0f:cb:52:79:67:48:1a:23:80:5a:ca:00:49:3e:
e4:c4:4b:7a:e6:e4:14:3e:06:d4:43:26:95:f2:3a:
71:c7:2d:a6:6e:22:2e:53:15:e3:8b:80:e5:56:13:
b4:bb:2f:32:2b:bd:79:5f:c7:bd:17:2f:35:2a:d3:
49:84:5e:9a:6a:2e:39:5b:65:e4:c1:93:01:e4:19:
a5:6e:ac:b3:0f:15:b4:bf:31:ef:6d:98:57:de:65:
2f:20:db:8b:96:7d:c6:5e:25:6f:ca:05:c8:01:e1:
7a:f1:c7:1a:e9:7a:84:ba:ed:c7:69:cd:0e:fc:b2:
45:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:39:64:CA:28:33:89:26:B3:A6:AE:CA:90:17:A1:B3:52:AD:C3:E8
X509v3 Authority Key Identifier:
keyid:8C:FF:F2:15:38:E2:25:61:83:14:61:5E:4F:0D:06:88:B7:B0:DD:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jP_yFTjiJWGDFGFeTw0GiLew3Vo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/rDlkyigziSazpq7KkBehs1Ktw-g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/67501a-78db-4c38-8a95-261666c3a589/1/jP_yFTjiJWGDFGFeTw0GiLew3Vo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.144.0/21
87.238.168.0/21
89.188.0.0/19
89.200.200.0/21
91.196.104.0/23
185.80.245.0/24
193.138.248.0/22
IPv6:
2a01:1b0::/32
Signature Algorithm: sha256WithRSAEncryption
1a:57:06:29:05:16:d9:55:55:40:1e:86:65:5a:1c:63:79:6e:
9e:05:6b:83:8c:96:cb:fc:97:6b:2f:de:13:98:05:36:40:9c:
4d:da:32:c3:b5:f5:1d:1f:17:14:fc:25:ae:84:54:5d:34:b1:
3f:91:d2:b9:5e:6b:9c:ae:b2:e2:e4:cc:f6:52:7e:31:9a:31:
c3:e0:b8:5f:6e:e2:92:f2:b9:ed:bf:cc:31:18:b6:b9:ca:c3:
eb:5b:d2:17:10:24:78:bb:0b:0d:59:ca:bf:4b:e8:03:9c:15:
ab:1f:2b:8e:6d:ae:5c:24:fb:b7:71:23:83:4a:ce:90:fe:8f:
1a:cc:08:41:e2:89:11:ff:41:e5:9a:a3:f3:fd:80:a9:c1:40:
de:9d:68:75:ad:ca:b8:64:11:8a:92:ee:56:4c:16:47:ba:b8:
c1:81:25:a9:df:10:e9:b6:d0:be:eb:91:f5:ac:9a:f2:3e:1f:
51:bb:61:a8:24:78:23:fb:c3:b3:9f:01:ad:6d:be:51:96:53:
ac:7f:d4:f6:7e:9c:6a:bc:9b:5f:37:95:c0:d7:96:34:5d:19:
3f:8e:c5:b0:49:fc:d0:2d:03:d7:0c:8f:24:91:bb:92:eb:2d:
96:51:e7:f6:0b:ae:55:0b:b2:58:fe:6a:5c:4d:e9:94:60:7f:
1a:00:29:72
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZWzmWZvre7bfAfZRlqeIV4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZmZmMjE1MzhlMjI1NjE4MzE0NjE1ZTRmMGQwNjg4Yjdi
MGRkNWEwHhcNMjUwMzIwMTI0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzM5NjRjYTI4MzM4OTI2YjNhNmFlY2E5MDE3YTFiMzUyYWRjM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j9YXl6ixribYAOQrG+OH3/Dzh8D
Gv57Wn1NCwPAd8BDBC6FuOCvdcHh0ATs7JnezU+tyximFIj2rfo1JrbQ8ZVg3QLf
T633d2x9XAbzzzaiijvIrUbQlVmR1XtBJESe1/EJZHhhBCP/TF+jS13yaLjbqgyk
itpz7QbejRnTMMxSBcEfGl4hD8tSeWdIGiOAWsoAST7kxEt65uQUPgbUQyaV8jpx
xy2mbiIuUxXji4DlVhO0uy8yK715X8e9Fy81KtNJhF6aai45W2XkwZMB5Bmlbqyz
DxW0vzHvbZhX3mUvINuLln3GXiVvygXIAeF68cca6XqEuu3Hac0O/LJFKwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKw5ZMooM4kms6auypAXobNSrcPoMB8GA1UdIwQY
MBaAFIz/8hU44iVhgxRhXk8NBoi3sN1aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUt
MjYxNjY2YzNhNTg5LzEvckRsa3lpZ3ppU2F6cHE3S2tCZWhzMUt0dy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82NzUwMWEtNzhkYi00YzM4LThhOTUtMjYxNjY2YzNhNTg5
LzEvalBfeUZUamlKV0dERkdGZVR3MEdpTGV3M1ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDU4mQAwQD
V+6oAwQFWbwAAwQDWcjIAwQBW8RoAwQAuVD1AwQCwYr4MA0EAgACMAcDBQAqAQGw
MA0GCSqGSIb3DQEBCwUAA4IBAQAaVwYpBRbZVVVAHoZlWhxjeW6eBWuDjJbL/Jdr
L94TmAU2QJxN2jLDtfUdHxcU/CWuhFRdNLE/kdK5XmucrrLi5Mz2Un4xmjHD4Lhf
buKS8rntv8wxGLa5ysPrW9IXECR4uwsNWcq/S+gDnBWrHyuOba5cJPu3cSODSs6Q
/o8azAhB4okR/0HlmqPz/YCpwUDenWh1rcq4ZBGKku5WTBZHurjBgSWp3xDpttC+
65H1rJryPh9Ru2GoJHgj+8OznwGtbb5RllOsf9T2fpxqvJtfN5XA15Y0XRk/jsWw
SfzQLQPXDI8kkbuS6y2WUef2C65VC7JY/mpcTemUYH8aACly
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:27:54 2025 by rpki-client on console.sobornost.net