Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b8d400-e6e8-41ef-ad24-55c3a28e62c3/1/eTKPP1Wu3aoon8pt_QrTkfCfijI.roa
File: eTKPP1Wu3aoon8pt_QrTkfCfijI.roa (raw, json)
Hash identifier: 40MqBGQjbWUX+1wVm2enGIIcrfvo/5OK7+JG7rETf4E=
Subject key identifier: 79:32:8F:3F:55:AE:DD:AA:28:9F:CA:6D:FD:0A:D3:91:F0:9F:8A:32
Certificate issuer: /CN=660c32996ae12461897222e2d9cc093930927ddd
Certificate serial: 019420D607B8D645C3A666972C4A18663B5A
Authority key identifier: 66:0C:32:99:6A:E1:24:61:89:72:22:E2:D9:CC:09:39:30:92:7D:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZgwymWrhJGGJciLi2cwJOTCSfd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/b8d400-e6e8-41ef-ad24-55c3a28e62c3/1/eTKPP1Wu3aoon8pt_QrTkfCfijI.roa
Signing time: Wed 01 Jan 2025 07:48:05 +0000
ROA not before: Wed 01 Jan 2025 07:48:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198325
IP address blocks: 89.145.184.0/24 maxlen: 24
89.145.185.0/24 maxlen: 24
89.145.186.0/24 maxlen: 24
89.145.187.0/24 maxlen: 24
89.145.188.0/24 maxlen: 24
89.145.189.0/24 maxlen: 24
89.145.190.0/24 maxlen: 24
89.145.191.0/24 maxlen: 24
185.251.32.0/24 maxlen: 24
185.251.33.0/24 maxlen: 24
185.251.34.0/24 maxlen: 24
185.251.35.0/24 maxlen: 24
2a04:6680::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:07:b8:d6:45:c3:a6:66:97:2c:4a:18:66:3b:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=660c32996ae12461897222e2d9cc093930927ddd
Validity
Not Before: Jan 1 07:48:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=79328f3f55aeddaa289fca6dfd0ad391f09f8a32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:8c:b8:c1:07:9f:60:fc:df:f2:89:d8:ed:41:
59:84:74:ab:06:e7:2a:af:58:15:b3:10:58:07:1a:
1f:a7:42:d3:a6:cc:7a:25:e1:94:79:54:7d:43:58:
2d:f0:62:68:c0:2d:66:72:07:b9:61:d9:21:db:4b:
16:13:4d:2b:ea:0c:c5:d8:38:0c:d6:15:7e:2f:a0:
03:67:bc:c0:13:36:6f:6f:eb:5a:ac:64:1e:ee:98:
e7:7e:f9:30:d8:d8:ed:5d:3d:27:c7:dd:c2:ea:53:
f4:af:71:bc:eb:a3:53:76:cd:c3:4a:fe:a3:43:be:
f0:7a:13:65:71:57:c0:11:4b:34:82:d1:f0:b8:a3:
04:4f:cc:9e:42:1e:40:8f:89:d7:2e:c5:b4:ee:5d:
1d:12:05:69:40:de:5e:f4:ae:cb:55:32:46:03:3f:
5e:0c:02:4c:44:64:dc:3e:a0:d5:d5:7c:f2:e5:20:
bb:16:e0:c6:51:f6:9b:ce:4f:e4:61:9f:d9:1e:ab:
72:cd:fd:60:c1:70:3d:15:14:05:0d:5c:a2:d8:9e:
73:8b:3f:59:6c:fa:71:c5:fb:55:2c:91:c2:0f:ff:
dd:92:74:ec:17:7f:26:a5:53:58:41:ff:78:20:a5:
65:d7:72:f8:8b:aa:40:a3:22:0d:e1:95:db:24:0e:
7c:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:32:8F:3F:55:AE:DD:AA:28:9F:CA:6D:FD:0A:D3:91:F0:9F:8A:32
X509v3 Authority Key Identifier:
keyid:66:0C:32:99:6A:E1:24:61:89:72:22:E2:D9:CC:09:39:30:92:7D:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZgwymWrhJGGJciLi2cwJOTCSfd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b8d400-e6e8-41ef-ad24-55c3a28e62c3/1/eTKPP1Wu3aoon8pt_QrTkfCfijI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b8d400-e6e8-41ef-ad24-55c3a28e62c3/1/ZgwymWrhJGGJciLi2cwJOTCSfd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.145.184.0/21
185.251.32.0/22
IPv6:
2a04:6680::/48
Signature Algorithm: sha256WithRSAEncryption
4c:47:c8:aa:f0:8a:99:d2:06:86:cb:95:26:41:4e:3c:d9:fb:
3d:20:a6:eb:94:85:25:cb:0e:ea:44:d9:fa:f4:d9:f6:11:d2:
46:27:54:49:09:78:57:22:5a:e0:f2:b8:70:8d:28:b8:95:e5:
dd:88:5f:c4:ad:16:62:84:8b:08:6f:71:ac:98:d5:ae:1e:03:
8b:bb:cc:47:d6:ac:e0:0b:42:59:47:8d:9c:60:46:a1:51:a1:
25:37:6f:27:96:d9:72:b0:5b:70:54:2c:73:34:97:05:b3:8f:
7e:29:80:66:95:3c:65:58:61:e0:2b:81:3d:ba:06:83:e0:18:
fe:4f:93:0d:48:f3:52:37:71:8b:3c:6c:f6:22:95:b4:53:09:
1a:fd:a8:46:d9:97:bb:d9:29:68:dc:45:3b:3e:17:50:d1:96:
f1:dc:12:fb:5c:24:35:1f:4c:2a:a7:dd:79:73:ad:ba:ab:99:
38:12:93:e1:a7:9d:8b:4c:77:a2:91:2f:b4:28:2a:e9:53:81:
08:ad:00:4c:5c:34:51:20:a2:6c:46:7e:cc:66:8f:72:b2:4e:
b9:0c:ba:fc:15:e6:cc:5a:11:44:9e:8b:01:ee:3e:96:e5:27:
ac:b8:6d:a7:36:ab:ed:39:da:ac:56:69:cf:fe:cf:61:67:e1:
0f:53:d9:d9
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQg1ge41kXDpmaXLEoYZjtaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MGMzMjk5NmFlMTI0NjE4OTcyMjJlMmQ5Y2MwOTM5MzA5
MjdkZGQwHhcNMjUwMTAxMDc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTMyOGYzZjU1YWVkZGFhMjg5ZmNhNmRmZDBhZDM5MWYwOWY4YTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIy4wQefYPzf8onY7UFZhHSrBucq
r1gVsxBYBxofp0LTpsx6JeGUeVR9Q1gt8GJowC1mcge5Ydkh20sWE00r6gzF2DgM
1hV+L6ADZ7zAEzZvb+tarGQe7pjnfvkw2NjtXT0nx93C6lP0r3G866NTds3DSv6j
Q77wehNlcVfAEUs0gtHwuKMET8yeQh5Aj4nXLsW07l0dEgVpQN5e9K7LVTJGAz9e
DAJMRGTcPqDV1Xzy5SC7FuDGUfabzk/kYZ/ZHqtyzf1gwXA9FRQFDVyi2J5ziz9Z
bPpxxftVLJHCD//dknTsF38mpVNYQf94IKVl13L4i6pAoyIN4ZXbJA58DwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHkyjz9Vrt2qKJ/Kbf0K05Hwn4oyMB8GA1UdIwQY
MBaAFGYMMplq4SRhiXIi4tnMCTkwkn3dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmd3eW1XcmhKR0dKY2lMaTJjd0pPVENTZmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iOGQ0MDAtZTZlOC00MWVmLWFkMjQt
NTVjM2EyOGU2MmMzLzEvZVRLUFAxV3UzYW9vbjhwdF9RclRrZkNmaWpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iOGQ0MDAtZTZlOC00MWVmLWFkMjQtNTVjM2EyOGU2MmMz
LzEvWmd3eW1XcmhKR0dKY2lMaTJjd0pPVENTZmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDWZG4AwQC
ufsgMA8EAgACMAkDBwAqBGaAAAAwDQYJKoZIhvcNAQELBQADggEBAExHyKrwipnS
BobLlSZBTjzZ+z0gpuuUhSXLDupE2fr02fYR0kYnVEkJeFciWuDyuHCNKLiV5d2I
X8StFmKEiwhvcayY1a4eA4u7zEfWrOALQllHjZxgRqFRoSU3byeW2XKwW3BULHM0
lwWzj34pgGaVPGVYYeArgT26BoPgGP5Pkw1I81I3cYs8bPYilbRTCRr9qEbZl7vZ
KWjcRTs+F1DRlvHcEvtcJDUfTCqn3XlzrbqrmTgSk+GnnYtMd6KRL7QoKulTgQit
AExcNFEgomxGfsxmj3KyTrkMuvwV5sxaEUSeiwHuPpblJ6y4bac2q+052qxWac/+
z2Fn4Q9T2dk=
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:28:28 2025 by rpki-client on console.sobornost.net