Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/aedb03-b04c-4212-813b-ff25ba599031/1/ktNttpuxLBXqDPnajC1uMms7PVY.roa
File: ktNttpuxLBXqDPnajC1uMms7PVY.roa (raw, json)
Hash identifier: pIzKLF9Fz5GZDmZS19BU00VQ6s02sXZYTjwLLFAr2+Q=
Subject key identifier: 92:D3:6D:B6:9B:B1:2C:15:EA:0C:F9:DA:8C:2D:6E:32:6B:3B:3D:56
Certificate issuer: /CN=550b7c0c8bae610f7e519c0485a4773bceb48dab
Certificate serial: 019427487DD38F91FFF3EB83E8071DC270D2
Authority key identifier: 55:0B:7C:0C:8B:AE:61:0F:7E:51:9C:04:85:A4:77:3B:CE:B4:8D:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VQt8DIuuYQ9-UZwEhaR3O860jas.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/aedb03-b04c-4212-813b-ff25ba599031/1/ktNttpuxLBXqDPnajC1uMms7PVY.roa
Signing time: Thu 02 Jan 2025 13:50:49 +0000
ROA not before: Thu 02 Jan 2025 13:50:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34619
IP address blocks: 37.148.208.0/21 maxlen: 24
80.253.240.0/22 maxlen: 24
85.159.64.0/21 maxlen: 24
89.19.0.0/19 maxlen: 24
94.73.128.0/18 maxlen: 24
185.22.184.0/22 maxlen: 24
185.22.184.0/24 maxlen: 24
185.22.185.0/24 maxlen: 24
185.22.186.0/24 maxlen: 24
2a02:2020::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:7d:d3:8f:91:ff:f3:eb:83:e8:07:1d:c2:70:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=550b7c0c8bae610f7e519c0485a4773bceb48dab
Validity
Not Before: Jan 2 13:50:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=92d36db69bb12c15ea0cf9da8c2d6e326b3b3d56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:05:e9:01:6b:d1:3a:f6:d7:c3:b8:17:2f:ed:
eb:5e:30:92:e8:22:a2:d6:db:55:87:c8:11:2f:a6:
36:14:b2:c6:69:1e:da:77:8e:95:21:19:2b:ee:c9:
dc:18:4c:4a:77:59:54:73:4e:f7:96:0d:33:23:11:
69:67:66:19:3b:28:1a:1a:4d:ab:1b:8b:c7:b4:36:
07:67:28:34:d7:62:bc:54:a7:6f:da:a0:86:a8:ce:
bf:ca:6a:69:da:6c:93:32:07:bc:51:b2:6a:50:af:
78:30:92:aa:5b:af:de:a7:a3:3c:e6:73:46:8c:59:
7e:23:ca:02:dc:ab:66:5a:e9:65:cf:76:70:34:2b:
14:05:3a:eb:df:cd:60:6b:ac:6f:83:82:67:25:90:
ae:a1:ce:06:ed:c4:37:3b:1f:d7:d8:47:f9:5b:41:
a2:3c:6d:13:f6:dd:89:90:a9:29:e6:75:62:a2:0b:
e4:73:f5:65:da:2b:09:9a:ec:a1:1a:57:d7:0f:e6:
52:31:78:be:7f:3c:8e:0a:c1:52:1f:18:92:b1:e7:
ef:94:db:83:ae:cd:06:c8:7b:a2:62:ed:71:b0:51:
f2:64:8a:ce:2b:42:81:98:20:62:30:44:8d:32:65:
26:8c:9e:52:45:a0:3d:c7:31:d4:f4:c1:ac:d7:1d:
86:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:D3:6D:B6:9B:B1:2C:15:EA:0C:F9:DA:8C:2D:6E:32:6B:3B:3D:56
X509v3 Authority Key Identifier:
keyid:55:0B:7C:0C:8B:AE:61:0F:7E:51:9C:04:85:A4:77:3B:CE:B4:8D:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VQt8DIuuYQ9-UZwEhaR3O860jas.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/aedb03-b04c-4212-813b-ff25ba599031/1/ktNttpuxLBXqDPnajC1uMms7PVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/aedb03-b04c-4212-813b-ff25ba599031/1/VQt8DIuuYQ9-UZwEhaR3O860jas.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.148.208.0/21
80.253.240.0/22
85.159.64.0/21
89.19.0.0/19
94.73.128.0/18
185.22.184.0/22
IPv6:
2a02:2020::/32
Signature Algorithm: sha256WithRSAEncryption
12:7e:4b:50:f2:0d:bb:c9:44:8a:48:b4:62:fe:e7:7b:09:8b:
57:38:7f:12:49:9c:63:54:d6:f9:48:8c:33:6a:2d:bb:c0:f3:
25:6c:53:e3:e7:5c:38:d5:94:5e:66:05:be:49:68:a6:7f:1f:
0b:63:31:49:16:4a:75:1a:76:1c:bd:bd:6e:d3:95:b4:a8:70:
2e:09:71:2f:fb:73:67:6d:8b:ca:75:41:5e:c7:63:16:69:28:
e3:5b:a6:09:a5:a3:d7:3c:10:ea:e9:e1:f9:98:42:fd:2a:fe:
8c:ee:d1:f1:31:0f:56:54:af:6b:25:73:da:86:45:0a:5e:2b:
96:34:d8:bd:2e:f5:ee:55:e7:e6:6c:1e:21:4c:3f:0a:ec:f1:
f8:c8:a8:e0:48:d8:b8:1f:13:88:9a:2d:1c:66:24:a7:18:03:
ed:fc:75:28:7e:0e:c2:88:36:45:0e:ac:7c:47:be:e4:dc:5b:
ff:9e:ff:e7:00:43:20:65:c8:c2:1c:1a:dc:1f:ad:f4:6b:ae:
1f:2b:27:9c:fe:8c:14:09:d2:cf:6b:cf:6a:27:64:17:6f:1b:
79:4b:be:d3:01:a9:c5:ac:78:d7:1c:6c:5c:18:ca:5b:73:da:
8e:c5:01:35:0e:cd:58:e4:40:0c:08:a6:df:cf:b3:c9:c7:d0:
ef:cb:4b:0b
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQnSH3Tj5H/8+uD6AcdwnDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MGI3YzBjOGJhZTYxMGY3ZTUxOWMwNDg1YTQ3NzNiY2Vi
NDhkYWIwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQzNmRiNjliYjEyYzE1ZWEwY2Y5ZGE4YzJkNmUzMjZiM2IzZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwXpAWvROvbXw7gXL+3rXjCS6CKi
1ttVh8gRL6Y2FLLGaR7ad46VIRkr7sncGExKd1lUc073lg0zIxFpZ2YZOygaGk2r
G4vHtDYHZyg012K8VKdv2qCGqM6/ympp2myTMge8UbJqUK94MJKqW6/ep6M85nNG
jFl+I8oC3KtmWullz3ZwNCsUBTrr381ga6xvg4JnJZCuoc4G7cQ3Ox/X2Ef5W0Gi
PG0T9t2JkKkp5nViogvkc/Vl2isJmuyhGlfXD+ZSMXi+fzyOCsFSHxiSsefvlNuD
rs0GyHuiYu1xsFHyZIrOK0KBmCBiMESNMmUmjJ5SRaA9xzHU9MGs1x2GcwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJLTbbabsSwV6gz52owtbjJrOz1WMB8GA1UdIwQY
MBaAFFULfAyLrmEPflGcBIWkdzvOtI2rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlF0OERJdXVZUTktVVp3RWhhUjNPODYwamFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hZWRiMDMtYjA0Yy00MjEyLTgxM2It
ZmYyNWJhNTk5MDMxLzEva3ROdHRwdXhMQlhxRFBuYWpDMXVNbXM3UFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hZWRiMDMtYjA0Yy00MjEyLTgxM2ItZmYyNWJhNTk5MDMx
LzEvVlF0OERJdXVZUTktVVp3RWhhUjNPODYwamFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDJZTQAwQC
UP3wAwQDVZ9AAwQFWRMAAwQGXkmAAwQCuRa4MA0EAgACMAcDBQAqAiAgMA0GCSqG
SIb3DQEBCwUAA4IBAQASfktQ8g27yUSKSLRi/ud7CYtXOH8SSZxjVNb5SIwzai27
wPMlbFPj51w41ZReZgW+SWimfx8LYzFJFkp1GnYcvb1u05W0qHAuCXEv+3NnbYvK
dUFex2MWaSjjW6YJpaPXPBDq6eH5mEL9Kv6M7tHxMQ9WVK9rJXPahkUKXiuWNNi9
LvXuVefmbB4hTD8K7PH4yKjgSNi4HxOImi0cZiSnGAPt/HUofg7CiDZFDqx8R77k
3Fv/nv/nAEMgZcjCHBrcH630a64fKyec/owUCdLPa89qJ2QXbxt5S77TAanFrHjX
HGxcGMpbc9qOxQE1Ds1Y5EAMCKbfz7PJx9Dvy0sL
-----END CERTIFICATE-----
Generated at Thu Jan 23 19:13:34 2025 by rpki-client on console.sobornost.net