Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qJ-OeQ5SxarBPVTCR3JOgbgcnlo.roa
File: qJ-OeQ5SxarBPVTCR3JOgbgcnlo.roa (raw, json)
Hash identifier: BVkgqTdnaOqrFZAqKcMMc+PckVk+6tlG0t4NENa/g1M=
Subject key identifier: A8:9F:8E:79:0E:52:C5:AA:C1:3D:54:C2:47:72:4E:81:B8:1C:9E:5A
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01960F451E618FB5EEF68DD9818E295E7361
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qJ-OeQ5SxarBPVTCR3JOgbgcnlo.roa
Signing time: Mon 07 Apr 2025 08:01:50 +0000
ROA not before: Mon 07 Apr 2025 08:01:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 36530
IP address blocks: 82.152.142.0/24 maxlen: 24
89.213.104.0/24 maxlen: 24
89.213.123.0/24 maxlen: 24
109.176.14.0/24 maxlen: 24
212.38.81.0/24 maxlen: 24
213.210.52.0/24 maxlen: 24
213.210.53.0/24 maxlen: 24
213.218.239.0/24 maxlen: 24
217.145.75.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:0f:45:1e:61:8f:b5:ee:f6:8d:d9:81:8e:29:5e:73:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 7 08:01:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a89f8e790e52c5aac13d54c247724e81b81c9e5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:69:b8:d5:8f:38:f1:62:da:62:e6:81:d5:4c:
45:cd:04:57:36:2c:6d:59:6c:d8:9b:15:02:29:89:
4b:39:c9:52:29:c2:d1:26:06:89:22:bc:9d:e5:ca:
71:53:bb:07:bc:2f:77:99:b0:72:a2:51:d5:6c:53:
4f:50:f1:1e:3d:df:11:fd:a0:e8:cb:74:9a:d5:d8:
bc:a2:64:cb:6a:8e:9f:38:d2:ff:1e:8d:80:fe:29:
7e:83:49:35:46:a8:01:eb:4c:4b:b2:6f:b2:52:c5:
8b:ef:57:b0:4f:93:77:8a:ba:7f:15:2c:ba:b9:d2:
36:15:ac:0a:55:2c:51:f2:5a:f7:fb:f1:52:b0:dc:
6c:bb:f8:0d:f7:68:eb:f4:f4:4b:e3:6c:5d:ac:81:
b1:38:a6:76:8e:5c:82:ab:35:45:0b:3b:47:fc:db:
34:24:22:19:b8:75:12:8c:2e:1e:db:a9:9e:f5:48:
0d:28:48:ce:ba:6e:0e:0a:51:0d:08:45:b1:70:41:
36:12:f8:9f:75:a9:23:19:e3:04:f1:28:b6:b6:13:
a2:0f:c4:29:50:bf:0e:e2:bd:d7:47:44:98:76:60:
7d:b5:ed:33:b4:cf:e7:61:ef:0f:42:98:91:37:54:
93:6b:66:01:aa:0a:04:d1:43:71:53:7d:e9:7b:b9:
ff:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:9F:8E:79:0E:52:C5:AA:C1:3D:54:C2:47:72:4E:81:B8:1C:9E:5A
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qJ-OeQ5SxarBPVTCR3JOgbgcnlo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.142.0/24
89.213.104.0/24
89.213.123.0/24
109.176.14.0/24
212.38.81.0/24
213.210.52.0/23
213.218.239.0/24
217.145.75.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:c2:39:c3:19:83:fc:75:de:74:02:ea:be:fd:00:0b:f1:aa:
db:a0:dc:8b:6f:b3:32:08:dd:b6:e2:c9:08:e7:44:de:35:38:
31:c9:14:89:de:3a:24:2b:ad:7b:0f:a2:30:55:86:31:46:82:
79:6c:ea:47:35:72:7c:15:2c:c4:26:e3:8f:81:d5:5b:a5:15:
52:4d:0a:a8:e5:6c:cd:7d:2b:ab:36:69:3f:68:34:a3:8b:ce:
43:b9:82:8e:58:f6:f3:5b:7f:fe:ba:64:c0:83:5a:58:da:6b:
58:9b:97:ce:3d:d5:54:20:fc:41:bb:ba:98:1d:68:bd:ea:b9:
b8:20:28:7b:ca:6b:7a:70:96:41:40:8c:15:53:82:3b:2a:8b:
87:b6:e8:a1:56:25:2a:69:fc:42:dd:39:c8:c5:60:4d:ba:a2:
c1:ee:c6:d4:8b:08:3f:9b:e4:97:49:64:cf:81:f0:fa:a0:61:
a0:4e:59:8a:22:98:c5:38:ae:46:da:bc:8b:84:3b:7a:4d:d6:
16:f7:71:c3:62:67:c8:ff:74:0a:18:a0:59:af:16:4a:60:ad:
e7:b1:7c:11:c6:67:15:c4:76:62:36:59:45:06:76:e6:25:c8:
c2:1a:2c:0f:ac:1a:00:1e:4a:b7:b1:ad:5d:dd:64:2c:c5:e9:
58:2e:f0:1d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZYPRR5hj7Xu9o3ZgY4pXnNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDA3MDgwMTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODlmOGU3OTBlNTJjNWFhYzEzZDU0YzI0NzcyNGU4MWI4MWM5ZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGm41Y848WLaYuaB1UxFzQRXNixt
WWzYmxUCKYlLOclSKcLRJgaJIryd5cpxU7sHvC93mbByolHVbFNPUPEePd8R/aDo
y3Sa1di8omTLao6fONL/Ho2A/il+g0k1RqgB60xLsm+yUsWL71ewT5N3irp/FSy6
udI2FawKVSxR8lr3+/FSsNxsu/gN92jr9PRL42xdrIGxOKZ2jlyCqzVFCztH/Ns0
JCIZuHUSjC4e26me9UgNKEjOum4OClENCEWxcEE2EvifdakjGeME8Si2thOiD8Qp
UL8O4r3XR0SYdmB9te0ztM/nYe8PQpiRN1STa2YBqgoE0UNxU33pe7n/rwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKifjnkOUsWqwT1UwkdyToG4HJ5aMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcUotT2VRNVN4YXJCUFZUQ1IzSk9nYmdjbmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUpiOAwQA
WdVoAwQAWdV7AwQAbbAOAwQA1CZRAwQB1dI0AwQA1drvAwQA2ZFLMA0GCSqGSIb3
DQEBCwUAA4IBAQA7wjnDGYP8dd50Auq+/QAL8arboNyLb7MyCN224skI50TeNTgx
yRSJ3jokK617D6IwVYYxRoJ5bOpHNXJ8FSzEJuOPgdVbpRVSTQqo5WzNfSurNmk/
aDSji85DuYKOWPbzW3/+umTAg1pY2mtYm5fOPdVUIPxBu7qYHWi96rm4ICh7ymt6
cJZBQIwVU4I7KouHtuihViUqafxC3TnIxWBNuqLB7sbUiwg/m+SXSWTPgfD6oGGg
TlmKIpjFOK5G2ryLhDt6TdYW93HDYmfI/3QKGKBZrxZKYK3nsXwRxmcVxHZiNllF
BnbmJcjCGiwPrBoAHkq3sa1d3WQsxelYLvAd
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:29:16 2025 by rpki-client on console.sobornost.net