Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/Kfl8va5v4sJUQnoraZ1_qqdiZA0.roa
File: Kfl8va5v4sJUQnoraZ1_qqdiZA0.roa (raw, json)
Hash identifier: qb7WsI/KkcOw+2w5B/5x3E3QyDFEtm3PWwrMbSsaGYs=
Subject key identifier: 29:F9:7C:BD:AE:6F:E2:C2:54:42:7A:2B:69:9D:7F:AA:A7:62:64:0D
Certificate issuer: /CN=86afaae2e3e054073a38aab635dc96460eef487e
Certificate serial: 0193CF3DA05C31CEC93F7B6C8EF8F2218832
Authority key identifier: 86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/Kfl8va5v4sJUQnoraZ1_qqdiZA0.roa
Signing time: Mon 16 Dec 2024 11:32:22 +0000
ROA not before: Mon 16 Dec 2024 11:32:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212216
IP address blocks: 80.249.115.0/24 maxlen: 24
185.73.226.0/24 maxlen: 32
185.106.200.0/24 maxlen: 24
185.223.160.0/24 maxlen: 24
195.28.10.0/24 maxlen: 24
195.28.168.0/24 maxlen: 24
195.28.169.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:cf:3d:a0:5c:31:ce:c9:3f:7b:6c:8e:f8:f2:21:88:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86afaae2e3e054073a38aab635dc96460eef487e
Validity
Not Before: Dec 16 11:32:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=29f97cbdae6fe2c254427a2b699d7faaa762640d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:ec:b3:62:f3:3a:37:df:91:9d:f9:35:b9:3b:
94:07:75:83:04:e8:eb:9e:e4:56:b6:7d:0c:fd:5b:
b7:ef:a5:3a:89:ef:3e:61:75:d5:d8:a3:0e:f2:91:
e1:1f:66:39:1e:04:c2:79:2f:fa:54:0c:ca:d7:89:
3f:6d:f8:70:e1:f0:5b:61:4f:9a:f0:c8:52:10:02:
3f:e2:b0:58:0e:42:9c:4e:e8:d7:f9:4f:ed:7e:de:
e4:af:36:e7:81:b9:84:4e:b4:d7:ee:53:36:8b:78:
54:69:2c:4b:d4:75:df:b9:e2:f0:7c:2a:ab:cb:35:
f9:38:8f:80:9e:af:5c:9a:bf:2c:a9:03:4d:f4:40:
41:53:35:e2:4a:8c:32:0f:66:20:88:5c:67:24:22:
b1:8f:46:74:29:48:b8:d9:86:5d:11:5b:80:ff:18:
ce:1d:8b:44:82:fa:2c:9d:47:ae:e8:c8:fa:a1:67:
1f:bd:cb:f8:d4:5b:67:4a:c9:8b:44:48:4d:5d:84:
fd:5b:4a:56:70:d0:95:79:a1:4d:48:cb:c0:e0:90:
6a:56:49:c0:a4:af:94:cf:7e:b2:3b:f8:d2:5f:08:
7d:4e:72:66:4d:50:b2:5f:56:eb:0f:a8:e9:5d:a7:
ef:a2:c3:6a:bb:42:6b:f9:04:63:33:1c:72:50:39:
ef:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:F9:7C:BD:AE:6F:E2:C2:54:42:7A:2B:69:9D:7F:AA:A7:62:64:0D
X509v3 Authority Key Identifier:
keyid:86:AF:AA:E2:E3:E0:54:07:3A:38:AA:B6:35:DC:96:46:0E:EF:48:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq-q4uPgVAc6OKq2NdyWRg7vSH4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/Kfl8va5v4sJUQnoraZ1_qqdiZA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e76a1a-3724-495b-ac72-472040b247f6/1/hq-q4uPgVAc6OKq2NdyWRg7vSH4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.249.115.0/24
185.73.226.0/24
185.106.200.0/24
185.223.160.0/24
195.28.10.0/24
195.28.168.0/23
Signature Algorithm: sha256WithRSAEncryption
6d:8e:24:a5:38:8f:76:12:02:8e:4d:16:4f:b4:27:01:df:4f:
9a:9e:ea:4c:8f:be:13:0e:a9:98:04:58:cd:84:06:5a:04:a9:
e9:3f:fa:6e:23:77:5d:74:d5:88:a3:14:cc:27:e7:12:3d:01:
2d:56:e7:79:25:3f:96:bd:e4:7d:8c:51:5e:2a:b4:76:2e:69:
78:5c:a1:72:2f:5b:5e:12:a2:da:3c:e4:aa:f7:47:49:a8:9d:
fd:12:b0:93:c6:ca:41:59:35:a4:4e:15:37:4c:16:5a:fb:f0:
21:03:a8:23:ac:c0:f6:6d:b6:d6:70:8a:19:4d:5a:fc:f9:3c:
c7:ca:fe:5c:a6:25:76:65:3f:24:e6:f9:35:fd:00:5c:8a:a6:
76:bc:42:97:d3:40:d2:7f:ae:12:86:96:d8:b9:38:95:a4:53:
ac:21:b7:11:cf:9a:45:c4:3d:47:d0:08:1e:51:28:5a:b2:56:
38:98:fe:05:a8:83:7b:04:b7:7d:2e:c0:2d:9a:61:73:a3:29:
6b:44:dc:28:02:72:9e:02:c5:f7:69:25:93:b9:ae:8e:46:f7:
cd:5d:cd:90:c4:81:1a:d1:2b:6d:3c:cb:e3:53:1a:a3:99:c7:
e0:2e:14:49:52:ac:60:ab:06:4e:af:9b:32:be:bd:87:f4:a2:
95:5a:f8:f4
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZPPPaBcMc7JP3tsjvjyIYgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWZhYWUyZTNlMDU0MDczYTM4YWFiNjM1ZGM5NjQ2MGVl
ZjQ4N2UwHhcNMjQxMjE2MTEzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY5N2NiZGFlNmZlMmMyNTQ0MjdhMmI2OTlkN2ZhYWE3NjI2NDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0eyzYvM6N9+Rnfk1uTuUB3WDBOjr
nuRWtn0M/Vu376U6ie8+YXXV2KMO8pHhH2Y5HgTCeS/6VAzK14k/bfhw4fBbYU+a
8MhSEAI/4rBYDkKcTujX+U/tft7krzbngbmETrTX7lM2i3hUaSxL1HXfueLwfCqr
yzX5OI+Anq9cmr8sqQNN9EBBUzXiSowyD2YgiFxnJCKxj0Z0KUi42YZdEVuA/xjO
HYtEgvosnUeu6Mj6oWcfvcv41FtnSsmLREhNXYT9W0pWcNCVeaFNSMvA4JBqVknA
pK+Uz36yO/jSXwh9TnJmTVCyX1brD6jpXafvosNqu0Jr+QRjMxxyUDnvhwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCn5fL2ub+LCVEJ6K2mdf6qnYmQNMB8GA1UdIwQY
MBaAFIavquLj4FQHOjiqtjXclkYO70h+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzIt
NDcyMDQwYjI0N2Y2LzEvS2ZsOHZhNXY0c0pVUW5vcmFaMV9xcWRpWkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNzZhMWEtMzcyNC00OTViLWFjNzItNDcyMDQwYjI0N2Y2
LzEvaHEtcTR1UGdWQWM2T0txMk5keVdSZzd2U0g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAUPlzAwQA
uUniAwQAuWrIAwQAud+gAwQAwxwKAwQBwxyoMA0GCSqGSIb3DQEBCwUAA4IBAQBt
jiSlOI92EgKOTRZPtCcB30+anupMj74TDqmYBFjNhAZaBKnpP/puI3dddNWIoxTM
J+cSPQEtVud5JT+WveR9jFFeKrR2Lml4XKFyL1teEqLaPOSq90dJqJ39ErCTxspB
WTWkThU3TBZa+/AhA6gjrMD2bbbWcIoZTVr8+TzHyv5cpiV2ZT8k5vk1/QBciqZ2
vEKX00DSf64ShpbYuTiVpFOsIbcRz5pFxD1H0AgeUShaslY4mP4FqIN7BLd9LsAt
mmFzoylrRNwoAnKeAsX3aSWTua6ORvfNXc2QxIEa0SttPMvjUxqjmcfgLhRJUqxg
qwZOr5syvr2H9KKVWvj0
-----END CERTIFICATE-----
Generated at Wed Dec 25 21:27:25 2024 by rpki-client on console.sobornost.net