Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/iEKvPS8SPLhC7hkJanIn7-E66Ko.roa
File: iEKvPS8SPLhC7hkJanIn7-E66Ko.roa (raw, json)
Hash identifier: uTaTvTMzaWdAm9ayVhgfeDfN1emMfvXMmA8i6uXhGqU=
Subject key identifier: 88:42:AF:3D:2F:12:3C:B8:42:EE:19:09:6A:72:27:EF:E1:3A:E8:AA
Certificate issuer: /CN=84b87af5334c5c45141b6675a9ed46e57b7976ac
Certificate serial: 019589C73962EB6C8A9D65FC98B26AEB54BF
Authority key identifier: 84:B8:7A:F5:33:4C:5C:45:14:1B:66:75:A9:ED:46:E5:7B:79:76:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hLh69TNMXEUUG2Z1qe1G5Xt5dqw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/iEKvPS8SPLhC7hkJanIn7-E66Ko.roa
Signing time: Wed 12 Mar 2025 09:54:49 +0000
ROA not before: Wed 12 Mar 2025 09:54:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 197696
IP address blocks: 31.170.8.0/21 maxlen: 21
31.170.8.0/22 maxlen: 22
31.170.13.0/24 maxlen: 24
185.236.224.0/22 maxlen: 22
185.236.224.0/24 maxlen: 24
185.236.224.1/32 maxlen: 32
185.236.224.2/32 maxlen: 32
185.236.226.0/23 maxlen: 23
185.236.226.0/24 maxlen: 24
2a01:9500::/32 maxlen: 32
2a01:9500::/42 maxlen: 42
2a01:9500:26::/48 maxlen: 48
2a01:9500:80::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:89:c7:39:62:eb:6c:8a:9d:65:fc:98:b2:6a:eb:54:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=84b87af5334c5c45141b6675a9ed46e57b7976ac
Validity
Not Before: Mar 12 09:54:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8842af3d2f123cb842ee19096a7227efe13ae8aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:25:ce:ec:30:14:ed:39:bb:1f:cb:91:26:9e:
46:1d:9a:d2:47:00:df:76:e2:f7:85:34:d8:55:8a:
32:4a:f4:c8:82:8b:87:a7:b8:07:5c:76:76:8b:03:
5f:52:5b:f5:54:f8:8a:b1:8e:7a:8c:d7:a5:ac:71:
8e:ea:da:77:2a:14:de:a7:58:f9:b3:c6:3e:3b:a3:
2c:07:cc:34:d8:27:a3:52:5b:a1:e0:85:ca:2f:dc:
d6:6f:59:68:25:96:d1:2d:63:eb:b1:c9:07:e1:22:
22:80:cf:bc:04:69:b7:76:07:fe:c8:2d:f1:88:c0:
ab:fb:b8:50:78:3f:b8:df:81:cb:42:a3:76:9d:de:
4d:43:f3:e5:83:8d:ef:55:af:39:9e:cf:96:db:ee:
6f:ed:b8:12:4a:16:d6:ba:32:5b:1a:65:3e:ba:1d:
a4:85:b2:b8:e5:68:f6:61:88:68:7e:b3:48:0c:5b:
24:5a:e1:dc:81:6f:e6:bd:aa:22:fa:e0:ed:44:59:
11:99:11:2a:e0:a6:22:51:5c:56:77:34:2c:77:c2:
0c:1c:b1:68:3b:b9:4f:5e:42:10:24:13:3a:8a:a1:
f4:1f:83:45:f2:c5:c9:cf:ae:d6:72:f8:23:36:50:
36:5a:af:16:2b:9c:3e:da:e8:19:58:41:e9:2f:bf:
04:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:42:AF:3D:2F:12:3C:B8:42:EE:19:09:6A:72:27:EF:E1:3A:E8:AA
X509v3 Authority Key Identifier:
keyid:84:B8:7A:F5:33:4C:5C:45:14:1B:66:75:A9:ED:46:E5:7B:79:76:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLh69TNMXEUUG2Z1qe1G5Xt5dqw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/iEKvPS8SPLhC7hkJanIn7-E66Ko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/b7bac3-f62d-4142-af3c-2e984fbff8b1/1/hLh69TNMXEUUG2Z1qe1G5Xt5dqw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.8.0/21
185.236.224.0/22
IPv6:
2a01:9500::/32
Signature Algorithm: sha256WithRSAEncryption
4c:fb:e5:c5:53:e4:40:76:65:ff:96:bb:3d:71:25:30:65:33:
3b:05:40:0d:9b:a8:35:c4:9d:53:9c:78:c8:d2:78:26:cd:a3:
69:1f:5c:94:cf:11:5a:71:da:ed:a1:dc:42:60:f0:6f:8a:fa:
ce:43:4e:7f:73:ad:8c:7c:57:fa:dc:48:90:18:ae:fb:62:47:
20:57:04:c5:a3:f0:d2:ec:f4:f1:c7:b9:cc:cf:fa:ac:ed:1a:
b9:2c:af:4a:87:03:b5:aa:2c:ac:97:8b:79:14:c1:07:f7:f8:
39:9a:c3:5a:58:35:82:f4:0b:6b:9f:e2:ee:cc:77:e3:70:1d:
a3:53:17:1b:15:ce:53:73:61:0f:7e:0e:2a:2c:e0:ac:a3:c5:
2a:25:25:70:03:84:db:3d:4e:b3:17:06:58:5e:13:de:0e:11:
a1:f3:c4:8a:cf:9e:af:d8:29:a5:11:6c:7a:95:0a:53:14:10:
b9:f4:e3:26:18:ac:32:f8:b6:42:97:bd:7f:b6:05:4c:d8:3a:
4f:e1:89:73:9f:33:a9:a1:8b:f3:d2:f5:0f:ef:a6:63:59:ca:
6f:bb:4a:27:7e:f3:72:29:83:b6:d7:07:7b:05:43:ac:d9:65:
9a:ed:a8:61:9e:ac:27:90:79:8a:7a:58:7e:2a:0f:57:fc:a4:
97:12:21:7f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZWJxzli62yKnWX8mLJq61S/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0Yjg3YWY1MzM0YzVjNDUxNDFiNjY3NWE5ZWQ0NmU1N2I3
OTc2YWMwHhcNMjUwMzEyMDk1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODQyYWYzZDJmMTIzY2I4NDJlZTE5MDk2YTcyMjdlZmUxM2FlOGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziXO7DAU7Tm7H8uRJp5GHZrSRwDf
duL3hTTYVYoySvTIgouHp7gHXHZ2iwNfUlv1VPiKsY56jNelrHGO6tp3KhTep1j5
s8Y+O6MsB8w02CejUluh4IXKL9zWb1loJZbRLWPrsckH4SIigM+8BGm3dgf+yC3x
iMCr+7hQeD+434HLQqN2nd5NQ/Plg43vVa85ns+W2+5v7bgSShbWujJbGmU+uh2k
hbK45Wj2YYhofrNIDFskWuHcgW/mvaoi+uDtRFkRmREq4KYiUVxWdzQsd8IMHLFo
O7lPXkIQJBM6iqH0H4NF8sXJz67WcvgjNlA2Wq8WK5w+2ugZWEHpL78ElQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIhCrz0vEjy4Qu4ZCWpyJ+/hOuiqMB8GA1UdIwQY
MBaAFIS4evUzTFxFFBtmdantRuV7eXasMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExoNjlUTk1YRVVVRzJaMXFlMUc1WHQ1ZHF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9iN2JhYzMtZjYyZC00MTQyLWFmM2Mt
MmU5ODRmYmZmOGIxLzEvaUVLdlBTOFNQTGhDN2hrSmFuSW43LUU2NktvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9iN2JhYzMtZjYyZC00MTQyLWFmM2MtMmU5ODRmYmZmOGIx
LzEvaExoNjlUTk1YRVVVRzJaMXFlMUc1WHQ1ZHF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDH6oIAwQC
uezgMA0EAgACMAcDBQAqAZUAMA0GCSqGSIb3DQEBCwUAA4IBAQBM++XFU+RAdmX/
lrs9cSUwZTM7BUANm6g1xJ1TnHjI0ngmzaNpH1yUzxFacdrtodxCYPBvivrOQ05/
c62MfFf63EiQGK77YkcgVwTFo/DS7PTxx7nMz/qs7Rq5LK9KhwO1qiysl4t5FMEH
9/g5msNaWDWC9Atrn+LuzHfjcB2jUxcbFc5Tc2EPfg4qLOCso8UqJSVwA4TbPU6z
FwZYXhPeDhGh88SKz56v2CmlEWx6lQpTFBC59OMmGKwy+LZCl71/tgVM2DpP4Ylz
nzOpoYvz0vUP76ZjWcpvu0onfvNyKYO21wd7BUOs2WWa7ahhnqwnkHmKelh+Kg9X
/KSXEiF/
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:29:18 2025 by rpki-client on console.sobornost.net