Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KhQ0CVs-Ck885qIwKmvxvjmPLsM.roa
File: KhQ0CVs-Ck885qIwKmvxvjmPLsM.roa (raw, json)
Hash identifier: /r33WRe80jTEsaGazUEMoLIb6uHNXrdxV02fWNfbB8o=
Subject key identifier: 2A:14:34:09:5B:3E:0A:4F:3C:E6:A2:30:2A:6B:F1:BE:39:8F:2E:C3
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0195F04EB66E505B53C6E563B5505EA13603
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KhQ0CVs-Ck885qIwKmvxvjmPLsM.roa
Signing time: Tue 01 Apr 2025 07:44:05 +0000
ROA not before: Tue 01 Apr 2025 07:44:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16276
IP address blocks: 37.202.202.0/24 maxlen: 24
151.240.100.0/24 maxlen: 24
151.242.67.0/24 maxlen: 24
151.242.117.0/24 maxlen: 24
151.243.6.0/24 maxlen: 24
151.243.160.0/22 maxlen: 22
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f0:4e:b6:6e:50:5b:53:c6:e5:63:b5:50:5e:a1:36:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Apr 1 07:44:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a1434095b3e0a4f3ce6a2302a6bf1be398f2ec3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:1f:75:e5:9d:4a:38:6c:ba:a6:c6:00:71:a9:
25:99:6c:f7:0f:db:2f:76:48:81:32:dc:78:6e:65:
4a:be:0d:46:08:5f:c1:24:b9:75:de:dd:86:70:43:
35:c0:d4:b2:dc:44:04:ee:7e:ca:6d:91:75:bc:38:
28:47:ed:d4:07:97:62:73:a1:31:10:3b:1d:91:01:
c4:bd:c5:26:b7:86:de:91:74:f0:61:dc:88:7b:5f:
1b:7d:c0:20:2f:47:1c:d2:c5:70:fe:b2:93:e2:d4:
71:7b:9a:cc:66:58:5e:c8:d1:97:9a:86:10:65:83:
4f:8a:3f:83:b3:1a:9c:e6:ee:5a:8c:90:75:8d:d3:
55:79:19:8c:73:53:3e:49:c5:77:37:3a:eb:fc:06:
e0:73:74:7e:80:a2:08:b9:68:10:e3:3f:c2:62:96:
83:7c:41:b7:72:7f:66:17:6c:ef:97:98:36:7b:35:
47:44:b1:db:bc:82:5b:41:98:08:6b:ea:1c:7e:aa:
86:12:95:3e:8b:e0:01:c3:ea:16:32:d3:1c:7f:18:
95:eb:bf:21:1b:f3:83:40:f1:65:60:8c:e1:9a:41:
2a:64:5e:8b:1a:97:d5:2a:21:b7:ff:3a:0b:ae:1b:
31:e8:56:4f:fb:6d:37:c0:0e:dc:24:7f:fb:22:08:
db:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:14:34:09:5B:3E:0A:4F:3C:E6:A2:30:2A:6B:F1:BE:39:8F:2E:C3
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/KhQ0CVs-Ck885qIwKmvxvjmPLsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.202.0/24
151.240.100.0/24
151.242.67.0/24
151.242.117.0/24
151.243.6.0/24
151.243.160.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:c6:74:04:69:a0:8e:f9:bd:42:88:eb:cc:a9:af:c9:78:19:
90:1a:ce:54:54:a7:34:36:ca:58:b8:31:a5:17:3a:6f:16:9c:
f7:08:62:9b:a4:a9:47:8d:a8:79:55:e6:c4:cf:3b:4e:fa:dd:
77:4c:dd:70:1a:a9:76:ab:b0:5e:0e:de:0d:db:9d:5a:6f:51:
66:a2:5a:21:16:ac:aa:bc:68:09:26:39:0b:40:ac:58:7d:e5:
f2:20:b1:60:be:34:f5:ce:8d:6a:4f:bc:89:7d:dc:0c:0b:91:
49:d5:e2:ee:20:19:52:26:9c:47:88:0f:54:cd:52:a5:e6:87:
f7:b1:dc:3b:22:77:7e:39:d5:85:3e:73:cf:57:a3:6c:5c:2a:
ce:87:a5:30:04:dd:0e:29:4e:b3:81:0f:8b:9f:ad:5a:76:2c:
d0:19:ee:d0:7a:dc:1e:c9:42:90:8c:9a:cb:6e:a6:89:15:77:
7e:da:45:8c:50:7e:9f:f7:d1:3d:ce:c0:bc:75:95:5d:dd:52:
4b:ea:4e:c7:0b:30:65:50:3a:fb:06:f9:a2:d2:98:64:6a:36:
11:c0:d9:0f:15:35:27:70:40:46:5c:46:14:fb:6a:77:b7:d3:
e2:56:10:bc:e9:80:b6:44:9e:18:7f:99:a5:3f:bd:c5:0d:40:
c8:f6:ab:1b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZXwTrZuUFtTxuVjtVBeoTYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNDAxMDc0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTE0MzQwOTViM2UwYTRmM2NlNmEyMzAyYTZiZjFiZTM5OGYyZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB915Z1KOGy6psYAcaklmWz3D9sv
dkiBMtx4bmVKvg1GCF/BJLl13t2GcEM1wNSy3EQE7n7KbZF1vDgoR+3UB5dic6Ex
EDsdkQHEvcUmt4bekXTwYdyIe18bfcAgL0cc0sVw/rKT4tRxe5rMZlheyNGXmoYQ
ZYNPij+Dsxqc5u5ajJB1jdNVeRmMc1M+ScV3Nzrr/Abgc3R+gKIIuWgQ4z/CYpaD
fEG3cn9mF2zvl5g2ezVHRLHbvIJbQZgIa+ocfqqGEpU+i+ABw+oWMtMcfxiV678h
G/ODQPFlYIzhmkEqZF6LGpfVKiG3/zoLrhsx6FZP+203wA7cJH/7IgjbNwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFCoUNAlbPgpPPOaiMCpr8b45jy7DMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvS2hRMENWcy1Dazg4NXFJd0ttdnh2am1QTHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAJcrKAwQA
l/BkAwQAl/JDAwQAl/J1AwQAl/MGAwQCl/OgMA0GCSqGSIb3DQEBCwUAA4IBAQAM
xnQEaaCO+b1CiOvMqa/JeBmQGs5UVKc0NspYuDGlFzpvFpz3CGKbpKlHjah5VebE
zztO+t13TN1wGql2q7BeDt4N251ab1FmolohFqyqvGgJJjkLQKxYfeXyILFgvjT1
zo1qT7yJfdwMC5FJ1eLuIBlSJpxHiA9UzVKl5of3sdw7Ind+OdWFPnPPV6NsXCrO
h6UwBN0OKU6zgQ+Ln61adizQGe7QetweyUKQjJrLbqaJFXd+2kWMUH6f99E9zsC8
dZVd3VJL6k7HCzBlUDr7Bvmi0phkajYRwNkPFTUncEBGXEYU+2p3t9PiVhC86YC2
RJ4Yf5mlP73FDUDI9qsb
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:29:23 2025 by rpki-client on console.sobornost.net