Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/oqABzLnfbsDsIn5kWplXBMzY43Q.roa
File: oqABzLnfbsDsIn5kWplXBMzY43Q.roa (raw, json)
Hash identifier: 9f8YlT5OwrLMMipcAAqwOnsbNvAc7ctfNIT3GMCo+9I=
Subject key identifier: A2:A0:01:CC:B9:DF:6E:C0:EC:22:7E:64:5A:99:57:04:CC:D8:E3:74
Certificate issuer: /CN=fa1b2478dfe0f33a278b13f42dd319601d6378a8
Certificate serial: 018CC34941B0AD7E2A2DE1C2AAD045B964D1
Authority key identifier: FA:1B:24:78:DF:E0:F3:3A:27:8B:13:F4:2D:D3:19:60:1D:63:78:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/oqABzLnfbsDsIn5kWplXBMzY43Q.roa
Signing time: Mon 01 Jan 2024 04:30:07 +0000
ROA not before: Mon 01 Jan 2024 04:30:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207647
IP address blocks: 87.239.9.0/24 maxlen: 24
87.239.8.0/24 maxlen: 24
87.239.10.0/24 maxlen: 24
87.239.12.0/24 maxlen: 24
87.239.15.0/24 maxlen: 24
87.239.14.0/24 maxlen: 24
87.239.13.0/24 maxlen: 24
2001:678:6a0::/48 maxlen: 48
2a13:da40::/29 maxlen: 29
2001:678:be4::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:49:41:b0:ad:7e:2a:2d:e1:c2:aa:d0:45:b9:64:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fa1b2478dfe0f33a278b13f42dd319601d6378a8
Validity
Not Before: Jan 1 04:30:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a2a001ccb9df6ec0ec227e645a995704ccd8e374
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:8d:6e:92:d6:a0:70:84:27:06:fa:77:b8:ea:
d9:b6:10:58:4c:6b:4f:6f:2b:60:61:00:f6:ab:db:
ee:68:c5:a6:c3:9e:4b:69:08:be:a2:3f:c5:72:8e:
df:83:95:c0:61:5b:8d:e2:e7:00:ae:07:76:a5:af:
c0:63:99:ba:b6:b7:52:aa:b3:b5:3b:d2:c6:1e:56:
27:0f:09:e1:c6:65:24:31:82:ac:89:a3:21:58:5e:
de:9e:cc:88:94:b9:a8:c9:30:d4:fd:c7:17:cc:3e:
54:eb:c9:e2:53:39:cb:20:73:0a:b9:df:c4:8b:44:
f9:f9:88:a6:22:d5:8b:2d:be:0c:82:33:48:ba:20:
24:1e:8c:8d:39:e5:56:aa:cc:89:1d:de:54:d9:52:
a3:1a:46:11:f7:25:c5:ff:9f:8b:0a:d7:30:d7:87:
d9:e0:c2:e1:9b:f1:ab:2c:b4:24:3d:ca:9d:56:b9:
4d:f6:28:a4:7e:4e:37:7d:39:6a:82:40:4a:35:9f:
51:02:62:41:89:e5:ed:1c:7b:27:2f:d3:96:e4:05:
d6:50:d4:35:d2:26:68:47:5e:a2:bc:85:0e:1a:97:
b4:03:cc:3b:cd:3c:f8:d3:4a:7e:3c:c7:ce:1c:8d:
34:bf:18:a1:55:ab:e8:4a:73:f6:a9:3a:c5:57:40:
6a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:A0:01:CC:B9:DF:6E:C0:EC:22:7E:64:5A:99:57:04:CC:D8:E3:74
X509v3 Authority Key Identifier:
keyid:FA:1B:24:78:DF:E0:F3:3A:27:8B:13:F4:2D:D3:19:60:1D:63:78:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-hskeN_g8zonixP0LdMZYB1jeKg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/oqABzLnfbsDsIn5kWplXBMzY43Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/08a9c8-4be3-4682-af82-2a1cce7d2c65/1/1-hskeN_g8zonixP0LdMZYB1jeKg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.239.8.0-87.239.10.255
87.239.12.0/22
IPv6:
2001:678:6a0::/48
2001:678:be4::/48
2a13:da40::/29
Signature Algorithm: sha256WithRSAEncryption
79:1a:51:42:ad:0d:fe:45:c4:62:4d:b5:fc:fb:13:7a:0e:ed:
42:e0:c3:b3:66:3d:91:1d:af:9d:bc:2a:9e:f0:b6:2f:9e:02:
c8:cd:6b:28:3e:e7:8d:e5:83:76:97:28:a2:f3:a9:ec:3a:93:
4f:a8:8a:5e:23:f0:b3:40:f9:68:19:63:d8:a2:d1:bd:fd:e7:
a4:c4:52:41:21:c3:5d:71:5b:85:3a:f7:87:b3:45:2f:7f:aa:
8c:d4:f0:8d:fe:6a:31:66:c2:47:ad:03:96:46:74:e5:72:ff:
e9:5a:87:9a:a4:f3:e1:9a:c5:1d:5e:c5:da:87:83:ea:0c:a0:
10:e4:2d:c2:7a:bd:2b:2e:86:bb:c3:41:3d:e0:21:40:43:8b:
2b:c1:c2:17:a3:83:5f:57:20:34:8a:a4:a1:34:e4:49:82:83:
d9:9d:fe:6f:14:bf:fe:9a:77:1e:2c:39:15:c7:23:73:7b:ba:
c3:1d:b7:6c:a1:21:29:07:d0:81:a7:35:24:a6:85:93:94:14:
65:37:be:9a:eb:15:cc:8f:d0:df:a7:73:64:92:f2:68:e0:50:
e5:ea:88:48:1e:97:2b:46:77:9a:6f:75:78:49:d6:11:a3:25:
c5:eb:30:e1:27:e2:9c:f2:5c:fc:ba:2e:9b:ae:22:70:5b:d9:
c9:7b:7f:8c
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYzDSUGwrX4qLeHCqtBFuWTRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWIyNDc4ZGZlMGYzM2EyNzhiMTNmNDJkZDMxOTYwMWQ2
Mzc4YTgwHhcNMjQwMTAxMDQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmEwMDFjY2I5ZGY2ZWMwZWMyMjdlNjQ1YTk5NTcwNGNjZDhlMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo1uktagcIQnBvp3uOrZthBYTGtP
bytgYQD2q9vuaMWmw55LaQi+oj/Fco7fg5XAYVuN4ucArgd2pa/AY5m6trdSqrO1
O9LGHlYnDwnhxmUkMYKsiaMhWF7ensyIlLmoyTDU/ccXzD5U68niUznLIHMKud/E
i0T5+YimItWLLb4MgjNIuiAkHoyNOeVWqsyJHd5U2VKjGkYR9yXF/5+LCtcw14fZ
4MLhm/GrLLQkPcqdVrlN9iikfk43fTlqgkBKNZ9RAmJBieXtHHsnL9OW5AXWUNQ1
0iZoR16ivIUOGpe0A8w7zTz400p+PMfOHI00vxihVavoSnP2qTrFV0BqmQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFKKgAcy5327A7CJ+ZFqZVwTM2ON0MB8GA1UdIwQY
MBaAFPobJHjf4PM6J4sT9C3TGWAdY3ioMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oc2tlTl9nOHpvbml4UDBMZE1aWUIxamVLZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWYvMDhhOWM4LTRiZTMtNDY4Mi1hZjgy
LTJhMWNjZTdkMmM2NS8xL29xQUJ6TG5mYnNEc0luNWtXcGxYQk16WTQzUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYWYvMDhhOWM4LTRiZTMtNDY4Mi1hZjgyLTJhMWNjZTdkMmM2
NS8xLzEtaHNrZU5fZzh6b25peFAwTGRNWllCMWplS2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwTgYIKwYBBQUHAQcBAf8EPzA9MBoEAgABMBQwDAMEA1fv
CAMEAFfvCgMEAlfvDDAfBAIAAjAZAwcAIAEGeAagAwcAIAEGeAvkAwUDKhPaQDAN
BgkqhkiG9w0BAQsFAAOCAQEAeRpRQq0N/kXEYk21/PsTeg7tQuDDs2Y9kR2vnbwq
nvC2L54CyM1rKD7njeWDdpcoovOp7DqTT6iKXiPws0D5aBlj2KLRvf3npMRSQSHD
XXFbhTr3h7NFL3+qjNTwjf5qMWbCR60DlkZ05XL/6VqHmqTz4ZrFHV7F2oeD6gyg
EOQtwnq9Ky6Gu8NBPeAhQEOLK8HCF6ODX1cgNIqkoTTkSYKD2Z3+bxS//pp3Hiw5
Fccjc3u6wx23bKEhKQfQgac1JKaFk5QUZTe+musVzI/Q36dzZJLyaOBQ5eqISB6X
K0Z3mm91eEnWEaMlxesw4SfinPJc/Loum64icFvZyXt/jA==
-----END CERTIFICATE-----
Generated at Wed Dec 25 21:29:25 2024 by rpki-client on console.sobornost.net