Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/OfxRKdN2bPZI0fvyGrpUm_OCPQs.roa
File: OfxRKdN2bPZI0fvyGrpUm_OCPQs.roa (raw, json)
Hash identifier: lVQukuR8pvFzQlCkS5KRF6YO+By1WT+Hs0uHk5OATm0=
Subject key identifier: 39:FC:51:29:D3:76:6C:F6:48:D1:FB:F2:1A:BA:54:9B:F3:82:3D:0B
Certificate issuer: /CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
Certificate serial: 01941FFAB521F3EEA0F41CF10E33C1BCCE78
Authority key identifier: 9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/OfxRKdN2bPZI0fvyGrpUm_OCPQs.roa
Signing time: Wed 01 Jan 2025 03:48:31 +0000
ROA not before: Wed 01 Jan 2025 03:48:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207353
IP address blocks: 89.248.230.0/24 maxlen: 24
193.243.161.0/24 maxlen: 24
195.246.246.0/24 maxlen: 24
195.246.247.0/24 maxlen: 24
195.246.248.0/24 maxlen: 24
195.246.249.0/24 maxlen: 24
217.199.213.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:b5:21:f3:ee:a0:f4:1c:f1:0e:33:c1:bc:ce:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c73d9453fbedfb80c4543bb529fc330c1f8c1ce
Validity
Not Before: Jan 1 03:48:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=39fc5129d3766cf648d1fbf21aba549bf3823d0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:fd:7b:26:c1:2d:ab:1e:69:c9:8d:35:be:90:
ca:6f:da:a0:c9:41:e4:89:fb:29:09:e6:e4:91:88:
21:ea:fb:96:11:bc:c2:8f:47:8f:b6:29:81:93:e5:
d8:4c:ab:b7:4a:37:e6:72:53:56:72:13:23:73:79:
5f:1a:bd:7d:32:cb:20:c1:63:c5:5d:25:50:b0:3b:
7c:a5:07:3b:33:ad:b5:40:f0:b4:f5:61:90:e5:11:
f3:58:68:c7:0b:56:9d:17:c1:2d:75:ed:8c:92:dc:
3c:ca:d5:61:5f:eb:9b:51:4b:f5:d3:e4:e3:c6:b8:
db:aa:8f:78:50:19:91:24:a0:1d:50:46:11:0f:e5:
27:00:80:ff:8c:aa:25:a3:22:5f:b5:9f:77:cb:aa:
f3:d8:b6:63:8b:21:93:c6:a1:4b:09:4b:77:e1:9b:
c7:a4:3c:dd:3f:69:29:0f:60:6b:f4:c7:19:9f:d2:
e3:6c:c7:16:a1:bb:75:02:13:2f:b3:53:58:8b:4f:
1a:54:74:fd:0c:c8:e8:42:e8:bc:71:bc:44:44:a3:
e0:ac:3d:9f:e7:48:51:6b:fe:7d:21:7a:d8:d6:ba:
0a:f9:80:6b:c0:7b:cd:31:bf:a0:1b:f9:5d:ae:c0:
4b:4d:ad:64:11:21:6a:92:9b:c8:53:0b:a6:5e:25:
69:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:FC:51:29:D3:76:6C:F6:48:D1:FB:F2:1A:BA:54:9B:F3:82:3D:0B
X509v3 Authority Key Identifier:
keyid:9C:73:D9:45:3F:BE:DF:B8:0C:45:43:BB:52:9F:C3:30:C1:F8:C1:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nHPZRT--37gMRUO7Up_DMMH4wc4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/OfxRKdN2bPZI0fvyGrpUm_OCPQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/b35379-2122-4191-8821-c47e18df0371/1/nHPZRT--37gMRUO7Up_DMMH4wc4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.248.230.0/24
193.243.161.0/24
195.246.246.0-195.246.249.255
217.199.213.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:13:89:7a:c0:07:02:6d:a3:19:4d:89:23:86:c8:6b:b5:ed:
05:45:09:9d:e2:f6:b3:cd:3e:22:8c:a7:af:a3:b1:0c:19:0c:
12:6c:5a:cc:be:0d:78:a6:47:95:77:f4:8d:cd:fd:3e:02:a6:
69:07:16:7a:7d:66:05:ec:1a:31:41:9e:ed:ec:84:e6:5f:c9:
dd:cd:2f:77:55:f2:9c:c5:a7:66:1f:de:a6:98:f4:31:a8:27:
37:6c:90:68:42:f2:45:6e:e3:e2:62:28:24:cb:01:d0:34:71:
90:5d:a2:0e:55:8a:77:9f:f1:87:26:b0:0e:34:71:be:4b:b4:
cf:d5:41:4f:96:9d:14:f1:7f:6c:c9:bf:21:5a:ba:a4:9f:30:
ba:55:2b:c5:cc:7a:35:29:a2:24:21:34:e4:27:33:2d:84:50:
58:30:bc:f1:c0:4f:c3:e9:08:f4:53:90:bb:d2:13:1c:c5:d3:
0d:98:5c:e4:cc:41:0e:80:f0:0c:e6:ae:b5:5a:a4:6c:cb:29:
89:00:7d:2e:d7:89:bd:45:ca:d2:09:d5:79:d6:0c:13:23:d9:
b1:0c:b7:79:24:30:4a:46:a8:55:f9:fb:e0:eb:4c:e2:58:b0:
f5:aa:8a:4e:82:35:0b:8c:c2:0c:72:35:b5:c2:bc:10:82:3d:
ea:9d:ec:2c
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQf+rUh8+6g9BzxDjPBvM54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNzNkOTQ1M2ZiZWRmYjgwYzQ1NDNiYjUyOWZjMzMwYzFm
OGMxY2UwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWZjNTEyOWQzNzY2Y2Y2NDhkMWZiZjIxYWJhNTQ5YmYzODIzZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/17JsEtqx5pyY01vpDKb9qgyUHk
ifspCebkkYgh6vuWEbzCj0ePtimBk+XYTKu3SjfmclNWchMjc3lfGr19MssgwWPF
XSVQsDt8pQc7M621QPC09WGQ5RHzWGjHC1adF8Etde2Mktw8ytVhX+ubUUv10+Tj
xrjbqo94UBmRJKAdUEYRD+UnAID/jKoloyJftZ93y6rz2LZjiyGTxqFLCUt34ZvH
pDzdP2kpD2Br9McZn9LjbMcWobt1AhMvs1NYi08aVHT9DMjoQui8cbxERKPgrD2f
50hRa/59IXrY1roK+YBrwHvNMb+gG/ldrsBLTa1kESFqkpvIUwumXiVp7QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFDn8USnTdmz2SNH78hq6VJvzgj0LMB8GA1UdIwQY
MBaAFJxz2UU/vt+4DEVDu1KfwzDB+MHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEt
YzQ3ZTE4ZGYwMzcxLzEvT2Z4UktkTjJiUFpJMGZ2eUdycFVtX09DUFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9iMzUzNzktMjEyMi00MTkxLTg4MjEtYzQ3ZTE4ZGYwMzcx
LzEvbkhQWlJULS0zN2dNUlVPN1VwX0RNTUg0d2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAWfjmAwQA
wfOhMAwDBAHD9vYDBAHD9vgDBADZx9UwDQYJKoZIhvcNAQELBQADggEBAH0TiXrA
BwJtoxlNiSOGyGu17QVFCZ3i9rPNPiKMp6+jsQwZDBJsWsy+DXimR5V39I3N/T4C
pmkHFnp9ZgXsGjFBnu3shOZfyd3NL3dV8pzFp2Yf3qaY9DGoJzdskGhC8kVu4+Ji
KCTLAdA0cZBdog5Vinef8YcmsA40cb5LtM/VQU+WnRTxf2zJvyFauqSfMLpVK8XM
ejUpoiQhNOQnMy2EUFgwvPHAT8PpCPRTkLvSExzF0w2YXOTMQQ6A8AzmrrVapGzL
KYkAfS7Xib1FytIJ1XnWDBMj2bEMt3kkMEpGqFX5++DrTOJYsPWqik6CNQuMwgxy
NbXCvBCCPeqd7Cw=
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:31:39 2025 by rpki-client on console.sobornost.net