Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XlBtYMQh1PLXCp30t9jEQOj5LxA.roa
File: XlBtYMQh1PLXCp30t9jEQOj5LxA.roa (raw, json)
Hash identifier: mtwnvNyAQpKl85j1yU0awApeoGkT4HovhSTDWYY/nz8=
Subject key identifier: 5E:50:6D:60:C4:21:D4:F2:D7:0A:9D:F4:B7:D8:C4:40:E8:F9:2F:10
Certificate issuer: /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial: 01941F8CC7C64C2B7AD1E8176F611CE6B162
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XlBtYMQh1PLXCp30t9jEQOj5LxA.roa
Signing time: Wed 01 Jan 2025 01:48:27 +0000
ROA not before: Wed 01 Jan 2025 01:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212949
IP address blocks: 89.33.108.0/22 maxlen: 24
167.160.6.0/23 maxlen: 24
167.160.8.0/23 maxlen: 24
167.160.22.0/23 maxlen: 24
167.160.24.0/23 maxlen: 24
185.19.24.0/22 maxlen: 24
217.61.88.0/21 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:c7:c6:4c:2b:7a:d1:e8:17:6f:61:1c:e6:b1:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Validity
Not Before: Jan 1 01:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e506d60c421d4f2d70a9df4b7d8c440e8f92f10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:87:4c:99:59:22:1e:9a:d9:f3:32:90:f7:b3:
1a:fc:94:f6:5c:93:86:fc:2a:e3:09:9c:c4:74:d3:
78:67:2e:21:dc:54:35:0b:fa:e1:10:b1:46:ae:3f:
59:c3:2a:8a:10:b9:67:ab:e0:46:37:aa:0d:d1:82:
db:67:09:13:21:28:c0:0c:7a:38:19:ea:0f:0c:56:
fe:dc:bf:af:27:f4:b0:6e:f6:b4:fe:39:4a:1b:e6:
42:1a:53:a2:b6:cd:e0:d0:80:46:31:c9:f6:c0:77:
3d:1b:2c:f2:1e:9a:ff:26:40:ef:42:51:90:f1:de:
50:3f:65:b5:c7:39:f1:4e:d9:14:17:31:ce:47:68:
05:23:d3:21:1e:58:67:e9:39:27:6f:0f:03:10:52:
59:bc:1c:54:2f:06:2a:36:0c:14:9e:6b:c3:bc:8c:
0a:66:05:8a:f1:02:06:ca:70:8a:d4:cb:c3:a8:1d:
4e:4a:51:a2:ec:71:b9:b0:d7:e5:e3:29:50:76:d8:
a7:bb:ee:72:1f:46:08:27:74:23:51:1d:c9:ce:1e:
d6:e3:fb:37:7d:bc:e3:5c:1a:38:fe:53:24:9f:24:
b7:a7:f8:8e:1c:ce:16:f2:12:2a:f5:62:ff:bd:2b:
d2:39:38:d4:aa:5b:69:6e:90:98:62:ce:77:ce:e8:
ad:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:50:6D:60:C4:21:D4:F2:D7:0A:9D:F4:B7:D8:C4:40:E8:F9:2F:10
X509v3 Authority Key Identifier:
keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/XlBtYMQh1PLXCp30t9jEQOj5LxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.108.0/22
167.160.6.0-167.160.9.255
167.160.22.0-167.160.25.255
185.19.24.0/22
217.61.88.0/21
Signature Algorithm: sha256WithRSAEncryption
b3:33:3f:a9:31:90:99:4d:e6:50:9d:a6:bb:2c:26:3c:c1:16:
94:2d:07:1e:53:e6:6e:bc:31:0b:a7:ab:74:05:8f:0b:ee:cf:
c4:e8:05:8f:16:49:f9:76:54:cb:31:4f:44:36:33:5b:d6:df:
6a:ac:32:6a:4c:73:f2:35:82:74:4e:5c:fb:4b:26:79:ef:6f:
67:cf:f2:33:01:f1:af:07:f4:d6:aa:b0:12:07:a4:cb:a2:3a:
44:d0:65:9a:dd:9e:52:55:5f:7d:4f:72:df:19:07:7f:6d:ec:
d6:fa:bb:c3:06:6f:51:9e:70:e6:54:02:5c:8e:5c:b0:2f:1a:
cb:7f:4b:9b:17:56:18:c2:e7:62:25:8a:f4:79:c6:8f:48:68:
e7:7f:5e:57:55:9e:b1:93:17:89:d4:26:2d:37:7c:6a:fd:b8:
01:f1:5e:5e:1b:19:22:63:4d:b5:1b:a9:a9:a9:48:0f:35:de:
47:5f:71:be:87:26:2b:d0:7c:a4:9b:05:a3:72:43:46:66:e3:
eb:88:73:0e:d3:66:45:ae:89:cc:2f:2e:4e:6c:a7:55:5a:92:
a2:4c:c7:68:40:06:5c:76:09:82:79:ff:41:e9:c7:31:12:b0:
63:41:7e:ec:d5:65:03:48:7c:67:19:64:55:15:29:52:f0:b5:
fb:bb:dd:63
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZQfjMfGTCt60egXb2Ec5rFiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUwNmQ2MGM0MjFkNGYyZDcwYTlkZjRiN2Q4YzQ0MGU4ZjkyZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvodMmVkiHprZ8zKQ97Ma/JT2XJOG
/CrjCZzEdNN4Zy4h3FQ1C/rhELFGrj9ZwyqKELlnq+BGN6oN0YLbZwkTISjADHo4
GeoPDFb+3L+vJ/Swbva0/jlKG+ZCGlOits3g0IBGMcn2wHc9GyzyHpr/JkDvQlGQ
8d5QP2W1xznxTtkUFzHOR2gFI9MhHlhn6Tknbw8DEFJZvBxULwYqNgwUnmvDvIwK
ZgWK8QIGynCK1MvDqB1OSlGi7HG5sNfl4ylQdtinu+5yH0YIJ3QjUR3Jzh7W4/s3
fbzjXBo4/lMknyS3p/iOHM4W8hIq9WL/vSvSOTjUqltpbpCYYs53zuitjwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFF5QbWDEIdTy1wqd9LfYxEDo+S8QMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvWGxCdFlNUWgxUExYQ3AzMHQ5akVRT2o1THhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCWSFsMAwD
BAGnoAYDBAGnoAgwDAMEAaegFgMEAaegGAMEArkTGAMEA9k9WDANBgkqhkiG9w0B
AQsFAAOCAQEAszM/qTGQmU3mUJ2muywmPMEWlC0HHlPmbrwxC6erdAWPC+7PxOgF
jxZJ+XZUyzFPRDYzW9bfaqwyakxz8jWCdE5c+0smee9vZ8/yMwHxrwf01qqwEgek
y6I6RNBlmt2eUlVffU9y3xkHf23s1vq7wwZvUZ5w5lQCXI5csC8ay39LmxdWGMLn
YiWK9HnGj0ho539eV1WesZMXidQmLTd8av24AfFeXhsZImNNtRupqalIDzXeR19x
vocmK9B8pJsFo3JDRmbj64hzDtNmRa6JzC8uTmynVVqSokzHaEAGXHYJgnn/QenH
MRKwY0F+7NVlA0h8ZxlkVRUpUvC1+7vdYw==
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:32:02 2025 by rpki-client on console.sobornost.net