Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/KH3_fDhZQRg-yXyq0vBIRyHpscM.roa
File: KH3_fDhZQRg-yXyq0vBIRyHpscM.roa (raw, json)
Hash identifier: 1JhdYACAm2vKjYy3bW6WI11Cv1vQ6ZNSdGqhZ7ecrCc=
Subject key identifier: 28:7D:FF:7C:38:59:41:18:3E:C9:7C:AA:D2:F0:48:47:21:E9:B1:C3
Certificate issuer: /CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Certificate serial: 0195FAAD81A13B455489ABDD81E529A89876
Authority key identifier: FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/KH3_fDhZQRg-yXyq0vBIRyHpscM.roa
Signing time: Thu 03 Apr 2025 08:03:49 +0000
ROA not before: Thu 03 Apr 2025 08:03:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13213
IP address blocks: 46.28.48.0/21 maxlen: 24
185.80.220.0/22 maxlen: 24
212.78.64.0/19 maxlen: 24
212.78.88.0/22 maxlen: 22
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:fa:ad:81:a1:3b:45:54:89:ab:dd:81:e5:29:a8:98:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Validity
Not Before: Apr 3 08:03:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=287dff7c385941183ec97caad2f0484721e9b1c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:f1:a2:ce:34:25:e7:9a:fa:c5:66:25:3b:26:
50:51:cb:d2:d4:fc:af:c6:86:33:a9:2f:1f:74:c0:
a3:95:25:67:a9:dd:de:87:b6:f6:82:76:70:c5:7e:
b4:f9:f8:c7:79:89:55:00:2e:1d:0d:2e:29:2b:12:
c2:e9:99:2e:4d:a8:2c:d7:07:28:1a:8d:30:bf:5d:
b0:9b:e0:7f:da:cd:5e:d8:24:26:15:d3:ee:67:84:
39:9f:20:cc:2b:0b:f2:f8:e3:ce:3b:67:92:a3:e2:
7e:1d:c3:3d:db:b0:d6:04:bc:bd:7c:04:a7:d3:9e:
0a:e1:eb:49:c0:c2:f1:b8:9e:5c:cc:f1:b1:85:72:
fc:6a:fb:08:68:1f:6c:73:57:0a:95:57:5c:9b:a5:
1c:3c:da:8a:53:43:54:7d:74:68:ce:3f:77:90:60:
56:3f:57:7d:18:96:5c:aa:dd:20:a3:f9:a1:31:b5:
73:b0:68:a7:0c:59:a1:c4:1e:29:2a:31:71:93:a2:
9a:1e:6d:48:c6:1d:f3:df:b4:10:a9:2c:90:8a:61:
a2:fd:f3:af:a5:55:cd:ca:8d:f8:48:d9:91:c6:19:
b1:69:92:3c:91:62:9b:6a:70:7e:58:ce:17:76:89:
29:b7:9b:94:40:68:30:7a:a1:fc:aa:a0:7d:0d:90:
26:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:7D:FF:7C:38:59:41:18:3E:C9:7C:AA:D2:F0:48:47:21:E9:B1:C3
X509v3 Authority Key Identifier:
keyid:FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/KH3_fDhZQRg-yXyq0vBIRyHpscM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.28.48.0/21
185.80.220.0/22
212.78.64.0/19
Signature Algorithm: sha256WithRSAEncryption
25:4f:91:8a:31:56:fa:7e:86:82:70:a4:7c:d7:ff:cf:d2:c1:
55:01:b0:5c:bc:ae:05:63:b0:68:1f:61:6a:9e:08:54:f9:58:
3d:91:28:8d:bf:d6:af:eb:4e:b2:c7:ae:81:df:f7:11:6f:47:
7b:bc:b5:67:12:05:01:3d:2e:42:8d:54:fb:99:cc:4b:84:7d:
e2:4f:cf:2e:9a:af:fb:5a:51:b9:18:b4:f6:49:ce:41:a9:19:
51:5e:85:78:47:00:7e:c8:6a:e9:8c:dc:29:15:18:0f:02:f9:
f1:ed:cf:0b:31:6f:1e:28:c0:e9:fe:eb:db:bc:44:6e:1e:c3:
f7:7d:73:86:a5:63:2b:6e:3a:ca:af:92:dc:33:80:ac:a7:b9:
d8:bc:b4:a8:63:79:22:83:60:44:e2:42:d7:f4:bb:51:62:7b:
7d:72:62:db:f6:b8:15:72:8b:41:31:12:9b:bf:88:bb:9b:77:
63:31:f6:e8:14:28:1c:43:9d:29:00:a8:e2:1a:91:7e:e9:57:
f5:83:db:06:04:e6:3a:3a:8b:ee:68:7e:d6:b4:55:41:65:49:
66:c9:13:51:69:5d:94:8d:39:bf:ad:f2:8d:85:2c:2a:3c:42:
21:83:c8:28:d4:1e:0d:21:9a:d1:3b:8b:01:dd:fd:0c:63:5a:
8f:60:74:a0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZX6rYGhO0VUiavdgeUpqJh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYzM4MWY1M2YyNWRiYzJhMGVmYWJmODg5ZmNhMzI0MTk5
NThkZDAwHhcNMjUwNDAzMDgwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdkZmY3YzM4NTk0MTE4M2VjOTdjYWFkMmYwNDg0NzIxZTliMWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvGizjQl55r6xWYlOyZQUcvS1Pyv
xoYzqS8fdMCjlSVnqd3eh7b2gnZwxX60+fjHeYlVAC4dDS4pKxLC6ZkuTags1wco
Go0wv12wm+B/2s1e2CQmFdPuZ4Q5nyDMKwvy+OPOO2eSo+J+HcM927DWBLy9fASn
054K4etJwMLxuJ5czPGxhXL8avsIaB9sc1cKlVdcm6UcPNqKU0NUfXRozj93kGBW
P1d9GJZcqt0go/mhMbVzsGinDFmhxB4pKjFxk6KaHm1Ixh3z37QQqSyQimGi/fOv
pVXNyo34SNmRxhmxaZI8kWKbanB+WM4Xdokpt5uUQGgweqH8qqB9DZAmzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCh9/3w4WUEYPsl8qtLwSEch6bHDMB8GA1UdIwQY
MBaAFP/DgfU/JdvCoO+r+In8oyQZlY3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDkt
NmZlMzQ4MDVhNmM2LzEvS0gzX2ZEaFpRUmcteVh5cTB2QklSeUhwc2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDktNmZlMzQ4MDVhNmM2
LzEvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLhwwAwQC
uVDcAwQF1E5AMA0GCSqGSIb3DQEBCwUAA4IBAQAlT5GKMVb6foaCcKR81//P0sFV
AbBcvK4FY7BoH2FqnghU+Vg9kSiNv9av606yx66B3/cRb0d7vLVnEgUBPS5CjVT7
mcxLhH3iT88umq/7WlG5GLT2Sc5BqRlRXoV4RwB+yGrpjNwpFRgPAvnx7c8LMW8e
KMDp/uvbvERuHsP3fXOGpWMrbjrKr5LcM4Csp7nYvLSoY3kig2BE4kLX9LtRYnt9
cmLb9rgVcotBMRKbv4i7m3djMfboFCgcQ50pAKjiGpF+6Vf1g9sGBOY6OovuaH7W
tFVBZUlmyRNRaV2UjTm/rfKNhSwqPEIhg8go1B4NIZrRO4sB3f0MY1qPYHSg
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:32:32 2025 by rpki-client on console.sobornost.net