Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/EpG6DN4aBjhttZAw1Q1XQqE7-1s.roa
File: EpG6DN4aBjhttZAw1Q1XQqE7-1s.roa (raw, json)
Hash identifier: l6KmPb3Emr7cpoLQVZzViHX9jNPkSHPfBrkC7M4zEOg=
Subject key identifier: 12:91:BA:0C:DE:1A:06:38:6D:B5:90:30:D5:0D:57:42:A1:3B:FB:5B
Certificate issuer: /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial: 019422FB6C1B90BDF2FB576C70219FC29EE3
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/EpG6DN4aBjhttZAw1Q1XQqE7-1s.roa
Signing time: Wed 01 Jan 2025 17:48:10 +0000
ROA not before: Wed 01 Jan 2025 17:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210656
IP address blocks: 89.223.20.0/24 maxlen: 24
94.126.204.0/22 maxlen: 24
94.139.248.0/22 maxlen: 24
2a0d:d6c2::/48 maxlen: 48
2a0d:d6c7:3::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:6c:1b:90:bd:f2:fb:57:6c:70:21:9f:c2:9e:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Validity
Not Before: Jan 1 17:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1291ba0cde1a06386db59030d50d5742a13bfb5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:6f:f8:cc:b3:41:bc:ba:ba:6a:64:fd:25:a0:
be:82:85:ac:2a:44:f4:fd:2d:2c:b4:b6:22:75:56:
31:99:71:bb:a3:bd:61:bc:de:0a:30:6d:90:20:c9:
c2:59:89:ac:f4:7c:bc:d6:37:93:b3:b7:ce:ac:75:
95:9f:b5:c0:65:aa:1d:5b:56:7c:92:b1:20:46:84:
e8:ca:b3:a6:e0:e1:ef:f0:f8:f0:bf:ec:d6:2b:07:
98:6f:2e:a7:82:1a:47:7d:cb:29:93:fa:98:37:4a:
af:70:ca:4b:0d:ea:02:ef:1c:6c:9f:47:49:c8:83:
30:8f:ea:64:a2:0e:05:4c:d6:72:e0:b2:eb:b1:fd:
b4:ec:e9:fa:0a:eb:05:8f:e6:b4:56:ec:a4:af:fb:
13:00:ea:b0:13:ac:12:c0:93:5f:d8:cc:e4:b9:dc:
1b:76:5a:f2:31:95:16:5e:16:58:88:3f:4c:ec:c2:
7a:19:8d:c8:94:a8:d8:88:9e:f6:35:d9:8f:b1:2d:
75:31:37:80:7d:5b:0e:24:e7:d8:bd:cf:7c:0d:72:
d6:f3:11:90:bb:de:65:1f:b3:31:bd:99:1a:83:96:
61:7f:f2:cb:c2:92:41:fe:63:30:fd:05:04:b1:7c:
9b:eb:95:1c:ad:be:56:c0:d8:c7:25:77:1a:ae:ac:
91:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:91:BA:0C:DE:1A:06:38:6D:B5:90:30:D5:0D:57:42:A1:3B:FB:5B
X509v3 Authority Key Identifier:
keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/EpG6DN4aBjhttZAw1Q1XQqE7-1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.223.20.0/24
94.126.204.0/22
94.139.248.0/22
IPv6:
2a0d:d6c2::/48
2a0d:d6c7:3::/48
Signature Algorithm: sha256WithRSAEncryption
5c:40:81:16:b1:9d:3b:eb:f3:fb:62:93:95:06:8c:38:77:ac:
32:7d:c7:4b:d0:8c:27:24:e3:2d:ff:f4:eb:bf:2e:95:90:09:
9b:2f:48:38:eb:07:3c:34:a3:f9:b5:ee:d4:ce:c0:e7:4c:d1:
3c:c7:fb:81:e5:59:10:3d:00:83:3a:5d:0e:85:04:43:f1:1c:
65:c7:d3:02:9b:af:fc:5c:fc:62:e8:92:03:50:6a:d8:c8:f4:
b3:ef:b9:2e:e4:76:32:04:dc:9b:66:3f:f8:75:c7:08:be:e4:
59:88:ec:13:52:e3:eb:cd:b1:7b:68:00:13:ae:1f:d1:65:75:
7d:e9:7d:1b:d6:c9:bc:86:5f:f2:a2:18:f8:26:ad:f2:8b:62:
76:c6:39:ee:40:7e:7d:18:ee:a7:12:be:7f:cd:5c:d7:2b:d6:
25:94:51:99:53:b4:4d:e0:5e:0b:e1:c2:30:f1:44:1e:f2:9e:
40:da:c1:0f:06:30:2f:b6:0d:d1:1f:62:62:88:71:b9:5d:1b:
a0:cc:dd:b8:ce:0b:b5:ce:06:ab:8e:54:96:ba:e0:da:fb:65:
13:f9:8d:16:06:3b:f8:70:58:da:02:17:a8:c4:67:df:d2:3d:
e8:05:97:49:d5:a7:79:b9:95:68:4e:6f:8d:22:77:93:c6:87:
e5:dc:b7:28
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAZQi+2wbkL3y+1dscCGfwp7jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkxYmEwY2RlMWEwNjM4NmRiNTkwMzBkNTBkNTc0MmExM2JmYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvW/4zLNBvLq6amT9JaC+goWsKkT0
/S0stLYidVYxmXG7o71hvN4KMG2QIMnCWYms9Hy81jeTs7fOrHWVn7XAZaodW1Z8
krEgRoToyrOm4OHv8Pjwv+zWKweYby6nghpHfcspk/qYN0qvcMpLDeoC7xxsn0dJ
yIMwj+pkog4FTNZy4LLrsf207On6CusFj+a0Vuykr/sTAOqwE6wSwJNf2Mzkudwb
dlryMZUWXhZYiD9M7MJ6GY3IlKjYiJ72NdmPsS11MTeAfVsOJOfYvc98DXLW8xGQ
u95lH7MxvZkag5Zhf/LLwpJB/mMw/QUEsXyb65Ucrb5WwNjHJXcarqyR/wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFBKRugzeGgY4bbWQMNUNV0KhO/tbMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvRXBHNkRONGFCamh0dFpBdzFRMVhRcUU3LTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQAWd8UAwQC
Xn7MAwQCXov4MBgEAgACMBIDBwAqDdbCAAADBwAqDdbHAAMwDQYJKoZIhvcNAQEL
BQADggEBAFxAgRaxnTvr8/tik5UGjDh3rDJ9x0vQjCck4y3/9Ou/LpWQCZsvSDjr
Bzw0o/m17tTOwOdM0TzH+4HlWRA9AIM6XQ6FBEPxHGXH0wKbr/xc/GLokgNQatjI
9LPvuS7kdjIE3JtmP/h1xwi+5FmI7BNS4+vNsXtoABOuH9FldX3pfRvWybyGX/Ki
GPgmrfKLYnbGOe5Afn0Y7qcSvn/NXNcr1iWUUZlTtE3gXgvhwjDxRB7ynkDawQ8G
MC+2DdEfYmKIcbldG6DM3bjOC7XOBquOVJa64Nr7ZRP5jRYGO/hwWNoCF6jEZ9/S
PegFl0nVp3m5lWhOb40id5PGh+Xctyg=
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:32:33 2025 by rpki-client on console.sobornost.net