Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/UkP4jKKKyGHBawn8RPGOoI0g86k.roa
File: UkP4jKKKyGHBawn8RPGOoI0g86k.roa (raw, json)
Hash identifier: t1NCQU9kIDrxSOL+gI05c500j4/UZOaC1oFaRb7Gluw=
Subject key identifier: 52:43:F8:8C:A2:8A:C8:61:C1:6B:09:FC:44:F1:8E:A0:8D:20:F3:A9
Certificate issuer: /CN=06b7edef61858723c4adebe3ee5a89f70058d5fe
Certificate serial: 019588F3BDB055018840E691587F451A8543
Authority key identifier: 06:B7:ED:EF:61:85:87:23:C4:AD:EB:E3:EE:5A:89:F7:00:58:D5:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Brft72GFhyPErevj7lqJ9wBY1f4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/UkP4jKKKyGHBawn8RPGOoI0g86k.roa
Signing time: Wed 12 Mar 2025 06:03:49 +0000
ROA not before: Wed 12 Mar 2025 06:03:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 15965
IP address blocks: 80.64.144.0/20 maxlen: 20
193.91.32.0/20 maxlen: 20
194.48.193.0/24 maxlen: 24
194.48.252.0/23 maxlen: 24
195.43.96.0/19 maxlen: 19
217.31.64.0/20 maxlen: 24
2a02:3a8::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:88:f3:bd:b0:55:01:88:40:e6:91:58:7f:45:1a:85:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=06b7edef61858723c4adebe3ee5a89f70058d5fe
Validity
Not Before: Mar 12 06:03:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5243f88ca28ac861c16b09fc44f18ea08d20f3a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:59:c9:e3:d7:5e:60:21:29:a9:13:f7:1c:75:
23:e0:91:11:f0:51:de:95:c9:8d:86:c8:4b:08:11:
2c:c4:dd:88:d3:35:f8:7f:5b:cd:31:46:ae:63:cb:
0c:0b:89:b4:25:f6:22:e7:3e:33:e5:8f:c3:6d:fc:
6a:67:af:7e:fa:56:4b:e3:d0:74:1c:2a:13:f6:00:
f2:53:ee:eb:a4:19:bf:61:f6:e4:46:04:e6:6c:3c:
bd:1c:28:a7:0c:25:36:b2:b1:ce:e2:27:37:80:65:
02:26:18:f3:c0:20:5e:7c:c3:a8:da:d5:05:bf:11:
78:fd:10:39:d8:8e:dc:fa:99:3f:25:80:79:0e:55:
08:63:7c:0f:e0:fd:a3:2a:11:57:92:4f:7f:80:e3:
95:70:2e:50:ca:fb:5c:25:3b:8e:5c:77:e0:4f:2b:
c1:7e:4d:46:a9:30:b0:ab:3c:62:22:12:64:19:6f:
f8:fd:87:31:3d:59:ef:0d:9d:ab:3f:2e:90:c3:3b:
e4:51:b8:41:0e:25:00:09:0e:b5:ce:71:33:1a:7c:
12:26:ce:36:fa:b3:7b:a5:14:5d:0b:58:0a:34:b7:
ec:b5:45:f5:b2:28:a6:0e:fa:8f:fa:5d:7b:81:3e:
9f:8b:15:e3:f6:83:16:0c:1b:b9:22:b2:4a:29:5d:
58:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:43:F8:8C:A2:8A:C8:61:C1:6B:09:FC:44:F1:8E:A0:8D:20:F3:A9
X509v3 Authority Key Identifier:
keyid:06:B7:ED:EF:61:85:87:23:C4:AD:EB:E3:EE:5A:89:F7:00:58:D5:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Brft72GFhyPErevj7lqJ9wBY1f4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/UkP4jKKKyGHBawn8RPGOoI0g86k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/010ca1-5b30-4baf-831e-89551e8cce12/1/Brft72GFhyPErevj7lqJ9wBY1f4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.64.144.0/20
193.91.32.0/20
194.48.193.0/24
194.48.252.0/23
195.43.96.0/19
217.31.64.0/20
IPv6:
2a02:3a8::/32
Signature Algorithm: sha256WithRSAEncryption
78:04:a8:be:8d:8e:c2:c2:1a:af:7d:0e:34:36:14:af:60:5f:
f3:5d:72:40:16:33:40:21:89:35:40:b1:23:1c:32:82:af:be:
db:89:95:e6:06:96:35:e9:8d:aa:0a:83:aa:05:68:a3:d5:aa:
ff:1b:fb:bf:11:07:cf:9b:99:d6:dc:91:79:13:44:ed:d9:82:
27:34:24:94:0b:4d:9e:59:f2:26:e0:1c:dd:a4:81:46:c7:35:
a4:d3:54:f3:4c:c9:6e:c3:da:1a:7c:cc:df:ab:74:78:f1:9a:
de:05:69:d1:38:8c:02:80:98:64:3d:b5:c9:7d:ee:06:be:b1:
31:9c:45:5e:67:97:17:cc:a3:f6:14:8e:f9:ab:ae:23:df:9b:
bb:8a:c2:cf:53:2b:dd:fc:25:f3:04:80:e8:17:d6:32:81:fb:
ac:60:c6:10:72:0a:41:26:62:58:e4:f3:b1:3e:10:44:22:b0:
a1:f3:ca:5c:9d:01:82:c5:6d:94:fd:1c:04:5c:a5:8a:ca:1c:
6a:19:23:b7:5a:c9:3e:19:bb:5a:9a:fa:9d:44:fe:f3:2e:76:
a4:ee:79:8b:cb:ac:60:f8:25:05:30:55:62:f7:b8:44:e2:4f:
14:3f:1f:b0:f5:44:5b:a7:f5:2b:b3:64:53:f9:69:dd:69:08:
d5:5e:29:35
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZWI872wVQGIQOaRWH9FGoVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YjdlZGVmNjE4NTg3MjNjNGFkZWJlM2VlNWE4OWY3MDA1
OGQ1ZmUwHhcNMjUwMzEyMDYwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQzZjg4Y2EyOGFjODYxYzE2YjA5ZmM0NGYxOGVhMDhkMjBmM2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFnJ49deYCEpqRP3HHUj4JER8FHe
lcmNhshLCBEsxN2I0zX4f1vNMUauY8sMC4m0JfYi5z4z5Y/DbfxqZ69++lZL49B0
HCoT9gDyU+7rpBm/YfbkRgTmbDy9HCinDCU2srHO4ic3gGUCJhjzwCBefMOo2tUF
vxF4/RA52I7c+pk/JYB5DlUIY3wP4P2jKhFXkk9/gOOVcC5QyvtcJTuOXHfgTyvB
fk1GqTCwqzxiIhJkGW/4/YcxPVnvDZ2rPy6QwzvkUbhBDiUACQ61znEzGnwSJs42
+rN7pRRdC1gKNLfstUX1siimDvqP+l17gT6fixXj9oMWDBu5IrJKKV1YIQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFFJD+IyiishhwWsJ/ETxjqCNIPOpMB8GA1UdIwQY
MBaAFAa37e9hhYcjxK3r4+5aifcAWNX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnJmdDcyR0ZoeVBFcmV2ajdscUo5d0JZMWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wMTBjYTEtNWIzMC00YmFmLTgzMWUt
ODk1NTFlOGNjZTEyLzEvVWtQNGpLS0t5R0hCYXduOFJQR09vSTBnODZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wMTBjYTEtNWIzMC00YmFmLTgzMWUtODk1NTFlOGNjZTEy
LzEvQnJmdDcyR0ZoeVBFcmV2ajdscUo5d0JZMWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEUECQAwQE
wVsgAwQAwjDBAwQBwjD8AwQFwytgAwQE2R9AMA0EAgACMAcDBQAqAgOoMA0GCSqG
SIb3DQEBCwUAA4IBAQB4BKi+jY7CwhqvfQ40NhSvYF/zXXJAFjNAIYk1QLEjHDKC
r77biZXmBpY16Y2qCoOqBWij1ar/G/u/EQfPm5nW3JF5E0Tt2YInNCSUC02eWfIm
4BzdpIFGxzWk01TzTMluw9oafMzfq3R48ZreBWnROIwCgJhkPbXJfe4GvrExnEVe
Z5cXzKP2FI75q64j35u7isLPUyvd/CXzBIDoF9YygfusYMYQcgpBJmJY5POxPhBE
IrCh88pcnQGCxW2U/RwEXKWKyhxqGSO3Wsk+GbtamvqdRP7zLnak7nmLy6xg+CUF
MFVi97hE4k8UPx+w9URbp/Urs2RT+WndaQjVXik1
-----END CERTIFICATE-----
Generated at Mon Apr 14 20:32:43 2025 by rpki-client on console.sobornost.net