Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/OndO3h2ydbwTdWvl-xXwsDgizqE.roa
File: OndO3h2ydbwTdWvl-xXwsDgizqE.roa (raw, json)
Hash identifier: 2/m0a0inUGxDvrj3Axkb6uQGeWihI9Ig/sKb2HEcL+0=
Subject key identifier: 3A:77:4E:DE:1D:B2:75:BC:13:75:6B:E5:FB:15:F0:B0:38:22:CE:A1
Certificate issuer: /CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Certificate serial: 0195B32A9F4E627F935D23EEBC717511045C
Authority key identifier: 3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/OndO3h2ydbwTdWvl-xXwsDgizqE.roa
Signing time: Thu 20 Mar 2025 10:47:49 +0000
ROA not before: Thu 20 Mar 2025 10:47:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 86.109.88.0/23 maxlen: 24
86.109.90.0/23 maxlen: 24
Validation: Failed, unable to get certificate CRL
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b3:2a:9f:4e:62:7f:93:5d:23:ee:bc:71:75:11:04:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d7b9dffaae33ec2cf19b5ad4e49c1e9eb1d9d64
Validity
Not Before: Mar 20 10:47:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3a774ede1db275bc13756be5fb15f0b03822cea1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:7b:cf:dc:19:c8:2d:bd:19:5e:8c:39:8d:c8:
65:92:50:e7:10:26:c3:82:e9:85:7c:9b:91:e5:9c:
9e:fa:15:78:f5:d6:a1:41:bc:0d:ce:f1:bb:7c:26:
c6:63:54:2f:4d:b4:92:13:91:fd:49:02:d5:91:bf:
45:96:14:fc:69:ca:79:65:27:a3:73:90:e7:4f:23:
93:19:5b:8c:0e:c9:64:b1:7e:b3:10:07:80:22:1f:
22:0a:58:5c:17:7f:8e:f1:52:d7:f3:62:bd:75:9e:
48:7a:75:3b:d0:76:4b:2c:46:f2:be:c8:f1:a6:79:
f6:35:ec:ff:30:29:1e:64:a0:9a:e6:4b:41:f9:d8:
53:7c:c8:94:c4:68:0f:43:5a:90:b0:b9:bc:42:3e:
b0:0b:0f:4a:2b:27:88:d6:14:9b:30:05:65:f6:3c:
27:7f:28:34:fc:7f:a6:9d:c8:b9:4e:19:54:9b:36:
34:cb:c8:d2:48:ad:69:c9:6b:c9:04:bb:09:db:0b:
b8:41:5a:fa:a9:3d:93:d0:95:e9:ad:b6:ea:8d:a7:
ec:1d:1c:17:ae:7b:40:1b:85:41:dc:0a:e1:39:10:
6a:1c:fe:05:55:5a:2f:fe:e0:8d:b8:ef:8c:a6:bd:
9e:2c:ba:ed:38:64:e9:00:62:67:79:94:cd:47:33:
0c:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:77:4E:DE:1D:B2:75:BC:13:75:6B:E5:FB:15:F0:B0:38:22:CE:A1
X509v3 Authority Key Identifier:
keyid:3D:7B:9D:FF:AA:E3:3E:C2:CF:19:B5:AD:4E:49:C1:E9:EB:1D:9D:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PXud_6rjPsLPGbWtTknB6esdnWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/OndO3h2ydbwTdWvl-xXwsDgizqE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/49195b-2909-46e0-abce-422523c4e68b/1/PXud_6rjPsLPGbWtTknB6esdnWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.109.88.0/22
Signature Algorithm: sha256WithRSAEncryption
a4:66:1e:5c:51:05:9c:40:54:8c:0c:07:55:94:c9:3c:ea:aa:
b5:7e:8c:1c:3c:18:c2:dd:3b:c8:f4:be:2d:35:1e:0e:d3:6b:
9d:fd:29:fe:51:37:a9:3c:69:ee:70:6e:97:81:6c:35:6b:d0:
e4:a6:ca:0d:01:df:51:52:1d:a8:11:7f:28:65:81:03:b6:75:
3e:ba:07:8b:32:bf:77:70:f3:20:5c:fd:68:dd:f0:b9:75:1e:
77:77:07:a2:01:8e:4e:45:d0:ea:6b:b5:e3:92:dd:a7:a7:fa:
8e:2f:14:da:24:a2:05:29:38:da:ed:09:60:3b:70:e7:2a:34:
8c:01:ec:b0:43:38:cf:da:cf:b7:89:7b:63:26:5a:3d:0a:28:
0a:ce:76:7d:bb:a0:74:d3:e8:c8:13:1c:70:ee:01:b8:21:1d:
ca:db:2d:ea:e1:60:32:79:26:cb:a7:5b:42:a1:af:a2:f8:32:
49:b1:bf:9a:93:53:1b:ad:51:04:a2:03:10:d6:08:90:4c:15:
4f:64:15:24:58:18:2b:3c:8f:16:f3:4d:64:d6:19:dd:99:13:
55:e7:94:1b:e6:97:68:0a:c3:67:a0:ed:a7:a1:ec:5f:77:49:
c1:fc:be:e5:23:aa:71:6a:42:72:32:15:39:2f:1e:03:80:79:
17:26:59:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWzKp9OYn+TXSPuvHF1EQRcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkN2I5ZGZmYWFlMzNlYzJjZjE5YjVhZDRlNDljMWU5ZWIx
ZDlkNjQwHhcNMjUwMzIwMTA0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc3NGVkZTFkYjI3NWJjMTM3NTZiZTVmYjE1ZjBiMDM4MjJjZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXvP3BnILb0ZXow5jchlklDnECbD
gumFfJuR5Zye+hV49dahQbwNzvG7fCbGY1QvTbSSE5H9SQLVkb9FlhT8acp5ZSej
c5DnTyOTGVuMDslksX6zEAeAIh8iClhcF3+O8VLX82K9dZ5IenU70HZLLEbyvsjx
pnn2Nez/MCkeZKCa5ktB+dhTfMiUxGgPQ1qQsLm8Qj6wCw9KKyeI1hSbMAVl9jwn
fyg0/H+mnci5ThlUmzY0y8jSSK1pyWvJBLsJ2wu4QVr6qT2T0JXprbbqjafsHRwX
rntAG4VB3ArhORBqHP4FVVov/uCNuO+Mpr2eLLrtOGTpAGJneZTNRzMMlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp3Tt4dsnW8E3Vr5fsV8LA4Is6hMB8GA1UdIwQY
MBaAFD17nf+q4z7Czxm1rU5JwenrHZ1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2Ut
NDIyNTIzYzRlNjhiLzEvT25kTzNoMnlkYndUZFd2bC14WHdzRGdpenFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80OTE5NWItMjkwOS00NmUwLWFiY2UtNDIyNTIzYzRlNjhi
LzEvUFh1ZF82cmpQc0xQR2JXdFRrbkI2ZXNkbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVm1YMA0G
CSqGSIb3DQEBCwUAA4IBAQCkZh5cUQWcQFSMDAdVlMk86qq1fowcPBjC3TvI9L4t
NR4O02ud/Sn+UTepPGnucG6XgWw1a9DkpsoNAd9RUh2oEX8oZYEDtnU+ugeLMr93
cPMgXP1o3fC5dR53dweiAY5ORdDqa7Xjkt2np/qOLxTaJKIFKTja7QlgO3DnKjSM
AeywQzjP2s+3iXtjJlo9CigKznZ9u6B00+jIExxw7gG4IR3K2y3q4WAyeSbLp1tC
oa+i+DJJsb+ak1MbrVEEogMQ1giQTBVPZBUkWBgrPI8W801k1hndmRNV55Qb5pdo
CsNnoO2noexfd0nB/L7lI6pxakJyMhU5Lx4DgHkXJlnG
-----END CERTIFICATE-----
Generated at Tue Mar 25 14:46:07 2025 by rpki-client on console.sobornost.net