Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/XQZu4ETMmCnCkmez0HupXNwGy3k.roa
File: XQZu4ETMmCnCkmez0HupXNwGy3k.roa (raw, json)
Hash identifier: arbX7odq6r/kP1ih6luloD3g76MbAzWwNTpN/MlFFyM=
Subject key identifier: 5D:06:6E:E0:44:CC:98:29:C2:92:67:B3:D0:7B:A9:5C:DC:06:CB:79
Certificate issuer: /CN=61b534437503668815add93cd17d0ad3e1b1a877
Certificate serial: 0193CEC207E3FAFB864F16BD8E37444AC09F
Authority key identifier: 61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/XQZu4ETMmCnCkmez0HupXNwGy3k.roa
Signing time: Mon 16 Dec 2024 09:17:22 +0000
ROA not before: Mon 16 Dec 2024 09:17:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20507
IP address blocks: 85.223.101.0/24 maxlen: 24
85.223.126.0/24 maxlen: 24
217.149.192.0/19 maxlen: 24
217.149.192.0/24 maxlen: 24
217.149.201.0/24 maxlen: 24
217.149.202.0/24 maxlen: 24
217.149.203.0/24 maxlen: 24
217.149.217.0/24 maxlen: 24
217.149.218.0/24 maxlen: 24
217.149.219.0/24 maxlen: 24
2a01:3a8::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:ce:c2:07:e3:fa:fb:86:4f:16:bd:8e:37:44:4a:c0:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61b534437503668815add93cd17d0ad3e1b1a877
Validity
Not Before: Dec 16 09:17:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5d066ee044cc9829c29267b3d07ba95cdc06cb79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:90:fd:03:73:4c:d8:75:40:72:80:5f:48:48:
b1:10:da:f7:c0:4c:e4:94:f8:cb:57:c9:62:80:1b:
23:8e:dd:0d:e5:fb:de:db:66:a9:af:54:09:d7:db:
7a:a7:a1:20:7f:34:fb:cd:a8:50:b0:34:30:2c:5e:
f0:69:4c:9f:6a:00:e5:d6:ec:47:47:6c:87:69:ef:
d3:f0:76:9f:c8:60:b2:40:29:87:ba:89:37:26:32:
9f:e0:c7:dc:f6:aa:fc:82:9f:66:83:5d:48:85:c1:
e3:33:a0:b7:4e:94:8e:75:77:3c:e9:fd:02:db:15:
9a:95:04:3f:3f:79:56:71:a3:4a:1c:ac:f3:05:53:
aa:6c:5f:63:7e:26:3c:6c:22:9d:e7:86:17:0e:2b:
a5:a5:73:67:5b:56:93:89:18:e1:51:25:16:4f:1e:
9d:e3:66:8f:f6:73:54:22:83:ad:44:dc:a8:c9:7c:
be:8b:7b:6b:82:80:0d:90:88:04:58:62:63:49:75:
f5:4e:72:47:c6:11:c7:9a:47:f9:48:20:9c:47:69:
1b:56:9d:bf:f0:6b:c9:62:95:82:86:28:68:b5:54:
01:82:31:c2:7d:59:da:f2:6b:5a:2f:cd:0a:c8:66:
66:18:61:ad:0b:dc:11:ba:ec:97:2f:dd:c3:8f:48:
4a:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:06:6E:E0:44:CC:98:29:C2:92:67:B3:D0:7B:A9:5C:DC:06:CB:79
X509v3 Authority Key Identifier:
keyid:61:B5:34:43:75:03:66:88:15:AD:D9:3C:D1:7D:0A:D3:E1:B1:A8:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbU0Q3UDZogVrdk80X0K0-GxqHc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/XQZu4ETMmCnCkmez0HupXNwGy3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/c1acd6-230a-4e36-a58f-f555e2e68a10/1/YbU0Q3UDZogVrdk80X0K0-GxqHc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.223.101.0/24
85.223.126.0/24
217.149.192.0/19
IPv6:
2a01:3a8::/32
Signature Algorithm: sha256WithRSAEncryption
53:47:c8:81:05:dd:20:2a:80:2c:75:15:56:15:a2:8f:e1:10:
ef:fe:c5:6e:09:5e:eb:8f:d7:66:1e:63:69:f1:f1:7d:c1:41:
8b:ed:8f:4d:fd:e5:51:f4:31:b1:de:f4:9f:d1:ae:ff:4a:c4:
25:86:70:46:c3:17:9c:4e:e3:37:ca:1e:99:2c:da:5b:b7:81:
00:74:31:31:b5:98:92:bf:c8:5c:f1:11:2e:a6:d6:a5:52:91:
de:9b:50:7f:b9:fc:06:a8:4c:e2:2e:0a:47:28:6e:9d:45:40:
60:48:64:20:07:58:f6:46:c8:fc:d5:2b:1e:08:b7:e5:8e:87:
61:07:87:c4:bb:e1:a2:c4:da:16:00:6e:af:77:f9:6a:4e:03:
68:b2:cb:77:c0:16:fc:51:96:3e:98:fe:d9:56:e9:c1:f6:2f:
ce:40:ba:02:b3:90:78:f5:70:12:77:60:1b:b7:2e:a9:8e:23:
f5:61:aa:30:74:93:89:f0:32:e4:9c:b6:12:2e:e2:0b:30:85:
f6:19:65:d2:60:2e:89:76:9f:f4:5d:d9:20:20:ac:14:a0:1c:
26:ba:f7:e1:88:b9:3e:8c:b3:a7:8d:52:66:15:32:8e:94:a9:
af:a7:3d:18:b4:27:fd:a6:39:8f:6b:86:38:c0:df:11:c5:d5:
7a:88:79:e5
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZPOwgfj+vuGTxa9jjdESsCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjUzNDQzNzUwMzY2ODgxNWFkZDkzY2QxN2QwYWQzZTFi
MWE4NzcwHhcNMjQxMjE2MDkxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA2NmVlMDQ0Y2M5ODI5YzI5MjY3YjNkMDdiYTk1Y2RjMDZjYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5D9A3NM2HVAcoBfSEixENr3wEzk
lPjLV8ligBsjjt0N5fve22apr1QJ19t6p6EgfzT7zahQsDQwLF7waUyfagDl1uxH
R2yHae/T8HafyGCyQCmHuok3JjKf4Mfc9qr8gp9mg11IhcHjM6C3TpSOdXc86f0C
2xWalQQ/P3lWcaNKHKzzBVOqbF9jfiY8bCKd54YXDiulpXNnW1aTiRjhUSUWTx6d
42aP9nNUIoOtRNyoyXy+i3trgoANkIgEWGJjSXX1TnJHxhHHmkf5SCCcR2kbVp2/
8GvJYpWChihotVQBgjHCfVna8mtaL80KyGZmGGGtC9wRuuyXL93Dj0hKvQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFF0GbuBEzJgpwpJns9B7qVzcBst5MB8GA1UdIwQY
MBaAFGG1NEN1A2aIFa3ZPNF9CtPhsah3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYt
ZjU1NWUyZTY4YTEwLzEvWFFadTRFVE1tQ25Da21lejBIdXBYTndHeTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9jMWFjZDYtMjMwYS00ZTM2LWE1OGYtZjU1NWUyZTY4YTEw
LzEvWWJVMFEzVURab2dWcmRrODBYMEswLUd4cUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAVd9lAwQA
Vd9+AwQF2ZXAMA0EAgACMAcDBQAqAQOoMA0GCSqGSIb3DQEBCwUAA4IBAQBTR8iB
Bd0gKoAsdRVWFaKP4RDv/sVuCV7rj9dmHmNp8fF9wUGL7Y9N/eVR9DGx3vSf0a7/
SsQlhnBGwxecTuM3yh6ZLNpbt4EAdDExtZiSv8hc8REuptalUpHem1B/ufwGqEzi
LgpHKG6dRUBgSGQgB1j2Rsj81SseCLfljodhB4fEu+GixNoWAG6vd/lqTgNosst3
wBb8UZY+mP7ZVunB9i/OQLoCs5B49XASd2Abty6pjiP1YaowdJOJ8DLknLYSLuIL
MIX2GWXSYC6Jdp/0XdkgIKwUoBwmuvfhiLk+jLOnjVJmFTKOlKmvpz0YtCf9pjmP
a4Y4wN8RxdV6iHnl
-----END CERTIFICATE-----
Generated at Wed Dec 25 21:30:38 2024 by rpki-client on console.sobornost.net