Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/d019bb-8768-4478-a39a-b94f7654a8c7/1/C7dFCsL3UWj9NaRxFxFI9R5TOqM.roa
File: C7dFCsL3UWj9NaRxFxFI9R5TOqM.roa (raw, json)
Hash identifier: Psl0ugXO/4dPCMY+qr6qQq4UDfP4k4DNbAY3We06OnQ=
Subject key identifier: 0B:B7:45:0A:C2:F7:51:68:FD:35:A4:71:17:11:48:F5:1E:53:3A:A3
Certificate issuer: /CN=e0b9c65dc95053e437e32c99acf3bdc5e95cb1ee
Certificate serial: 01868B101FB0B91A7C8D0A576FFFA1555A0E
Authority key identifier: E0:B9:C6:5D:C9:50:53:E4:37:E3:2C:99:AC:F3:BD:C5:E9:5C:B1:EE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4LnGXclQU-Q34yyZrPO9xelcse4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/d019bb-8768-4478-a39a-b94f7654a8c7/1/C7dFCsL3UWj9NaRxFxFI9R5TOqM.roa
Signing time: Sun 26 Feb 2023 00:12:14 +0000
ROA not before: Sun 26 Feb 2023 00:12:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44489
IP address blocks: 109.164.0.0/17 maxlen: 25
109.164.121.0/24 maxlen: 25
185.131.60.0/22 maxlen: 24
2a03:3a01::/32 maxlen: 56
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:8b:10:1f:b0:b9:1a:7c:8d:0a:57:6f:ff:a1:55:5a:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0b9c65dc95053e437e32c99acf3bdc5e95cb1ee
Validity
Not Before: Feb 26 00:12:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0bb7450ac2f75168fd35a471171148f51e533aa3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:89:82:e7:bb:05:02:e3:92:26:26:57:ea:d8:
57:09:66:f6:95:bc:08:d2:2d:f0:8e:7f:0d:89:d1:
a9:34:0a:cd:f6:7c:d6:4c:6c:e2:7d:eb:6e:7c:8b:
5e:ea:ba:bc:1e:7c:c9:d7:93:0f:36:13:40:12:70:
77:fa:c3:f8:d9:df:f9:5a:1e:6d:85:13:19:5d:72:
b5:32:a7:9f:e5:7a:33:5c:e3:0e:01:e6:eb:24:db:
ad:72:0d:41:54:eb:be:b0:d3:de:b0:90:f3:05:ba:
98:75:ec:a0:14:66:55:2c:b5:c1:3d:b7:e5:cc:08:
f9:0b:d6:d6:6e:f1:9e:67:b6:4d:2f:2e:c4:8a:9f:
7f:05:75:af:c3:26:31:d1:58:ba:a7:d5:81:b0:6b:
37:2a:c1:bd:32:a5:db:29:79:7a:a1:2a:59:41:04:
e1:0e:e7:5d:8a:e2:14:0c:b8:df:a3:9a:d5:3a:fb:
ae:cd:e4:18:a3:ce:3b:3c:59:b2:bb:55:18:75:b3:
05:90:19:b6:08:72:7d:1d:93:bd:ac:fe:e1:1f:a1:
01:c2:11:2f:c8:1b:f8:95:2e:f2:43:23:f3:09:05:
76:2d:de:13:a1:15:80:bd:06:2e:66:23:cd:00:79:
95:b8:5d:11:c1:64:d9:13:70:d5:77:73:9d:03:a7:
3d:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:B7:45:0A:C2:F7:51:68:FD:35:A4:71:17:11:48:F5:1E:53:3A:A3
X509v3 Authority Key Identifier:
keyid:E0:B9:C6:5D:C9:50:53:E4:37:E3:2C:99:AC:F3:BD:C5:E9:5C:B1:EE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4LnGXclQU-Q34yyZrPO9xelcse4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/d019bb-8768-4478-a39a-b94f7654a8c7/1/C7dFCsL3UWj9NaRxFxFI9R5TOqM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/d019bb-8768-4478-a39a-b94f7654a8c7/1/4LnGXclQU-Q34yyZrPO9xelcse4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.164.0.0/17
185.131.60.0/22
IPv6:
2a03:3a01::/32
Signature Algorithm: sha256WithRSAEncryption
15:43:ff:19:13:ea:7a:97:07:14:7d:d8:87:c0:f2:cd:d3:59:
cf:d4:49:9f:5e:ad:97:70:f7:a1:ed:ee:a8:3a:a1:e7:5e:ea:
28:3b:3c:af:c5:b6:ab:a1:5b:cf:e5:36:92:2b:51:f7:c0:16:
47:d2:df:34:a3:cf:8e:75:c0:9c:1e:ce:af:40:2a:ee:04:b7:
60:92:3a:df:97:51:1f:92:97:d4:18:0b:05:d3:bd:ee:04:a8:
e6:c7:a7:b0:1b:e8:93:dd:9d:97:5a:55:32:42:6f:eb:0b:c1:
62:16:c6:61:21:42:81:c2:b1:82:59:54:71:fb:d1:68:c7:23:
74:64:92:e9:fc:41:aa:79:63:10:f5:20:72:3b:68:90:8f:cc:
ef:17:75:19:3f:15:3c:96:36:b0:61:69:4a:7b:72:c9:13:e7:
5c:a0:82:9c:35:fe:32:33:44:3a:48:e9:0f:d9:ab:5b:12:7d:
11:47:7d:29:ca:b6:51:52:34:24:b6:5c:f5:4a:e2:3a:d5:0e:
60:ec:13:a7:05:86:b2:a2:bb:0e:cb:10:c1:bc:58:c8:59:08:
e1:a3:da:65:72:d9:dd:67:3d:81:ef:a0:9a:b8:67:21:1c:3c:
da:ef:2d:df:dd:90:4f:25:9b:3c:cd:92:e0:c7:d0:7c:32:97:
00:93:83:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYaLEB+wuRp8jQpXb/+hVVoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYjljNjVkYzk1MDUzZTQzN2UzMmM5OWFjZjNiZGM1ZTk1
Y2IxZWUwHhcNMjMwMjI2MDAxMjE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmI3NDUwYWMyZjc1MTY4ZmQzNWE0NzExNzExNDhmNTFlNTMzYWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYmC57sFAuOSJiZX6thXCWb2lbwI
0i3wjn8NidGpNArN9nzWTGzifetufIte6rq8HnzJ15MPNhNAEnB3+sP42d/5Wh5t
hRMZXXK1Mqef5XozXOMOAebrJNutcg1BVOu+sNPesJDzBbqYdeygFGZVLLXBPbfl
zAj5C9bWbvGeZ7ZNLy7Eip9/BXWvwyYx0Vi6p9WBsGs3KsG9MqXbKXl6oSpZQQTh
DuddiuIUDLjfo5rVOvuuzeQYo847PFmyu1UYdbMFkBm2CHJ9HZO9rP7hH6EBwhEv
yBv4lS7yQyPzCQV2Ld4ToRWAvQYuZiPNAHmVuF0RwWTZE3DVd3OdA6c9xQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAu3RQrC91Fo/TWkcRcRSPUeUzqjMB8GA1UdIwQY
MBaAFOC5xl3JUFPkN+MsmazzvcXpXLHuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNExuR1hjbFFVLVEzNHl5WnJQTzl4ZWxjc2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9kMDE5YmItODc2OC00NDc4LWEzOWEt
Yjk0Zjc2NTRhOGM3LzEvQzdkRkNzTDNVV2o5TmFSeEZ4Rkk5UjVUT3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9kMDE5YmItODc2OC00NDc4LWEzOWEtYjk0Zjc2NTRhOGM3
LzEvNExuR1hjbFFVLVEzNHl5WnJQTzl4ZWxjc2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHbaQAAwQC
uYM8MA0EAgACMAcDBQAqAzoBMA0GCSqGSIb3DQEBCwUAA4IBAQAVQ/8ZE+p6lwcU
fdiHwPLN01nP1EmfXq2XcPeh7e6oOqHnXuooOzyvxbaroVvP5TaSK1H3wBZH0t80
o8+OdcCcHs6vQCruBLdgkjrfl1EfkpfUGAsF073uBKjmx6ewG+iT3Z2XWlUyQm/r
C8FiFsZhIUKBwrGCWVRx+9FoxyN0ZJLp/EGqeWMQ9SByO2iQj8zvF3UZPxU8ljaw
YWlKe3LJE+dcoIKcNf4yM0Q6SOkP2atbEn0RR30pyrZRUjQktlz1SuI61Q5g7BOn
BYayorsOyxDBvFjIWQjho9plctndZz2B76CauGchHDza7y3f3ZBPJZs8zZLgx9B8
MpcAk4Pk
-----END CERTIFICATE-----
Generated at Sun May 11 07:38:34 2025 by rpki-client