Route Origin Authorization
$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/bad5af20-8385-44d4-815f-bb83497d4a0e/4f5ebe88-46ac-3a57-8035-953f0f8e7eb4.roa
File: 4f5ebe88-46ac-3a57-8035-953f0f8e7eb4.roa (raw, json)
Hash identifier: iwvuyJWDV4iBxrcaG7+9deaq/Wp8s/LE0olGQKk3N9A=
Subject key identifier: 6E:9B:41:73:C0:49:70:4E:CE:07:E2:B5:07:17:94:AE:C2:5D:68:6F
Certificate issuer: /CN=bad5af20-8385-44d4-815f-bb83497d4a0e
Certificate serial: 010D0C9F432858489075F5C12395F64520A5BD40
Authority key identifier: 11:AA:70:F3:04:50:A3:AC:82:39:73:14:B6:AD:D6:35:D1:DD:39:94
Authority info access: rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/bad5af20-8385-44d4-815f-bb83497d4a0e.cer
Subject info access: rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/bad5af20-8385-44d4-815f-bb83497d4a0e/4f5ebe88-46ac-3a57-8035-953f0f8e7eb4.roa
Signing time: Thu 16 Jan 2025 14:00:50 +0000
ROA not before: Thu 16 Jan 2025 14:00:50 +0000
ROA not after: Wed 16 Apr 2025 13:00:50 +0000
asID: 21777
IP address blocks: 199.45.236.0/22 maxlen: 22
199.127.200.0/22 maxlen: 22
204.144.128.0/22 maxlen: 22
204.144.132.0/23 maxlen: 23
204.144.134.0/24 maxlen: 24
204.144.140.0/23 maxlen: 23
204.144.180.0/22 maxlen: 22
204.144.184.0/24 maxlen: 24
206.168.13.0/24 maxlen: 24
206.168.39.0/24 maxlen: 24
206.168.96.0/24 maxlen: 24
206.168.187.0/24 maxlen: 24
206.168.188.0/24 maxlen: 24
206.168.216.0/22 maxlen: 22
206.168.220.0/24 maxlen: 24
206.168.222.0/23 maxlen: 23
206.168.224.0/21 maxlen: 21
207.174.21.0/24 maxlen: 24
207.174.72.0/23 maxlen: 23
207.174.76.0/24 maxlen: 24
207.174.113.0/24 maxlen: 24
207.174.117.0/24 maxlen: 24
207.174.130.0/24 maxlen: 24
207.174.137.0/24 maxlen: 24
207.174.138.0/23 maxlen: 23
207.174.140.0/22 maxlen: 22
207.174.157.0/24 maxlen: 24
207.174.175.0/24 maxlen: 24
207.174.201.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:0d:0c:9f:43:28:58:48:90:75:f5:c1:23:95:f6:45:20:a5:bd:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bad5af20-8385-44d4-815f-bb83497d4a0e
Validity
Not Before: Jan 16 14:00:50 2025 GMT
Not After : Apr 16 13:00:50 2025 GMT
Subject: CN=d9a230fa-1bcf-4291-9b66-d9cc6aed1660
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:65:eb:f5:73:da:28:93:71:8c:71:0b:64:d3:
09:3c:21:c4:b6:97:f3:9a:cd:58:d6:12:bb:32:66:
02:dc:12:68:a8:f9:4a:2f:d8:dc:db:97:68:6b:14:
97:58:eb:fe:db:d8:e6:0f:d7:83:bf:fe:93:6f:e1:
5e:1a:65:23:31:63:c3:6b:69:83:e6:3a:48:9f:65:
5c:7b:e3:27:21:37:58:c1:b6:cf:44:bc:5c:58:3d:
9b:e7:66:24:c3:13:a7:ca:d5:bb:a8:f9:61:49:26:
db:72:56:e5:f5:90:e1:2d:60:98:48:37:20:a0:b8:
d4:77:38:4b:07:f4:ca:ca:c0:b8:e3:ef:4b:95:31:
ff:2c:4a:eb:92:9e:a1:2e:be:84:50:ae:1a:31:af:
33:9d:31:37:aa:a8:f0:dc:c0:0d:7c:04:12:3c:02:
69:5e:a3:12:23:97:a0:47:72:80:f3:67:5b:eb:8b:
ce:84:b3:ae:31:4e:23:c0:ae:00:ef:2e:b2:0a:06:
42:b1:9c:41:7b:cf:ab:dc:e0:cc:9d:99:90:7a:01:
22:0f:63:5d:ec:13:34:c6:69:f4:c8:89:66:88:08:
23:2e:d2:38:28:34:55:9e:f0:4e:d4:43:82:dd:7b:
a0:c3:6e:2e:0a:09:77:44:7c:70:ad:f2:6c:19:67:
89:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:9B:41:73:C0:49:70:4E:CE:07:E2:B5:07:17:94:AE:C2:5D:68:6F
Subject Information Access:
Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/bad5af20-8385-44d4-815f-bb83497d4a0e/4f5ebe88-46ac-3a57-8035-953f0f8e7eb4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/bad5af20-8385-44d4-815f-bb83497d4a0e/bad5af20-8385-44d4-815f-bb83497d4a0e.crl
X509v3 Authority Key Identifier:
keyid:11:AA:70:F3:04:50:A3:AC:82:39:73:14:B6:AD:D6:35:D1:DD:39:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/bad5af20-8385-44d4-815f-bb83497d4a0e.cer
sbgp-ipAddrBlock: critical
IPv4:
199.45.236.0/22
199.127.200.0/22
204.144.128.0-204.144.134.255
204.144.140.0/23
204.144.180.0-204.144.184.255
206.168.13.0/24
206.168.39.0/24
206.168.96.0/24
206.168.187.0-206.168.188.255
206.168.216.0-206.168.220.255
206.168.222.0-206.168.231.255
207.174.21.0/24
207.174.72.0/23
207.174.76.0/24
207.174.113.0/24
207.174.117.0/24
207.174.130.0/24
207.174.137.0-207.174.143.255
207.174.157.0/24
207.174.175.0/24
207.174.201.0/24
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
CPS: https://www.arin.net/resources/rpki/cps.html
Signature Algorithm: sha256WithRSAEncryption
a0:56:9c:ab:a0:4b:c9:81:aa:ad:2b:02:92:4a:97:26:f2:38:
34:03:4e:ec:77:a0:cf:9d:e7:44:d2:26:95:a3:03:d3:34:57:
ca:65:36:08:76:4a:00:2b:b6:4e:0b:5e:8d:7e:a7:f8:35:94:
83:43:cd:29:d8:77:1e:e8:91:3a:83:93:5f:df:f0:43:6e:e0:
43:ae:22:19:cf:8e:95:6a:a3:30:dc:92:f1:39:16:21:a7:df:
59:1f:02:3c:b3:c8:da:32:db:68:95:4a:67:91:c2:31:e4:ed:
b7:4c:bc:76:82:cd:dd:b8:0e:48:d3:0f:0a:4f:f3:f9:45:ad:
22:64:44:83:c2:03:37:00:c2:98:7a:d3:f9:d0:34:54:18:ec:
66:ac:9c:33:1c:fc:38:a9:2b:b9:13:64:73:21:97:ea:be:c6:
60:84:c2:9d:dd:c6:a1:18:d5:16:f0:62:0b:c5:3a:22:c5:37:
9f:10:b4:d6:3b:71:48:15:a0:a8:8e:6d:1e:34:a3:e7:fc:51:
10:12:46:b7:9b:74:11:6f:85:34:be:93:8f:c9:32:1e:66:c5:
af:d7:47:23:8a:4d:70:f8:9e:1a:a8:10:ef:3c:b9:70:f0:17:
b7:ea:3b:dc:eb:53:7a:d5:f6:bb:67:4b:d4:0a:72:44:20:3b:
48:a7:87:5b
-----BEGIN CERTIFICATE-----
MIIG8DCCBdigAwIBAgIUAQ0Mn0MoWEiQdfXBI5X2RSClvUAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkYmFkNWFmMjAtODM4NS00NGQ0LTgxNWYtYmI4MzQ5N2Q0
YTBlMB4XDTI1MDExNjE0MDA1MFoXDTI1MDQxNjEzMDA1MFowLzEtMCsGA1UEAxMk
ZDlhMjMwZmEtMWJjZi00MjkxLTliNjYtZDljYzZhZWQxNjYwMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02Xr9XPaKJNxjHELZNMJPCHEtpfzms1Y1hK7
MmYC3BJoqPlKL9jc25doaxSXWOv+29jmD9eDv/6Tb+FeGmUjMWPDa2mD5jpIn2Vc
e+MnITdYwbbPRLxcWD2b52YkwxOnytW7qPlhSSbbclbl9ZDhLWCYSDcgoLjUdzhL
B/TKysC44+9LlTH/LErrkp6hLr6EUK4aMa8znTE3qqjw3MANfAQSPAJpXqMSI5eg
R3KA82db64vOhLOuMU4jwK4A7y6yCgZCsZxBe8+r3ODMnZmQegEiD2Nd7BM0xmn0
yIlmiAgjLtI4KDRVnvBO1EOC3Xugw24uCgl3RHxwrfJsGWeJMwIDAQABo4IEAjCC
A/4wHQYDVR0OBBYEFG6bQXPASXBOzgfitQcXlK7CXWhvMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9iYWQ1
YWYyMC04Mzg1LTQ0ZDQtODE1Zi1iYjgzNDk3ZDRhMGUvNGY1ZWJlODgtNDZhYy0z
YTU3LTgwMzUtOTUzZjBmOGU3ZWI0LnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8wMzU3MjcyYy1h
NzlhLTQ1YmYtOTU4Ni05MmRkNDllZjMyMjMvYmFkNWFmMjAtODM4NS00NGQ0LTgx
NWYtYmI4MzQ5N2Q0YTBlL2JhZDVhZjIwLTgzODUtNDRkNC04MTVmLWJiODM0OTdk
NGEwZS5jcmwwHwYDVR0jBBgwFoAUEapw8wRQo6yCOXMUtq3WNdHdOZQwDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzAzNTcyNzJjLWE3OWEtNDVi
Zi05NTg2LTkyZGQ0OWVmMzIyMy9iYWQ1YWYyMC04Mzg1LTQ0ZDQtODE1Zi1iYjgz
NDk3ZDRhMGUuY2VyMIHLBggrBgEFBQcBBwEB/wSBuzCBuDCBtQQCAAEwga4DBALH
LewDBALHf8gwDAMEB8yQgAMEAMyQhgMEAcyQjDAMAwQCzJC0AwQAzJC4AwQAzqgN
AwQAzqgnAwQAzqhgMAwDBADOqLsDBADOqLwwDAMEA86o2AMEAM6o3DAMAwQBzqje
AwQDzqjgAwQAz64VAwQBz65IAwQAz65MAwQAz65xAwQAz651AwQAz66CMAwDBADP
rokDBATProADBADPrp0DBADPrq8DBADPrskwVAYDVR0gAQH/BEowSDBGBggrBgEF
BQcOAjA6MDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5hcmluLm5ldC9yZXNvdXJj
ZXMvcnBraS9jcHMuaHRtbDANBgkqhkiG9w0BAQsFAAOCAQEAoFacq6BLyYGqrSsC
kkqXJvI4NANO7Hegz53nRNImlaMD0zRXymU2CHZKACu2TgtejX6n+DWUg0PNKdh3
HuiROoOTX9/wQ27gQ64iGc+OlWqjMNyS8TkWIaffWR8CPLPI2jLbaJVKZ5HCMeTt
t0y8doLN3bgOSNMPCk/z+UWtImREg8IDNwDCmHrT+dA0VBjsZqycMxz8OKkruRNk
cyGX6r7GYITCnd3GoRjVFvBiC8U6IsU3nxC01jtxSBWgqI5tHjSj5/xREBJGt5t0
EW+FNL6Tj8kyHmbFr9dHI4pNcPieGqgQ7zy5cPAXt+o73OtTetX2u2dL1ApyRCA7
SKeHWw==
-----END CERTIFICATE-----
Generated at Wed Apr 30 02:55:29 2025 by rpki-client