Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FTm8YfwznHQCXiJ_TWt56uBPXJk.roa
File: FTm8YfwznHQCXiJ_TWt56uBPXJk.roa (raw, json)
Hash identifier: NmRTne5dxPzYp/cNOMggSHjckzSuUNxvmNmKKZLOXV4=
Subject key identifier: 15:39:BC:61:FC:33:9C:74:02:5E:22:7F:4D:6B:79:EA:E0:4F:5C:99
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01942824FD3A143C1787D124C9742F13E3EB
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FTm8YfwznHQCXiJ_TWt56uBPXJk.roa
Signing time: Thu 02 Jan 2025 17:51:40 +0000
ROA not before: Thu 02 Jan 2025 17:51:40 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202656
IP address blocks: 193.124.7.0/24 maxlen: 24
194.87.52.0/24 maxlen: 24
195.133.37.0/24 maxlen: 24
212.193.11.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:24:fd:3a:14:3c:17:87:d1:24:c9:74:2f:13:e3:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:40 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1539bc61fc339c74025e227f4d6b79eae04f5c99
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:57:df:3b:6b:35:34:27:e9:a0:05:7d:9a:4d:
9d:62:2e:7b:9a:c3:93:56:94:59:93:34:77:ec:e8:
43:ba:cd:24:74:51:12:68:c4:85:8e:c6:9f:42:f0:
b4:56:df:1e:68:b6:e1:ca:23:57:e3:9c:79:98:25:
b6:1e:d5:13:a7:31:5d:2d:24:1c:b6:0a:fd:48:17:
49:32:6d:70:2b:2a:ba:3b:fb:0a:83:85:52:08:4d:
d5:bf:03:37:ef:c3:bb:a2:6d:05:64:f9:81:20:31:
c4:be:c6:10:bd:4e:e9:d8:2a:ad:c9:9a:01:f2:8e:
5b:f2:c6:d7:c6:0b:af:cd:0c:81:11:27:14:36:f1:
03:d2:b2:79:c0:1e:e0:f7:7a:43:9a:f8:bc:0c:a7:
95:9f:d0:30:53:bf:14:2d:ff:c2:b2:6d:79:0e:32:
e2:81:78:39:b1:2c:ae:0c:d9:5f:0c:9d:c4:ff:85:
a7:70:29:31:7e:62:3f:38:47:b4:9b:bf:46:e2:d5:
79:d9:b3:03:91:60:5a:dd:a0:d1:42:06:82:5f:14:
0e:15:6b:d5:69:ac:d6:16:2f:2b:29:f9:66:9d:f6:
8a:c3:6d:18:7c:6c:72:2b:5c:8d:93:14:a2:5a:15:
62:da:28:43:a9:3a:79:4b:a2:15:e3:32:f8:79:c6:
99:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:39:BC:61:FC:33:9C:74:02:5E:22:7F:4D:6B:79:EA:E0:4F:5C:99
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/FTm8YfwznHQCXiJ_TWt56uBPXJk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.7.0/24
194.87.52.0/24
195.133.37.0/24
212.193.11.0/24
Signature Algorithm: sha256WithRSAEncryption
6a:6f:af:6b:17:f2:47:64:6c:66:06:3f:24:13:2a:92:1b:19:
09:cf:7b:70:84:a4:c2:fc:c2:bb:2f:c5:51:4d:54:69:3d:98:
e0:3c:20:10:e0:98:e4:b0:a2:8d:c2:8d:49:8a:52:4b:a4:5c:
bd:83:fe:f6:04:37:1c:ab:dc:5f:95:5e:13:59:36:95:35:21:
6c:cf:72:8b:95:b3:97:43:9c:9f:e4:9e:66:f1:85:27:85:a5:
53:3d:f1:33:3c:3f:60:9e:b5:3e:5b:d1:f7:30:9d:92:aa:d7:
08:76:d5:0d:a6:e1:8e:2c:bc:bb:48:ad:d3:5e:72:3e:a0:9a:
0a:71:3c:09:81:eb:69:96:9f:33:b4:02:6b:ad:a8:0e:46:fa:
73:4a:48:8c:0a:a8:8e:b4:d4:46:bc:15:04:3e:ed:5e:cd:5e:
b3:9c:0b:96:fe:84:86:e7:ed:7d:45:fb:e3:2c:e4:db:01:61:
b7:4b:d6:d0:80:42:a7:7b:ee:b4:7a:5f:5d:38:2d:86:13:17:
0f:7b:69:02:17:de:bb:23:54:f9:e6:7a:9e:a6:f9:90:66:9f:
3b:2d:b9:f9:cf:3e:7b:d1:eb:c6:eb:ca:11:23:0e:d8:c7:f7:
90:c9:e1:1b:c2:65:a8:e7:7a:4c:0d:61:d5:de:83:b1:e1:e1:
42:85:c8:d4
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQoJP06FDwXh9EkyXQvE+PrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTM5YmM2MWZjMzM5Yzc0MDI1ZTIyN2Y0ZDZiNzllYWUwNGY1Yzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1ffO2s1NCfpoAV9mk2dYi57msOT
VpRZkzR37OhDus0kdFESaMSFjsafQvC0Vt8eaLbhyiNX45x5mCW2HtUTpzFdLSQc
tgr9SBdJMm1wKyq6O/sKg4VSCE3VvwM378O7om0FZPmBIDHEvsYQvU7p2CqtyZoB
8o5b8sbXxguvzQyBEScUNvED0rJ5wB7g93pDmvi8DKeVn9AwU78ULf/Csm15DjLi
gXg5sSyuDNlfDJ3E/4WncCkxfmI/OEe0m79G4tV52bMDkWBa3aDRQgaCXxQOFWvV
aazWFi8rKflmnfaKw20YfGxyK1yNkxSiWhVi2ihDqTp5S6IV4zL4ecaZBQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBU5vGH8M5x0Al4if01reergT1yZMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRlRtOFlmd3puSFFDWGlKX1RXdDU2dUJQWEprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwXwHAwQA
wlc0AwQAw4UlAwQA1MELMA0GCSqGSIb3DQEBCwUAA4IBAQBqb69rF/JHZGxmBj8k
EyqSGxkJz3twhKTC/MK7L8VRTVRpPZjgPCAQ4JjksKKNwo1JilJLpFy9g/72BDcc
q9xflV4TWTaVNSFsz3KLlbOXQ5yf5J5m8YUnhaVTPfEzPD9gnrU+W9H3MJ2SqtcI
dtUNpuGOLLy7SK3TXnI+oJoKcTwJgetplp8ztAJrragORvpzSkiMCqiOtNRGvBUE
Pu1ezV6znAuW/oSG5+19RfvjLOTbAWG3S9bQgEKne+60el9dOC2GExcPe2kCF967
I1T55nqepvmQZp87Lbn5zz570evG68oRIw7Yx/eQyeEbwmWo53pMDWHV3oOx4eFC
hcjU
-----END CERTIFICATE-----
Generated at Thu Apr 24 22:36:09 2025 by rpki-client