Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nGYwf09X4nyTT-kcs2u8RJmPHLE.roa
File: nGYwf09X4nyTT-kcs2u8RJmPHLE.roa (raw, json)
Hash identifier: ySZVCTuJEfU+hyBjco3ifp3WlM6jqXQNQieRyFZEB5M=
Subject key identifier: 9C:66:30:7F:4F:57:E2:7C:93:4F:E9:1C:B3:6B:BC:44:99:8F:1C:B1
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 019428251C25AC8836573D3AA7A1BE3B79C7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nGYwf09X4nyTT-kcs2u8RJmPHLE.roa
Signing time: Thu 02 Jan 2025 17:51:48 +0000
ROA not before: Thu 02 Jan 2025 17:51:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398343
IP address blocks: 193.124.24.0/24 maxlen: 24
194.87.123.0/24 maxlen: 24
194.135.104.0/24 maxlen: 24
212.193.25.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:1c:25:ac:88:36:57:3d:3a:a7:a1:be:3b:79:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 2 17:51:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9c66307f4f57e27c934fe91cb36bbc44998f1cb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:a2:87:d8:ec:bf:6e:65:7e:a1:89:19:86:a9:
ee:68:82:60:45:7b:57:4b:02:f8:0f:d7:01:fc:bb:
a4:9c:a9:0c:22:2f:74:3c:df:26:41:b6:6a:e3:dd:
b7:dc:46:36:48:cb:00:ff:11:5e:e9:c9:67:ef:ce:
25:86:8f:cc:2d:82:e6:78:73:38:00:dd:e3:fb:91:
cf:21:85:22:fb:81:20:0c:d3:0a:77:c1:b8:1f:4d:
f6:2b:a2:63:2f:2b:fc:13:0a:ee:64:67:87:2f:7b:
46:59:56:5d:dc:ab:76:db:ac:11:d4:dd:02:ce:51:
fe:25:b2:10:f9:cc:ce:b0:5f:ee:25:9d:0a:e5:ab:
53:0d:44:dc:d9:f7:91:68:ce:7b:4e:5f:30:59:ab:
58:b2:f1:90:ff:05:9b:0e:18:ea:c1:3b:ac:02:8e:
6a:b2:b5:cf:22:3c:d6:c2:ad:1e:cb:b5:b7:e8:4a:
42:ce:a1:cd:2d:98:84:9b:e5:08:6e:d9:a8:ef:38:
5c:69:ad:19:53:5c:d6:c7:5a:b7:7a:d0:9b:64:86:
a9:97:0f:29:e1:35:04:9d:74:00:08:6c:5f:36:cb:
e0:96:60:d7:06:5d:24:6a:84:d9:d8:74:41:74:6a:
88:61:90:06:ab:4b:c4:11:06:6c:c0:1b:87:b7:4d:
46:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:66:30:7F:4F:57:E2:7C:93:4F:E9:1C:B3:6B:BC:44:99:8F:1C:B1
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nGYwf09X4nyTT-kcs2u8RJmPHLE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.24.0/24
194.87.123.0/24
194.135.104.0/24
212.193.25.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:7f:a3:14:07:1c:4b:3f:25:4b:48:ee:bc:b7:76:ea:35:c9:
ad:c2:cd:96:c1:2a:33:72:47:85:b6:49:a1:94:5e:21:9f:b2:
79:3f:15:38:2e:1a:ae:00:6c:74:1e:eb:80:d4:6f:04:3c:08:
9a:4f:49:34:08:e5:df:7d:fd:6a:b6:41:4b:30:1d:89:ae:e3:
58:69:46:74:ae:cc:4e:14:74:3f:ab:5f:b0:d5:53:8c:6e:4b:
33:72:3e:66:ec:2b:71:d7:f3:88:99:83:87:19:aa:e4:59:0b:
e1:50:54:c7:bb:6c:a9:7a:a1:7a:3c:7b:18:3e:55:1a:2c:b4:
d3:ed:3d:f7:75:b8:79:cb:79:36:23:40:1f:71:35:2f:d3:ea:
02:4d:0f:b1:98:cc:fd:eb:32:55:01:63:a1:38:79:ec:fe:00:
92:d2:b3:60:25:c8:65:f1:1f:b6:4a:e9:ac:1e:90:ae:09:e2:
21:2a:2a:cb:4b:5c:6b:eb:c8:69:8a:c0:01:72:28:da:af:d1:
63:ed:65:07:dc:99:08:a0:dd:83:18:2c:56:e1:55:76:7d:99:
36:b9:58:c6:b3:d1:e0:00:43:52:9a:d7:77:0e:7c:ab:ed:45:
c6:b9:43:40:45:5c:0b:85:15:36:ae:dd:17:3e:fa:9c:1c:88:
93:a2:c2:4e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQoJRwlrIg2Vz06p6G+O3nHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY2MzA3ZjRmNTdlMjdjOTM0ZmU5MWNiMzZiYmM0NDk5OGYxY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKKH2Oy/bmV+oYkZhqnuaIJgRXtX
SwL4D9cB/LuknKkMIi90PN8mQbZq49233EY2SMsA/xFe6cln784lho/MLYLmeHM4
AN3j+5HPIYUi+4EgDNMKd8G4H032K6JjLyv8EwruZGeHL3tGWVZd3Kt226wR1N0C
zlH+JbIQ+czOsF/uJZ0K5atTDUTc2feRaM57Tl8wWatYsvGQ/wWbDhjqwTusAo5q
srXPIjzWwq0ey7W36EpCzqHNLZiEm+UIbtmo7zhcaa0ZU1zWx1q3etCbZIaplw8p
4TUEnXQACGxfNsvglmDXBl0kaoTZ2HRBdGqIYZAGq0vEEQZswBuHt01GywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJxmMH9PV+J8k0/pHLNrvESZjxyxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbkdZd2YwOVg0bnlUVC1rY3MydThSSm1QSExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwXwYAwQA
wld7AwQAwodoAwQA1MEZMA0GCSqGSIb3DQEBCwUAA4IBAQB/f6MUBxxLPyVLSO68
t3bqNcmtws2WwSozckeFtkmhlF4hn7J5PxU4LhquAGx0HuuA1G8EPAiaT0k0COXf
ff1qtkFLMB2JruNYaUZ0rsxOFHQ/q1+w1VOMbkszcj5m7Ctx1/OImYOHGarkWQvh
UFTHu2ypeqF6PHsYPlUaLLTT7T33dbh5y3k2I0AfcTUv0+oCTQ+xmMz96zJVAWOh
OHns/gCS0rNgJchl8R+2SumsHpCuCeIhKirLS1xr68hpisABcijar9Fj7WUH3JkI
oN2DGCxW4VV2fZk2uVjGs9HgAENSmtd3Dnyr7UXGuUNARVwLhRU2rt0XPvqcHIiT
osJO
-----END CERTIFICATE-----
Generated at Thu Apr 24 22:33:52 2025 by rpki-client