Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xPdAmw1S72qW3pbBGgDRf-MahYQ.roa
File: xPdAmw1S72qW3pbBGgDRf-MahYQ.roa (raw, json)
Hash identifier: 4/JN9gPaENsff1fwzqXuhj3h1v4SQJo63OlfDxNgS30=
Subject key identifier: C4:F7:40:9B:0D:52:EF:6A:96:DE:96:C1:1A:00:D1:7F:E3:1A:85:84
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0194ACDA4DD3DF04272C33B80EDBBF0BF796
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xPdAmw1S72qW3pbBGgDRf-MahYQ.roa
Signing time: Tue 28 Jan 2025 12:19:35 +0000
ROA not before: Tue 28 Jan 2025 12:19:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200239
IP address blocks: 193.124.90.0/24 maxlen: 24
194.87.59.0/24 maxlen: 24
194.87.64.0/24 maxlen: 24
194.87.75.0/24 maxlen: 24
194.87.91.0/24 maxlen: 24
195.58.63.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ac:da:4d:d3:df:04:27:2c:33:b8:0e:db:bf:0b:f7:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 28 12:19:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c4f7409b0d52ef6a96de96c11a00d17fe31a8584
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:ae:e2:83:12:72:b0:38:17:2b:23:e3:11:9c:
e7:79:14:f2:41:91:31:c6:9d:e4:0d:4e:06:bb:f9:
88:da:90:69:94:01:ee:3f:24:b1:71:13:d9:b1:9d:
aa:91:c8:6d:3c:02:25:b0:8a:fc:37:83:1d:38:d6:
54:ef:76:3d:97:89:29:7f:8a:44:53:e1:41:19:42:
73:23:79:7f:85:ae:78:d7:ce:6e:3d:a5:db:84:03:
8f:63:53:4e:eb:e7:e0:d3:34:d4:6b:16:45:ec:a1:
7e:40:ff:49:9a:86:0a:de:65:c2:c1:6e:d7:21:8b:
9e:7d:26:36:5e:aa:39:cc:06:f1:23:4e:26:e7:88:
8e:a1:ca:06:4b:f6:f9:a9:d5:c6:e9:18:87:60:6f:
a3:9f:8b:ca:c2:6d:d0:ce:84:75:9e:ed:75:b8:4c:
71:18:c9:f0:45:4e:17:e7:c3:f0:38:d0:3f:c3:19:
37:a0:2a:c7:05:88:ff:b8:04:17:96:30:af:40:cd:
a8:83:55:62:bf:48:fc:33:df:1b:23:e6:31:7f:66:
ad:bf:8c:50:08:9a:05:c1:29:cc:c9:5c:a4:e7:34:
f2:3e:eb:76:97:3d:49:89:d3:4e:f7:f4:a3:f0:d1:
c5:16:da:44:ed:38:e5:ad:1c:03:d6:37:30:80:6a:
c3:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:F7:40:9B:0D:52:EF:6A:96:DE:96:C1:1A:00:D1:7F:E3:1A:85:84
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xPdAmw1S72qW3pbBGgDRf-MahYQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.90.0/24
194.87.59.0/24
194.87.64.0/24
194.87.75.0/24
194.87.91.0/24
195.58.63.0/24
Signature Algorithm: sha256WithRSAEncryption
11:f5:29:e9:9c:56:f2:1b:8a:23:f8:a0:97:a4:14:a4:7a:e6:
9d:6d:9a:0f:a4:45:86:0e:3c:30:6f:0a:94:3e:44:de:04:bd:
18:67:3b:6e:fa:49:54:7a:3d:c9:7b:e8:75:6f:b8:d0:7f:d1:
dc:82:5c:8e:05:33:62:ae:21:43:38:48:92:eb:9f:4e:35:c4:
75:8e:57:d5:eb:73:7b:63:1a:2f:25:1e:9b:28:22:39:a6:85:
f0:ed:bb:00:2d:d1:b8:2a:e8:76:b8:7a:82:c1:cc:e4:28:3e:
44:dc:e3:38:6f:0e:7e:a1:a9:d3:48:6a:90:6a:46:ed:81:3f:
84:1a:e5:69:9f:a5:75:53:e4:6c:f1:c3:04:09:bd:94:9d:0f:
92:19:7c:78:26:45:c4:ee:27:f8:16:9f:ed:79:d0:ed:66:0c:
b8:fe:bc:43:fa:91:66:cf:6f:0f:74:65:18:22:1f:a7:ca:f5:
67:33:f0:15:c7:60:f0:69:46:62:81:a7:5c:d0:a0:2d:b7:ae:
08:9b:89:34:d1:99:81:fd:08:4d:35:12:44:bc:09:d1:86:5b:
dd:25:e2:6c:cc:27:73:16:cf:0a:20:99:51:b9:9f:3e:ee:2a:
b7:52:0e:09:4f:74:20:0f:01:d9:6c:59:e3:6a:de:75:31:af:
75:49:3b:4d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZSs2k3T3wQnLDO4Dtu/C/eWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTI4MTIxOTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGY3NDA5YjBkNTJlZjZhOTZkZTk2YzExYTAwZDE3ZmUzMWE4NTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2K7igxJysDgXKyPjEZzneRTyQZEx
xp3kDU4Gu/mI2pBplAHuPySxcRPZsZ2qkchtPAIlsIr8N4MdONZU73Y9l4kpf4pE
U+FBGUJzI3l/ha54185uPaXbhAOPY1NO6+fg0zTUaxZF7KF+QP9JmoYK3mXCwW7X
IYuefSY2Xqo5zAbxI04m54iOocoGS/b5qdXG6RiHYG+jn4vKwm3QzoR1nu11uExx
GMnwRU4X58PwONA/wxk3oCrHBYj/uAQXljCvQM2og1Viv0j8M98bI+Yxf2atv4xQ
CJoFwSnMyVyk5zTyPut2lz1JidNO9/Sj8NHFFtpE7TjlrRwD1jcwgGrD1QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFMT3QJsNUu9qlt6WwRoA0X/jGoWEMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveFBkQW13MVM3MnFXM3BiQkdnRFJmLU1haFlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwXxaAwQA
wlc7AwQAwldAAwQAwldLAwQAwldbAwQAwzo/MA0GCSqGSIb3DQEBCwUAA4IBAQAR
9SnpnFbyG4oj+KCXpBSkeuadbZoPpEWGDjwwbwqUPkTeBL0YZztu+klUej3Je+h1
b7jQf9HcglyOBTNiriFDOEiS659ONcR1jlfV63N7YxovJR6bKCI5poXw7bsALdG4
Kuh2uHqCwczkKD5E3OM4bw5+oanTSGqQakbtgT+EGuVpn6V1U+Rs8cMECb2UnQ+S
GXx4JkXE7if4Fp/tedDtZgy4/rxD+pFmz28PdGUYIh+nyvVnM/AVx2DwaUZigadc
0KAtt64Im4k00ZmB/QhNNRJEvAnRhlvdJeJszCdzFs8KIJlRuZ8+7iq3Ug4JT3Qg
DwHZbFnjat51Ma91STtN
-----END CERTIFICATE-----
Generated at Fri Apr 25 01:54:11 2025 by rpki-client