Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/o1HryCgBbs653veiR5bTMLwPhd0.roa
File: o1HryCgBbs653veiR5bTMLwPhd0.roa (raw, json)
Hash identifier: LtY1DMpIFY18APuJfTlDp+opuoKFNGf5hxmLjfIFwOM=
Subject key identifier: A3:51:EB:C8:28:01:6E:CE:B9:DE:F7:A2:47:96:D3:30:BC:0F:85:DD
Certificate issuer: /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial: 0194236A0F3E09CC3113DD4D1197AF32C738
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/o1HryCgBbs653veiR5bTMLwPhd0.roa
Signing time: Wed 01 Jan 2025 19:49:00 +0000
ROA not before: Wed 01 Jan 2025 19:49:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 56598
IP address blocks: 193.168.204.0/23 maxlen: 32
193.168.206.0/23 maxlen: 32
2a09:6980::/29 maxlen: 48
2a0e:9900::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:0f:3e:09:cc:31:13:dd:4d:11:97:af:32:c7:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Validity
Not Before: Jan 1 19:49:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a351ebc828016eceb9def7a24796d330bc0f85dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:66:6b:5a:8b:92:72:cb:5c:48:2a:e8:e8:ec:
53:5d:4e:9a:24:40:02:b2:68:b2:c2:4f:de:73:65:
b3:9a:0d:87:80:36:ce:98:b2:13:e0:44:59:4e:aa:
2e:5c:c9:e9:69:dc:cc:2d:de:4b:5a:35:f4:ef:a5:
dc:28:76:4a:91:59:24:bf:f3:11:de:54:3b:0f:31:
97:8f:27:9b:d5:84:b8:a9:07:e0:d6:19:f5:c4:cc:
c5:6f:3e:d8:01:6b:42:fd:b5:31:95:74:63:30:92:
51:99:12:ad:b2:58:58:02:d7:3f:c9:8e:53:86:73:
d3:d4:96:be:e0:f6:82:ba:fa:ef:2d:88:d8:95:0c:
14:d6:d4:9c:79:0d:3f:26:10:de:45:75:71:55:ca:
61:07:38:e1:f8:4c:4f:18:0b:64:70:93:35:32:60:
52:69:1a:ee:53:2e:a9:3f:61:c3:16:cf:d7:1b:8e:
ce:e2:dc:bc:b3:1c:92:bd:ac:8d:83:a8:22:d1:4e:
1d:8d:a1:e0:67:e1:25:73:62:49:ca:28:b9:30:3c:
e6:40:5a:9e:c3:a3:d0:12:5d:1e:66:48:a7:bb:1b:
b8:ad:19:53:4e:45:ce:fd:ed:91:8e:90:8f:01:f3:
40:26:e7:6c:3a:8f:09:b3:d1:a4:c4:a1:76:a0:fa:
56:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:51:EB:C8:28:01:6E:CE:B9:DE:F7:A2:47:96:D3:30:BC:0F:85:DD
X509v3 Authority Key Identifier:
keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/o1HryCgBbs653veiR5bTMLwPhd0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.168.204.0/22
IPv6:
2a09:6980::/29
2a0e:9900::/29
Signature Algorithm: sha256WithRSAEncryption
77:9c:53:77:a9:32:8a:da:6b:10:69:dd:7f:7f:05:29:08:67:
9b:83:98:73:4f:72:1a:c5:59:86:36:43:43:fa:d1:14:00:38:
bb:93:63:a8:8a:6d:92:77:20:5a:ae:09:b9:ca:f1:e5:1e:86:
61:53:a0:52:05:e4:27:7e:ea:dd:79:5b:67:5f:3b:0f:d7:b4:
43:3e:51:66:d3:52:42:de:ac:3a:2f:d5:e0:2b:7e:60:95:27:
7c:b4:d1:a7:3d:4f:df:3b:ee:8b:31:43:6e:8a:40:e5:2e:c4:
ee:d4:46:11:b8:55:70:7e:be:4d:33:1b:b3:79:d3:79:13:05:
11:54:29:43:1c:d1:21:56:28:52:bc:a5:a1:1c:9f:ac:cb:25:
cc:7f:78:64:ef:c0:56:7a:80:86:f4:b4:2b:f3:a0:ca:18:b0:
4a:0d:dc:24:a1:4e:0d:ab:93:c2:69:da:5e:1c:d9:45:d2:d3:
f2:49:f6:69:58:b5:ca:8f:9a:9f:ec:ba:98:4c:87:d9:d4:8c:
e9:d5:fc:d1:ed:80:e6:5f:de:9e:22:41:e5:14:bd:01:7c:59:
5b:89:6c:9b:1f:4b:af:42:15:99:47:c0:70:d3:78:43:dd:6b:
7b:b8:07:8b:9b:47:76:08:8a:19:8f:20:a2:8b:cc:01:ac:1b:
30:f9:91:a8
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQjag8+CcwxE91NEZevMsc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjUwMTAxMTk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUxZWJjODI4MDE2ZWNlYjlkZWY3YTI0Nzk2ZDMzMGJjMGY4NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmZrWouScstcSCro6OxTXU6aJEAC
smiywk/ec2Wzmg2HgDbOmLIT4ERZTqouXMnpadzMLd5LWjX076XcKHZKkVkkv/MR
3lQ7DzGXjyeb1YS4qQfg1hn1xMzFbz7YAWtC/bUxlXRjMJJRmRKtslhYAtc/yY5T
hnPT1Ja+4PaCuvrvLYjYlQwU1tSceQ0/JhDeRXVxVcphBzjh+ExPGAtkcJM1MmBS
aRruUy6pP2HDFs/XG47O4ty8sxySvayNg6gi0U4djaHgZ+Elc2JJyii5MDzmQFqe
w6PQEl0eZkinuxu4rRlTTkXO/e2RjpCPAfNAJudsOo8Js9GkxKF2oPpWiQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFKNR68goAW7Oud73okeW0zC8D4XdMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvbzFIcnlDZ0JiczY1M3ZlaVI1YlRNTHdQaGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCwajMMBQE
AgACMA4DBQMqCWmAAwUDKg6ZADANBgkqhkiG9w0BAQsFAAOCAQEAd5xTd6kyitpr
EGndf38FKQhnm4OYc09yGsVZhjZDQ/rRFAA4u5NjqIptkncgWq4Jucrx5R6GYVOg
UgXkJ37q3XlbZ187D9e0Qz5RZtNSQt6sOi/V4Ct+YJUnfLTRpz1P3zvuizFDbopA
5S7E7tRGEbhVcH6+TTMbs3nTeRMFEVQpQxzRIVYoUryloRyfrMslzH94ZO/AVnqA
hvS0K/OgyhiwSg3cJKFODauTwmnaXhzZRdLT8kn2aVi1yo+an+y6mEyH2dSM6dX8
0e2A5l/eniJB5RS9AXxZW4lsmx9Lr0IVmUfAcNN4Q91re7gHi5tHdgiKGY8goovM
AawbMPmRqA==
-----END CERTIFICATE-----
Generated at Fri Apr 25 05:56:28 2025 by rpki-client