Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/XKepb_otZzL7k3ZMkl3G2IMgCSU.roa
File: XKepb_otZzL7k3ZMkl3G2IMgCSU.roa (raw, json)
Hash identifier: W9mkN91xRU3+fkW8j4EQwJJwcHraAc/r3I+DAJzdLtk=
Subject key identifier: 5C:A7:A9:6F:FA:2D:67:32:FB:93:76:4C:92:5D:C6:D8:83:20:09:25
Certificate issuer: /CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
Certificate serial: 019421B2424FE96F3F8DFAD859629D50FB55
Authority key identifier: 8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/XKepb_otZzL7k3ZMkl3G2IMgCSU.roa
Signing time: Wed 01 Jan 2025 11:48:38 +0000
ROA not before: Wed 01 Jan 2025 11:48:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51497
IP address blocks: 109.105.138.0/24 maxlen: 24
109.105.152.0/22 maxlen: 22
109.105.153.0/24 maxlen: 24
109.105.156.0/23 maxlen: 23
185.47.156.0/22 maxlen: 22
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:42:4f:e9:6f:3f:8d:fa:d8:59:62:9d:50:fb:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
Validity
Not Before: Jan 1 11:48:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5ca7a96ffa2d6732fb93764c925dc6d883200925
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:84:bf:16:7f:95:31:4a:40:99:5d:62:e7:2a:
2d:fe:ae:4b:cf:7e:de:32:fa:11:46:ac:80:76:fa:
ba:f1:4d:a4:d1:5d:41:fb:68:67:57:0f:1d:d6:1a:
a2:4e:a5:fd:94:6c:2e:da:ae:91:2d:c7:8b:af:09:
0f:1c:40:d1:0c:31:b3:cd:4c:8d:93:43:87:8f:a4:
3e:b9:a3:45:b7:b4:63:96:30:e9:8c:19:f8:29:78:
8f:e6:25:b9:4c:7e:64:88:07:bd:4c:3d:d6:4d:d2:
d0:38:60:83:62:d7:bb:aa:eb:cb:17:ef:82:d0:28:
cf:3a:01:ce:5a:f0:10:6a:29:04:ae:27:72:d1:c4:
d2:42:09:7d:78:15:c8:7f:b1:08:ee:e8:75:85:3c:
7c:8b:c8:53:35:91:0f:e9:a8:fa:03:d2:c1:07:86:
af:f0:7e:6e:2d:e4:15:02:89:a9:85:ca:e6:8c:4e:
6f:19:b6:59:d1:aa:67:29:11:47:6d:82:8f:54:ce:
c8:80:3b:56:68:59:aa:21:21:fc:3c:47:ca:00:b8:
2a:ee:4d:67:ea:9f:1a:45:fc:e4:be:52:17:0a:6c:
96:4c:f9:60:3c:87:1e:90:89:b0:c6:0e:d2:4b:80:
91:48:67:b0:a7:5f:85:c7:8d:46:8e:63:d6:9e:d9:
b3:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:A7:A9:6F:FA:2D:67:32:FB:93:76:4C:92:5D:C6:D8:83:20:09:25
X509v3 Authority Key Identifier:
keyid:8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/XKepb_otZzL7k3ZMkl3G2IMgCSU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.105.138.0/24
109.105.152.0-109.105.157.255
185.47.156.0/22
Signature Algorithm: sha256WithRSAEncryption
3b:da:dc:e5:25:4a:b8:bc:11:70:76:33:7b:06:c5:35:ed:7e:
42:b4:94:67:bc:91:15:96:0c:72:ee:7e:f8:ee:7c:c8:85:8d:
3a:c1:fe:b5:b0:6f:44:a0:20:f1:9c:af:ca:dc:ee:e5:d7:b7:
63:38:37:b0:ac:e1:c8:a9:de:18:9b:bf:f7:86:cc:90:d0:8c:
0b:c5:4f:82:c5:87:c7:aa:3e:49:15:04:a0:3a:95:17:95:eb:
bb:e5:7c:4f:3e:7a:e3:11:32:36:a7:04:1b:07:3b:5b:d8:d0:
b7:2d:79:cc:09:a0:ed:53:8b:9e:fc:3d:bb:de:28:8c:2e:13:
92:2f:f5:b3:25:36:b0:48:2e:39:78:eb:2f:97:8b:bd:e5:0a:
fd:d2:0a:64:68:f2:55:8b:ca:72:21:53:72:41:39:00:f1:a0:
3e:1f:d8:4e:f1:1a:61:66:c0:e7:5f:24:50:a7:fb:04:e1:4a:
48:c0:9e:3c:2c:5e:58:db:bf:b4:52:08:90:6b:d7:01:c6:66:
ea:32:b2:4d:77:dc:21:81:26:c1:be:09:13:f9:84:29:f7:79:
b2:39:6d:aa:86:ab:15:e9:c7:8c:d4:3e:8e:55:d1:fd:97:3d:
29:0b:3c:a1:78:c8:2f:28:30:18:7e:85:46:f8:af:64:44:1f:
99:68:64:42
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQhskJP6W8/jfrYWWKdUPtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWIyM2UyYzVkOWYyYzczNDQ4ODkwNDUwNTgzNWVmMjgw
OWZiM2IwHhcNMjUwMTAxMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E3YTk2ZmZhMmQ2NzMyZmI5Mzc2NGM5MjVkYzZkODgzMjAwOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoS/Fn+VMUpAmV1i5yot/q5Lz37e
MvoRRqyAdvq68U2k0V1B+2hnVw8d1hqiTqX9lGwu2q6RLceLrwkPHEDRDDGzzUyN
k0OHj6Q+uaNFt7RjljDpjBn4KXiP5iW5TH5kiAe9TD3WTdLQOGCDYte7quvLF++C
0CjPOgHOWvAQaikEridy0cTSQgl9eBXIf7EI7uh1hTx8i8hTNZEP6aj6A9LBB4av
8H5uLeQVAomphcrmjE5vGbZZ0apnKRFHbYKPVM7IgDtWaFmqISH8PEfKALgq7k1n
6p8aRfzkvlIXCmyWTPlgPIcekImwxg7SS4CRSGewp1+Fx41GjmPWntmzdwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFynqW/6LWcy+5N2TJJdxtiDIAklMB8GA1UdIwQY
MBaAFIzrI+LF2fLHNEiJBFBYNe8oCfs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODIt
ODMzNGUzNjIyMzZkLzEvWEtlcGJfb3Raekw3azNaTWtsM0cySU1nQ1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODItODMzNGUzNjIyMzZk
LzEvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAbWmKMAwD
BANtaZgDBAFtaZwDBAK5L5wwDQYJKoZIhvcNAQELBQADggEBADva3OUlSri8EXB2
M3sGxTXtfkK0lGe8kRWWDHLufvjufMiFjTrB/rWwb0SgIPGcr8rc7uXXt2M4N7Cs
4cip3hibv/eGzJDQjAvFT4LFh8eqPkkVBKA6lReV67vlfE8+euMRMjanBBsHO1vY
0LctecwJoO1Ti578PbveKIwuE5Iv9bMlNrBILjl46y+Xi73lCv3SCmRo8lWLynIh
U3JBOQDxoD4f2E7xGmFmwOdfJFCn+wThSkjAnjwsXljbv7RSCJBr1wHGZuoysk13
3CGBJsG+CRP5hCn3ebI5baqGqxXpx4zUPo5V0f2XPSkLPKF4yC8oMBh+hUb4r2RE
H5loZEI=
-----END CERTIFICATE-----
Generated at Fri Apr 25 11:25:43 2025 by rpki-client