Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/95e060-fa2a-4057-9578-b0898fbb1cab/1/qFZMGyq85ztg5ytAQ7RbzglxnGU.roa
File: qFZMGyq85ztg5ytAQ7RbzglxnGU.roa (raw, json)
Hash identifier: kMRZIxRuZxVhg2DxKXhubRuKlbKba7EMDPUaAyexKng=
Subject key identifier: A8:56:4C:1B:2A:BC:E7:3B:60:E7:2B:40:43:B4:5B:CE:09:71:9C:65
Certificate issuer: /CN=c4729af13d3d156f411976b176e554fa671d76f7
Certificate serial: 019425219360527C7A4AA625B12F8A4DF147
Authority key identifier: C4:72:9A:F1:3D:3D:15:6F:41:19:76:B1:76:E5:54:FA:67:1D:76:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xHKa8T09FW9BGXaxduVU-mcddvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/95e060-fa2a-4057-9578-b0898fbb1cab/1/qFZMGyq85ztg5ytAQ7RbzglxnGU.roa
Signing time: Thu 02 Jan 2025 03:49:04 +0000
ROA not before: Thu 02 Jan 2025 03:49:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202629
IP address blocks: 45.153.28.0/22 maxlen: 24
45.153.28.0/24 maxlen: 24
45.153.29.0/24 maxlen: 24
45.153.30.0/24 maxlen: 24
45.153.31.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:93:60:52:7c:7a:4a:a6:25:b1:2f:8a:4d:f1:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c4729af13d3d156f411976b176e554fa671d76f7
Validity
Not Before: Jan 2 03:49:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a8564c1b2abce73b60e72b4043b45bce09719c65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:02:f8:e0:a9:c6:23:2d:2d:d0:57:35:7c:4f:
6e:34:89:7a:97:e1:9e:63:5d:4e:3b:b1:4c:fc:24:
3e:0f:18:f8:e6:b6:15:d8:56:d4:00:2a:f5:a0:f3:
ca:4a:34:db:8b:67:0f:ec:fc:39:03:09:49:f5:2c:
92:4b:88:26:88:80:12:80:86:e7:c5:dc:de:3f:91:
d6:7c:00:7b:83:35:05:7c:60:c9:15:39:88:27:5b:
c7:5f:bc:e4:c9:40:8a:80:37:69:5e:0b:df:e2:1e:
db:35:ec:e9:a6:c1:0d:11:29:77:21:7b:aa:38:b0:
d4:e1:85:e7:8e:4c:bb:63:35:98:68:04:c6:e0:47:
67:06:61:1e:ef:18:e1:9f:c5:2d:e5:b5:4e:d5:ce:
46:8e:72:74:e5:66:5e:08:6a:06:f6:9b:c0:df:20:
54:2d:05:4c:7f:49:4f:f3:77:82:14:18:fa:f5:f1:
8e:8c:38:de:82:77:2a:1f:e5:1a:6a:73:22:66:a3:
4c:ff:12:72:bb:98:7b:98:c2:ed:f9:2a:42:84:83:
0f:9b:da:1f:bf:54:8c:bc:2d:74:35:97:f9:1e:77:
ef:69:f0:02:7a:01:eb:f9:d8:18:9a:9a:c5:88:61:
d1:be:c5:cb:3a:13:ec:21:3c:69:36:3b:0a:49:ef:
37:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:56:4C:1B:2A:BC:E7:3B:60:E7:2B:40:43:B4:5B:CE:09:71:9C:65
X509v3 Authority Key Identifier:
keyid:C4:72:9A:F1:3D:3D:15:6F:41:19:76:B1:76:E5:54:FA:67:1D:76:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xHKa8T09FW9BGXaxduVU-mcddvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/95e060-fa2a-4057-9578-b0898fbb1cab/1/qFZMGyq85ztg5ytAQ7RbzglxnGU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/95e060-fa2a-4057-9578-b0898fbb1cab/1/xHKa8T09FW9BGXaxduVU-mcddvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.153.28.0/22
Signature Algorithm: sha256WithRSAEncryption
46:84:e8:09:1f:4b:82:1e:ba:52:8c:49:30:32:30:77:76:b2:
99:3d:39:cf:48:64:d0:2f:ce:c5:33:64:52:f5:1d:25:d2:99:
3c:45:f2:4d:0f:a8:35:e8:74:9e:bc:7e:45:f8:3f:0b:37:71:
51:dc:4f:4e:88:d9:dd:c3:cb:0d:e0:ce:58:8b:69:71:18:2f:
94:10:a0:f8:de:d1:ff:71:a3:74:3b:d5:f6:a8:44:a3:0b:61:
9e:18:24:6f:f1:da:71:31:8a:86:a7:48:2e:61:fe:a5:a0:7b:
0c:a7:ff:87:5b:ce:2e:ed:af:fa:24:bd:76:8a:11:07:b7:38:
41:50:ea:15:83:c1:b1:be:6e:61:13:ae:11:60:65:00:36:56:
d1:70:cb:dc:00:e5:58:3c:35:e4:23:29:21:c0:31:82:1a:d6:
ae:b4:83:55:40:38:3a:80:25:59:5f:b1:f3:e1:71:3c:0d:46:
73:3b:d6:d0:5c:f2:18:7c:17:63:3d:ef:01:79:ca:e7:b6:04:
71:b6:1f:ea:36:cb:39:eb:1c:c4:00:08:58:07:37:63:f5:e9:
22:e0:07:69:7e:62:38:88:da:f1:29:01:2e:73:d9:b9:31:34:
4a:4d:b2:ce:0b:34:58:01:2c:57:bb:7c:59:ca:d4:54:73:ed:
5f:9a:24:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZNgUnx6SqYlsS+KTfFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NzI5YWYxM2QzZDE1NmY0MTE5NzZiMTc2ZTU1NGZhNjcx
ZDc2ZjcwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODU2NGMxYjJhYmNlNzNiNjBlNzJiNDA0M2I0NWJjZTA5NzE5YzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwL44KnGIy0t0Fc1fE9uNIl6l+Ge
Y11OO7FM/CQ+Dxj45rYV2FbUACr1oPPKSjTbi2cP7Pw5AwlJ9SySS4gmiIASgIbn
xdzeP5HWfAB7gzUFfGDJFTmIJ1vHX7zkyUCKgDdpXgvf4h7bNezppsENESl3IXuq
OLDU4YXnjky7YzWYaATG4EdnBmEe7xjhn8Ut5bVO1c5GjnJ05WZeCGoG9pvA3yBU
LQVMf0lP83eCFBj69fGOjDjegncqH+UaanMiZqNM/xJyu5h7mMLt+SpChIMPm9of
v1SMvC10NZf5HnfvafACegHr+dgYmprFiGHRvsXLOhPsITxpNjsKSe83xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhWTBsqvOc7YOcrQEO0W84JcZxlMB8GA1UdIwQY
MBaAFMRymvE9PRVvQRl2sXblVPpnHXb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEhLYThUMDlGVzlCR1hheGR1VlUtbWNkZHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NWUwNjAtZmEyYS00MDU3LTk1Nzgt
YjA4OThmYmIxY2FiLzEvcUZaTUd5cTg1enRnNXl0QVE3UmJ6Z2x4bkdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NWUwNjAtZmEyYS00MDU3LTk1NzgtYjA4OThmYmIxY2Fi
LzEveEhLYThUMDlGVzlCR1hheGR1VlUtbWNkZHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZkcMA0G
CSqGSIb3DQEBCwUAA4IBAQBGhOgJH0uCHrpSjEkwMjB3drKZPTnPSGTQL87FM2RS
9R0l0pk8RfJND6g16HSevH5F+D8LN3FR3E9OiNndw8sN4M5Yi2lxGC+UEKD43tH/
caN0O9X2qESjC2GeGCRv8dpxMYqGp0guYf6loHsMp/+HW84u7a/6JL12ihEHtzhB
UOoVg8Gxvm5hE64RYGUANlbRcMvcAOVYPDXkIykhwDGCGtautINVQDg6gCVZX7Hz
4XE8DUZzO9bQXPIYfBdjPe8BecrntgRxth/qNss56xzEAAhYBzdj9eki4AdpfmI4
iNrxKQEuc9m5MTRKTbLOCzRYASxXu3xZytRUc+1fmiR0
-----END CERTIFICATE-----
Generated at Sat Apr 26 08:20:42 2025 by rpki-client