Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/whsaqddiyDI8xyshxKkHo02Q7GA.roa
File: whsaqddiyDI8xyshxKkHo02Q7GA.roa (raw, json)
Hash identifier: GiAQ6ec8LMUk9UTzynBovpvos9gk3+nUpwnbIm92gbQ=
Subject key identifier: C2:1B:1A:A9:D7:62:C8:32:3C:C7:2B:21:C4:A9:07:A3:4D:90:EC:60
Certificate issuer: /CN=5e1d4060fd501ebae93ed44da6b7a79e66705b2f
Certificate serial: 019423D7F22A711730E67FBCD1513C7CE1DB
Authority key identifier: 5E:1D:40:60:FD:50:1E:BA:E9:3E:D4:4D:A6:B7:A7:9E:66:70:5B:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/whsaqddiyDI8xyshxKkHo02Q7GA.roa
Signing time: Wed 01 Jan 2025 21:49:02 +0000
ROA not before: Wed 01 Jan 2025 21:49:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20609
IP address blocks: 91.202.52.0/22 maxlen: 24
185.108.120.0/22 maxlen: 24
2a06:4ac0::/32 maxlen: 33
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:f2:2a:71:17:30:e6:7f:bc:d1:51:3c:7c:e1:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e1d4060fd501ebae93ed44da6b7a79e66705b2f
Validity
Not Before: Jan 1 21:49:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c21b1aa9d762c8323cc72b21c4a907a34d90ec60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:45:32:74:fe:b9:47:ae:7f:11:8c:94:7e:99:
88:b1:be:e8:eb:db:e4:2b:7d:8e:8b:ec:c8:6b:e6:
81:52:12:56:48:e6:46:26:52:9d:93:19:b2:f1:0d:
5e:7b:ea:9b:0b:10:64:63:0f:aa:dc:27:a8:80:64:
af:37:f7:2e:f3:b7:6e:9e:55:96:51:26:32:77:cd:
00:09:6c:e8:8f:37:b0:d8:9f:99:8f:ee:61:5b:2f:
bc:4e:a8:f6:97:cc:83:c4:22:41:77:de:d2:c3:97:
72:82:69:82:a1:d1:6b:02:95:c5:b2:93:f5:ce:fc:
ca:9e:d5:eb:a7:47:37:2a:7c:1b:fe:c6:27:ae:4b:
d7:f4:48:7f:01:df:3f:58:f2:25:53:d6:76:35:ed:
b1:39:71:24:d7:06:6f:52:58:a1:f7:0b:05:b9:b3:
a8:c7:ad:da:ba:4d:3b:d5:75:25:14:f3:59:a0:42:
11:08:fc:25:c3:c4:ca:9c:67:f9:b8:f4:ea:90:d3:
61:4b:1d:5f:4b:3a:91:23:b9:e1:ac:84:2d:2d:56:
cd:e2:0b:8e:c7:a0:94:04:72:5a:4c:b2:73:b3:d9:
54:73:44:c6:b4:1f:d7:89:ab:0b:3c:1d:ec:6f:11:
75:bd:46:36:62:d1:6b:ab:6d:10:bf:e4:f9:ca:0f:
c9:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:1B:1A:A9:D7:62:C8:32:3C:C7:2B:21:C4:A9:07:A3:4D:90:EC:60
X509v3 Authority Key Identifier:
keyid:5E:1D:40:60:FD:50:1E:BA:E9:3E:D4:4D:A6:B7:A7:9E:66:70:5B:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xh1AYP1QHrrpPtRNprennmZwWy8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/whsaqddiyDI8xyshxKkHo02Q7GA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/a70a84-f552-4354-a104-0e1db98ad231/1/Xh1AYP1QHrrpPtRNprennmZwWy8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.202.52.0/22
185.108.120.0/22
IPv6:
2a06:4ac0::/32
Signature Algorithm: sha256WithRSAEncryption
15:0f:84:da:36:30:fd:50:82:24:68:08:1e:1a:66:ba:31:16:
cd:b2:f3:fb:14:f8:59:15:49:c4:a5:69:31:c6:1e:7e:3e:96:
08:c4:15:74:33:5b:b6:8e:25:5e:d7:7b:1a:16:84:86:81:80:
4a:c1:74:6a:8f:40:76:06:94:f1:6f:53:ac:9f:09:2f:1a:3a:
f8:1b:08:5b:9f:fc:9f:0a:25:0d:63:7f:02:3b:5a:aa:9b:b7:
40:8a:49:7a:00:c5:c5:84:da:3b:9e:ed:6e:14:18:02:9d:4f:
31:8a:85:13:03:12:c9:4d:93:84:01:e8:7c:55:b5:22:67:2c:
a8:3e:a9:ee:c8:9c:22:2d:fc:fb:c9:75:72:84:c7:c5:35:8f:
9f:1e:9a:e1:97:88:09:be:c5:d1:5c:3a:c8:ed:d8:a0:c2:56:
e9:09:89:b7:69:7e:e6:d5:c2:d5:e7:91:72:fa:d5:8b:e6:c9:
3c:5d:58:e5:b0:24:3c:4d:e9:98:a6:48:da:74:14:d8:50:c3:
77:17:0c:f3:f6:09:bc:f8:b8:83:cc:63:ec:ec:de:a4:27:a0:
de:39:b8:36:5f:43:f2:ec:f5:7b:2e:da:48:20:cb:e4:c8:06:
e0:df:bf:51:10:e6:9f:b6:2a:20:65:c5:16:cc:82:b3:42:68:
e8:9d:76:1f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1/IqcRcw5n+80VE8fOHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWQ0MDYwZmQ1MDFlYmFlOTNlZDQ0ZGE2YjdhNzllNjY3
MDViMmYwHhcNMjUwMTAxMjE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjFiMWFhOWQ3NjJjODMyM2NjNzJiMjFjNGE5MDdhMzRkOTBlYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkUydP65R65/EYyUfpmIsb7o69vk
K32Oi+zIa+aBUhJWSOZGJlKdkxmy8Q1ee+qbCxBkYw+q3CeogGSvN/cu87dunlWW
USYyd80ACWzojzew2J+Zj+5hWy+8Tqj2l8yDxCJBd97Sw5dygmmCodFrApXFspP1
zvzKntXrp0c3Knwb/sYnrkvX9Eh/Ad8/WPIlU9Z2Ne2xOXEk1wZvUlih9wsFubOo
x63auk071XUlFPNZoEIRCPwlw8TKnGf5uPTqkNNhSx1fSzqRI7nhrIQtLVbN4guO
x6CUBHJaTLJzs9lUc0TGtB/XiasLPB3sbxF1vUY2YtFrq20Qv+T5yg/JDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMIbGqnXYsgyPMcrIcSpB6NNkOxgMB8GA1UdIwQY
MBaAFF4dQGD9UB666T7UTaa3p55mcFsvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGgxQVlQMVFIcnJwUHRSTnByZW5ubVp3V3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9hNzBhODQtZjU1Mi00MzU0LWExMDQt
MGUxZGI5OGFkMjMxLzEvd2hzYXFkZGl5REk4eHlzaHhLa0hvMDJRN0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9hNzBhODQtZjU1Mi00MzU0LWExMDQtMGUxZGI5OGFkMjMx
LzEvWGgxQVlQMVFIcnJwUHRSTnByZW5ubVp3V3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCW8o0AwQC
uWx4MA0EAgACMAcDBQAqBkrAMA0GCSqGSIb3DQEBCwUAA4IBAQAVD4TaNjD9UIIk
aAgeGma6MRbNsvP7FPhZFUnEpWkxxh5+PpYIxBV0M1u2jiVe13saFoSGgYBKwXRq
j0B2BpTxb1OsnwkvGjr4Gwhbn/yfCiUNY38CO1qqm7dAikl6AMXFhNo7nu1uFBgC
nU8xioUTAxLJTZOEAeh8VbUiZyyoPqnuyJwiLfz7yXVyhMfFNY+fHprhl4gJvsXR
XDrI7digwlbpCYm3aX7m1cLV55Fy+tWL5sk8XVjlsCQ8TemYpkjadBTYUMN3Fwzz
9gm8+LiDzGPs7N6kJ6DeObg2X0Py7PV7LtpIIMvkyAbg379REOaftiogZcUWzIKz
QmjonXYf
-----END CERTIFICATE-----
Generated at Fri Apr 25 09:53:18 2025 by rpki-client