Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/3PYL2z4dbYzzHpPINidA49XrquI.roa
File: 3PYL2z4dbYzzHpPINidA49XrquI.roa (raw, json)
Hash identifier: JjFcUQUaNejhXKTGMzFyL0WCBL9DGr3AsPUpC7MPyAE=
Subject key identifier: DC:F6:0B:DB:3E:1D:6D:8C:F3:1E:93:C8:36:27:40:E3:D5:EB:AA:E2
Certificate issuer: /CN=5484b53ec069e302623596fb3aa79f5d782c09f9
Certificate serial: 019427B68725FFE82EF00A66A12F72BA6491
Authority key identifier: 54:84:B5:3E:C0:69:E3:02:62:35:96:FB:3A:A7:9F:5D:78:2C:09:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VIS1PsBp4wJiNZb7OqefXXgsCfk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/3PYL2z4dbYzzHpPINidA49XrquI.roa
Signing time: Thu 02 Jan 2025 15:51:01 +0000
ROA not before: Thu 02 Jan 2025 15:51:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 25540
IP address blocks: 109.239.114.0/23 maxlen: 24
109.239.124.0/24 maxlen: 24
159.100.36.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b6:87:25:ff:e8:2e:f0:0a:66:a1:2f:72:ba:64:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5484b53ec069e302623596fb3aa79f5d782c09f9
Validity
Not Before: Jan 2 15:51:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dcf60bdb3e1d6d8cf31e93c8362740e3d5ebaae2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:39:cc:24:e8:f7:c8:e8:f1:91:da:92:59:b0:
dd:27:58:2a:be:c2:d7:db:85:c6:8d:42:3e:86:a1:
cd:15:37:67:77:c1:79:ef:d8:0e:58:28:56:1e:b4:
18:4e:26:ba:96:50:f7:be:39:62:b9:43:60:ca:23:
1f:c4:cd:5d:90:bb:39:18:1f:be:61:a3:14:10:77:
8c:51:8f:86:c3:f0:cb:3b:6e:21:c5:d1:d5:f2:66:
38:a6:f3:12:0a:7c:0b:4c:a4:21:b0:e9:43:7e:94:
7a:16:89:67:30:af:27:d8:e7:5f:fe:17:40:1e:fd:
f0:39:3e:11:1f:3e:f4:24:5d:f8:1c:00:b9:54:8e:
61:43:fb:18:84:2a:f0:a6:e7:bc:14:aa:4d:f3:ad:
40:fc:1b:89:14:18:5e:8c:dc:0c:7d:a3:7f:e7:e9:
eb:5d:3e:b8:0f:b4:57:c7:87:d3:f1:5f:59:10:d6:
e1:06:0e:a8:39:7e:11:26:73:c2:af:f2:4e:3d:8f:
f1:79:5a:61:bb:c3:75:0e:37:2f:bd:4f:16:2c:04:
9f:3e:98:91:04:1c:86:de:d9:47:ca:3c:f7:32:56:
19:32:fd:fa:51:1e:75:f4:a1:dd:f9:ac:ea:43:bd:
2a:74:01:b3:bb:87:00:60:fd:ff:b7:d7:bd:85:59:
a1:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:F6:0B:DB:3E:1D:6D:8C:F3:1E:93:C8:36:27:40:E3:D5:EB:AA:E2
X509v3 Authority Key Identifier:
keyid:54:84:B5:3E:C0:69:E3:02:62:35:96:FB:3A:A7:9F:5D:78:2C:09:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VIS1PsBp4wJiNZb7OqefXXgsCfk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/3PYL2z4dbYzzHpPINidA49XrquI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/VIS1PsBp4wJiNZb7OqefXXgsCfk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.239.114.0/23
109.239.124.0/24
159.100.36.0/23
Signature Algorithm: sha256WithRSAEncryption
06:4e:76:b2:ec:75:57:fa:d6:80:a2:f3:02:4d:35:e1:ec:ff:
11:08:47:43:5e:b6:5e:2b:49:82:3b:b5:04:3b:f5:9b:1d:c7:
d4:09:99:d2:03:bd:a7:ab:18:96:83:50:76:7a:29:c2:be:64:
10:2f:6d:47:aa:95:1f:d7:91:fd:e5:e5:06:f6:8a:8d:9b:c9:
18:73:cf:5d:e8:88:81:f7:b5:b4:2c:4a:15:17:34:4d:7b:4b:
4d:d0:ac:56:14:7f:67:d0:33:75:59:2b:c5:2d:d4:c6:8d:e5:
0d:5c:f2:30:62:ff:89:f7:3e:4b:4f:6b:de:bd:39:fd:d5:b7:
bd:5f:43:4c:3d:b9:c5:b2:23:36:8c:95:5a:20:c6:a1:61:ae:
59:86:f9:06:c2:05:6f:bd:f7:10:2d:a0:85:84:eb:26:4d:01:
ae:ba:f5:90:82:84:bc:51:c4:01:01:bd:97:04:cc:24:64:3d:
b2:a3:39:c6:cc:c0:65:65:92:26:64:7b:cc:26:28:26:9d:fd:
30:29:2a:56:ba:b3:34:f1:1b:74:8b:f1:7c:cb:b0:c1:1f:7d:
c7:cc:a5:46:0e:4f:48:df:ad:63:82:e3:e0:50:bc:aa:ef:b5:
95:c9:36:89:9f:38:14:b0:10:3f:cf:1c:48:58:98:23:8c:4c:
11:c3:eb:36
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntocl/+gu8ApmoS9yumSRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ODRiNTNlYzA2OWUzMDI2MjM1OTZmYjNhYTc5ZjVkNzgy
YzA5ZjkwHhcNMjUwMTAyMTU1MTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y2MGJkYjNlMWQ2ZDhjZjMxZTkzYzgzNjI3NDBlM2Q1ZWJhYWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDnMJOj3yOjxkdqSWbDdJ1gqvsLX
24XGjUI+hqHNFTdnd8F579gOWChWHrQYTia6llD3vjliuUNgyiMfxM1dkLs5GB++
YaMUEHeMUY+Gw/DLO24hxdHV8mY4pvMSCnwLTKQhsOlDfpR6FolnMK8n2Odf/hdA
Hv3wOT4RHz70JF34HAC5VI5hQ/sYhCrwpue8FKpN861A/BuJFBhejNwMfaN/5+nr
XT64D7RXx4fT8V9ZENbhBg6oOX4RJnPCr/JOPY/xeVphu8N1DjcvvU8WLASfPpiR
BByG3tlHyjz3MlYZMv36UR519KHd+azqQ70qdAGzu4cAYP3/t9e9hVmhJwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNz2C9s+HW2M8x6TyDYnQOPV66riMB8GA1UdIwQY
MBaAFFSEtT7AaeMCYjWW+zqnn114LAn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVklTMVBzQnA0d0ppTlpiN09xZWZYWGdzQ2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9jYTYxOGMtMzVjZS00ZDMxLWJiODkt
Y2U4ZGQ2ODk4YjI3LzEvM1BZTDJ6NGRiWXp6SHBQSU5pZEE0OVhycXVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9jYTYxOGMtMzVjZS00ZDMxLWJiODktY2U4ZGQ2ODk4YjI3
LzEvVklTMVBzQnA0d0ppTlpiN09xZWZYWGdzQ2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBbe9yAwQA
be98AwQBn2QkMA0GCSqGSIb3DQEBCwUAA4IBAQAGTnay7HVX+taAovMCTTXh7P8R
CEdDXrZeK0mCO7UEO/WbHcfUCZnSA72nqxiWg1B2einCvmQQL21HqpUf15H95eUG
9oqNm8kYc89d6IiB97W0LEoVFzRNe0tN0KxWFH9n0DN1WSvFLdTGjeUNXPIwYv+J
9z5LT2vevTn91be9X0NMPbnFsiM2jJVaIMahYa5ZhvkGwgVvvfcQLaCFhOsmTQGu
uvWQgoS8UcQBAb2XBMwkZD2yoznGzMBlZZImZHvMJigmnf0wKSpWurM08Rt0i/F8
y7DBH33HzKVGDk9I361jguPgULyq77WVyTaJnzgUsBA/zxxIWJgjjEwRw+s2
-----END CERTIFICATE-----
Generated at Fri Apr 25 04:37:17 2025 by rpki-client