Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/xppN97XlpzM-dgpRtsN2V_p7lZQ.roa
File: xppN97XlpzM-dgpRtsN2V_p7lZQ.roa (raw, json)
Hash identifier: L5C0DF41lLv5y5vXorCy3jzo9T18wVqDFOb9OQ+U5+4=
Subject key identifier: C6:9A:4D:F7:B5:E5:A7:33:3E:76:0A:51:B6:C3:76:57:FA:7B:95:94
Certificate issuer: /CN=45aa88dc675ce5dc35574bff6290e2ae88ce082b
Certificate serial: 019426D98C6ED74950D70748F9AF948A854B
Authority key identifier: 45:AA:88:DC:67:5C:E5:DC:35:57:4B:FF:62:90:E2:AE:88:CE:08:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RaqI3Gdc5dw1V0v_YpDirojOCCs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/xppN97XlpzM-dgpRtsN2V_p7lZQ.roa
Signing time: Thu 02 Jan 2025 11:49:39 +0000
ROA not before: Thu 02 Jan 2025 11:49:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39489
IP address blocks: 87.239.176.0/21 maxlen: 24
2001:67c:2b28::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:8c:6e:d7:49:50:d7:07:48:f9:af:94:8a:85:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45aa88dc675ce5dc35574bff6290e2ae88ce082b
Validity
Not Before: Jan 2 11:49:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c69a4df7b5e5a7333e760a51b6c37657fa7b9594
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:e1:32:01:ff:79:c2:5d:df:ff:68:12:f0:5b:
dc:6f:cd:7e:79:ef:d1:79:5e:96:0d:8a:c0:de:05:
9a:f8:f8:ab:69:c5:ed:5c:b1:e0:ec:3b:ef:f8:c8:
41:ab:53:7b:f0:01:76:0f:73:88:38:43:db:c2:c8:
14:3a:26:7e:a9:c7:70:a8:c6:2e:8c:58:b3:4d:68:
dc:c9:15:02:c6:5b:64:b6:41:b5:d4:fe:d3:24:d2:
de:4a:35:0c:7d:fe:49:48:c1:e4:09:af:a5:0a:a5:
fd:a8:27:18:22:f8:f9:d9:41:f3:27:eb:18:37:8a:
2b:6f:26:99:d1:d9:e3:f9:1d:09:4d:30:82:e0:72:
d9:38:4f:a0:89:eb:f0:92:fd:61:32:54:6b:f7:57:
89:61:62:e9:f3:34:9e:bd:7f:ed:61:98:dc:2e:4a:
f8:77:a2:03:c4:9f:8e:52:66:60:ee:ce:d5:e8:78:
cb:4f:4b:e0:87:bf:cf:9b:50:16:5a:27:45:2d:ae:
76:68:1a:e7:33:0b:c4:21:8a:c1:a3:8b:45:0c:61:
78:9c:11:e5:ca:44:35:9b:ce:c7:f9:5f:b6:66:cd:
2e:85:86:74:e5:fe:f1:a8:97:86:1e:02:9d:05:ce:
9c:0e:4a:65:7d:09:6a:ae:36:19:c1:9e:95:05:79:
1f:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:9A:4D:F7:B5:E5:A7:33:3E:76:0A:51:B6:C3:76:57:FA:7B:95:94
X509v3 Authority Key Identifier:
keyid:45:AA:88:DC:67:5C:E5:DC:35:57:4B:FF:62:90:E2:AE:88:CE:08:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RaqI3Gdc5dw1V0v_YpDirojOCCs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/xppN97XlpzM-dgpRtsN2V_p7lZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/RaqI3Gdc5dw1V0v_YpDirojOCCs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.239.176.0/21
IPv6:
2001:67c:2b28::/48
Signature Algorithm: sha256WithRSAEncryption
30:08:4c:f9:7e:c5:b9:74:f2:8b:33:59:6e:81:91:e9:36:72:
10:6e:ef:01:2a:a9:37:98:9c:1c:f3:31:35:c8:c2:45:40:e1:
36:3b:17:cf:cc:a7:d4:79:55:00:7b:b3:5b:ce:e5:aa:8d:ee:
4e:40:b8:d6:cd:46:b7:92:0e:9f:ba:35:5a:f1:81:f6:d1:2d:
9d:1d:c6:b8:da:94:f2:35:be:a7:07:5a:d2:a8:94:3d:26:76:
16:af:71:c5:2b:e7:f4:45:a2:03:b3:12:35:08:2e:9d:38:ab:
45:de:2f:9a:8e:57:57:1b:b1:d6:cb:07:92:0b:e0:09:ea:6b:
ee:f5:0c:e4:49:b8:77:41:95:d4:c9:14:62:01:b2:ab:f0:92:
79:bc:eb:a8:70:66:b4:a9:9a:52:1b:ae:4e:96:cf:f7:99:06:
04:81:bd:c5:61:76:9e:c5:2e:d2:2c:c0:e3:84:49:ae:ea:fa:
ad:a3:b0:01:f9:e2:ef:f2:9d:0b:c6:d9:44:46:1e:18:d1:93:
e8:1a:91:79:51:ae:3b:46:35:e5:d7:c9:96:ad:f9:f2:5e:76:
d8:06:eb:be:d3:30:68:22:ab:17:97:51:c4:ea:2e:34:ba:93:
78:7b:b7:6b:de:f5:61:2e:d4:bb:31:35:fd:39:e4:e2:77:10:
2d:68:18:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2Yxu10lQ1wdI+a+UioVLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YWE4OGRjNjc1Y2U1ZGMzNTU3NGJmZjYyOTBlMmFlODhj
ZTA4MmIwHhcNMjUwMTAyMTE0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjlhNGRmN2I1ZTVhNzMzM2U3NjBhNTFiNmMzNzY1N2ZhN2I5NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+EyAf95wl3f/2gS8Fvcb81+ee/R
eV6WDYrA3gWa+PiracXtXLHg7Dvv+MhBq1N78AF2D3OIOEPbwsgUOiZ+qcdwqMYu
jFizTWjcyRUCxltktkG11P7TJNLeSjUMff5JSMHkCa+lCqX9qCcYIvj52UHzJ+sY
N4orbyaZ0dnj+R0JTTCC4HLZOE+gievwkv1hMlRr91eJYWLp8zSevX/tYZjcLkr4
d6IDxJ+OUmZg7s7V6HjLT0vgh7/Pm1AWWidFLa52aBrnMwvEIYrBo4tFDGF4nBHl
ykQ1m87H+V+2Zs0uhYZ05f7xqJeGHgKdBc6cDkplfQlqrjYZwZ6VBXkf/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMaaTfe15aczPnYKUbbDdlf6e5WUMB8GA1UdIwQY
MBaAFEWqiNxnXOXcNVdL/2KQ4q6IzggrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmFxSTNHZGM1ZHcxVjB2X1lwRGlyb2pPQ0NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80MmRiNTItZGNhNy00ZmEzLTlhNzMt
MWQ3YjIyOWQ0ZTNiLzEveHBwTjk3WGxwek0tZGdwUnRzTjJWX3A3bFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80MmRiNTItZGNhNy00ZmEzLTlhNzMtMWQ3YjIyOWQ0ZTNi
LzEvUmFxSTNHZGM1ZHcxVjB2X1lwRGlyb2pPQ0NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDV++wMA8E
AgACMAkDBwAgAQZ8KygwDQYJKoZIhvcNAQELBQADggEBADAITPl+xbl08oszWW6B
kek2chBu7wEqqTeYnBzzMTXIwkVA4TY7F8/Mp9R5VQB7s1vO5aqN7k5AuNbNRreS
Dp+6NVrxgfbRLZ0dxrjalPI1vqcHWtKolD0mdhavccUr5/RFogOzEjUILp04q0Xe
L5qOV1cbsdbLB5IL4Anqa+71DORJuHdBldTJFGIBsqvwknm866hwZrSpmlIbrk6W
z/eZBgSBvcVhdp7FLtIswOOESa7q+q2jsAH54u/ynQvG2URGHhjRk+gakXlRrjtG
NeXXyZat+fJedtgG677TMGgiqxeXUcTqLjS6k3h7t2ve9WEu1LsxNf055OJ3EC1o
GK8=
-----END CERTIFICATE-----
Generated at Fri Apr 25 21:11:19 2025 by rpki-client