Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/SOdbfA4k2rHns_9FeEf2o6kdRPA.roa
File: SOdbfA4k2rHns_9FeEf2o6kdRPA.roa (raw, json)
Hash identifier: UCxkRGVqhqrA5LNMsKBYYs+r3jtWXwOD0Dbnu0MtoW4=
Subject key identifier: 48:E7:5B:7C:0E:24:DA:B1:E7:B3:FF:45:78:47:F6:A3:A9:1D:44:F0
Certificate issuer: /CN=e47efc9cc3d9c4bd29a2bbc15551f82f25cf11ba
Certificate serial: 01942444BEBA98FF341986B927AF1FCF15F2
Authority key identifier: E4:7E:FC:9C:C3:D9:C4:BD:29:A2:BB:C1:55:51:F8:2F:25:CF:11:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5H78nMPZxL0porvBVVH4LyXPEbo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/SOdbfA4k2rHns_9FeEf2o6kdRPA.roa
Signing time: Wed 01 Jan 2025 23:47:52 +0000
ROA not before: Wed 01 Jan 2025 23:47:52 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31543
IP address blocks: 185.236.188.0/22 maxlen: 24
2a0d:c900::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:44:be:ba:98:ff:34:19:86:b9:27:af:1f:cf:15:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e47efc9cc3d9c4bd29a2bbc15551f82f25cf11ba
Validity
Not Before: Jan 1 23:47:52 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=48e75b7c0e24dab1e7b3ff457847f6a3a91d44f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:6e:3b:ea:3c:ab:dd:f4:5e:fa:5b:75:2a:65:
99:d8:c5:e7:8f:4a:a0:b7:81:8a:21:30:78:7d:3c:
30:72:95:50:8c:b4:dd:00:b0:f3:12:0f:c6:06:36:
d0:72:ea:e2:1d:16:15:5b:a8:2e:f1:92:13:43:c9:
4f:b9:29:fb:42:08:76:48:1a:85:ab:b1:cd:a4:7f:
b6:9e:b3:9c:1a:a1:9f:7c:f6:b7:93:50:b4:79:e5:
1e:f5:2f:9a:5c:36:14:e7:2f:d0:d8:30:ee:d9:d5:
a0:ce:1a:d2:bb:ad:2f:4f:c3:f9:36:54:4c:b0:f7:
06:6f:d8:05:1e:1b:df:e6:06:ef:e7:79:61:b3:d9:
9d:6f:d7:30:02:18:d8:1f:72:a2:55:f0:a0:12:24:
a7:1e:97:ad:0d:2f:06:f8:ef:3b:d5:a8:8f:de:c8:
fc:68:75:9a:92:92:c3:53:b3:9e:68:e6:48:59:65:
1a:af:48:33:13:6e:e2:ef:40:cc:a8:e9:1c:fd:bc:
23:ad:83:d6:8d:29:89:8b:ae:ce:9d:0c:d3:cf:62:
f1:2a:69:8a:c4:47:ab:63:c1:a9:0c:28:75:68:4a:
d0:55:48:fe:11:03:8f:6f:38:5e:98:47:b1:a0:23:
ad:93:27:a9:59:a8:42:24:ee:77:a5:0d:ba:0c:75:
33:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:E7:5B:7C:0E:24:DA:B1:E7:B3:FF:45:78:47:F6:A3:A9:1D:44:F0
X509v3 Authority Key Identifier:
keyid:E4:7E:FC:9C:C3:D9:C4:BD:29:A2:BB:C1:55:51:F8:2F:25:CF:11:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5H78nMPZxL0porvBVVH4LyXPEbo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/SOdbfA4k2rHns_9FeEf2o6kdRPA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/248133-8670-4167-a195-6e2f588c0c7e/1/5H78nMPZxL0porvBVVH4LyXPEbo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.236.188.0/22
IPv6:
2a0d:c900::/29
Signature Algorithm: sha256WithRSAEncryption
6c:43:a4:be:5a:2e:81:46:87:ee:52:99:c2:42:ea:7f:56:2f:
c5:2b:b3:cc:83:f8:4e:2b:fc:c3:db:73:0a:1f:03:00:05:66:
3e:fe:e7:12:aa:31:72:fa:51:cb:d9:34:9c:22:70:19:53:09:
29:a6:e2:5f:bd:56:bf:54:9e:75:2a:2f:79:d7:f7:16:f3:24:
89:92:80:d0:ca:bb:c5:ae:f9:05:41:5e:d0:4f:11:71:c4:34:
00:4a:3f:37:5a:fd:2b:f3:25:8a:fd:12:36:f4:f1:4a:e8:2e:
74:7b:a0:66:0e:55:ea:d1:5e:7d:86:48:a2:17:a2:71:7f:d5:
63:6c:90:94:b7:7f:b1:15:54:c3:39:38:5a:17:15:9c:86:fd:
02:7f:50:9c:f0:b3:a1:30:bf:61:e0:f3:9a:c6:18:cf:35:ea:
3c:e1:2b:98:a3:7f:e5:b0:4e:d1:6b:fc:d0:87:e3:2d:d4:fd:
45:63:9d:c6:f6:9b:78:c8:6e:9c:68:c8:b7:1b:3a:2f:2f:98:
70:92:bc:63:a0:3b:ef:7c:d5:d9:49:2e:78:75:c6:bc:fa:bf:
66:e6:3c:d0:fa:8f:00:49:f9:e7:1e:9e:8b:6b:6d:ff:b5:93:
dd:df:c3:d6:20:86:37:da:6c:a2:a9:ae:94:33:b9:f6:81:c3:
8b:bf:24:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRL66mP80GYa5J68fzxXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0N2VmYzljYzNkOWM0YmQyOWEyYmJjMTU1NTFmODJmMjVj
ZjExYmEwHhcNMjUwMTAxMjM0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGU3NWI3YzBlMjRkYWIxZTdiM2ZmNDU3ODQ3ZjZhM2E5MWQ0NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG476jyr3fRe+lt1KmWZ2MXnj0qg
t4GKITB4fTwwcpVQjLTdALDzEg/GBjbQcuriHRYVW6gu8ZITQ8lPuSn7Qgh2SBqF
q7HNpH+2nrOcGqGffPa3k1C0eeUe9S+aXDYU5y/Q2DDu2dWgzhrSu60vT8P5NlRM
sPcGb9gFHhvf5gbv53lhs9mdb9cwAhjYH3KiVfCgEiSnHpetDS8G+O871aiP3sj8
aHWakpLDU7OeaOZIWWUar0gzE27i70DMqOkc/bwjrYPWjSmJi67OnQzTz2LxKmmK
xEerY8GpDCh1aErQVUj+EQOPbzhemEexoCOtkyepWahCJO53pQ26DHUz9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEjnW3wOJNqx57P/RXhH9qOpHUTwMB8GA1UdIwQY
MBaAFOR+/JzD2cS9KaK7wVVR+C8lzxG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUg3OG5NUFp4TDBwb3J2QlZWSDRMeVhQRWJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yNDgxMzMtODY3MC00MTY3LWExOTUt
NmUyZjU4OGMwYzdlLzEvU09kYmZBNGsyckhuc185RmVFZjJvNmtkUlBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yNDgxMzMtODY3MC00MTY3LWExOTUtNmUyZjU4OGMwYzdl
LzEvNUg3OG5NUFp4TDBwb3J2QlZWSDRMeVhQRWJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuey8MA0E
AgACMAcDBQMqDckAMA0GCSqGSIb3DQEBCwUAA4IBAQBsQ6S+Wi6BRofuUpnCQup/
Vi/FK7PMg/hOK/zD23MKHwMABWY+/ucSqjFy+lHL2TScInAZUwkppuJfvVa/VJ51
Ki951/cW8ySJkoDQyrvFrvkFQV7QTxFxxDQASj83Wv0r8yWK/RI29PFK6C50e6Bm
DlXq0V59hkiiF6Jxf9VjbJCUt3+xFVTDOThaFxWchv0Cf1Cc8LOhML9h4POaxhjP
Neo84SuYo3/lsE7Ra/zQh+Mt1P1FY53G9pt4yG6caMi3GzovL5hwkrxjoDvvfNXZ
SS54dca8+r9m5jzQ+o8ASfnnHp6La23/tZPd38PWIIY32myiqa6UM7n2gcOLvyTk
-----END CERTIFICATE-----
Generated at Sun Apr 27 12:01:22 2025 by rpki-client