Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/a877c8-e7cb-4540-bd43-5acdbf474548/1/OxE4-aNNSEdqL0e1drWJ-u6-FW8.roa
File: OxE4-aNNSEdqL0e1drWJ-u6-FW8.roa (raw, json)
Hash identifier: 61L/5UKRIctS8qkUbe6UFwwrHK0nH/grmD/batM7eQ0=
Subject key identifier: 3B:11:38:F9:A3:4D:48:47:6A:2F:47:B5:76:B5:89:FA:EE:BE:15:6F
Certificate issuer: /CN=1d686e98acf2a37bf2aec69807e6964060979cb8
Certificate serial: 01941FFA6225DB90FCB2DC2F4A2402DD2C26
Authority key identifier: 1D:68:6E:98:AC:F2:A3:7B:F2:AE:C6:98:07:E6:96:40:60:97:9C:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HWhumKzyo3vyrsaYB-aWQGCXnLg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/a877c8-e7cb-4540-bd43-5acdbf474548/1/OxE4-aNNSEdqL0e1drWJ-u6-FW8.roa
Signing time: Wed 01 Jan 2025 03:48:10 +0000
ROA not before: Wed 01 Jan 2025 03:48:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21235
IP address blocks: 185.65.4.0/22 maxlen: 22
193.108.193.0/24 maxlen: 24
2a03:16e0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:62:25:db:90:fc:b2:dc:2f:4a:24:02:dd:2c:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d686e98acf2a37bf2aec69807e6964060979cb8
Validity
Not Before: Jan 1 03:48:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b1138f9a34d48476a2f47b576b589faeebe156f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:c8:62:9f:6a:e3:84:f2:d2:5e:5e:a4:0b:bd:
74:e3:83:99:79:3b:56:e5:43:8a:28:71:b8:e1:96:
6b:6e:d3:94:76:d1:a6:79:95:df:86:e2:e8:68:30:
36:61:9e:24:69:df:fe:ad:79:d6:60:3f:14:56:64:
70:f8:72:dc:21:8e:9a:39:80:29:18:c5:af:6d:58:
1a:1c:5f:8c:c7:d3:e8:6c:e4:bc:e5:b7:62:79:fc:
03:ca:d4:2e:c0:d0:a3:db:85:3e:23:79:e9:3d:18:
97:d5:e1:ca:79:c6:38:7b:98:ba:ba:bb:34:04:d7:
22:40:82:dd:ac:4d:1a:8f:78:60:05:f6:48:ff:ef:
1b:50:bf:4d:58:a3:ce:e1:03:f2:a3:98:78:10:c5:
1b:54:cc:00:54:bb:66:e0:90:64:0d:46:59:83:89:
b5:12:e2:91:57:57:16:bd:07:67:f5:a3:36:3f:cb:
9d:0a:4c:9a:67:61:89:c0:f0:c2:fc:cd:a0:ee:b4:
21:ef:5d:4d:a7:ca:ba:48:22:9d:53:89:42:9f:e7:
23:0d:17:8d:da:26:ca:20:6d:3f:c6:9a:6a:b7:8e:
09:e3:c2:7c:cd:bb:4e:38:d0:8e:b6:97:8f:c7:82:
7a:9c:9a:9d:ad:ae:56:f8:17:cb:d5:47:04:0b:cd:
bd:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:11:38:F9:A3:4D:48:47:6A:2F:47:B5:76:B5:89:FA:EE:BE:15:6F
X509v3 Authority Key Identifier:
keyid:1D:68:6E:98:AC:F2:A3:7B:F2:AE:C6:98:07:E6:96:40:60:97:9C:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HWhumKzyo3vyrsaYB-aWQGCXnLg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/a877c8-e7cb-4540-bd43-5acdbf474548/1/OxE4-aNNSEdqL0e1drWJ-u6-FW8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/a877c8-e7cb-4540-bd43-5acdbf474548/1/HWhumKzyo3vyrsaYB-aWQGCXnLg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.65.4.0/22
193.108.193.0/24
IPv6:
2a03:16e0::/32
Signature Algorithm: sha256WithRSAEncryption
7e:17:d8:ff:a1:6a:22:30:39:a1:b8:1c:a7:e1:a7:e5:48:4d:
36:1d:40:02:43:f4:fc:81:6a:1b:51:e2:2e:83:5c:a3:40:e8:
63:b7:1e:b6:d9:ba:72:d3:7a:22:cc:18:6a:5f:42:9c:b2:d4:
37:d7:93:e9:ee:4c:e7:bd:9f:c9:aa:e0:c0:b6:12:3a:85:c6:
63:fb:5d:21:9a:d6:25:ec:8b:f5:da:90:d7:aa:e3:33:d1:f3:
01:b2:00:94:6b:0e:19:fe:11:53:52:2c:29:eb:1d:55:e9:2c:
b4:24:79:ac:0f:1d:79:94:e4:cc:dd:53:12:7d:54:f4:0f:50:
a4:48:f0:d6:d0:ea:50:bf:b8:f8:d0:ab:d0:4e:8c:a1:86:db:
6d:ef:4b:b3:b9:7d:7a:36:bb:47:95:b5:3b:72:83:06:9e:26:
73:6d:3a:ff:12:c8:8f:45:d7:ac:17:18:bf:f4:6b:5c:1b:df:
e4:e4:f3:c6:bc:c1:b4:69:8a:28:6c:c3:3f:29:10:e3:23:d8:
6e:d5:ae:67:f8:6d:f3:b6:e9:b8:10:cf:30:fd:57:04:b3:37:
aa:95:ba:55:59:a1:a1:b3:67:97:81:d6:bc:ba:c4:89:be:56:
b0:e3:c0:8b:7d:dc:5f:5c:a3:e5:2f:a5:3f:85:26:28:90:9d:
c3:3c:ab:e4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+mIl25D8stwvSiQC3SwmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNjg2ZTk4YWNmMmEzN2JmMmFlYzY5ODA3ZTY5NjQwNjA5
NzljYjgwHhcNMjUwMTAxMDM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjExMzhmOWEzNGQ0ODQ3NmEyZjQ3YjU3NmI1ODlmYWVlYmUxNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Mhin2rjhPLSXl6kC71044OZeTtW
5UOKKHG44ZZrbtOUdtGmeZXfhuLoaDA2YZ4kad/+rXnWYD8UVmRw+HLcIY6aOYAp
GMWvbVgaHF+Mx9PobOS85bdiefwDytQuwNCj24U+I3npPRiX1eHKecY4e5i6urs0
BNciQILdrE0aj3hgBfZI/+8bUL9NWKPO4QPyo5h4EMUbVMwAVLtm4JBkDUZZg4m1
EuKRV1cWvQdn9aM2P8udCkyaZ2GJwPDC/M2g7rQh711Np8q6SCKdU4lCn+cjDReN
2ibKIG0/xppqt44J48J8zbtOONCOtpePx4J6nJqdra5W+BfL1UcEC829oQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDsROPmjTUhHai9HtXa1ifruvhVvMB8GA1UdIwQY
MBaAFB1obpis8qN78q7GmAfmlkBgl5y4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFdodW1LenlvM3Z5cnNhWUItYVdRR0NYbkxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9hODc3YzgtZTdjYi00NTQwLWJkNDMt
NWFjZGJmNDc0NTQ4LzEvT3hFNC1hTk5TRWRxTDBlMWRyV0otdTYtRlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9hODc3YzgtZTdjYi00NTQwLWJkNDMtNWFjZGJmNDc0NTQ4
LzEvSFdodW1LenlvM3Z5cnNhWUItYVdRR0NYbkxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUEEAwQA
wWzBMA0EAgACMAcDBQAqAxbgMA0GCSqGSIb3DQEBCwUAA4IBAQB+F9j/oWoiMDmh
uByn4aflSE02HUACQ/T8gWobUeIug1yjQOhjtx622bpy03oizBhqX0KcstQ315Pp
7kznvZ/JquDAthI6hcZj+10hmtYl7Iv12pDXquMz0fMBsgCUaw4Z/hFTUiwp6x1V
6Sy0JHmsDx15lOTM3VMSfVT0D1CkSPDW0OpQv7j40KvQToyhhttt70uzuX16NrtH
lbU7coMGniZzbTr/EsiPRdesFxi/9GtcG9/k5PPGvMG0aYoobMM/KRDjI9hu1a5n
+G3ztum4EM8w/VcEszeqlbpVWaGhs2eXgda8usSJvlaw48CLfdxfXKPlL6U/hSYo
kJ3DPKvk
-----END CERTIFICATE-----
Generated at Fri Apr 25 10:12:03 2025 by rpki-client