Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/eef70e-820c-45b1-ab19-431f91da4e28/1/iSTM7V9FE-bUzbrQTSi6w3GvF8M.roa
File: iSTM7V9FE-bUzbrQTSi6w3GvF8M.roa (raw, json)
Hash identifier: YbbyUOZzyme9AkFEQT1yyfiS1x2+GwCoOxsJ23F9SW8=
Subject key identifier: 89:24:CC:ED:5F:45:13:E6:D4:CD:BA:D0:4D:28:BA:C3:71:AF:17:C3
Certificate issuer: /CN=3044e60bb97132ea849a53fc554bbbc63948b016
Certificate serial: 019421B1F2C688ECDE1199A44D036E353A67
Authority key identifier: 30:44:E6:0B:B9:71:32:EA:84:9A:53:FC:55:4B:BB:C6:39:48:B0:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/METmC7lxMuqEmlP8VUu7xjlIsBY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/eef70e-820c-45b1-ab19-431f91da4e28/1/iSTM7V9FE-bUzbrQTSi6w3GvF8M.roa
Signing time: Wed 01 Jan 2025 11:48:17 +0000
ROA not before: Wed 01 Jan 2025 11:48:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207543
IP address blocks: 193.227.242.0/24 maxlen: 24
193.227.243.0/24 maxlen: 24
193.228.10.0/24 maxlen: 24
193.228.11.0/24 maxlen: 24
2a0a:e940::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:f2:c6:88:ec:de:11:99:a4:4d:03:6e:35:3a:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3044e60bb97132ea849a53fc554bbbc63948b016
Validity
Not Before: Jan 1 11:48:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8924cced5f4513e6d4cdbad04d28bac371af17c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f8:d1:09:49:b4:66:9f:09:7d:25:99:31:b1:
0c:00:a8:9b:f7:bf:56:8e:69:94:97:e0:d9:a8:82:
2a:9f:69:55:2d:e2:c7:b2:58:eb:5a:e8:8a:12:4a:
c2:f7:80:32:4e:67:94:fd:28:ed:6f:b3:72:2f:6f:
35:d3:b6:3b:dd:2f:49:31:57:04:62:cd:c3:b3:73:
69:39:94:e2:ed:9a:82:a5:77:56:59:fc:b2:2e:0f:
e4:15:e6:ba:5a:05:1a:d9:8e:38:dc:de:a9:76:1b:
1f:20:00:51:e8:1a:6c:11:52:11:ae:28:ae:40:23:
19:97:40:69:89:7b:57:9f:89:8a:8d:1c:8f:0d:d9:
f9:6e:37:eb:e9:b6:78:e8:46:22:6d:88:87:b9:47:
18:6c:66:f5:6c:5b:22:15:d3:ac:92:f2:ba:5a:65:
9c:24:2f:1f:1a:67:38:dc:25:0c:3f:e6:39:7f:39:
f7:53:23:67:2b:15:23:65:a5:57:3f:97:71:b8:69:
95:d5:20:1e:a3:4b:d1:af:14:3e:c5:7b:79:31:4d:
15:86:e7:01:f5:c4:32:0a:eb:0b:4b:4d:b3:f0:31:
ff:31:1a:fd:0f:7c:35:80:17:fa:b4:b5:41:d1:79:
2e:a4:4b:c5:ae:ca:7a:aa:49:01:e7:85:58:6e:a5:
57:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:24:CC:ED:5F:45:13:E6:D4:CD:BA:D0:4D:28:BA:C3:71:AF:17:C3
X509v3 Authority Key Identifier:
keyid:30:44:E6:0B:B9:71:32:EA:84:9A:53:FC:55:4B:BB:C6:39:48:B0:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/METmC7lxMuqEmlP8VUu7xjlIsBY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/eef70e-820c-45b1-ab19-431f91da4e28/1/iSTM7V9FE-bUzbrQTSi6w3GvF8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/eef70e-820c-45b1-ab19-431f91da4e28/1/METmC7lxMuqEmlP8VUu7xjlIsBY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.227.242.0/23
193.228.10.0/23
IPv6:
2a0a:e940::/29
Signature Algorithm: sha256WithRSAEncryption
33:0d:dd:b8:d7:f9:cf:5f:c3:43:5b:90:45:83:e6:c9:da:82:
96:63:77:66:8f:e2:2f:af:18:f8:4a:7c:36:88:00:c6:f1:23:
da:95:b0:60:24:53:cf:49:60:90:b2:e3:0a:16:90:9b:32:f7:
11:5d:09:c7:40:24:33:8d:d4:54:fe:d9:fb:87:6d:b5:9e:de:
3a:12:ac:4f:f4:fd:4e:5f:78:cf:dc:71:06:6f:fa:87:4c:e5:
87:b8:84:49:74:8c:1d:86:65:cc:ee:69:ed:7d:c6:97:1c:35:
ac:05:a0:89:46:4e:d7:cf:fe:d5:c6:29:20:49:2e:0d:07:88:
1c:db:e6:7d:79:66:18:79:3e:9c:48:41:e3:e0:57:c8:ac:e2:
b3:b6:99:c0:92:f1:53:85:7e:7a:16:d7:26:13:fe:40:97:0b:
db:69:5f:72:81:db:d1:54:50:e4:b3:7e:8c:41:58:41:eb:f4:
6c:35:ca:1f:a5:a4:b5:39:6e:f4:8e:9d:3c:05:7c:ca:d0:52:
dd:55:d4:67:ff:aa:20:aa:23:8f:09:fe:9e:9e:80:ea:b0:3c:
c7:a2:5a:78:42:ec:0e:9d:ad:d1:f0:fa:03:b3:20:84:5d:42:
b7:80:99:49:75:dc:84:16:87:ca:62:82:51:31:fe:9a:71:93:
81:cc:ee:98
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsfLGiOzeEZmkTQNuNTpnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNDRlNjBiYjk3MTMyZWE4NDlhNTNmYzU1NGJiYmM2Mzk0
OGIwMTYwHhcNMjUwMTAxMTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI0Y2NlZDVmNDUxM2U2ZDRjZGJhZDA0ZDI4YmFjMzcxYWYxN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/jRCUm0Zp8JfSWZMbEMAKib979W
jmmUl+DZqIIqn2lVLeLHsljrWuiKEkrC94AyTmeU/Sjtb7NyL28107Y73S9JMVcE
Ys3Ds3NpOZTi7ZqCpXdWWfyyLg/kFea6WgUa2Y443N6pdhsfIABR6BpsEVIRriiu
QCMZl0BpiXtXn4mKjRyPDdn5bjfr6bZ46EYibYiHuUcYbGb1bFsiFdOskvK6WmWc
JC8fGmc43CUMP+Y5fzn3UyNnKxUjZaVXP5dxuGmV1SAeo0vRrxQ+xXt5MU0VhucB
9cQyCusLS02z8DH/MRr9D3w1gBf6tLVB0XkupEvFrsp6qkkB54VYbqVX0QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIkkzO1fRRPm1M260E0ousNxrxfDMB8GA1UdIwQY
MBaAFDBE5gu5cTLqhJpT/FVLu8Y5SLAWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUVUbUM3bHhNdXFFbWxQOFZVdTd4amxJc0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9lZWY3MGUtODIwYy00NWIxLWFiMTkt
NDMxZjkxZGE0ZTI4LzEvaVNUTTdWOUZFLWJVemJyUVRTaTZ3M0d2RjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9lZWY3MGUtODIwYy00NWIxLWFiMTktNDMxZjkxZGE0ZTI4
LzEvTUVUbUM3bHhNdXFFbWxQOFZVdTd4amxJc0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBwePyAwQB
weQKMA0EAgACMAcDBQMqCulAMA0GCSqGSIb3DQEBCwUAA4IBAQAzDd241/nPX8ND
W5BFg+bJ2oKWY3dmj+Ivrxj4Snw2iADG8SPalbBgJFPPSWCQsuMKFpCbMvcRXQnH
QCQzjdRU/tn7h221nt46EqxP9P1OX3jP3HEGb/qHTOWHuIRJdIwdhmXM7mntfcaX
HDWsBaCJRk7Xz/7VxikgSS4NB4gc2+Z9eWYYeT6cSEHj4FfIrOKztpnAkvFThX56
FtcmE/5AlwvbaV9ygdvRVFDks36MQVhB6/RsNcofpaS1OW70jp08BXzK0FLdVdRn
/6ogqiOPCf6enoDqsDzHolp4QuwOna3R8PoDsyCEXUK3gJlJddyEFofKYoJRMf6a
cZOBzO6Y
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:07:16 2025 by rpki-client