Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/CqJnQHuWTrr1JOb1x2qlCn7qYBQ.roa
File: CqJnQHuWTrr1JOb1x2qlCn7qYBQ.roa (raw, json)
Hash identifier: raq5ehc6BfIUJsoK2h14SXHgtvt48xPVADOcv/2fuZ8=
Subject key identifier: 0A:A2:67:40:7B:96:4E:BA:F5:24:E6:F5:C7:6A:A5:0A:7E:EA:60:14
Certificate issuer: /CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
Certificate serial: 019423D7305CA20B892B6558BBAC882AB666
Authority key identifier: 9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/CqJnQHuWTrr1JOb1x2qlCn7qYBQ.roa
Signing time: Wed 01 Jan 2025 21:48:12 +0000
ROA not before: Wed 01 Jan 2025 21:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34259
IP address blocks: 91.195.120.0/24 maxlen: 24
91.195.121.0/24 maxlen: 24
91.220.101.0/24 maxlen: 24
91.223.77.0/24 maxlen: 24
193.111.83.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:30:5c:a2:0b:89:2b:65:58:bb:ac:88:2a:b6:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a7edeac0c6c20ea49d492990e4858541d190ff1
Validity
Not Before: Jan 1 21:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0aa267407b964ebaf524e6f5c76aa50a7eea6014
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:e7:ae:86:e9:c0:aa:bc:81:ea:7b:28:67:b7:
5b:8e:62:28:e8:7c:5c:d1:cb:6a:09:28:67:3d:e4:
1c:1f:05:ea:95:27:f0:88:2b:c1:03:db:a5:e5:f4:
93:7b:f3:17:4b:9b:65:75:f5:de:a9:38:0d:f6:0d:
99:91:a6:67:1f:25:1d:29:fa:5c:a9:bd:39:17:ac:
96:9f:60:5f:7a:44:9c:a9:28:38:45:0a:7b:f6:54:
4c:d9:60:20:65:50:89:64:37:aa:21:ac:5b:34:4d:
05:36:21:02:6f:20:64:ac:c7:45:b6:fa:e3:0b:8e:
31:fd:77:4c:90:40:c7:3d:cc:7c:d6:7c:42:a6:8e:
b4:75:da:fc:f3:53:ef:5a:89:58:cd:a7:34:f9:d9:
bc:6a:54:16:63:e8:23:52:10:12:4f:1f:fa:0f:2b:
80:2d:2f:c9:ea:2a:fc:0a:37:f9:3c:9c:cb:74:3d:
e6:5a:a5:aa:d6:bc:a1:ba:c5:c3:84:86:cb:63:66:
28:a2:5e:30:10:c8:75:45:bd:fc:f6:dd:ab:70:35:
fe:11:57:e2:6e:79:7d:59:35:50:17:39:5d:e7:cc:
1e:c2:f3:b4:5a:b9:cc:6b:1c:0a:14:c3:cf:d9:4f:
1a:4d:28:b1:0b:a5:c9:87:d5:95:5e:91:5f:02:39:
9b:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:A2:67:40:7B:96:4E:BA:F5:24:E6:F5:C7:6A:A5:0A:7E:EA:60:14
X509v3 Authority Key Identifier:
keyid:9A:7E:DE:AC:0C:6C:20:EA:49:D4:92:99:0E:48:58:54:1D:19:0F:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/CqJnQHuWTrr1JOb1x2qlCn7qYBQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/5a8e04-dd07-435a-b1bf-adedcaa3d26e/1/mn7erAxsIOpJ1JKZDkhYVB0ZD_E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.195.120.0/23
91.220.101.0/24
91.223.77.0/24
193.111.83.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:98:76:be:a9:69:b5:28:23:05:14:4b:d9:ea:14:0b:7c:2a:
ad:cd:c3:89:eb:42:e1:bf:6b:87:a6:bb:fd:44:0f:4e:0b:9d:
a9:73:dd:4a:b3:36:2d:11:13:b0:4a:3c:79:ba:d5:f6:a7:4e:
4e:05:2a:ae:6a:9e:fe:96:74:90:51:68:d0:2d:f1:9b:51:b3:
e2:91:7f:52:60:44:86:29:9b:d7:dd:87:88:3b:b7:52:27:64:
e3:41:21:cd:08:d4:3c:d5:fc:d9:c8:6d:aa:66:0f:fa:37:07:
d0:02:50:76:63:36:f3:c8:83:73:0a:e6:4b:81:93:b2:d5:67:
2f:68:ae:e2:00:db:36:f0:03:9b:ea:19:0a:b2:63:35:65:bb:
54:18:61:15:bb:ce:5f:2a:02:bf:d5:23:62:81:3f:28:ff:5f:
c3:c4:51:80:8d:f0:02:d2:0e:85:f2:07:2a:cc:97:19:a0:e4:
2a:1c:b8:3a:4b:6b:75:4e:24:9d:c7:ed:a4:9b:52:1d:8b:d2:
c3:df:67:65:63:d0:a5:b9:10:5d:83:34:4f:8c:08:77:3c:f0:
db:3b:3d:b2:c4:c2:bf:cc:95:06:cc:72:95:60:e8:66:be:46:
5a:6f:6a:90:f1:43:09:3b:8c:06:36:af:ba:69:0c:a9:07:61:
6e:b1:db:2c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQj1zBcoguJK2VYu6yIKrZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhN2VkZWFjMGM2YzIwZWE0OWQ0OTI5OTBlNDg1ODU0MWQx
OTBmZjEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWEyNjc0MDdiOTY0ZWJhZjUyNGU2ZjVjNzZhYTUwYTdlZWE2MDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ueuhunAqryB6nsoZ7dbjmIo6Hxc
0ctqCShnPeQcHwXqlSfwiCvBA9ul5fSTe/MXS5tldfXeqTgN9g2ZkaZnHyUdKfpc
qb05F6yWn2BfekScqSg4RQp79lRM2WAgZVCJZDeqIaxbNE0FNiECbyBkrMdFtvrj
C44x/XdMkEDHPcx81nxCpo60ddr881PvWolYzac0+dm8alQWY+gjUhASTx/6DyuA
LS/J6ir8Cjf5PJzLdD3mWqWq1ryhusXDhIbLY2Yool4wEMh1Rb389t2rcDX+EVfi
bnl9WTVQFzld58wewvO0WrnMaxwKFMPP2U8aTSixC6XJh9WVXpFfAjmbGQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAqiZ0B7lk669STm9cdqpQp+6mAUMB8GA1UdIwQY
MBaAFJp+3qwMbCDqSdSSmQ5IWFQdGQ/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW43ZXJBeHNJT3BKMUpLWkRraFlWQjBaRF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81YThlMDQtZGQwNy00MzVhLWIxYmYt
YWRlZGNhYTNkMjZlLzEvQ3FKblFIdVdUcnIxSk9iMXgycWxDbjdxWUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81YThlMDQtZGQwNy00MzVhLWIxYmYtYWRlZGNhYTNkMjZl
LzEvbW43ZXJBeHNJT3BKMUpLWkRraFlWQjBaRF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW8N4AwQA
W9xlAwQAW99NAwQAwW9TMA0GCSqGSIb3DQEBCwUAA4IBAQAqmHa+qWm1KCMFFEvZ
6hQLfCqtzcOJ60Lhv2uHprv9RA9OC52pc91KszYtEROwSjx5utX2p05OBSquap7+
lnSQUWjQLfGbUbPikX9SYESGKZvX3YeIO7dSJ2TjQSHNCNQ81fzZyG2qZg/6NwfQ
AlB2YzbzyINzCuZLgZOy1WcvaK7iANs28AOb6hkKsmM1ZbtUGGEVu85fKgK/1SNi
gT8o/1/DxFGAjfAC0g6F8gcqzJcZoOQqHLg6S2t1TiSdx+2km1Idi9LD32dlY9Cl
uRBdgzRPjAh3PPDbOz2yxMK/zJUGzHKVYOhmvkZab2qQ8UMJO4wGNq+6aQypB2Fu
sdss
-----END CERTIFICATE-----
Generated at Sat Apr 26 16:53:21 2025 by rpki-client