Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/nNWdjwr0xgGVJaCe_DYGorxBhkQ.roa
File: nNWdjwr0xgGVJaCe_DYGorxBhkQ.roa (raw, json)
Hash identifier: SXK0O56Ci3eJ9gJYE9BhG0c41FN4Hi9wlYESeQNJAmY=
Subject key identifier: 9C:D5:9D:8F:0A:F4:C6:01:95:25:A0:9E:FC:36:06:A2:BC:41:86:44
Certificate issuer: /CN=cfdb3d904b34440546b6241d7894d93300bcbd28
Certificate serial: 01942068545C57D530B359358E738B30801D
Authority key identifier: CF:DB:3D:90:4B:34:44:05:46:B6:24:1D:78:94:D9:33:00:BC:BD:28
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z9s9kEs0RAVGtiQdeJTZMwC8vSg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/nNWdjwr0xgGVJaCe_DYGorxBhkQ.roa
Signing time: Wed 01 Jan 2025 05:48:15 +0000
ROA not before: Wed 01 Jan 2025 05:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 202789
IP address blocks: 185.154.112.0/22 maxlen: 24
2a07:8c80::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:54:5c:57:d5:30:b3:59:35:8e:73:8b:30:80:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cfdb3d904b34440546b6241d7894d93300bcbd28
Validity
Not Before: Jan 1 05:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cd59d8f0af4c6019525a09efc3606a2bc418644
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:19:51:3d:bc:66:c6:f5:1f:07:06:a1:ca:ee:
51:05:13:2d:fc:9f:98:c4:16:66:5b:fa:31:18:9c:
0c:ce:41:03:ba:f3:be:d2:91:53:ac:e8:59:c4:55:
a8:1c:36:31:52:44:c6:8b:db:19:79:0d:66:eb:64:
33:c6:bf:a8:0b:57:72:02:3e:a0:4f:f8:16:5b:42:
ad:3e:ce:fa:86:6e:89:a6:f1:83:12:3f:93:5c:be:
3c:cf:84:29:18:ef:d4:12:5b:fe:4d:78:3f:a0:0d:
8e:f0:84:60:c4:6f:31:e9:51:8c:e2:27:0c:20:72:
a3:7c:f0:04:90:88:a1:e1:37:74:fc:2b:a6:bd:54:
c1:bc:74:65:78:3d:b7:88:2e:eb:1e:32:ba:e5:04:
34:d8:8e:40:d0:b9:d1:fa:f7:49:12:67:99:8f:f9:
87:01:55:1e:6e:85:48:36:1b:fa:8e:03:b1:10:0f:
2d:ed:e0:3d:ea:c9:51:80:0c:6a:a7:58:46:b3:46:
d6:dc:00:61:72:f5:86:36:bd:58:f6:50:de:67:44:
9a:2d:c8:aa:30:f2:47:06:1f:2e:60:8f:24:bd:fd:
c7:d6:11:67:60:3b:33:ea:6e:81:aa:ae:a3:75:d7:
38:66:b9:54:4b:5d:5a:bd:4d:04:18:a7:19:f6:83:
9b:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:D5:9D:8F:0A:F4:C6:01:95:25:A0:9E:FC:36:06:A2:BC:41:86:44
X509v3 Authority Key Identifier:
keyid:CF:DB:3D:90:4B:34:44:05:46:B6:24:1D:78:94:D9:33:00:BC:BD:28
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9s9kEs0RAVGtiQdeJTZMwC8vSg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/nNWdjwr0xgGVJaCe_DYGorxBhkQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/925ab9-21fe-4bbf-ac0e-6e7561535bbd/1/z9s9kEs0RAVGtiQdeJTZMwC8vSg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.154.112.0/22
IPv6:
2a07:8c80::/29
Signature Algorithm: sha256WithRSAEncryption
74:05:5e:16:89:1a:c8:48:81:8e:83:6f:18:6a:bc:16:e1:15:
ef:fe:6f:f4:50:d3:2f:99:9d:2f:a1:c8:8e:21:d7:a7:cf:2e:
0a:f7:04:02:8f:58:10:5d:25:3e:ce:0a:a6:bf:66:57:eb:26:
7b:e0:3f:0b:b3:a2:95:51:07:13:05:f5:4e:f8:d6:fa:d6:0f:
6f:91:06:65:80:f0:56:59:0b:68:8a:e4:f4:1f:94:22:b1:85:
d7:5c:5c:07:cc:4f:39:48:f4:3e:7e:1c:54:c0:35:7c:f1:85:
c2:6b:fa:1d:ed:56:93:e2:91:9a:ee:5e:28:cb:36:2c:ea:08:
9f:d4:2c:a5:8a:1a:26:3c:5d:b6:07:6d:bd:81:c3:77:f8:a5:
9d:6d:88:2b:d5:91:86:92:22:2e:9f:36:60:82:f3:6b:40:62:
cf:28:85:ce:1c:66:59:19:dd:18:8b:fe:84:40:b0:42:5b:51:
2e:df:65:bd:dc:b4:98:5c:03:22:5d:38:0f:1b:e2:44:a5:f3:
a0:0d:9f:82:eb:f7:50:59:f0:d4:57:e6:ea:75:ec:9e:99:97:
eb:7f:29:0b:97:b9:06:e1:41:0a:ab:0d:a1:a6:eb:ea:96:aa:
7c:d1:35:81:82:e4:32:64:45:b0:84:b2:91:f7:ec:a3:b6:13:
17:cc:e2:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaFRcV9Uws1k1jnOLMIAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZGIzZDkwNGIzNDQ0MDU0NmI2MjQxZDc4OTRkOTMzMDBi
Y2JkMjgwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q1OWQ4ZjBhZjRjNjAxOTUyNWEwOWVmYzM2MDZhMmJjNDE4NjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBlRPbxmxvUfBwahyu5RBRMt/J+Y
xBZmW/oxGJwMzkEDuvO+0pFTrOhZxFWoHDYxUkTGi9sZeQ1m62Qzxr+oC1dyAj6g
T/gWW0KtPs76hm6JpvGDEj+TXL48z4QpGO/UElv+TXg/oA2O8IRgxG8x6VGM4icM
IHKjfPAEkIih4Td0/CumvVTBvHRleD23iC7rHjK65QQ02I5A0LnR+vdJEmeZj/mH
AVUeboVINhv6jgOxEA8t7eA96slRgAxqp1hGs0bW3ABhcvWGNr1Y9lDeZ0SaLciq
MPJHBh8uYI8kvf3H1hFnYDsz6m6Bqq6jddc4ZrlUS11avU0EGKcZ9oObAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJzVnY8K9MYBlSWgnvw2BqK8QYZEMB8GA1UdIwQY
MBaAFM/bPZBLNEQFRrYkHXiU2TMAvL0oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejlzOWtFczBSQVZHdGlRZGVKVFpNd0M4dlNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85MjVhYjktMjFmZS00YmJmLWFjMGUt
NmU3NTYxNTM1YmJkLzEvbk5XZGp3cjB4Z0dWSmFDZV9EWUdvcnhCaGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85MjVhYjktMjFmZS00YmJmLWFjMGUtNmU3NTYxNTM1YmJk
LzEvejlzOWtFczBSQVZHdGlRZGVKVFpNd0M4dlNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZpwMA0E
AgACMAcDBQMqB4yAMA0GCSqGSIb3DQEBCwUAA4IBAQB0BV4WiRrISIGOg28YarwW
4RXv/m/0UNMvmZ0vociOIdenzy4K9wQCj1gQXSU+zgqmv2ZX6yZ74D8Ls6KVUQcT
BfVO+Nb61g9vkQZlgPBWWQtoiuT0H5QisYXXXFwHzE85SPQ+fhxUwDV88YXCa/od
7VaT4pGa7l4oyzYs6gif1CylihomPF22B229gcN3+KWdbYgr1ZGGkiIunzZggvNr
QGLPKIXOHGZZGd0Yi/6EQLBCW1Eu32W93LSYXAMiXTgPG+JEpfOgDZ+C6/dQWfDU
V+bqdeyemZfrfykLl7kG4UEKqw2hpuvqlqp80TWBguQyZEWwhLKR9+yjthMXzOLf
-----END CERTIFICATE-----
Generated at Fri Apr 25 11:47:16 2025 by rpki-client