Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/8kC1dXQut3Q7aEZLq-H6wHv58Nk.roa
File: 8kC1dXQut3Q7aEZLq-H6wHv58Nk.roa (raw, json)
Hash identifier: wdoh4a7LDX/nFwYQadnYTEwY/jj86xKk/h3rcKaZa3Q=
Subject key identifier: F2:40:B5:75:74:2E:B7:74:3B:68:46:4B:AB:E1:FA:C0:7B:F9:F0:D9
Certificate issuer: /CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
Certificate serial: 019427B5C285850E517ED888126458A3A7C9
Authority key identifier: CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/8kC1dXQut3Q7aEZLq-H6wHv58Nk.roa
Signing time: Thu 02 Jan 2025 15:50:10 +0000
ROA not before: Thu 02 Jan 2025 15:50:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208411
IP address blocks: 45.137.252.0/22 maxlen: 22
45.137.252.0/24 maxlen: 24
45.137.253.0/24 maxlen: 24
45.137.254.0/24 maxlen: 24
45.137.255.0/24 maxlen: 24
2a0e:b2c0::/30 maxlen: 30
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:c2:85:85:0e:51:7e:d8:88:12:64:58:a3:a7:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ce37ca3abca5e14ac11bc7f3c1562a64d6391d22
Validity
Not Before: Jan 2 15:50:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f240b575742eb7743b68464babe1fac07bf9f0d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:df:c1:44:b0:0b:4b:8a:2e:3d:16:49:5b:9b:
28:9f:cf:34:fc:ae:7e:5a:45:78:03:d0:37:8f:57:
f6:9c:28:1d:87:8d:c0:f0:99:38:1c:7e:56:fc:dc:
a1:df:60:2c:77:9a:70:c7:cc:b2:a6:36:3f:56:93:
88:5c:5b:11:d7:2d:c6:af:8b:6e:2d:03:b2:0c:d3:
17:87:ae:a3:80:af:b5:12:2a:3a:1e:d7:5a:b5:69:
40:ef:f0:41:f0:30:30:e1:c0:68:eb:db:f9:1b:86:
22:06:40:75:d3:9e:6c:2d:09:2d:06:05:d5:ab:06:
ea:a0:a3:d7:ef:ed:ef:a9:cc:0f:cd:86:2a:75:43:
31:ef:3c:ad:c2:35:fb:cc:24:ef:0d:26:4f:60:5c:
1d:71:a4:ef:5c:7a:1a:aa:2c:10:0e:d2:b7:3d:ae:
0f:64:7c:4a:f5:0c:76:f1:0b:d7:85:04:1d:cf:54:
28:89:7a:52:d4:2d:77:bf:33:1b:a6:da:b8:aa:47:
aa:d3:f6:9c:9b:34:03:8e:4d:62:38:43:f4:1d:0e:
7e:1c:81:35:d0:fa:ea:e5:ec:95:64:e2:bd:ee:34:
2a:67:de:a1:e0:60:9e:9c:ae:e7:88:8a:ce:d2:5c:
f6:bb:7b:13:c4:0d:3e:63:8c:5c:ba:94:73:cd:3e:
46:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:40:B5:75:74:2E:B7:74:3B:68:46:4B:AB:E1:FA:C0:7B:F9:F0:D9
X509v3 Authority Key Identifier:
keyid:CE:37:CA:3A:BC:A5:E1:4A:C1:1B:C7:F3:C1:56:2A:64:D6:39:1D:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zjfKOryl4UrBG8fzwVYqZNY5HSI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/8kC1dXQut3Q7aEZLq-H6wHv58Nk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/be66bf-561c-4d55-826d-038035d80c0b/1/zjfKOryl4UrBG8fzwVYqZNY5HSI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.137.252.0/22
IPv6:
2a0e:b2c0::/30
Signature Algorithm: sha256WithRSAEncryption
8c:3a:6a:eb:60:17:80:2a:2c:af:70:58:57:f0:54:86:99:af:
45:db:c5:dc:9b:1f:87:d3:b1:1a:e9:d0:38:3c:43:25:28:c5:
5a:4e:9c:9c:95:37:49:44:e5:21:ea:8f:90:d5:1a:7e:87:c0:
31:36:e0:20:08:e6:a2:a8:d7:4f:d8:cc:e9:74:13:91:2c:74:
6d:2e:ac:d2:e0:67:70:20:4e:b0:2a:fb:1d:ab:2c:fd:f8:c2:
4c:f2:86:f5:05:1b:c3:2b:44:89:6f:be:01:95:d2:dc:67:32:
6a:a1:75:98:a0:4d:8b:dd:bf:ad:17:ba:85:80:32:51:c4:c8:
98:14:c4:4d:12:9c:48:33:29:42:f1:dc:4f:c9:3f:33:b1:e7:
55:6e:84:17:3f:6f:58:9d:d0:53:5a:c4:ad:38:a1:4f:17:e7:
75:4c:b2:c1:ce:c0:76:a9:7d:84:36:19:3e:c6:c3:28:03:5e:
1e:4a:88:5f:1c:5c:bb:d5:e8:ee:ce:f7:dc:64:bd:be:31:09:
a3:15:8b:ef:b1:5f:fb:36:82:3b:0f:2e:03:6e:e7:bb:e7:8e:
23:34:cd:36:19:12:c9:f3:00:5f:b7:08:af:a2:cb:5e:56:36:
ad:e9:73:1a:46:e4:01:d7:0d:40:9b:09:5b:03:bd:b3:aa:85:
6b:f3:ab:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntcKFhQ5RftiIEmRYo6fJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlMzdjYTNhYmNhNWUxNGFjMTFiYzdmM2MxNTYyYTY0ZDYz
OTFkMjIwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQwYjU3NTc0MmViNzc0M2I2ODQ2NGJhYmUxZmFjMDdiZjlmMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApN/BRLALS4ouPRZJW5son880/K5+
WkV4A9A3j1f2nCgdh43A8Jk4HH5W/Nyh32Asd5pwx8yypjY/VpOIXFsR1y3Gr4tu
LQOyDNMXh66jgK+1Eio6HtdatWlA7/BB8DAw4cBo69v5G4YiBkB1055sLQktBgXV
qwbqoKPX7+3vqcwPzYYqdUMx7zytwjX7zCTvDSZPYFwdcaTvXHoaqiwQDtK3Pa4P
ZHxK9Qx28QvXhQQdz1QoiXpS1C13vzMbptq4qkeq0/acmzQDjk1iOEP0HQ5+HIE1
0Prq5eyVZOK97jQqZ96h4GCenK7niIrO0lz2u3sTxA0+Y4xcupRzzT5GWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPJAtXV0Lrd0O2hGS6vh+sB7+fDZMB8GA1UdIwQY
MBaAFM43yjq8peFKwRvH88FWKmTWOR0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQt
MDM4MDM1ZDgwYzBiLzEvOGtDMWRYUXV0M1E3YUVaTHEtSDZ3SHY1OE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9iZTY2YmYtNTYxYy00ZDU1LTgyNmQtMDM4MDM1ZDgwYzBi
LzEvempmS09yeWw0VXJCRzhmendWWXFaTlk1SFNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYn8MA0E
AgACMAcDBQIqDrLAMA0GCSqGSIb3DQEBCwUAA4IBAQCMOmrrYBeAKiyvcFhX8FSG
ma9F28Xcmx+H07Ea6dA4PEMlKMVaTpyclTdJROUh6o+Q1Rp+h8AxNuAgCOaiqNdP
2MzpdBORLHRtLqzS4GdwIE6wKvsdqyz9+MJM8ob1BRvDK0SJb74BldLcZzJqoXWY
oE2L3b+tF7qFgDJRxMiYFMRNEpxIMylC8dxPyT8zsedVboQXP29YndBTWsStOKFP
F+d1TLLBzsB2qX2ENhk+xsMoA14eSohfHFy71ejuzvfcZL2+MQmjFYvvsV/7NoI7
Dy4Dbue7544jNM02GRLJ8wBftwivosteVjat6XMaRuQB1w1AmwlbA72zqoVr86vA
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:54:12 2025 by rpki-client