Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ee71c6-1bae-4858-af3a-bc289dc17d20/1/nXGx5bSqdUW_hrhQiJHYlpD8vR8.roa
File: nXGx5bSqdUW_hrhQiJHYlpD8vR8.roa (raw, json)
Hash identifier: BZPTD4TDsLLlN6D+oiM71I+DEGQ39DwwkOK3NvmzOh8=
Subject key identifier: 9D:71:B1:E5:B4:AA:75:45:BF:86:B8:50:88:91:D8:96:90:FC:BD:1F
Certificate issuer: /CN=4c07f69d602b7ebb7f6330d715c9ec3e5aba30fa
Certificate serial: 0194228E2037F3C3270E50C62E80262963A0
Authority key identifier: 4C:07:F6:9D:60:2B:7E:BB:7F:63:30:D7:15:C9:EC:3E:5A:BA:30:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TAf2nWArfrt_YzDXFcnsPlq6MPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/63/ee71c6-1bae-4858-af3a-bc289dc17d20/1/nXGx5bSqdUW_hrhQiJHYlpD8vR8.roa
Signing time: Wed 01 Jan 2025 15:48:47 +0000
ROA not before: Wed 01 Jan 2025 15:48:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 206423
IP address blocks: 185.156.252.0/22 maxlen: 23
2a07:a1c0::/29 maxlen: 48
2a13:6dc0::/29 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:8e:20:37:f3:c3:27:0e:50:c6:2e:80:26:29:63:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4c07f69d602b7ebb7f6330d715c9ec3e5aba30fa
Validity
Not Before: Jan 1 15:48:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d71b1e5b4aa7545bf86b8508891d89690fcbd1f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:5a:fc:3b:a8:cd:a5:b7:7c:dc:c0:4c:ec:a8:
97:25:ff:94:5f:d9:ee:6e:05:d8:e0:2d:12:fc:fd:
db:a8:78:81:86:96:a8:f4:95:bf:2c:20:7f:1e:38:
a0:72:06:b4:e4:ce:22:24:6b:40:62:80:da:f0:45:
01:54:1f:2b:bb:0f:77:df:0b:66:2f:0a:e0:ec:5c:
4c:91:2d:19:5c:b6:13:95:18:c0:50:4e:99:f9:cb:
2d:be:da:8b:e7:42:df:03:43:40:77:80:a3:a1:5c:
b6:ea:b8:d5:42:31:7b:63:60:af:47:ae:e4:5b:2d:
49:71:b3:c1:a4:3c:75:59:e7:73:8b:2b:b1:84:ce:
58:4c:05:61:fc:51:37:3b:cf:15:4b:4b:57:81:64:
a0:9d:ae:dc:3b:d5:80:0c:18:84:b7:3b:ba:54:9a:
a3:a4:c4:a9:ba:c7:83:93:24:ff:44:7a:34:45:5b:
b5:4a:ed:30:5f:e3:62:9e:c6:f2:33:03:e2:35:cd:
93:92:13:98:42:c7:a7:b1:14:57:31:30:37:76:68:
43:50:eb:e0:d5:f3:30:be:2b:2c:a9:e4:dc:15:f1:
5b:83:a8:a6:b8:5b:6b:ac:02:d8:56:f4:54:58:23:
0f:21:44:57:32:04:ae:fd:58:b9:4a:8f:7e:7e:aa:
d6:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:71:B1:E5:B4:AA:75:45:BF:86:B8:50:88:91:D8:96:90:FC:BD:1F
X509v3 Authority Key Identifier:
keyid:4C:07:F6:9D:60:2B:7E:BB:7F:63:30:D7:15:C9:EC:3E:5A:BA:30:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TAf2nWArfrt_YzDXFcnsPlq6MPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ee71c6-1bae-4858-af3a-bc289dc17d20/1/nXGx5bSqdUW_hrhQiJHYlpD8vR8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ee71c6-1bae-4858-af3a-bc289dc17d20/1/TAf2nWArfrt_YzDXFcnsPlq6MPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.156.252.0/22
IPv6:
2a07:a1c0::/29
2a13:6dc0::/29
Signature Algorithm: sha256WithRSAEncryption
ad:01:fd:6e:59:c7:bd:0d:84:54:43:12:0f:32:8a:d5:fd:bb:
94:f4:70:bd:61:aa:7d:05:3c:a8:e0:0b:a6:1c:17:80:c8:df:
78:e9:b2:f2:31:8e:e7:e6:4c:90:7b:d2:8b:43:36:f2:60:06:
ca:98:8f:b0:5e:77:8f:77:cd:cb:f7:5c:66:94:30:63:7f:f0:
36:0c:f6:03:07:b7:ea:88:2b:55:f0:0c:85:a7:66:eb:b3:18:
c6:1b:64:75:fd:80:4f:d1:0d:d1:df:5a:fb:c2:9c:c0:27:2a:
87:90:8d:43:60:4d:f8:96:37:c0:5a:22:1e:93:f4:71:a2:42:
98:88:9c:70:49:ae:af:53:e8:50:27:cb:1d:97:1a:e7:91:a2:
02:1f:ef:e4:36:f2:07:94:47:fe:87:a5:99:91:92:57:47:d3:
7d:a3:19:e4:59:8f:e7:93:96:41:8f:52:a7:38:f5:85:e5:78:
64:f0:7b:51:7d:92:ac:07:29:47:8f:29:7b:44:bd:60:aa:19:
32:ff:de:6f:8c:b7:a6:91:e2:2e:7c:25:ca:e2:d3:d7:57:e2:
9b:1c:b7:b2:32:33:3e:5f:e2:a1:44:0f:98:c7:de:9f:17:c2:
3d:61:ce:1c:81:36:94:d9:e9:46:e2:19:41:65:fe:ae:21:50:
58:5f:43:25
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQijiA388MnDlDGLoAmKWOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMDdmNjlkNjAyYjdlYmI3ZjYzMzBkNzE1YzllYzNlNWFi
YTMwZmEwHhcNMjUwMTAxMTU0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDcxYjFlNWI0YWE3NTQ1YmY4NmI4NTA4ODkxZDg5NjkwZmNiZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplr8O6jNpbd83MBM7KiXJf+UX9nu
bgXY4C0S/P3bqHiBhpao9JW/LCB/Hjigcga05M4iJGtAYoDa8EUBVB8ruw933wtm
Lwrg7FxMkS0ZXLYTlRjAUE6Z+cstvtqL50LfA0NAd4CjoVy26rjVQjF7Y2CvR67k
Wy1JcbPBpDx1WedziyuxhM5YTAVh/FE3O88VS0tXgWSgna7cO9WADBiEtzu6VJqj
pMSpuseDkyT/RHo0RVu1Su0wX+NinsbyMwPiNc2TkhOYQsensRRXMTA3dmhDUOvg
1fMwvissqeTcFfFbg6imuFtrrALYVvRUWCMPIURXMgSu/Vi5So9+fqrWJwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJ1xseW0qnVFv4a4UIiR2JaQ/L0fMB8GA1UdIwQY
MBaAFEwH9p1gK367f2Mw1xXJ7D5aujD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEFmMm5XQXJmcnRfWXpEWEZjbnNQbHE2TVBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lZTcxYzYtMWJhZS00ODU4LWFmM2Et
YmMyODlkYzE3ZDIwLzEvblhHeDViU3FkVVdfaHJoUWlKSFlscEQ4dlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lZTcxYzYtMWJhZS00ODU4LWFmM2EtYmMyODlkYzE3ZDIw
LzEvVEFmMm5XQXJmcnRfWXpEWEZjbnNQbHE2TVBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCuZz8MBQE
AgACMA4DBQMqB6HAAwUDKhNtwDANBgkqhkiG9w0BAQsFAAOCAQEArQH9blnHvQ2E
VEMSDzKK1f27lPRwvWGqfQU8qOALphwXgMjfeOmy8jGO5+ZMkHvSi0M28mAGypiP
sF53j3fNy/dcZpQwY3/wNgz2Awe36ogrVfAMhadm67MYxhtkdf2AT9EN0d9a+8Kc
wCcqh5CNQ2BN+JY3wFoiHpP0caJCmIiccEmur1PoUCfLHZca55GiAh/v5DbyB5RH
/oelmZGSV0fTfaMZ5FmP55OWQY9Spzj1heV4ZPB7UX2SrAcpR48pe0S9YKoZMv/e
b4y3ppHiLnwlyuLT11fimxy3sjIzPl/ioUQPmMfenxfCPWHOHIE2lNnpRuIZQWX+
riFQWF9DJQ==
-----END CERTIFICATE-----
Generated at Fri Apr 25 12:06:41 2025 by rpki-client