Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/STLMqI9B0bmg1HnzIFgocG7Jchs.roa
File: STLMqI9B0bmg1HnzIFgocG7Jchs.roa (raw, json)
Hash identifier: nUpzGifMhuTClZtTuwuW+kY+JzHd2eUa3fEsyXVesAc=
Subject key identifier: 49:32:CC:A8:8F:41:D1:B9:A0:D4:79:F3:20:58:28:70:6E:C9:72:1B
Certificate issuer: /CN=8fb620a4838ef6e21bcc26ad351262d7566eb275
Certificate serial: 019422FB6B0A211EE6D28A33A35DA07D5BC2
Authority key identifier: 8F:B6:20:A4:83:8E:F6:E2:1B:CC:26:AD:35:12:62:D7:56:6E:B2:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/j7YgpIOO9uIbzCatNRJi11ZusnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/STLMqI9B0bmg1HnzIFgocG7Jchs.roa
Signing time: Wed 01 Jan 2025 17:48:09 +0000
ROA not before: Wed 01 Jan 2025 17:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 43708
IP address blocks: 31.41.200.0/21 maxlen: 21
78.110.208.0/20 maxlen: 20
185.24.20.0/22 maxlen: 22
2a01:510::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:6b:0a:21:1e:e6:d2:8a:33:a3:5d:a0:7d:5b:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8fb620a4838ef6e21bcc26ad351262d7566eb275
Validity
Not Before: Jan 1 17:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4932cca88f41d1b9a0d479f3205828706ec9721b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:d5:f1:fb:59:11:5b:f5:e2:ca:bb:fa:98:23:
07:51:16:7d:d9:2b:6b:7c:5d:a0:e1:33:db:a0:fa:
83:68:c1:5d:63:af:0d:e0:a8:50:e1:97:a2:95:56:
90:53:31:d0:69:b9:66:78:c6:7c:f5:1c:6c:a0:27:
e7:1b:64:24:48:d5:ea:b3:d9:9d:f0:5e:38:9f:ef:
da:30:d3:2c:c0:ff:61:88:05:b7:90:d5:7d:aa:1f:
d3:f3:c1:50:5c:76:06:58:30:bf:95:a0:e9:a7:65:
7c:75:9f:af:1b:dc:4f:32:fe:59:42:9c:de:20:27:
35:0d:9e:96:bb:69:30:a2:d3:9d:f2:1e:66:c6:84:
cf:22:e0:9c:61:ba:cb:fa:e2:79:ef:48:e3:c4:b7:
b1:41:cf:98:8f:d0:01:ff:3d:97:cf:a8:2a:b2:cf:
7b:99:5b:42:86:25:f6:ca:6d:48:99:40:d4:f2:9b:
35:e6:85:a4:8a:da:16:c1:9c:32:3a:4d:42:dc:21:
3e:4b:cd:a9:4b:92:8b:da:1b:37:0d:50:95:8b:69:
3c:16:b9:25:b3:a3:b0:f8:ae:df:d8:2c:03:54:81:
75:a3:3c:3f:a5:05:1d:09:5a:09:e8:e2:29:b7:f7:
de:81:2d:58:2b:88:2c:fb:08:43:58:49:d9:b2:b5:
55:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:32:CC:A8:8F:41:D1:B9:A0:D4:79:F3:20:58:28:70:6E:C9:72:1B
X509v3 Authority Key Identifier:
keyid:8F:B6:20:A4:83:8E:F6:E2:1B:CC:26:AD:35:12:62:D7:56:6E:B2:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j7YgpIOO9uIbzCatNRJi11ZusnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/STLMqI9B0bmg1HnzIFgocG7Jchs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/ec3512-71ba-441e-bfe1-da7d45b732fa/1/j7YgpIOO9uIbzCatNRJi11ZusnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.41.200.0/21
78.110.208.0/20
185.24.20.0/22
IPv6:
2a01:510::/32
Signature Algorithm: sha256WithRSAEncryption
b6:a7:47:73:37:38:a7:32:3e:dc:36:8b:3e:e1:c4:e3:c6:f3:
e6:eb:9f:3d:df:9b:7d:a1:85:f7:08:99:20:13:a4:46:52:f3:
a3:09:6b:a7:5d:67:e0:1b:04:94:de:2d:e3:74:53:15:85:5d:
f3:64:91:29:be:4d:66:f1:76:df:55:e7:23:6b:95:38:b1:c2:
55:ca:b6:ae:0c:3f:1a:97:2e:71:c7:dd:53:ac:26:cc:d5:ee:
89:ff:17:45:46:e5:c0:16:c5:ab:77:21:e9:5f:06:b4:c0:8b:
88:ce:f3:68:37:23:46:87:c8:46:f0:f5:99:02:db:06:50:63:
c8:57:48:5a:5a:78:db:09:01:fb:b3:ad:ca:b5:19:61:94:c6:
12:a9:03:e6:30:30:02:ae:70:6a:59:7e:6a:62:1b:1b:8e:45:
8d:29:a0:dd:2d:a9:b5:d8:f0:b3:d7:f4:6d:64:fe:74:cb:96:
cc:8d:7f:5e:a0:c0:26:a3:03:cd:36:72:f8:10:7e:9a:92:52:
2c:72:48:76:8c:64:23:6a:bd:8b:ea:58:d6:10:de:13:03:82:
40:b9:92:73:50:7e:cb:f2:28:eb:a9:60:e3:22:66:a2:10:4e:
a1:70:44:06:64:c0:25:0f:7d:2e:7c:09:4a:3f:81:54:21:75:
7c:9d:58:ed
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQi+2sKIR7m0oozo12gfVvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYjYyMGE0ODM4ZWY2ZTIxYmNjMjZhZDM1MTI2MmQ3NTY2
ZWIyNzUwHhcNMjUwMTAxMTc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMyY2NhODhmNDFkMWI5YTBkNDc5ZjMyMDU4Mjg3MDZlYzk3MjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNXx+1kRW/Xiyrv6mCMHURZ92Str
fF2g4TPboPqDaMFdY68N4KhQ4ZeilVaQUzHQablmeMZ89RxsoCfnG2QkSNXqs9md
8F44n+/aMNMswP9hiAW3kNV9qh/T88FQXHYGWDC/laDpp2V8dZ+vG9xPMv5ZQpze
ICc1DZ6Wu2kwotOd8h5mxoTPIuCcYbrL+uJ570jjxLexQc+Yj9AB/z2Xz6gqss97
mVtChiX2ym1ImUDU8ps15oWkitoWwZwyOk1C3CE+S82pS5KL2hs3DVCVi2k8Frkl
s6Ow+K7f2CwDVIF1ozw/pQUdCVoJ6OIpt/fegS1YK4gs+whDWEnZsrVV+wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFEkyzKiPQdG5oNR58yBYKHBuyXIbMB8GA1UdIwQY
MBaAFI+2IKSDjvbiG8wmrTUSYtdWbrJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajdZZ3BJT085dUliekNhdE5SSmkxMVp1c25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9lYzM1MTItNzFiYS00NDFlLWJmZTEt
ZGE3ZDQ1YjczMmZhLzEvU1RMTXFJOUIwYm1nMUhueklGZ29jRzdKY2hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9lYzM1MTItNzFiYS00NDFlLWJmZTEtZGE3ZDQ1YjczMmZh
LzEvajdZZ3BJT085dUliekNhdE5SSmkxMVp1c25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDHynIAwQE
Tm7QAwQCuRgUMA0EAgACMAcDBQAqAQUQMA0GCSqGSIb3DQEBCwUAA4IBAQC2p0dz
NzinMj7cNos+4cTjxvPm658935t9oYX3CJkgE6RGUvOjCWunXWfgGwSU3i3jdFMV
hV3zZJEpvk1m8XbfVecja5U4scJVyrauDD8aly5xx91TrCbM1e6J/xdFRuXAFsWr
dyHpXwa0wIuIzvNoNyNGh8hG8PWZAtsGUGPIV0haWnjbCQH7s63KtRlhlMYSqQPm
MDACrnBqWX5qYhsbjkWNKaDdLam12PCz1/RtZP50y5bMjX9eoMAmowPNNnL4EH6a
klIsckh2jGQjar2L6ljWEN4TA4JAuZJzUH7L8ijrqWDjImaiEE6hcEQGZMAlD30u
fAlKP4FUIXV8nVjt
-----END CERTIFICATE-----
Generated at Fri Apr 25 14:24:25 2025 by rpki-client