Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/risExVobQciJpjckh7R5a6pHayQ.roa
File: risExVobQciJpjckh7R5a6pHayQ.roa (raw, json)
Hash identifier: smtSJjRXs0E72dzCfhCCARBzkZPKWKCqhHgp8E/C6HY=
Subject key identifier: AE:2B:04:C5:5A:1B:41:C8:89:A6:37:24:87:B4:79:6B:AA:47:6B:24
Certificate issuer: /CN=4df1811f3997b950ac89e410ea3ef018a673d5fc
Certificate serial: 01942747960B284585C39394EB285280D414
Authority key identifier: 4D:F1:81:1F:39:97:B9:50:AC:89:E4:10:EA:3E:F0:18:A6:73:D5:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/risExVobQciJpjckh7R5a6pHayQ.roa
Signing time: Thu 02 Jan 2025 13:49:50 +0000
ROA not before: Thu 02 Jan 2025 13:49:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199657
IP address blocks: 94.199.96.0/22 maxlen: 24
2a06:d6c0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:96:0b:28:45:85:c3:93:94:eb:28:52:80:d4:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4df1811f3997b950ac89e410ea3ef018a673d5fc
Validity
Not Before: Jan 2 13:49:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ae2b04c55a1b41c889a6372487b4796baa476b24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:3a:f0:09:c1:cf:42:6f:6f:ec:2b:87:77:75:
ae:2c:d9:54:04:28:82:1c:8b:99:c0:92:65:98:23:
4d:fe:70:7f:d3:a1:97:7c:b4:9d:ff:b2:2c:50:a8:
39:d1:4a:a2:5d:5b:62:b2:d0:f7:6f:7f:f3:20:32:
9f:31:9a:ad:09:2c:75:5d:bb:fc:88:99:cc:4e:53:
68:2b:2b:3a:24:63:b9:7c:1c:39:3d:af:22:9d:84:
92:49:17:e2:38:df:83:4b:0f:e8:83:90:42:f2:d2:
e8:27:28:e8:ad:43:d3:00:38:46:45:c3:a1:40:27:
66:3c:5b:32:0f:8f:ea:27:8b:42:d2:9b:38:c7:91:
ec:ed:16:9a:d2:be:a8:92:3f:3c:15:af:f3:b0:e4:
bb:84:a5:48:aa:b2:dc:d3:a1:b0:71:4a:43:e7:30:
f3:0a:bc:d4:d5:fb:4a:c1:43:05:be:90:95:51:f2:
01:c4:a7:5d:ad:36:be:a3:1c:b8:c7:13:2d:5f:bd:
22:53:45:6f:98:40:64:f7:47:71:0e:f5:d1:e2:91:
e9:05:27:85:e8:bb:72:0b:a1:f3:70:7e:ae:a5:2a:
c4:17:a1:8a:7b:71:89:c0:56:71:bc:95:93:0b:e2:
36:4f:fc:09:1a:b7:bf:d6:d9:8b:63:bd:13:37:34:
6c:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:2B:04:C5:5A:1B:41:C8:89:A6:37:24:87:B4:79:6B:AA:47:6B:24
X509v3 Authority Key Identifier:
keyid:4D:F1:81:1F:39:97:B9:50:AC:89:E4:10:EA:3E:F0:18:A6:73:D5:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfGBHzmXuVCsieQQ6j7wGKZz1fw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/risExVobQciJpjckh7R5a6pHayQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/3fe931-7dd6-443b-aade-d9a61937a1e5/1/TfGBHzmXuVCsieQQ6j7wGKZz1fw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.199.96.0/22
IPv6:
2a06:d6c0::/32
Signature Algorithm: sha256WithRSAEncryption
52:b1:53:dc:c7:f5:72:7c:67:c4:77:85:92:aa:31:0e:82:2f:
b3:55:ce:a2:8d:29:e0:bc:17:86:13:3f:ea:7e:f1:53:8e:62:
af:8d:76:b0:39:47:a7:13:d7:c0:7d:9d:49:fb:4f:1d:9e:a4:
38:f1:33:72:7b:ff:3d:3b:f8:e2:7e:17:2c:90:ea:19:f7:1d:
11:cd:a7:22:3d:e5:2c:b2:7f:6c:23:97:9e:7c:81:bd:89:c0:
29:13:ed:57:7f:99:bb:17:9f:33:df:09:bf:fa:eb:b5:96:f9:
19:04:31:47:23:54:ad:d6:34:c1:12:5b:6e:bf:58:1c:12:9e:
ed:78:d3:b8:10:36:4e:01:b2:fa:f6:62:fd:42:09:0d:6e:10:
3f:83:60:ea:94:10:5c:91:06:2a:ca:78:57:f4:e2:0d:d2:b1:
dd:8c:06:2e:ee:09:86:f4:f7:2d:73:c6:24:69:84:e9:7e:2f:
e6:8b:fd:a6:da:37:3c:cd:9d:e4:30:d4:32:a6:df:52:dc:86:
00:e0:28:b0:33:d7:bd:76:56:29:d0:41:85:b4:1a:16:72:64:
1f:9c:18:4b:79:76:46:33:59:c3:17:ad:eb:3d:fb:5b:88:5f:
08:48:c6:cf:8b:34:08:62:be:6d:4f:97:64:e3:71:a0:95:8d:
0f:dd:4b:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR5YLKEWFw5OU6yhSgNQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjE4MTFmMzk5N2I5NTBhYzg5ZTQxMGVhM2VmMDE4YTY3
M2Q1ZmMwHhcNMjUwMTAyMTM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTJiMDRjNTVhMWI0MWM4ODlhNjM3MjQ4N2I0Nzk2YmFhNDc2YjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDrwCcHPQm9v7CuHd3WuLNlUBCiC
HIuZwJJlmCNN/nB/06GXfLSd/7IsUKg50UqiXVtistD3b3/zIDKfMZqtCSx1Xbv8
iJnMTlNoKys6JGO5fBw5Pa8inYSSSRfiON+DSw/og5BC8tLoJyjorUPTADhGRcOh
QCdmPFsyD4/qJ4tC0ps4x5Hs7Raa0r6okj88Fa/zsOS7hKVIqrLc06GwcUpD5zDz
CrzU1ftKwUMFvpCVUfIBxKddrTa+oxy4xxMtX70iU0VvmEBk90dxDvXR4pHpBSeF
6LtyC6HzcH6upSrEF6GKe3GJwFZxvJWTC+I2T/wJGre/1tmLY70TNzRsOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK4rBMVaG0HIiaY3JIe0eWuqR2skMB8GA1UdIwQY
MBaAFE3xgR85l7lQrInkEOo+8Bimc9X8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZHQkh6bVh1VkNzaWVRUTZqN3dHS1p6MWZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zZmU5MzEtN2RkNi00NDNiLWFhZGUt
ZDlhNjE5MzdhMWU1LzEvcmlzRXhWb2JRY2lKcGpja2g3UjVhNnBIYXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zZmU5MzEtN2RkNi00NDNiLWFhZGUtZDlhNjE5MzdhMWU1
LzEvVGZHQkh6bVh1VkNzaWVRUTZqN3dHS1p6MWZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCXsdgMA0E
AgACMAcDBQAqBtbAMA0GCSqGSIb3DQEBCwUAA4IBAQBSsVPcx/VyfGfEd4WSqjEO
gi+zVc6ijSngvBeGEz/qfvFTjmKvjXawOUenE9fAfZ1J+08dnqQ48TNye/89O/ji
fhcskOoZ9x0RzaciPeUssn9sI5eefIG9icApE+1Xf5m7F58z3wm/+uu1lvkZBDFH
I1St1jTBEltuv1gcEp7teNO4EDZOAbL69mL9QgkNbhA/g2DqlBBckQYqynhX9OIN
0rHdjAYu7gmG9Pctc8YkaYTpfi/mi/2m2jc8zZ3kMNQypt9S3IYA4CiwM9e9dlYp
0EGFtBoWcmQfnBhLeXZGM1nDF63rPftbiF8ISMbPizQIYr5tT5dk43GglY0P3Uu+
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:56:12 2025 by rpki-client