Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/cc02e1-8b36-42a3-b756-be3485706a7f/1/BMHVHu-JbszVmlaPK0QGdQjobqk.roa
File: BMHVHu-JbszVmlaPK0QGdQjobqk.roa (raw, json)
Hash identifier: G29ynB8gmG1T9KHI25JYWbt3xJ8CodHiSO5tv95eYEk=
Subject key identifier: 04:C1:D5:1E:EF:89:6E:CC:D5:9A:56:8F:2B:44:06:75:08:E8:6E:A9
Certificate issuer: /CN=c2f5fd3023055249f213d15cba000ca026bb6fa3
Certificate serial: 0194258F5695CF409CD473A590443A314721
Authority key identifier: C2:F5:FD:30:23:05:52:49:F2:13:D1:5C:BA:00:0C:A0:26:BB:6F:A3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wvX9MCMFUknyE9FcugAMoCa7b6M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/cc02e1-8b36-42a3-b756-be3485706a7f/1/BMHVHu-JbszVmlaPK0QGdQjobqk.roa
Signing time: Thu 02 Jan 2025 05:48:58 +0000
ROA not before: Thu 02 Jan 2025 05:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29479
IP address blocks: 109.233.56.0/24 maxlen: 24
109.233.57.0/24 maxlen: 24
109.233.58.0/24 maxlen: 24
109.233.59.0/24 maxlen: 24
109.233.60.0/24 maxlen: 24
109.233.61.0/24 maxlen: 24
109.233.62.0/24 maxlen: 24
109.233.63.0/24 maxlen: 24
2a01:8dc0:109::/48 maxlen: 48
2a01:8dc0:110::/48 maxlen: 48
2a01:8dc0:112::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:56:95:cf:40:9c:d4:73:a5:90:44:3a:31:47:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2f5fd3023055249f213d15cba000ca026bb6fa3
Validity
Not Before: Jan 2 05:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04c1d51eef896eccd59a568f2b44067508e86ea9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:3d:28:10:9d:60:c8:67:99:18:38:b8:e8:72:
a2:87:48:ae:62:ef:7b:8d:f3:1a:2e:e2:79:d5:1d:
ff:1e:c1:17:0b:68:c6:06:26:7b:f9:d8:8b:1f:c0:
b2:17:9f:f2:f4:01:a8:56:86:5a:9c:20:45:83:72:
d1:61:1a:c4:01:b2:68:3e:06:3f:a8:0d:21:78:6a:
a7:21:23:f9:8e:d5:8f:be:95:66:86:a2:96:45:e6:
d8:f5:66:b3:30:ee:20:b4:dc:ee:4f:64:51:17:5f:
ca:e5:3c:ac:42:59:82:7b:2a:9a:52:a9:45:c0:40:
a1:a8:90:32:0f:a2:e7:1d:b8:50:84:62:ac:c1:d1:
47:54:f2:1f:39:ad:b8:76:a4:15:76:aa:6f:9b:76:
9f:6c:e8:5d:17:d3:d8:19:d1:03:16:cd:3b:74:19:
0a:17:cf:49:a4:c8:bf:20:fd:77:7b:34:88:d8:ef:
50:7b:71:6a:6c:c1:50:e4:52:d6:36:46:bb:2d:41:
fb:75:ef:89:3b:b4:e6:77:49:12:ce:8e:fc:be:ee:
91:e0:31:ea:e7:43:8b:03:77:d2:2c:31:f8:c0:7b:
e4:18:64:36:eb:af:9e:85:e6:85:78:96:b7:03:3f:
5e:03:fa:21:e1:1f:3b:a6:ce:7d:8b:c2:79:8d:af:
46:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:C1:D5:1E:EF:89:6E:CC:D5:9A:56:8F:2B:44:06:75:08:E8:6E:A9
X509v3 Authority Key Identifier:
keyid:C2:F5:FD:30:23:05:52:49:F2:13:D1:5C:BA:00:0C:A0:26:BB:6F:A3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wvX9MCMFUknyE9FcugAMoCa7b6M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/cc02e1-8b36-42a3-b756-be3485706a7f/1/BMHVHu-JbszVmlaPK0QGdQjobqk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/cc02e1-8b36-42a3-b756-be3485706a7f/1/wvX9MCMFUknyE9FcugAMoCa7b6M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.233.56.0/21
IPv6:
2a01:8dc0:109::/48
2a01:8dc0:110::/48
2a01:8dc0:112::/48
Signature Algorithm: sha256WithRSAEncryption
91:b0:e0:c7:05:35:90:39:45:22:1f:b0:51:5e:f0:9d:9e:af:
ca:1d:5f:34:6b:df:9e:1f:3b:58:04:12:61:2d:b7:57:8c:c4:
b8:b3:87:f3:3d:92:93:56:b3:b7:b1:fa:64:29:3d:cc:30:20:
ce:72:5e:38:25:50:d7:e0:0c:9a:e2:c8:88:a1:a1:a9:16:36:
23:9a:3b:fd:b8:13:fe:74:46:97:76:5d:24:0f:89:7d:d9:0c:
b7:be:bd:07:ea:71:85:bf:e6:28:38:4a:df:96:97:f9:ac:d1:
5a:dd:2c:e8:48:d2:0e:a2:a6:4d:3b:0d:6e:8b:f8:83:1d:fb:
0d:b9:d2:df:9d:41:cd:9d:67:a2:fe:b7:53:63:e2:92:32:07:
c7:df:24:20:99:16:a0:eb:eb:1c:5c:a2:c1:ca:2a:a0:34:20:
5c:7f:32:da:0a:37:50:a0:1c:8b:c0:6f:82:cb:5b:05:90:46:
20:24:14:3e:2d:5c:ad:f9:3d:05:1d:14:76:51:1c:f8:20:e6:
b4:c7:fa:ae:de:4a:92:9b:39:de:8e:09:f2:8d:7d:cc:df:c8:
1a:56:2f:d1:81:94:ca:f0:9e:78:d3:ea:f8:f1:ff:78:01:93:
c6:4e:6c:17:93:ca:ad:e7:40:d0:10:d9:eb:59:1f:52:7b:6e:
16:ea:06:54
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAZQlj1aVz0Cc1HOlkEQ6MUchMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZjVmZDMwMjMwNTUyNDlmMjEzZDE1Y2JhMDAwY2EwMjZi
YjZmYTMwHhcNMjUwMTAyMDU0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGMxZDUxZWVmODk2ZWNjZDU5YTU2OGYyYjQ0MDY3NTA4ZTg2ZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3D0oEJ1gyGeZGDi46HKih0iuYu97
jfMaLuJ51R3/HsEXC2jGBiZ7+diLH8CyF5/y9AGoVoZanCBFg3LRYRrEAbJoPgY/
qA0heGqnISP5jtWPvpVmhqKWRebY9WazMO4gtNzuT2RRF1/K5TysQlmCeyqaUqlF
wEChqJAyD6LnHbhQhGKswdFHVPIfOa24dqQVdqpvm3afbOhdF9PYGdEDFs07dBkK
F89JpMi/IP13ezSI2O9Qe3FqbMFQ5FLWNka7LUH7de+JO7Tmd0kSzo78vu6R4DHq
50OLA3fSLDH4wHvkGGQ266+eheaFeJa3Az9eA/oh4R87ps59i8J5ja9GcQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFATB1R7viW7M1ZpWjytEBnUI6G6pMB8GA1UdIwQY
MBaAFML1/TAjBVJJ8hPRXLoADKAmu2+jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3ZYOU1DTUZVa255RTlGY3VnQU1vQ2E3YjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9jYzAyZTEtOGIzNi00MmEzLWI3NTYt
YmUzNDg1NzA2YTdmLzEvQk1IVkh1LUpic3pWbWxhUEswUUdkUWpvYnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9jYzAyZTEtOGIzNi00MmEzLWI3NTYtYmUzNDg1NzA2YTdm
LzEvd3ZYOU1DTUZVa255RTlGY3VnQU1vQ2E3YjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAMBAIAATAGAwQDbek4MCEE
AgACMBsDBwAqAY3AAQkDBwAqAY3AARADBwAqAY3AARIwDQYJKoZIhvcNAQELBQAD
ggEBAJGw4McFNZA5RSIfsFFe8J2er8odXzRr354fO1gEEmEtt1eMxLizh/M9kpNW
s7ex+mQpPcwwIM5yXjglUNfgDJriyIihoakWNiOaO/24E/50Rpd2XSQPiX3ZDLe+
vQfqcYW/5ig4St+Wl/ms0VrdLOhI0g6ipk07DW6L+IMd+w250t+dQc2dZ6L+t1Nj
4pIyB8ffJCCZFqDr6xxcosHKKqA0IFx/MtoKN1CgHIvAb4LLWwWQRiAkFD4tXK35
PQUdFHZRHPgg5rTH+q7eSpKbOd6OCfKNfczfyBpWL9GBlMrwnnjT6vjx/3gBk8ZO
bBeTyq3nQNAQ2etZH1J7bhbqBlQ=
-----END CERTIFICATE-----
Generated at Fri Apr 25 10:14:12 2025 by rpki-client