Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/TOIzNWX91Fklg3hNSjJLHCHMbgY.roa
File: TOIzNWX91Fklg3hNSjJLHCHMbgY.roa (raw, json)
Hash identifier: vI/ydx27fqpwXcKYk7mipA2wZEP7zEBHHuwYkt7nRa0=
Subject key identifier: 4C:E2:33:35:65:FD:D4:59:25:83:78:4D:4A:32:4B:1C:21:CC:6E:06
Certificate issuer: /CN=32c0274bc17f9c75cd3fc10f8b5825a19382ab4f
Certificate serial: 019426D9FA703C36D23037DC2482987654DD
Authority key identifier: 32:C0:27:4B:C1:7F:9C:75:CD:3F:C1:0F:8B:58:25:A1:93:82:AB:4F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MsAnS8F_nHXNP8EPi1gloZOCq08.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/TOIzNWX91Fklg3hNSjJLHCHMbgY.roa
Signing time: Thu 02 Jan 2025 11:50:07 +0000
ROA not before: Thu 02 Jan 2025 11:50:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50163
IP address blocks: 109.71.208.0/21 maxlen: 21
2a03:e00::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:fa:70:3c:36:d2:30:37:dc:24:82:98:76:54:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32c0274bc17f9c75cd3fc10f8b5825a19382ab4f
Validity
Not Before: Jan 2 11:50:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4ce2333565fdd4592583784d4a324b1c21cc6e06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:41:a0:1f:9f:5d:32:23:4c:bf:0d:d6:24:4a:
62:4d:cd:a7:fb:86:7d:56:68:8f:c7:7a:84:db:58:
19:4c:93:5b:81:d4:41:0a:b4:0a:80:67:b6:00:6f:
b4:56:d5:25:1e:e0:33:4f:5a:83:d1:5d:f7:77:2f:
f0:79:2e:4c:65:0a:39:f4:f5:2f:5e:d1:3d:34:0c:
24:24:8e:e7:59:2a:1a:7a:90:2e:f3:c2:07:b5:5d:
34:28:3e:5b:b4:d9:7a:0b:34:27:ac:7e:12:b4:ac:
c2:a4:5e:71:5e:20:04:4a:a9:d8:de:1c:16:50:3e:
b4:56:49:e7:b5:ad:39:23:85:b7:d9:7d:b7:36:77:
26:21:a1:06:30:18:2f:12:41:03:90:48:c5:9a:ff:
75:a7:1b:80:2d:17:77:80:37:12:ac:76:bc:93:5e:
d3:d5:b5:7a:ef:71:ae:3a:bf:43:94:dd:58:f3:37:
b9:78:12:a9:d6:d7:82:ad:a3:3c:35:99:52:4d:6a:
33:33:86:83:4d:18:04:2c:2b:44:be:99:7a:86:15:
31:df:70:07:5d:f9:de:4f:b6:ac:7b:d4:a6:54:54:
f8:f6:6a:dc:1f:2e:17:a3:0b:63:27:13:01:44:42:
3f:05:5d:98:48:e8:0d:6c:20:14:e3:d9:11:8f:dd:
dc:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:E2:33:35:65:FD:D4:59:25:83:78:4D:4A:32:4B:1C:21:CC:6E:06
X509v3 Authority Key Identifier:
keyid:32:C0:27:4B:C1:7F:9C:75:CD:3F:C1:0F:8B:58:25:A1:93:82:AB:4F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MsAnS8F_nHXNP8EPi1gloZOCq08.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/TOIzNWX91Fklg3hNSjJLHCHMbgY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/416aaf-8602-4196-b51d-41d087b3828b/1/MsAnS8F_nHXNP8EPi1gloZOCq08.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.71.208.0/21
IPv6:
2a03:e00::/32
Signature Algorithm: sha256WithRSAEncryption
1e:38:1f:68:11:bf:62:60:21:24:7c:aa:04:82:64:9f:28:e3:
29:8e:07:b8:83:68:1a:7e:65:97:b2:3f:a4:69:81:05:a4:82:
2f:0b:83:32:a5:ab:08:ad:30:73:6b:fb:99:c4:a8:c3:99:48:
77:e0:3f:bf:7f:55:77:cc:e0:c6:2c:f9:98:09:d6:c0:40:d9:
66:ad:70:0f:5c:26:41:1c:3c:01:db:f2:76:62:9b:f1:5f:35:
4a:c3:58:23:40:30:52:ef:28:3a:95:86:aa:96:e7:71:93:f4:
ba:c1:12:d1:81:c8:1f:05:1d:06:55:c4:13:da:b6:7d:4f:0f:
20:36:c8:7a:b0:80:30:97:c6:d9:93:7e:e6:57:50:4a:54:96:
8e:04:04:77:3c:29:b9:d2:7f:d3:55:ed:8f:c8:42:f2:bf:6b:
6b:fa:29:d2:9e:ac:45:0b:54:46:41:80:d2:70:2c:e0:8a:a2:
1b:50:01:c9:24:ac:5d:07:ab:35:30:3c:ac:c0:b5:ea:03:a8:
4f:a9:69:cc:e7:f5:41:26:f2:ed:a9:6d:84:96:4e:8d:8a:9a:
eb:b0:e7:72:88:de:b6:01:bd:74:00:91:78:eb:a5:d4:cc:31:
d2:96:c8:54:72:6d:f9:b7:ac:cb:14:a5:60:88:da:fe:6a:33:
15:a2:da:be
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2fpwPDbSMDfcJIKYdlTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyYzAyNzRiYzE3ZjljNzVjZDNmYzEwZjhiNTgyNWExOTM4
MmFiNGYwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2UyMzMzNTY1ZmRkNDU5MjU4Mzc4NGQ0YTMyNGIxYzIxY2M2ZTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEGgH59dMiNMvw3WJEpiTc2n+4Z9
VmiPx3qE21gZTJNbgdRBCrQKgGe2AG+0VtUlHuAzT1qD0V33dy/weS5MZQo59PUv
XtE9NAwkJI7nWSoaepAu88IHtV00KD5btNl6CzQnrH4StKzCpF5xXiAESqnY3hwW
UD60Vknnta05I4W32X23NncmIaEGMBgvEkEDkEjFmv91pxuALRd3gDcSrHa8k17T
1bV673GuOr9DlN1Y8ze5eBKp1teCraM8NZlSTWozM4aDTRgELCtEvpl6hhUx33AH
XfneT7ase9SmVFT49mrcHy4XowtjJxMBREI/BV2YSOgNbCAU49kRj93cjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEziMzVl/dRZJYN4TUoySxwhzG4GMB8GA1UdIwQY
MBaAFDLAJ0vBf5x1zT/BD4tYJaGTgqtPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXNBblM4Rl9uSFhOUDhFUGkxZ2xvWk9DcTA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS80MTZhYWYtODYwMi00MTk2LWI1MWQt
NDFkMDg3YjM4MjhiLzEvVE9Jek5XWDkxRmtsZzNoTlNqSkxIQ0hNYmdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS80MTZhYWYtODYwMi00MTk2LWI1MWQtNDFkMDg3YjM4Mjhi
LzEvTXNBblM4Rl9uSFhOUDhFUGkxZ2xvWk9DcTA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDbUfQMA0E
AgACMAcDBQAqAw4AMA0GCSqGSIb3DQEBCwUAA4IBAQAeOB9oEb9iYCEkfKoEgmSf
KOMpjge4g2gafmWXsj+kaYEFpIIvC4MypasIrTBza/uZxKjDmUh34D+/f1V3zODG
LPmYCdbAQNlmrXAPXCZBHDwB2/J2YpvxXzVKw1gjQDBS7yg6lYaqludxk/S6wRLR
gcgfBR0GVcQT2rZ9Tw8gNsh6sIAwl8bZk37mV1BKVJaOBAR3PCm50n/TVe2PyELy
v2tr+inSnqxFC1RGQYDScCzgiqIbUAHJJKxdB6s1MDyswLXqA6hPqWnM5/VBJvLt
qW2Elk6NiprrsOdyiN62Ab10AJF466XUzDHSlshUcm35t6zLFKVgiNr+ajMVotq+
-----END CERTIFICATE-----
Generated at Fri Apr 25 07:31:58 2025 by rpki-client