Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/JAdnsONCtTfLbO2OfLFXkq3UEe0.roa
File: JAdnsONCtTfLbO2OfLFXkq3UEe0.roa (raw, json)
Hash identifier: uH25J1sXmVYdKjAjZcQtubKyV6gnVwOjCbWyLNaZ4r4=
Subject key identifier: 24:07:67:B0:E3:42:B5:37:CB:6C:ED:8E:7C:B1:57:92:AD:D4:11:ED
Certificate issuer: /CN=be2f2ccf1baa39033ec76a586f846a36218f209d
Certificate serial: 019425216A7B0EBB5CF60415062263079B6A
Authority key identifier: BE:2F:2C:CF:1B:AA:39:03:3E:C7:6A:58:6F:84:6A:36:21:8F:20:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vi8szxuqOQM-x2pYb4RqNiGPIJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/JAdnsONCtTfLbO2OfLFXkq3UEe0.roa
Signing time: Thu 02 Jan 2025 03:48:54 +0000
ROA not before: Thu 02 Jan 2025 03:48:54 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39382
IP address blocks: 159.255.200.0/21 maxlen: 21
195.234.116.0/22 maxlen: 22
2a03:8680::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:6a:7b:0e:bb:5c:f6:04:15:06:22:63:07:9b:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be2f2ccf1baa39033ec76a586f846a36218f209d
Validity
Not Before: Jan 2 03:48:54 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=240767b0e342b537cb6ced8e7cb15792add411ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b4:4b:0a:10:e6:d5:01:cf:77:f1:2c:88:1e:
00:90:48:3b:d5:fd:22:ec:4e:77:15:72:52:47:aa:
4b:7f:5c:4b:3b:fa:be:23:da:9d:79:22:e9:6c:ba:
bf:ce:bb:38:93:70:60:14:2b:1e:5e:af:59:e6:79:
25:59:9d:7e:36:7f:15:0b:ce:01:62:0d:31:df:17:
38:63:b7:fa:db:c5:ca:39:e0:c6:65:57:0a:fd:31:
bf:3b:44:a9:17:83:83:8d:8e:a3:6f:39:6e:3f:6e:
c7:7d:d2:1a:51:9c:bf:7e:e4:da:7a:f3:08:70:6c:
44:d2:fb:e3:17:36:25:ef:75:7e:5e:d8:8f:83:79:
08:3d:13:cd:54:b7:11:50:9f:ec:bf:68:28:46:fe:
41:7e:5d:b3:90:39:7a:a8:68:85:27:f1:dd:03:0a:
c2:6e:30:9a:90:64:a5:6f:19:9b:e7:87:b1:06:d0:
14:86:af:4e:65:28:22:10:5d:6b:64:87:cb:97:38:
d6:bb:9b:18:88:75:97:d4:13:8e:ed:15:bc:88:5c:
98:6b:78:69:cf:dc:21:af:9d:b8:9a:1a:5a:ce:ec:
d1:91:98:13:3e:5c:77:02:69:58:c4:a3:d5:64:d7:
18:a2:50:d4:e5:fd:60:06:ef:82:56:8a:b5:41:23:
c5:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:07:67:B0:E3:42:B5:37:CB:6C:ED:8E:7C:B1:57:92:AD:D4:11:ED
X509v3 Authority Key Identifier:
keyid:BE:2F:2C:CF:1B:AA:39:03:3E:C7:6A:58:6F:84:6A:36:21:8F:20:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vi8szxuqOQM-x2pYb4RqNiGPIJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/JAdnsONCtTfLbO2OfLFXkq3UEe0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/97744d-5988-46ae-82f1-64187e30435b/1/vi8szxuqOQM-x2pYb4RqNiGPIJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.255.200.0/21
195.234.116.0/22
IPv6:
2a03:8680::/32
Signature Algorithm: sha256WithRSAEncryption
90:86:3a:2f:cc:a7:78:72:f4:1d:b6:f8:ca:f8:a9:0f:30:a2:
da:0f:1f:7b:05:67:81:1a:a5:24:a5:6e:00:a6:8e:94:9e:c6:
db:40:92:bf:49:ab:53:ff:5e:be:f5:dd:8a:17:a5:56:3b:37:
4b:3d:78:43:9e:72:e3:20:2d:3d:97:ff:d5:23:d0:bc:e7:c3:
4d:2e:e2:39:b5:ce:d8:62:59:29:15:96:3b:d6:8b:3f:f8:fc:
bf:32:eb:4a:32:a0:aa:a6:2f:41:14:83:b6:33:ee:22:12:1e:
a5:5b:e0:f0:a3:df:e1:2e:32:29:23:fc:5f:94:ce:5d:81:de:
49:ee:98:c2:b8:72:db:8f:a3:2b:af:cc:b0:21:be:f7:7d:5a:
ba:e4:9c:cf:2f:fb:3a:f4:c6:cc:15:d3:d1:0d:45:8b:55:e3:
0d:83:d4:99:da:57:00:1f:59:33:c7:29:23:23:8d:c5:5e:fb:
c6:26:7d:47:dd:4b:7f:7f:08:de:62:8a:99:e4:a1:03:ab:f6:
4b:7c:db:9d:c6:09:13:df:fe:76:f2:3f:85:8c:30:cb:15:4f:
28:99:62:7e:d6:c3:55:dc:28:b8:9d:03:68:fe:2b:49:a8:1e:
23:f4:f3:de:96:73:e7:2a:25:05:39:48:43:b1:9e:c8:17:3e:
d5:64:76:49
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIWp7Drtc9gQVBiJjB5tqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMmYyY2NmMWJhYTM5MDMzZWM3NmE1ODZmODQ2YTM2MjE4
ZjIwOWQwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDA3NjdiMGUzNDJiNTM3Y2I2Y2VkOGU3Y2IxNTc5MmFkZDQxMWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrRLChDm1QHPd/EsiB4AkEg71f0i
7E53FXJSR6pLf1xLO/q+I9qdeSLpbLq/zrs4k3BgFCseXq9Z5nklWZ1+Nn8VC84B
Yg0x3xc4Y7f628XKOeDGZVcK/TG/O0SpF4ODjY6jbzluP27HfdIaUZy/fuTaevMI
cGxE0vvjFzYl73V+XtiPg3kIPRPNVLcRUJ/sv2goRv5Bfl2zkDl6qGiFJ/HdAwrC
bjCakGSlbxmb54exBtAUhq9OZSgiEF1rZIfLlzjWu5sYiHWX1BOO7RW8iFyYa3hp
z9whr524mhpazuzRkZgTPlx3AmlYxKPVZNcYolDU5f1gBu+CVoq1QSPFFwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCQHZ7DjQrU3y2ztjnyxV5Kt1BHtMB8GA1UdIwQY
MBaAFL4vLM8bqjkDPsdqWG+EajYhjyCdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmk4c3p4dXFPUU0teDJwWWI0UnFOaUdQSUowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85Nzc0NGQtNTk4OC00NmFlLTgyZjEt
NjQxODdlMzA0MzViLzEvSkFkbnNPTkN0VGZMYk8yT2ZMRlhrcTNVRWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85Nzc0NGQtNTk4OC00NmFlLTgyZjEtNjQxODdlMzA0MzVi
LzEvdmk4c3p4dXFPUU0teDJwWWI0UnFOaUdQSUowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDn//IAwQC
w+p0MA0EAgACMAcDBQAqA4aAMA0GCSqGSIb3DQEBCwUAA4IBAQCQhjovzKd4cvQd
tvjK+KkPMKLaDx97BWeBGqUkpW4Apo6UnsbbQJK/SatT/16+9d2KF6VWOzdLPXhD
nnLjIC09l//VI9C858NNLuI5tc7YYlkpFZY71os/+Py/MutKMqCqpi9BFIO2M+4i
Eh6lW+Dwo9/hLjIpI/xflM5dgd5J7pjCuHLbj6Mrr8ywIb73fVq65JzPL/s69MbM
FdPRDUWLVeMNg9SZ2lcAH1kzxykjI43FXvvGJn1H3Ut/fwjeYoqZ5KEDq/ZLfNud
xgkT3/528j+FjDDLFU8omWJ+1sNV3Ci4nQNo/itJqB4j9PPelnPnKiUFOUhDsZ7I
Fz7VZHZJ
-----END CERTIFICATE-----
Generated at Fri Apr 25 04:38:25 2025 by rpki-client