Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/0R9hBHck9goXLckWs83vfzxcFiw.roa
File: 0R9hBHck9goXLckWs83vfzxcFiw.roa (raw, json)
Hash identifier: obv3yvxGMmGg4JBfXp95o/8uj2ocziHcF4Wd0qYKBC0=
Subject key identifier: D1:1F:61:04:77:24:F6:0A:17:2D:C9:16:B3:CD:EF:7F:3C:5C:16:2C
Certificate issuer: /CN=23d8448c5cb90398e4c285cec9c0f4766ac931df
Certificate serial: 0194221FD59BAB8A2235015804AC8144DFA8
Authority key identifier: 23:D8:44:8C:5C:B9:03:98:E4:C2:85:CE:C9:C0:F4:76:6A:C9:31:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/0R9hBHck9goXLckWs83vfzxcFiw.roa
Signing time: Wed 01 Jan 2025 13:48:19 +0000
ROA not before: Wed 01 Jan 2025 13:48:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1120
IP address blocks: 78.104.145.0/24 maxlen: 24
193.170.120.96/28 maxlen: 28
193.171.3.0/24 maxlen: 24
193.171.255.0/24 maxlen: 24
2001:628:453::/48 maxlen: 48
2001:628:2000::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:d5:9b:ab:8a:22:35:01:58:04:ac:81:44:df:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23d8448c5cb90398e4c285cec9c0f4766ac931df
Validity
Not Before: Jan 1 13:48:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d11f61047724f60a172dc916b3cdef7f3c5c162c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:ab:1d:b0:b0:9b:2a:43:98:f2:7d:a4:47:69:
3b:9f:20:99:8e:e7:8a:7c:d5:0e:c3:f2:05:8d:fa:
97:99:6d:ec:5b:73:ce:8d:6b:17:95:ea:b0:da:46:
f6:43:74:b4:fc:86:e6:36:24:dd:b3:92:dc:7d:49:
86:cd:65:53:d4:1e:7a:b1:4e:48:1c:97:b5:6f:13:
13:da:12:d8:04:d0:40:0a:38:59:0d:40:05:e3:28:
ed:7c:f4:bd:cb:d0:3c:e7:95:04:f5:e9:56:21:dd:
25:1b:d3:5f:3f:e9:74:ac:42:da:91:2a:fb:54:dc:
3a:69:30:a1:5f:0f:3d:61:24:51:04:d2:bd:57:ec:
2d:c8:08:88:bb:85:0a:31:af:24:bc:ee:47:99:f8:
c8:c1:a3:ac:4d:0b:a0:cd:48:9d:76:fb:cd:15:68:
66:ce:e2:36:98:3d:60:f9:e5:4f:c2:b8:78:de:63:
e5:ed:d4:f4:58:0b:35:55:5e:92:1d:d9:2b:37:12:
a0:f5:e9:b5:25:b3:d6:34:6f:49:25:75:6c:39:b0:
9f:71:4c:5a:35:7b:5a:cf:d2:f8:68:2d:d2:57:9e:
e4:f6:89:5b:05:4d:c8:47:0f:16:99:b4:4a:79:4d:
ce:81:e2:3a:59:05:f2:dc:76:cc:34:d0:e6:fa:33:
51:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:1F:61:04:77:24:F6:0A:17:2D:C9:16:B3:CD:EF:7F:3C:5C:16:2C
X509v3 Authority Key Identifier:
keyid:23:D8:44:8C:5C:B9:03:98:E4:C2:85:CE:C9:C0:F4:76:6A:C9:31:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9hEjFy5A5jkwoXOycD0dmrJMd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/0R9hBHck9goXLckWs83vfzxcFiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/f4a80d-f5f7-4522-b9b5-f772a0139016/1/I9hEjFy5A5jkwoXOycD0dmrJMd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.104.145.0/24
193.170.120.96/28
193.171.3.0/24
193.171.255.0/24
IPv6:
2001:628:453::/48
2001:628:2000::/48
Signature Algorithm: sha256WithRSAEncryption
53:72:c5:52:a4:fc:e2:94:91:84:97:55:7e:8e:2b:70:3f:92:
c2:44:20:6f:10:d5:36:c0:1b:3a:7c:f0:41:26:e5:f7:76:4b:
55:96:2b:e0:a2:c8:0e:a6:9e:d4:a4:49:50:60:af:0b:d9:ab:
a9:f6:6e:b2:e9:17:b8:c5:e4:96:b7:59:70:0c:ca:08:4b:c3:
0b:0d:54:96:76:04:8a:39:01:b1:23:97:f0:f2:9a:e8:ff:83:
1a:77:30:a9:b1:44:36:ca:47:9a:b2:dc:fd:fc:76:fd:5b:7d:
e3:66:74:ce:a9:61:cf:5c:12:f8:f8:5e:85:a9:47:d1:54:97:
0c:62:cb:77:88:97:7b:cd:0a:aa:d3:cf:22:6a:a3:88:70:f2:
df:10:da:21:03:f0:ca:36:b2:63:9d:70:2b:cc:9a:5f:02:28:
67:2c:14:be:f7:68:32:f9:ee:b3:8f:0d:1b:05:d2:23:20:4e:
30:d3:bb:6c:73:6e:75:43:a1:5a:99:ef:de:02:f4:b5:59:42:
39:11:f7:c0:c1:a5:97:bc:b9:23:55:6b:00:6d:29:b8:a4:9b:
ab:fe:aa:17:36:59:93:d9:45:c4:bd:e1:d8:ac:3e:07:a7:10:
7c:49:c8:97:b6:03:f9:f6:5c:d7:ce:3c:eb:88:ad:db:46:39:
1c:23:9a:3c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAZQiH9Wbq4oiNQFYBKyBRN+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZDg0NDhjNWNiOTAzOThlNGMyODVjZWM5YzBmNDc2NmFj
OTMxZGYwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTFmNjEwNDc3MjRmNjBhMTcyZGM5MTZiM2NkZWY3ZjNjNWMxNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzasdsLCbKkOY8n2kR2k7nyCZjueK
fNUOw/IFjfqXmW3sW3POjWsXleqw2kb2Q3S0/IbmNiTds5LcfUmGzWVT1B56sU5I
HJe1bxMT2hLYBNBACjhZDUAF4yjtfPS9y9A855UE9elWId0lG9NfP+l0rELakSr7
VNw6aTChXw89YSRRBNK9V+wtyAiIu4UKMa8kvO5HmfjIwaOsTQugzUiddvvNFWhm
zuI2mD1g+eVPwrh43mPl7dT0WAs1VV6SHdkrNxKg9em1JbPWNG9JJXVsObCfcUxa
NXtaz9L4aC3SV57k9olbBU3IRw8WmbRKeU3OgeI6WQXy3HbMNNDm+jNRKwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNEfYQR3JPYKFy3JFrPN7388XBYsMB8GA1UdIwQY
MBaAFCPYRIxcuQOY5MKFzsnA9HZqyTHfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTloRWpGeTVBNWprd29YT3ljRDBkbXJKTWQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9mNGE4MGQtZjVmNy00NTIyLWI5YjUt
Zjc3MmEwMTM5MDE2LzEvMFI5aEJIY2s5Z29YTGNrV3M4M3ZmenhjRml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9mNGE4MGQtZjVmNy00NTIyLWI5YjUtZjc3MmEwMTM5MDE2
LzEvSTloRWpGeTVBNWprd29YT3ljRDBkbXJKTWQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAfBAIAATAZAwQATmiRAwUE
wap4YAMEAMGrAwMEAMGr/zAYBAIAAjASAwcAIAEGKARTAwcAIAEGKCAAMA0GCSqG
SIb3DQEBCwUAA4IBAQBTcsVSpPzilJGEl1V+jitwP5LCRCBvENU2wBs6fPBBJuX3
dktVlivgosgOpp7UpElQYK8L2aup9m6y6Re4xeSWt1lwDMoIS8MLDVSWdgSKOQGx
I5fw8pro/4MadzCpsUQ2ykeastz9/Hb9W33jZnTOqWHPXBL4+F6FqUfRVJcMYst3
iJd7zQqq088iaqOIcPLfENohA/DKNrJjnXArzJpfAihnLBS+92gy+e6zjw0bBdIj
IE4w07tsc251Q6Fame/eAvS1WUI5EffAwaWXvLkjVWsAbSm4pJur/qoXNlmT2UXE
veHYrD4HpxB8SciXtgP59lzXzjzriK3bRjkcI5o8
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:56:55 2025 by rpki-client