Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/46e400-87fa-49e9-9198-65b86a035a08/1/KV7Ah7ECaAsyXag5Rq5pooWC9JA.roa
File: KV7Ah7ECaAsyXag5Rq5pooWC9JA.roa (raw, json)
Hash identifier: VgR4uMVD7rCZUo7Z3bX/mNyr94Jdnu1Q2sOy20+13Cw=
Subject key identifier: 29:5E:C0:87:B1:02:68:0B:32:5D:A8:39:46:AE:69:A2:85:82:F4:90
Certificate issuer: /CN=0fc4f70a92d46ac02c8dfe7f975be48abd62e7a4
Certificate serial: 01942067C7E51601F49D9DDABDAF30C5A0C1
Authority key identifier: 0F:C4:F7:0A:92:D4:6A:C0:2C:8D:FE:7F:97:5B:E4:8A:BD:62:E7:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D8T3CpLUasAsjf5_l1vkir1i56Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9e/46e400-87fa-49e9-9198-65b86a035a08/1/KV7Ah7ECaAsyXag5Rq5pooWC9JA.roa
Signing time: Wed 01 Jan 2025 05:47:39 +0000
ROA not before: Wed 01 Jan 2025 05:47:39 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 196865
IP address blocks: 109.232.136.0/21 maxlen: 24
178.19.160.0/21 maxlen: 24
178.19.168.0/22 maxlen: 24
185.75.108.0/22 maxlen: 24
185.142.168.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:c7:e5:16:01:f4:9d:9d:da:bd:af:30:c5:a0:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0fc4f70a92d46ac02c8dfe7f975be48abd62e7a4
Validity
Not Before: Jan 1 05:47:39 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=295ec087b102680b325da83946ae69a28582f490
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:46:cc:35:0d:94:11:a4:20:3f:7d:f9:66:16:
39:42:eb:b0:e0:84:02:a1:f8:90:96:21:b6:d9:04:
1e:b1:bb:96:fc:22:e0:ee:f2:59:a9:28:c4:8c:39:
b4:52:09:65:68:11:25:61:a8:71:2c:c5:ea:c3:98:
40:67:64:7f:3e:ec:7f:87:81:b6:f5:32:f9:5f:ed:
b2:6c:fc:29:42:e2:6e:63:8e:d4:2a:96:de:97:23:
90:96:c3:f6:1d:be:02:c0:d8:20:2a:84:29:2b:44:
f1:a0:9a:4f:9b:6b:17:cd:ef:b7:c8:80:57:30:21:
eb:d1:a7:41:4f:f1:fa:dd:c3:41:e4:48:0c:98:eb:
24:bf:30:a2:56:04:a1:70:ca:a3:20:e5:49:60:ef:
9a:61:aa:30:d1:50:10:52:7c:e1:2c:12:12:c8:b9:
79:a2:07:6c:e9:be:63:08:2b:55:e3:0b:01:c4:da:
6e:49:ed:43:d0:ab:34:8a:3f:84:a9:48:db:89:3d:
26:23:09:cf:b0:44:46:5f:9f:31:d2:61:b6:fb:ce:
3c:b7:e6:71:f5:ad:c1:52:4f:50:46:a6:24:b3:b1:
62:29:8d:a0:04:40:82:03:93:b2:40:9d:27:87:2e:
02:fa:28:c5:de:73:fe:91:ed:4e:7e:23:2a:c7:69:
bd:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:5E:C0:87:B1:02:68:0B:32:5D:A8:39:46:AE:69:A2:85:82:F4:90
X509v3 Authority Key Identifier:
keyid:0F:C4:F7:0A:92:D4:6A:C0:2C:8D:FE:7F:97:5B:E4:8A:BD:62:E7:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D8T3CpLUasAsjf5_l1vkir1i56Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/46e400-87fa-49e9-9198-65b86a035a08/1/KV7Ah7ECaAsyXag5Rq5pooWC9JA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/46e400-87fa-49e9-9198-65b86a035a08/1/D8T3CpLUasAsjf5_l1vkir1i56Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.232.136.0/21
178.19.160.0-178.19.171.255
185.75.108.0/22
185.142.168.0/22
Signature Algorithm: sha256WithRSAEncryption
19:27:10:50:d9:12:fd:3c:ff:69:14:93:c9:98:b7:7b:84:03:
59:b4:06:7b:f9:a2:ee:2e:29:f5:11:51:31:6e:6b:a6:2b:41:
87:da:34:d6:64:4c:c5:69:1e:e2:22:bb:5b:81:85:c6:e9:ae:
ca:6c:cf:83:89:97:d8:6c:18:33:14:5f:c0:84:cd:d9:12:50:
28:30:e7:97:d2:ee:e8:76:85:b1:6a:1a:09:7e:4a:4b:01:ef:
14:d4:22:80:08:58:84:64:06:4e:e6:27:b7:a6:c5:5e:81:37:
94:7c:59:0e:a7:69:27:23:19:b0:1f:cf:2f:69:cb:97:87:4b:
a2:7e:2e:b8:2a:9d:0d:15:a4:3f:a4:5f:9f:6e:55:8d:3a:8c:
19:33:9d:3b:ee:f1:cf:7a:2b:4a:d7:8d:77:e3:50:01:5e:d0:
b1:be:b8:3b:31:cc:67:68:0f:c8:2c:a1:be:b1:46:0b:82:49:
77:e6:51:bc:bf:35:63:8c:9f:a4:87:81:2d:00:7f:89:b1:67:
5f:c0:02:73:38:2e:8d:ed:36:35:29:f4:b2:4c:ed:52:bc:1a:
b1:a5:0f:0c:6f:90:5f:99:2c:38:aa:c7:57:90:7b:bd:53:a3:
f1:0b:14:9c:0a:a6:8d:f2:93:24:62:89:53:7d:b7:de:d1:21:
60:74:36:d6
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQgZ8flFgH0nZ3ava8wxaDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmYzRmNzBhOTJkNDZhYzAyYzhkZmU3Zjk3NWJlNDhhYmQ2
MmU3YTQwHhcNMjUwMTAxMDU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVlYzA4N2IxMDI2ODBiMzI1ZGE4Mzk0NmFlNjlhMjg1ODJmNDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUbMNQ2UEaQgP335ZhY5Quuw4IQC
ofiQliG22QQesbuW/CLg7vJZqSjEjDm0UgllaBElYahxLMXqw5hAZ2R/Pux/h4G2
9TL5X+2ybPwpQuJuY47UKpbelyOQlsP2Hb4CwNggKoQpK0TxoJpPm2sXze+3yIBX
MCHr0adBT/H63cNB5EgMmOskvzCiVgShcMqjIOVJYO+aYaow0VAQUnzhLBISyLl5
ogds6b5jCCtV4wsBxNpuSe1D0Ks0ij+EqUjbiT0mIwnPsERGX58x0mG2+848t+Zx
9a3BUk9QRqYks7FiKY2gBECCA5OyQJ0nhy4C+ijF3nP+ke1OfiMqx2m9ywIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFClewIexAmgLMl2oOUauaaKFgvSQMB8GA1UdIwQY
MBaAFA/E9wqS1GrALI3+f5db5Iq9YuekMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDhUM0NwTFVhc0FzamY1X2wxdmtpcjFpNTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS80NmU0MDAtODdmYS00OWU5LTkxOTgt
NjViODZhMDM1YTA4LzEvS1Y3QWg3RUNhQXN5WGFnNVJxNXBvb1dDOUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS80NmU0MDAtODdmYS00OWU5LTkxOTgtNjViODZhMDM1YTA4
LzEvRDhUM0NwTFVhc0FzamY1X2wxdmtpcjFpNTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQDbeiIMAwD
BAWyE6ADBAKyE6gDBAK5S2wDBAK5jqgwDQYJKoZIhvcNAQELBQADggEBABknEFDZ
Ev08/2kUk8mYt3uEA1m0Bnv5ou4uKfURUTFua6YrQYfaNNZkTMVpHuIiu1uBhcbp
rspsz4OJl9hsGDMUX8CEzdkSUCgw55fS7uh2hbFqGgl+SksB7xTUIoAIWIRkBk7m
J7emxV6BN5R8WQ6naScjGbAfzy9py5eHS6J+LrgqnQ0VpD+kX59uVY06jBkznTvu
8c96K0rXjXfjUAFe0LG+uDsxzGdoD8gsob6xRguCSXfmUby/NWOMn6SHgS0Af4mx
Z1/AAnM4Lo3tNjUp9LJM7VK8GrGlDwxvkF+ZLDiqx1eQe71To/ELFJwKpo3ykyRi
iVN9t97RIWB0NtY=
-----END CERTIFICATE-----
Generated at Fri Apr 25 03:56:36 2025 by rpki-client