Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/UpOdGPWJK0meS7Gh3_WX8w49CRw.roa
File: UpOdGPWJK0meS7Gh3_WX8w49CRw.roa (raw, json)
Hash identifier: Xe80koGnCIpEItaZAU3CBuIZI63oxsrazQvG2gOmx4M=
Subject key identifier: 52:93:9D:18:F5:89:2B:49:9E:4B:B1:A1:DF:F5:97:F3:0E:3D:09:1C
Certificate issuer: /CN=7ed500164f0738135b9aec04e38fc24cb90e0f5f
Certificate serial: 01941FFA2300FBFA2A8963280E24CFB04C8F
Authority key identifier: 7E:D5:00:16:4F:07:38:13:5B:9A:EC:04:E3:8F:C2:4C:B9:0E:0F:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ftUAFk8HOBNbmuwE44_CTLkOD18.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/UpOdGPWJK0meS7Gh3_WX8w49CRw.roa
Signing time: Wed 01 Jan 2025 03:47:53 +0000
ROA not before: Wed 01 Jan 2025 03:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204279
IP address blocks: 153.94.16.0/20 maxlen: 24
178.249.192.0/21 maxlen: 24
178.249.192.0/23 maxlen: 24
178.249.194.0/23 maxlen: 24
185.108.248.0/22 maxlen: 24
185.108.249.0/24 maxlen: 24
185.108.250.0/24 maxlen: 24
2a01:a4a0::/32 maxlen: 32
2a06:4940::/29 maxlen: 29
2a06:4942::/41 maxlen: 41
2a06:4942:200::/40 maxlen: 40
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:23:00:fb:fa:2a:89:63:28:0e:24:cf:b0:4c:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7ed500164f0738135b9aec04e38fc24cb90e0f5f
Validity
Not Before: Jan 1 03:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=52939d18f5892b499e4bb1a1dff597f30e3d091c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:25:36:de:ef:63:52:f2:58:23:19:7c:4e:8d:
fd:f2:2d:49:bb:14:10:89:bb:53:11:77:05:47:93:
f3:c7:81:de:a7:61:de:4f:bd:5b:24:0e:f8:14:93:
78:b4:55:ce:35:f5:43:44:38:74:ff:04:64:fa:19:
1b:72:fe:8f:16:d1:46:c4:48:b6:76:3e:e9:7d:2e:
73:75:81:a6:1b:f6:11:da:d2:30:46:78:d1:63:2f:
ac:87:39:51:91:3e:1c:1d:6b:2c:b7:52:b7:63:02:
b0:75:f7:bf:81:f7:10:64:a2:59:2c:bd:af:e6:a4:
3b:cc:18:eb:6c:78:21:7f:5d:de:42:e9:d9:8b:b7:
8d:0a:b8:a0:d4:eb:cb:54:17:27:eb:c3:e6:5e:7d:
95:fb:8d:77:0a:2e:02:5c:1a:45:c9:70:3d:98:79:
a9:00:97:1b:d5:0e:87:f8:a8:3b:5e:3f:3a:3b:37:
b6:97:f4:b3:d6:70:7b:a7:3a:88:26:88:c7:df:09:
16:21:dd:81:34:9d:ae:bb:9a:bc:24:a8:7f:b2:07:
92:17:43:38:a9:22:03:9d:65:6d:2d:7b:7c:b6:bf:
d4:71:93:37:a0:47:96:3a:f3:83:03:26:c6:71:1a:
f2:64:42:2b:c7:0c:2a:0e:30:fb:de:12:e2:0c:4f:
7b:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:93:9D:18:F5:89:2B:49:9E:4B:B1:A1:DF:F5:97:F3:0E:3D:09:1C
X509v3 Authority Key Identifier:
keyid:7E:D5:00:16:4F:07:38:13:5B:9A:EC:04:E3:8F:C2:4C:B9:0E:0F:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ftUAFk8HOBNbmuwE44_CTLkOD18.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/UpOdGPWJK0meS7Gh3_WX8w49CRw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9c5359-3452-42f3-880b-82d9a9eb430c/1/ftUAFk8HOBNbmuwE44_CTLkOD18.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
153.94.16.0/20
178.249.192.0/21
185.108.248.0/22
IPv6:
2a01:a4a0::/32
2a06:4940::/29
Signature Algorithm: sha256WithRSAEncryption
8c:fa:86:6d:23:cc:cd:77:9f:b8:90:63:a2:82:97:4b:b5:c0:
b8:12:d5:14:c2:6f:d4:61:3b:8d:8e:6f:92:20:cd:68:e6:b6:
7b:88:f6:96:86:7b:5f:ca:42:1d:26:e0:f5:38:6c:43:6c:19:
6a:eb:2e:b6:8c:20:17:85:00:f9:70:df:c8:81:a7:1d:45:2e:
61:69:02:25:20:63:29:dc:ec:82:46:2c:b3:fd:40:11:9e:3a:
69:20:bd:d0:7e:11:0c:fc:84:39:f9:70:00:4f:73:e5:ae:0c:
99:1b:df:0a:6e:82:bc:a1:95:1a:02:ed:89:c0:9c:60:04:1b:
97:6a:f4:6d:2d:c0:c6:91:cb:50:00:56:58:40:c2:b8:52:6f:
a4:b8:98:52:40:bd:12:7d:9b:23:38:50:d9:d2:7f:2e:19:6b:
d6:1d:af:ce:7f:70:e7:a6:39:71:bf:24:f1:90:b8:c0:c7:5b:
0b:53:84:3e:72:fb:c4:85:f5:b5:4c:71:38:ed:d9:19:c3:ca:
db:0b:78:02:e1:76:e9:5d:e4:cc:ab:d2:9c:2f:db:a1:93:16:
51:3d:d0:d6:38:ca:7f:b0:9a:48:ef:2a:b7:69:5b:69:53:48:
08:8e:4f:20:e7:89:7a:00:ee:52:17:4b:0a:aa:c4:00:e9:cb:
47:c8:b9:b0
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAZQf+iMA+/oqiWMoDiTPsEyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZDUwMDE2NGYwNzM4MTM1YjlhZWMwNGUzOGZjMjRjYjkw
ZTBmNWYwHhcNMjUwMTAxMDM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjkzOWQxOGY1ODkyYjQ5OWU0YmIxYTFkZmY1OTdmMzBlM2QwOTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliU23u9jUvJYIxl8To398i1JuxQQ
ibtTEXcFR5Pzx4Hep2HeT71bJA74FJN4tFXONfVDRDh0/wRk+hkbcv6PFtFGxEi2
dj7pfS5zdYGmG/YR2tIwRnjRYy+shzlRkT4cHWsst1K3YwKwdfe/gfcQZKJZLL2v
5qQ7zBjrbHghf13eQunZi7eNCrig1OvLVBcn68PmXn2V+413Ci4CXBpFyXA9mHmp
AJcb1Q6H+Kg7Xj86Oze2l/Sz1nB7pzqIJojH3wkWId2BNJ2uu5q8JKh/sgeSF0M4
qSIDnWVtLXt8tr/UcZM3oEeWOvODAybGcRryZEIrxwwqDjD73hLiDE97fQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFFKTnRj1iStJnkuxod/1l/MOPQkcMB8GA1UdIwQY
MBaAFH7VABZPBzgTW5rsBOOPwky5Dg9fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnRVQUZrOEhPQk5ibXV3RTQ0X0NUTGtPRDE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC85YzUzNTktMzQ1Mi00MmYzLTg4MGIt
ODJkOWE5ZWI0MzBjLzEvVXBPZEdQV0pLMG1lUzdHaDNfV1g4dzQ5Q1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC85YzUzNTktMzQ1Mi00MmYzLTg4MGItODJkOWE5ZWI0MzBj
LzEvZnRVQUZrOEhPQk5ibXV3RTQ0X0NUTGtPRDE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQEmV4QAwQD
svnAAwQCuWz4MBQEAgACMA4DBQAqAaSgAwUDKgZJQDANBgkqhkiG9w0BAQsFAAOC
AQEAjPqGbSPMzXefuJBjooKXS7XAuBLVFMJv1GE7jY5vkiDNaOa2e4j2loZ7X8pC
HSbg9ThsQ2wZausutowgF4UA+XDfyIGnHUUuYWkCJSBjKdzsgkYss/1AEZ46aSC9
0H4RDPyEOflwAE9z5a4MmRvfCm6CvKGVGgLticCcYAQbl2r0bS3AxpHLUABWWEDC
uFJvpLiYUkC9En2bIzhQ2dJ/Lhlr1h2vzn9w56Y5cb8k8ZC4wMdbC1OEPnL7xIX1
tUxxOO3ZGcPK2wt4AuF26V3kzKvSnC/boZMWUT3Q1jjKf7CaSO8qt2lbaVNICI5P
IOeJegDuUhdLCqrEAOnLR8i5sA==
-----END CERTIFICATE-----
Generated at Fri Apr 25 02:42:27 2025 by rpki-client