Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/KpNDBUO4DrOuUMY4bYxc6mf9M84.roa
File: KpNDBUO4DrOuUMY4bYxc6mf9M84.roa (raw, json)
Hash identifier: /TtjRiKKiuCXSfe3cAbNi8t4pi1t9WsO7+lwemiTx14=
Subject key identifier: 2A:93:43:05:43:B8:0E:B3:AE:50:C6:38:6D:8C:5C:EA:67:FD:33:CE
Certificate issuer: /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial: 01942521883BE85DD7DEFD46882AA711A9A1
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/KpNDBUO4DrOuUMY4bYxc6mf9M84.roa
Signing time: Thu 02 Jan 2025 03:49:02 +0000
ROA not before: Thu 02 Jan 2025 03:49:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199667
IP address blocks: 128.127.89.0/24 maxlen: 24
213.109.37.0/24 maxlen: 24
213.109.38.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:88:3b:e8:5d:d7:de:fd:46:88:2a:a7:11:a9:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Validity
Not Before: Jan 2 03:49:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a93430543b80eb3ae50c6386d8c5cea67fd33ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:cd:5c:f9:64:77:ce:46:a1:b1:7f:53:9d:71:
79:cf:a6:10:79:7b:0b:7e:21:9a:98:5f:51:13:98:
0d:23:57:12:3b:b6:f3:d8:23:fa:24:73:24:6a:f3:
e1:47:73:79:96:75:18:f4:66:86:31:8a:c8:1e:ab:
83:f1:34:0d:fc:30:ca:2c:b7:9b:fa:80:75:13:01:
55:4b:65:33:ab:d2:5d:b5:c1:49:27:b4:ce:a5:0e:
28:54:a8:66:04:5b:1e:0c:59:e0:bd:11:ab:31:6e:
01:ef:39:a3:30:88:00:f0:d2:4a:39:0f:7d:78:94:
e4:3f:68:4c:85:cb:8a:a3:88:49:d4:9c:db:5d:a0:
3b:ae:a4:ac:82:ab:09:91:4a:3a:9f:b5:b1:4b:94:
2a:c5:3f:8e:0e:96:48:df:5d:f2:6d:b5:d1:e9:df:
18:6f:0f:b1:8d:48:aa:00:b4:52:e3:71:82:31:7b:
35:4e:12:43:39:f1:b0:dc:40:79:89:7a:d3:0e:65:
77:96:2f:7b:41:89:37:bd:6b:81:70:99:e5:4d:08:
cd:60:1b:a6:26:55:b1:64:b8:52:1b:89:97:e7:66:
71:a4:87:73:e9:ee:3d:82:a9:b3:01:5f:38:7d:9a:
7e:f3:69:2d:d1:a1:65:b5:00:f1:5a:ee:ab:c6:48:
2d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:93:43:05:43:B8:0E:B3:AE:50:C6:38:6D:8C:5C:EA:67:FD:33:CE
X509v3 Authority Key Identifier:
keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/KpNDBUO4DrOuUMY4bYxc6mf9M84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
128.127.89.0/24
213.109.37.0-213.109.38.255
Signature Algorithm: sha256WithRSAEncryption
1f:09:bd:68:35:6f:8f:14:2c:21:ab:fd:a0:4e:9e:9a:26:a0:
ab:28:8a:a8:f3:dc:8a:c7:b6:e5:7d:56:07:57:90:91:b7:0d:
31:d4:2e:a9:f6:df:54:20:71:5d:e7:46:84:39:4e:f1:84:a3:
49:24:68:a3:52:d4:f6:9c:57:6c:fc:3f:1f:73:26:1b:5a:2b:
47:ea:3f:b9:b2:98:0f:b2:79:7d:97:5b:d9:f3:ea:4b:cf:8d:
dc:ca:d7:cf:33:d6:44:9e:2c:70:c7:12:8b:33:28:c7:d6:da:
e7:61:90:95:33:46:79:c8:3b:ef:fd:57:d0:56:88:cc:c4:aa:
3f:98:90:1a:35:c8:d3:8d:79:d4:15:60:b5:2d:8b:d7:bb:8e:
65:ac:1f:11:07:15:0d:92:e6:26:fc:6f:3f:71:77:3b:7b:17:
5d:cf:b4:2f:bd:69:44:3f:4c:2a:3a:62:3f:51:11:c4:c7:ba:
53:40:b6:b5:b9:a9:84:77:b7:58:88:7b:3e:88:5e:9b:42:69:
6b:50:ca:35:b5:34:4c:f3:b3:fb:07:34:0c:30:ee:5c:b0:71:
c7:d8:e9:2c:f9:20:5d:ae:c4:97:47:59:8b:c4:bb:9c:72:7a:
9d:fb:f3:9e:0c:98:61:b9:98:fe:23:e2:d3:c0:fd:78:a3:43:
31:f8:a5:35
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQlIYg76F3X3v1GiCqnEamhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjUwMTAyMDM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTkzNDMwNTQzYjgwZWIzYWU1MGM2Mzg2ZDhjNWNlYTY3ZmQzM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2s1c+WR3zkahsX9TnXF5z6YQeXsL
fiGamF9RE5gNI1cSO7bz2CP6JHMkavPhR3N5lnUY9GaGMYrIHquD8TQN/DDKLLeb
+oB1EwFVS2Uzq9JdtcFJJ7TOpQ4oVKhmBFseDFngvRGrMW4B7zmjMIgA8NJKOQ99
eJTkP2hMhcuKo4hJ1JzbXaA7rqSsgqsJkUo6n7WxS5QqxT+ODpZI313ybbXR6d8Y
bw+xjUiqALRS43GCMXs1ThJDOfGw3EB5iXrTDmV3li97QYk3vWuBcJnlTQjNYBum
JlWxZLhSG4mX52ZxpIdz6e49gqmzAV84fZp+82kt0aFltQDxWu6rxkgt5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCqTQwVDuA6zrlDGOG2MXOpn/TPOMB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvS3BOREJVTzREck91VU1ZNGJZeGM2bWY5TTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAgH9ZMAwD
BADVbSUDBADVbSYwDQYJKoZIhvcNAQELBQADggEBAB8JvWg1b48ULCGr/aBOnpom
oKsoiqjz3IrHtuV9VgdXkJG3DTHULqn231QgcV3nRoQ5TvGEo0kkaKNS1PacV2z8
Px9zJhtaK0fqP7mymA+yeX2XW9nz6kvPjdzK188z1kSeLHDHEoszKMfW2udhkJUz
RnnIO+/9V9BWiMzEqj+YkBo1yNONedQVYLUti9e7jmWsHxEHFQ2S5ib8bz9xdzt7
F13PtC+9aUQ/TCo6Yj9REcTHulNAtrW5qYR3t1iIez6IXptCaWtQyjW1NEzzs/sH
NAww7lywccfY6Sz5IF2uxJdHWYvEu5xyep37854MmGG5mP4j4tPA/XijQzH4pTU=
-----END CERTIFICATE-----
Generated at Sat Apr 26 10:26:20 2025 by rpki-client