Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/yqHa79yqc_AhTdpIF1z57lBumTw.roa
File: yqHa79yqc_AhTdpIF1z57lBumTw.roa (raw, json)
Hash identifier: 3XrQ3wUDbCvMFbRIq0bvRcdv/vcwmJoIo/ROmgZoAgI=
Subject key identifier: CA:A1:DA:EF:DC:AA:73:F0:21:4D:DA:48:17:5C:F9:EE:50:6E:99:3C
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 019420D65C87FDD7180EAD3FD0A801EE0E5B
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/yqHa79yqc_AhTdpIF1z57lBumTw.roa
Signing time: Wed 01 Jan 2025 07:48:26 +0000
ROA not before: Wed 01 Jan 2025 07:48:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 133296
IP address blocks: 50.20.232.0/21 maxlen: 24
62.112.4.0/22 maxlen: 24
194.88.120.0/21 maxlen: 24
212.69.92.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:5c:87:fd:d7:18:0e:ad:3f:d0:a8:01:ee:0e:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Jan 1 07:48:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=caa1daefdcaa73f0214dda48175cf9ee506e993c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:1e:6d:6a:4a:bc:86:a6:c8:49:06:87:cf:c8:
31:67:2c:7c:69:be:01:2f:53:54:9a:0f:be:c5:b2:
5e:1d:72:da:c7:fe:99:4b:18:a9:dd:97:e1:fe:86:
9e:76:ab:46:43:27:00:98:98:31:6d:b6:0a:c7:47:
6f:c1:8f:9e:f2:69:45:46:83:00:1d:f8:01:5a:b0:
81:95:90:35:25:03:19:4f:91:de:b1:8d:9d:36:2d:
c9:9c:63:91:41:82:88:6e:58:2a:60:3e:94:5f:d3:
0d:df:52:9b:27:56:4b:f5:eb:29:9e:62:b3:79:72:
4e:dd:e1:f2:76:57:5b:ea:ce:e7:0d:66:d2:8a:1e:
fe:c5:f9:1d:ef:d6:4f:1c:32:88:9e:e9:67:d7:81:
65:44:77:9e:0d:35:74:f7:71:b9:d5:99:c4:99:cc:
ff:87:30:2a:b1:e5:da:91:a9:09:82:9d:6c:64:62:
44:e0:cb:40:64:3c:2c:71:f6:60:20:52:b2:ef:76:
5f:7d:57:6b:f3:54:f5:0d:0c:c6:dd:12:be:ed:09:
7b:2a:fb:c8:65:9a:d7:9f:40:f8:84:4d:b3:25:0c:
dd:26:49:9c:b1:6e:5b:be:e4:79:1b:96:1c:6d:61:
5a:34:bf:3b:f3:a2:6a:ce:f1:20:16:3f:84:b3:89:
b9:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:A1:DA:EF:DC:AA:73:F0:21:4D:DA:48:17:5C:F9:EE:50:6E:99:3C
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/yqHa79yqc_AhTdpIF1z57lBumTw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
50.20.232.0/21
62.112.4.0/22
194.88.120.0/21
212.69.92.0/22
Signature Algorithm: sha256WithRSAEncryption
15:b2:81:cf:17:20:fd:5c:d7:16:88:21:6a:94:a8:26:61:c2:
c9:a0:4c:c7:22:de:4f:eb:a1:01:49:bd:b8:76:27:0a:0d:28:
2e:7d:59:fa:24:ef:c5:f0:64:68:fb:e6:3b:4f:58:49:8c:66:
9c:f4:85:3b:2b:a2:3a:d9:ff:92:3d:4e:9f:2f:e2:6a:f4:dc:
dd:a2:53:19:21:2b:49:1d:e3:21:4c:00:45:ce:87:cc:f7:9a:
79:85:46:a1:6b:48:3e:ad:77:c2:b5:5f:bc:ad:02:3b:fe:ed:
b1:85:80:1e:f8:09:6f:64:eb:0d:08:a2:bf:d5:e1:e3:7f:76:
eb:e7:9e:66:c5:62:3d:87:1a:17:b3:81:ce:9d:89:92:dc:51:
ee:5f:7f:74:74:fa:1e:ff:d3:ad:a5:db:9f:9b:29:42:1f:a2:
ae:69:d6:1e:d9:5a:43:38:a1:6b:2b:ec:65:87:39:45:1e:4e:
cb:60:8e:3c:ee:0e:db:8c:6d:12:a9:4c:37:c3:55:7b:a1:2d:
3b:dc:0f:56:ba:0e:32:67:d6:f4:78:4b:bc:f0:2e:06:ed:6a:
8d:d3:9b:e4:9e:02:e4:7c:86:2f:62:fe:22:76:dd:54:63:8d:
4d:2c:e6:79:fa:a6:a2:99:ba:a7:07:3e:29:ac:75:3c:13:a8:
ed:8f:0c:25
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQg1lyH/dcYDq0/0KgB7g5bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWExZGFlZmRjYWE3M2YwMjE0ZGRhNDgxNzVjZjllZTUwNmU5OTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1h5takq8hqbISQaHz8gxZyx8ab4B
L1NUmg++xbJeHXLax/6ZSxip3Zfh/oaedqtGQycAmJgxbbYKx0dvwY+e8mlFRoMA
HfgBWrCBlZA1JQMZT5HesY2dNi3JnGORQYKIblgqYD6UX9MN31KbJ1ZL9espnmKz
eXJO3eHydldb6s7nDWbSih7+xfkd79ZPHDKInuln14FlRHeeDTV093G51ZnEmcz/
hzAqseXakakJgp1sZGJE4MtAZDwscfZgIFKy73ZffVdr81T1DQzG3RK+7Ql7KvvI
ZZrXn0D4hE2zJQzdJkmcsW5bvuR5G5YcbWFaNL8786JqzvEgFj+Es4m5bQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMqh2u/cqnPwIU3aSBdc+e5Qbpk8MB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEveXFIYTc5eXFjX0FoVGRwSUYxejU3bEJ1bVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDMhToAwQC
PnAEAwQDwlh4AwQC1EVcMA0GCSqGSIb3DQEBCwUAA4IBAQAVsoHPFyD9XNcWiCFq
lKgmYcLJoEzHIt5P66EBSb24dicKDSgufVn6JO/F8GRo++Y7T1hJjGac9IU7K6I6
2f+SPU6fL+Jq9NzdolMZIStJHeMhTABFzofM95p5hUaha0g+rXfCtV+8rQI7/u2x
hYAe+AlvZOsNCKK/1eHjf3br555mxWI9hxoXs4HOnYmS3FHuX390dPoe/9Otpduf
mylCH6KuadYe2VpDOKFrK+xlhzlFHk7LYI487g7bjG0SqUw3w1V7oS073A9Wug4y
Z9b0eEu88C4G7WqN05vkngLkfIYvYv4idt1UY41NLOZ5+qaimbqnBz4prHU8E6jt
jwwl
-----END CERTIFICATE-----
Generated at Fri Apr 25 06:38:27 2025 by rpki-client