Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/NXdlMjppFlDgpqvrpd1dUCT0Nd4.roa
File: NXdlMjppFlDgpqvrpd1dUCT0Nd4.roa (raw, json)
Hash identifier: vFfItKSvE8cyKCuMsk2TF0b+TYLCK752KcmEvCAy640=
Subject key identifier: 35:77:65:32:3A:69:16:50:E0:A6:AB:EB:A5:DD:5D:50:24:F4:35:DE
Certificate issuer: /CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
Certificate serial: 01942067DCC51927F7B908920BB0CFF240BC
Authority key identifier: 2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/NXdlMjppFlDgpqvrpd1dUCT0Nd4.roa
Signing time: Wed 01 Jan 2025 05:47:45 +0000
ROA not before: Wed 01 Jan 2025 05:47:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29687
IP address blocks: 128.140.188.0/22 maxlen: 22
128.140.188.0/23 maxlen: 23
128.140.188.0/24 maxlen: 24
128.140.189.0/24 maxlen: 24
128.140.190.0/23 maxlen: 23
128.140.190.0/24 maxlen: 24
128.140.191.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:dc:c5:19:27:f7:b9:08:92:0b:b0:cf:f2:40:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
Validity
Not Before: Jan 1 05:47:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=357765323a691650e0a6abeba5dd5d5024f435de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:c1:f7:6e:4a:7f:e5:5a:1a:be:93:b7:74:16:
5d:84:42:89:b0:f7:fb:73:b7:30:de:13:30:cd:27:
f2:58:8c:5d:f0:d6:dd:a0:33:d7:c4:dc:db:5a:6d:
17:86:b5:8c:25:32:c3:c9:17:4b:a6:b6:df:c8:b5:
d9:79:cc:5c:a0:34:e0:5d:e9:62:25:4b:fc:20:1d:
4e:5f:2d:09:33:82:58:17:78:e6:92:f0:47:3d:05:
3b:4e:aa:44:bd:90:31:b4:58:b3:3d:3c:81:ba:c7:
af:83:c4:93:f6:aa:83:43:ee:17:99:db:68:95:b6:
5c:4f:70:69:e4:f4:ed:50:eb:12:ff:31:25:0e:ca:
2c:76:ae:7c:09:0e:f5:74:29:90:6c:5e:f3:9e:22:
33:80:e7:5b:5f:1c:99:09:09:05:e0:bf:07:62:9a:
4f:0d:7f:a8:66:b7:f2:eb:01:15:a6:00:3a:2a:7f:
8e:f1:f5:d4:45:ff:cc:35:73:5b:94:67:af:a3:f9:
30:75:4f:8f:05:61:53:9b:22:3b:1b:52:71:6a:d8:
ba:61:da:84:4f:e1:ae:de:37:1a:cd:54:f0:1f:60:
88:e0:e9:fb:c5:e6:06:d1:70:1e:81:5c:cd:b9:1a:
63:1e:23:65:3a:4f:9b:12:6e:4b:a1:14:6f:66:3f:
5f:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:77:65:32:3A:69:16:50:E0:A6:AB:EB:A5:DD:5D:50:24:F4:35:DE
X509v3 Authority Key Identifier:
keyid:2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/NXdlMjppFlDgpqvrpd1dUCT0Nd4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
128.140.188.0/22
Signature Algorithm: sha256WithRSAEncryption
50:a9:80:ff:af:1f:38:d5:41:d2:31:f5:fa:c2:8b:fd:02:f4:
ed:5f:7d:6f:af:d5:71:ee:4a:58:06:84:57:19:6f:52:b9:e1:
ed:72:69:24:5b:c9:5a:5d:55:af:db:56:80:e6:68:59:38:d5:
64:1a:04:85:98:56:3d:2d:d7:1a:04:c8:2f:65:fe:9c:3a:85:
99:cc:df:ac:22:68:9c:88:a3:c3:56:6f:c6:08:2f:df:8c:9c:
6d:93:03:6e:fc:bd:1d:72:6d:36:a6:ad:55:0f:39:35:32:33:
6e:5c:55:b1:d4:27:61:aa:c9:2b:eb:c7:6f:29:96:08:f2:01:
27:df:3c:78:e8:6d:0f:d2:8c:e9:fc:c1:03:ee:02:17:ed:cd:
03:a6:4d:ce:80:d5:16:86:f4:e8:e9:68:9b:10:1e:16:aa:66:
9e:52:03:12:79:75:26:3d:e4:15:23:04:74:a3:36:92:55:8c:
29:95:6d:db:1a:8d:05:0a:3a:d3:b8:16:c5:6f:7a:eb:4a:39:
15:c0:3b:9d:ea:2b:23:89:18:51:a3:06:65:6e:43:40:12:4b:
27:6b:a5:61:7f:20:71:94:6e:62:17:84:b3:cb:9b:e5:04:8d:
83:b9:28:25:3d:36:9f:6e:26:6a:89:7a:b8:98:78:08:7b:1c:
41:85:7e:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9zFGSf3uQiSC7DP8kC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNTY2NGUwMjkzNmNiNWI1NDU0ZDU5NWM1MzgyYjdlN2Ew
Yzc5NDQwHhcNMjUwMTAxMDU0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTc3NjUzMjNhNjkxNjUwZTBhNmFiZWJhNWRkNWQ1MDI0ZjQzNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysH3bkp/5VoavpO3dBZdhEKJsPf7
c7cw3hMwzSfyWIxd8NbdoDPXxNzbWm0XhrWMJTLDyRdLprbfyLXZecxcoDTgXeli
JUv8IB1OXy0JM4JYF3jmkvBHPQU7TqpEvZAxtFizPTyBusevg8ST9qqDQ+4Xmdto
lbZcT3Bp5PTtUOsS/zElDsosdq58CQ71dCmQbF7zniIzgOdbXxyZCQkF4L8HYppP
DX+oZrfy6wEVpgA6Kn+O8fXURf/MNXNblGevo/kwdU+PBWFTmyI7G1Jxati6YdqE
T+Gu3jcazVTwH2CI4On7xeYG0XAegVzNuRpjHiNlOk+bEm5LoRRvZj9fHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDV3ZTI6aRZQ4Kar66XdXVAk9DXeMB8GA1UdIwQY
MBaAFC5WZOApNstbVFTVlcU4K356DHlEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMt
ZWY4MWZjYTYzMDI5LzEvTlhkbE1qcHBGbERncHF2cnBkMWRVQ1QwTmQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMtZWY4MWZjYTYzMDI5
LzEvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgIy8MA0G
CSqGSIb3DQEBCwUAA4IBAQBQqYD/rx841UHSMfX6wov9AvTtX31vr9Vx7kpYBoRX
GW9SueHtcmkkW8laXVWv21aA5mhZONVkGgSFmFY9LdcaBMgvZf6cOoWZzN+sImic
iKPDVm/GCC/fjJxtkwNu/L0dcm02pq1VDzk1MjNuXFWx1Cdhqskr68dvKZYI8gEn
3zx46G0P0ozp/MED7gIX7c0Dpk3OgNUWhvTo6WibEB4WqmaeUgMSeXUmPeQVIwR0
ozaSVYwplW3bGo0FCjrTuBbFb3rrSjkVwDud6isjiRhRowZlbkNAEksna6VhfyBx
lG5iF4Szy5vlBI2DuSglPTafbiZqiXq4mHgIexxBhX7d
-----END CERTIFICATE-----
Generated at Fri Apr 25 02:49:41 2025 by rpki-client