Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/42c0c0-de6d-49b6-b450-c96a8da2c589/1/hFUKeYVJZQidWIC3boS5B2MmNkQ.roa
File: hFUKeYVJZQidWIC3boS5B2MmNkQ.roa (raw, json)
Hash identifier: orWyk1nD9ke9cd+4s/S82r9At33d+yTlOwM1l+sczkc=
Subject key identifier: 84:55:0A:79:85:49:65:08:9D:58:80:B7:6E:84:B9:07:63:26:36:44
Certificate issuer: /CN=8f20f70f17d8b72c3e42aee03291298b54a4ff2f
Certificate serial: 019421B1DB5B40CB12F88DEDBAD2AA9D8FFE
Authority key identifier: 8F:20:F7:0F:17:D8:B7:2C:3E:42:AE:E0:32:91:29:8B:54:A4:FF:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jyD3DxfYtyw-Qq7gMpEpi1Sk_y8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/42c0c0-de6d-49b6-b450-c96a8da2c589/1/hFUKeYVJZQidWIC3boS5B2MmNkQ.roa
Signing time: Wed 01 Jan 2025 11:48:11 +0000
ROA not before: Wed 01 Jan 2025 11:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205046
IP address blocks: 141.21.0.0/16 maxlen: 16
185.231.132.0/22 maxlen: 22
2001:67c:2acc::/48 maxlen: 48
2a0c:7500::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:db:5b:40:cb:12:f8:8d:ed:ba:d2:aa:9d:8f:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8f20f70f17d8b72c3e42aee03291298b54a4ff2f
Validity
Not Before: Jan 1 11:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=84550a79854965089d5880b76e84b90763263644
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:6d:cb:67:8a:38:89:bc:f9:01:0f:81:7f:ba:
07:de:1e:e7:f0:27:cc:13:84:0c:81:11:70:c3:41:
da:fd:21:a1:de:f3:6c:76:03:df:01:3d:21:09:c1:
ca:06:68:5f:75:42:23:3b:7c:f7:36:97:7f:be:5e:
01:ad:61:d2:25:9a:72:3c:86:26:7e:b6:48:df:a9:
4b:77:a9:dc:42:8b:52:f5:1f:f3:20:95:ca:40:f3:
5e:cf:87:ef:05:f8:ec:13:4f:29:2a:e4:1e:d3:5a:
3b:e7:4a:78:6c:07:dd:ef:d2:a9:65:06:c5:2e:5b:
98:17:9d:2d:66:88:15:da:5e:61:50:e3:68:ac:57:
6a:21:6d:1a:aa:c2:c9:e2:9f:e4:11:ee:fd:0f:0d:
b3:c4:cb:96:e4:fb:5f:5b:56:c5:1d:3c:42:ab:32:
1a:d5:7b:e2:40:1b:ac:b3:7b:69:eb:56:e0:3e:c1:
ad:d1:6c:3b:f0:7c:e4:9f:dd:50:af:cb:8f:12:bc:
93:88:bf:04:6b:e0:0e:64:d1:d4:c3:0d:1b:ca:04:
37:b1:9a:d2:e8:47:d9:db:fe:60:28:11:fb:5a:6e:
c0:38:01:de:4a:36:ec:98:b7:c8:80:bf:c9:12:05:
d5:7c:e9:ee:5b:07:ad:b9:1f:15:87:88:35:7e:ae:
6f:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:55:0A:79:85:49:65:08:9D:58:80:B7:6E:84:B9:07:63:26:36:44
X509v3 Authority Key Identifier:
keyid:8F:20:F7:0F:17:D8:B7:2C:3E:42:AE:E0:32:91:29:8B:54:A4:FF:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jyD3DxfYtyw-Qq7gMpEpi1Sk_y8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/42c0c0-de6d-49b6-b450-c96a8da2c589/1/hFUKeYVJZQidWIC3boS5B2MmNkQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/42c0c0-de6d-49b6-b450-c96a8da2c589/1/jyD3DxfYtyw-Qq7gMpEpi1Sk_y8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.21.0.0/16
185.231.132.0/22
IPv6:
2001:67c:2acc::/48
2a0c:7500::/29
Signature Algorithm: sha256WithRSAEncryption
5d:b5:36:a2:8c:85:f9:e6:18:ca:d8:ab:75:8d:64:10:46:b1:
1f:e6:dc:b5:3d:9b:a5:87:d7:e0:22:74:27:bb:1b:a8:05:95:
e6:4c:fe:5d:db:67:7b:09:b6:4a:21:88:5a:58:33:9d:00:08:
e8:d2:90:0a:64:c6:a3:21:7c:00:4b:6c:50:1b:46:28:12:82:
66:84:03:b2:29:9b:21:ee:c1:60:18:f8:ac:55:2f:77:eb:3f:
2e:3f:88:4e:b4:26:d1:05:97:0f:e3:24:6e:e2:8c:c5:af:dc:
ed:c5:21:a7:76:16:be:1f:c6:7b:98:51:50:c1:ab:48:24:0b:
ee:99:47:dc:6e:61:a2:5d:d6:9b:00:24:97:64:79:38:3c:be:
26:d6:70:6f:e5:3c:35:68:b3:98:5b:d9:62:91:32:3f:1d:ba:
1a:73:ed:e9:11:85:8b:49:2a:6a:96:9e:30:b6:c1:5a:aa:a8:
54:1d:f6:66:aa:fa:67:f1:8e:39:12:ea:be:78:d2:c3:a0:15:
5e:fe:a4:6c:59:cb:2a:58:20:a2:89:8f:fc:67:f2:f9:52:4e:
f3:75:82:ac:d1:6b:62:1c:39:41:03:b3:c3:9d:86:5f:d2:60:
cc:6a:37:37:e6:0d:3c:b9:6d:8c:59:d8:8a:5c:b3:e1:f7:d2:
53:70:a7:3a
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZQhsdtbQMsS+I3tutKqnY/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMjBmNzBmMTdkOGI3MmMzZTQyYWVlMDMyOTEyOThiNTRh
NGZmMmYwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDU1MGE3OTg1NDk2NTA4OWQ1ODgwYjc2ZTg0YjkwNzYzMjYzNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwm3LZ4o4ibz5AQ+Bf7oH3h7n8CfM
E4QMgRFww0Ha/SGh3vNsdgPfAT0hCcHKBmhfdUIjO3z3Npd/vl4BrWHSJZpyPIYm
frZI36lLd6ncQotS9R/zIJXKQPNez4fvBfjsE08pKuQe01o750p4bAfd79KpZQbF
LluYF50tZogV2l5hUONorFdqIW0aqsLJ4p/kEe79Dw2zxMuW5PtfW1bFHTxCqzIa
1XviQBuss3tp61bgPsGt0Ww78Hzkn91Qr8uPEryTiL8Ea+AOZNHUww0bygQ3sZrS
6EfZ2/5gKBH7Wm7AOAHeSjbsmLfIgL/JEgXVfOnuWwetuR8Vh4g1fq5vxQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIRVCnmFSWUInViAt26EuQdjJjZEMB8GA1UdIwQY
MBaAFI8g9w8X2LcsPkKu4DKRKYtUpP8vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanlEM0R4Zll0eXctUXE3Z01wRXBpMVNrX3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy80MmMwYzAtZGU2ZC00OWI2LWI0NTAt
Yzk2YThkYTJjNTg5LzEvaEZVS2VZVkpaUWlkV0lDM2JvUzVCMk1tTmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy80MmMwYzAtZGU2ZC00OWI2LWI0NTAtYzk2YThkYTJjNTg5
LzEvanlEM0R4Zll0eXctUXE3Z01wRXBpMVNrX3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzARBAIAATALAwMAjRUDBAK5
54QwFgQCAAIwEAMHACABBnwqzAMFAyoMdQAwDQYJKoZIhvcNAQELBQADggEBAF21
NqKMhfnmGMrYq3WNZBBGsR/m3LU9m6WH1+AidCe7G6gFleZM/l3bZ3sJtkohiFpY
M50ACOjSkApkxqMhfABLbFAbRigSgmaEA7IpmyHuwWAY+KxVL3frPy4/iE60JtEF
lw/jJG7ijMWv3O3FIad2Fr4fxnuYUVDBq0gkC+6ZR9xuYaJd1psAJJdkeTg8vibW
cG/lPDVos5hb2WKRMj8duhpz7ekRhYtJKmqWnjC2wVqqqFQd9maq+mfxjjkS6r54
0sOgFV7+pGxZyypYIKKJj/xn8vlSTvN1gqzRa2IcOUEDs8Odhl/SYMxqNzfmDTy5
bYxZ2Ipcs+H30lNwpzo=
-----END CERTIFICATE-----
Generated at Fri Apr 25 02:13:40 2025 by rpki-client