Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b63517-3f1e-451e-8850-8db0efb5620a/1/HXTmIJpOXUBrZETa5KpoNsj5ios.roa
File: HXTmIJpOXUBrZETa5KpoNsj5ios.roa (raw, json)
Hash identifier: wT1yK/NZUtAafpXAtOvFbXEAE831pb+X4Lo1DKNHxx4=
Subject key identifier: 1D:74:E6:20:9A:4E:5D:40:6B:64:44:DA:E4:AA:68:36:C8:F9:8A:8B
Certificate issuer: /CN=a800ba639e65dbdcc690f58a5a740641b4ff88d4
Certificate serial: 01942143CDA84AB18E2CFD390F0663551444
Authority key identifier: A8:00:BA:63:9E:65:DB:DC:C6:90:F5:8A:5A:74:06:41:B4:FF:88:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qAC6Y55l29zGkPWKWnQGQbT_iNQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/b63517-3f1e-451e-8850-8db0efb5620a/1/HXTmIJpOXUBrZETa5KpoNsj5ios.roa
Signing time: Wed 01 Jan 2025 09:47:59 +0000
ROA not before: Wed 01 Jan 2025 09:47:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207794
IP address blocks: 194.113.139.0/24 maxlen: 24
194.113.140.0/24 maxlen: 24
194.113.142.0/24 maxlen: 24
194.113.155.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:cd:a8:4a:b1:8e:2c:fd:39:0f:06:63:55:14:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a800ba639e65dbdcc690f58a5a740641b4ff88d4
Validity
Not Before: Jan 1 09:47:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1d74e6209a4e5d406b6444dae4aa6836c8f98a8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:7e:ab:4c:f7:2d:05:04:33:be:78:92:9d:83:
a1:aa:15:2b:61:ab:0b:28:b3:e8:c6:cf:86:06:c9:
b5:4b:a2:f9:bd:2e:b4:ed:fe:ec:f9:90:f8:26:07:
80:cf:fa:cb:c5:5b:b5:5e:89:7e:19:68:e2:53:b7:
2c:cd:a8:63:49:82:f9:35:ef:6c:a5:11:b8:db:53:
23:1a:5f:92:23:1e:5b:7b:d0:72:c5:73:cb:4e:26:
4a:d1:4a:53:e8:4b:2b:e2:8a:9d:d6:3c:5e:e9:db:
b4:64:a0:fb:70:02:31:38:6b:ce:91:ab:a5:58:a4:
98:22:a8:dc:de:21:eb:61:e6:33:aa:75:a0:ec:b5:
31:ad:0d:3d:a8:25:9b:a0:b9:b0:c3:01:c5:68:6f:
7e:28:62:e7:59:d7:6c:b8:2d:97:ff:3f:55:ec:0e:
32:58:ea:7e:fa:3e:6d:a2:37:3c:85:fb:57:3a:3c:
c1:a6:39:4c:c6:4b:39:6f:ca:a3:fd:db:76:61:5d:
0a:75:cc:0f:8f:cc:5e:b5:df:02:1c:f3:a4:5f:5d:
4f:a6:2b:fc:04:67:79:28:de:1a:55:dc:e6:c6:21:
fa:34:e0:06:d7:a8:71:01:b1:fa:82:c4:54:5c:c7:
06:f7:2f:4a:5c:2a:b0:32:23:74:c1:9b:d8:97:72:
b6:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:74:E6:20:9A:4E:5D:40:6B:64:44:DA:E4:AA:68:36:C8:F9:8A:8B
X509v3 Authority Key Identifier:
keyid:A8:00:BA:63:9E:65:DB:DC:C6:90:F5:8A:5A:74:06:41:B4:FF:88:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAC6Y55l29zGkPWKWnQGQbT_iNQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b63517-3f1e-451e-8850-8db0efb5620a/1/HXTmIJpOXUBrZETa5KpoNsj5ios.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b63517-3f1e-451e-8850-8db0efb5620a/1/qAC6Y55l29zGkPWKWnQGQbT_iNQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.113.139.0-194.113.140.255
194.113.142.0/24
194.113.155.0/24
Signature Algorithm: sha256WithRSAEncryption
68:23:2d:6d:44:90:8d:00:53:cf:34:d2:89:58:73:48:6b:7f:
04:53:68:3c:ed:53:69:a3:91:c3:ed:91:ef:e6:d4:82:24:ad:
14:2c:ce:d8:ed:b1:38:c8:82:d4:07:4c:3a:eb:da:e9:cd:14:
c8:b2:3a:1d:4e:56:af:e5:69:58:95:b9:92:d2:d9:ef:dd:f9:
d0:11:c5:6b:46:9a:ea:c5:cc:05:b0:d6:cc:7b:11:aa:fe:59:
eb:8e:8d:9d:6a:9b:63:92:fc:3e:d4:09:b7:2e:4d:78:54:63:
ae:29:e2:6e:4b:ee:cf:8c:ef:53:7a:37:4a:d7:b3:69:97:82:
36:1e:4e:0c:bc:ac:3f:de:c1:be:cc:da:94:9b:31:c2:68:8d:
72:51:04:23:69:52:7f:27:94:f1:ac:c8:71:82:86:19:72:99:
55:bf:94:8f:da:76:28:c3:c8:a9:56:8e:aa:a5:24:b5:50:bb:
b7:19:47:28:09:18:fd:b2:58:69:72:f0:32:80:26:3c:ba:75:
20:be:ed:99:10:b5:85:fa:3b:cf:da:47:81:92:4f:3d:c8:e4:
6b:4d:1e:34:8b:e8:72:a2:51:b3:96:fe:3b:b9:82:df:cc:38:
51:e8:b8:43:62:ad:ee:f0:b5:48:2f:b3:16:53:f5:74:92:b8:
f6:fd:f5:87
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQhQ82oSrGOLP05DwZjVRREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDBiYTYzOWU2NWRiZGNjNjkwZjU4YTVhNzQwNjQxYjRm
Zjg4ZDQwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc0ZTYyMDlhNGU1ZDQwNmI2NDQ0ZGFlNGFhNjgzNmM4Zjk4YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwX6rTPctBQQzvniSnYOhqhUrYasL
KLPoxs+GBsm1S6L5vS607f7s+ZD4JgeAz/rLxVu1Xol+GWjiU7cszahjSYL5Ne9s
pRG421MjGl+SIx5be9ByxXPLTiZK0UpT6Esr4oqd1jxe6du0ZKD7cAIxOGvOkaul
WKSYIqjc3iHrYeYzqnWg7LUxrQ09qCWboLmwwwHFaG9+KGLnWddsuC2X/z9V7A4y
WOp++j5tojc8hftXOjzBpjlMxks5b8qj/dt2YV0KdcwPj8xetd8CHPOkX11Ppiv8
BGd5KN4aVdzmxiH6NOAG16hxAbH6gsRUXMcG9y9KXCqwMiN0wZvYl3K2twIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFB105iCaTl1Aa2RE2uSqaDbI+YqLMB8GA1UdIwQY
MBaAFKgAumOeZdvcxpD1ilp0BkG0/4jUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFDNlk1NWwyOXpHa1BXS1duUUdRYlRfaU5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iNjM1MTctM2YxZS00NTFlLTg4NTAt
OGRiMGVmYjU2MjBhLzEvSFhUbUlKcE9YVUJyWkVUYTVLcG9Oc2o1aW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iNjM1MTctM2YxZS00NTFlLTg4NTAtOGRiMGVmYjU2MjBh
LzEvcUFDNlk1NWwyOXpHa1BXS1duUUdRYlRfaU5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBADCcYsD
BADCcYwDBADCcY4DBADCcZswDQYJKoZIhvcNAQELBQADggEBAGgjLW1EkI0AU880
0olYc0hrfwRTaDztU2mjkcPtke/m1IIkrRQsztjtsTjIgtQHTDrr2unNFMiyOh1O
Vq/laViVuZLS2e/d+dARxWtGmurFzAWw1sx7Ear+WeuOjZ1qm2OS/D7UCbcuTXhU
Y64p4m5L7s+M71N6N0rXs2mXgjYeTgy8rD/ewb7M2pSbMcJojXJRBCNpUn8nlPGs
yHGChhlymVW/lI/adijDyKlWjqqlJLVQu7cZRygJGP2yWGly8DKAJjy6dSC+7ZkQ
tYX6O8/aR4GSTz3I5GtNHjSL6HKiUbOW/ju5gt/MOFHouENire7wtUgvsxZT9XSS
uPb99Yc=
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:30:23 2025 by rpki-client