Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/aa06f5-0650-4c1e-b8a7-2b623232ff22/1/2FFEY09azLJTH6k5p2L8yGNWFOo.roa
File: 2FFEY09azLJTH6k5p2L8yGNWFOo.roa (raw, json)
Hash identifier: LYP5IN3KECDE6yYzDR6sOeEMUgedzGLz0JulDOlpS/Y=
Subject key identifier: D8:51:44:63:4F:5A:CC:B2:53:1F:A9:39:A7:62:FC:C8:63:56:14:EA
Certificate issuer: /CN=ca1cc5c7b1217ccbb155dddae826ce6f9fdbacba
Certificate serial: 0194221FEAE6A8A850571C91200464CA3B10
Authority key identifier: CA:1C:C5:C7:B1:21:7C:CB:B1:55:DD:DA:E8:26:CE:6F:9F:DB:AC:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yhzFx7EhfMuxVd3a6CbOb5_brLo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/aa06f5-0650-4c1e-b8a7-2b623232ff22/1/2FFEY09azLJTH6k5p2L8yGNWFOo.roa
Signing time: Wed 01 Jan 2025 13:48:24 +0000
ROA not before: Wed 01 Jan 2025 13:48:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 208408
IP address blocks: 45.138.8.0/24 maxlen: 24
45.138.9.0/24 maxlen: 24
45.138.10.0/24 maxlen: 24
45.138.11.0/24 maxlen: 24
2a0e:aa40::/48 maxlen: 48
2a0e:aa40:1::/48 maxlen: 48
2a0e:aa40:2::/48 maxlen: 48
2a0e:aa40:3::/48 maxlen: 48
2a0e:aa40:a::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:ea:e6:a8:a8:50:57:1c:91:20:04:64:ca:3b:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca1cc5c7b1217ccbb155dddae826ce6f9fdbacba
Validity
Not Before: Jan 1 13:48:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d85144634f5accb2531fa939a762fcc8635614ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:1a:17:f9:99:a5:d8:7b:30:7c:f0:d7:75:2f:
6f:a9:01:d7:e5:9a:4a:b3:bd:f5:80:77:ad:20:f1:
e7:85:45:fa:55:10:90:a9:c6:bc:84:d2:d5:b6:59:
8b:9a:1b:40:47:c0:81:89:ff:8b:d9:e1:09:eb:09:
cd:5d:39:ca:de:e8:76:93:65:ad:bd:ba:ac:29:37:
b3:92:4f:fc:e8:e6:51:69:e4:9a:d4:81:d9:c9:e8:
13:97:97:6d:6f:b4:0e:41:09:cc:54:36:b5:fb:e8:
4b:3b:1e:d9:c4:28:ca:ae:b8:6f:1c:9d:c4:e6:12:
5b:f9:95:fe:93:3b:ec:8f:a2:02:ab:e6:1b:4b:d9:
a6:32:28:35:a5:54:86:d7:2e:cd:c4:bc:2e:82:fa:
61:8d:62:fe:4c:66:1b:97:2d:2b:64:d9:cc:ea:49:
38:a8:5e:ef:44:b8:d8:b5:ec:56:16:ce:48:b9:81:
2a:cf:81:1f:73:0c:50:d2:d6:80:c5:ef:6c:6f:4e:
82:c5:71:bc:7c:cc:6a:f9:93:45:36:78:80:fe:28:
95:4e:00:f3:51:4b:50:d7:4a:a0:99:aa:a2:c3:87:
b8:c2:cd:31:1a:2b:07:1c:e2:83:ed:3c:3d:f0:4b:
0c:ef:e9:54:5a:db:7f:14:34:91:f5:57:4c:00:62:
3e:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:51:44:63:4F:5A:CC:B2:53:1F:A9:39:A7:62:FC:C8:63:56:14:EA
X509v3 Authority Key Identifier:
keyid:CA:1C:C5:C7:B1:21:7C:CB:B1:55:DD:DA:E8:26:CE:6F:9F:DB:AC:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yhzFx7EhfMuxVd3a6CbOb5_brLo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/aa06f5-0650-4c1e-b8a7-2b623232ff22/1/2FFEY09azLJTH6k5p2L8yGNWFOo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/aa06f5-0650-4c1e-b8a7-2b623232ff22/1/yhzFx7EhfMuxVd3a6CbOb5_brLo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.138.8.0/22
IPv6:
2a0e:aa40::/46
2a0e:aa40:a::/48
Signature Algorithm: sha256WithRSAEncryption
8f:ad:7b:3c:bc:af:6a:2b:7c:e1:89:3b:92:03:d4:64:93:c1:
9c:fa:f8:01:f5:69:63:a5:b2:bd:d3:4d:91:a0:c8:4f:0a:42:
3a:11:87:b9:2b:70:66:e1:b5:d0:6a:44:a8:57:63:87:38:83:
ba:cc:d3:1e:0a:22:9c:df:7c:b3:00:1f:19:29:32:e0:7c:b5:
06:f1:16:e4:11:fe:1b:f9:7e:4f:9f:d0:bc:62:e9:5c:79:31:
39:78:86:db:36:b6:54:e6:96:78:4b:79:ad:89:ee:f8:05:41:
ef:a5:4c:c4:4c:84:7c:b2:26:af:b6:d0:97:fb:d9:b5:2e:78:
23:81:42:c4:d1:f2:41:bb:64:91:bb:d1:bc:cd:44:0c:c1:d9:
07:8f:4c:c2:4e:48:7b:8c:57:8d:ce:32:82:f9:88:9d:cc:55:
24:a6:7b:1c:44:95:79:4d:c7:6a:50:40:a5:97:f3:54:7a:ba:
3e:92:b4:f5:14:51:db:f7:3e:0e:f3:18:72:17:e7:1d:31:26:
d9:d6:af:ae:d1:0f:b6:4d:0b:51:ac:cc:25:01:f2:0a:6c:4d:
e8:e1:3d:74:dd:8a:63:8c:54:99:dd:cd:f4:a6:d6:de:08:92:
e1:28:33:5e:fd:a3:6d:04:e2:01:ba:0f:ab:62:f3:66:d8:3e:
17:44:29:e7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQiH+rmqKhQVxyRIARkyjsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMWNjNWM3YjEyMTdjY2JiMTU1ZGRkYWU4MjZjZTZmOWZk
YmFjYmEwHhcNMjUwMTAxMTM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODUxNDQ2MzRmNWFjY2IyNTMxZmE5MzlhNzYyZmNjODYzNTYxNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRoX+Zml2HswfPDXdS9vqQHX5ZpK
s731gHetIPHnhUX6VRCQqca8hNLVtlmLmhtAR8CBif+L2eEJ6wnNXTnK3uh2k2Wt
vbqsKTezkk/86OZRaeSa1IHZyegTl5dtb7QOQQnMVDa1++hLOx7ZxCjKrrhvHJ3E
5hJb+ZX+kzvsj6ICq+YbS9mmMig1pVSG1y7NxLwugvphjWL+TGYbly0rZNnM6kk4
qF7vRLjYtexWFs5IuYEqz4EfcwxQ0taAxe9sb06CxXG8fMxq+ZNFNniA/iiVTgDz
UUtQ10qgmaqiw4e4ws0xGisHHOKD7Tw98EsM7+lUWtt/FDSR9VdMAGI+pQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFNhRRGNPWsyyUx+pOadi/MhjVhTqMB8GA1UdIwQY
MBaAFMocxcexIXzLsVXd2ugmzm+f26y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWh6Rng3RWhmTXV4VmQzYTZDYk9iNV9ickxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9hYTA2ZjUtMDY1MC00YzFlLWI4YTct
MmI2MjMyMzJmZjIyLzEvMkZGRVkwOWF6TEpUSDZrNXAyTDh5R05XRk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9hYTA2ZjUtMDY1MC00YzFlLWI4YTctMmI2MjMyMzJmZjIy
LzEveWh6Rng3RWhmTXV4VmQzYTZDYk9iNV9ickxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQCLYoIMBgE
AgACMBIDBwIqDqpAAAADBwAqDqpAAAowDQYJKoZIhvcNAQELBQADggEBAI+tezy8
r2orfOGJO5ID1GSTwZz6+AH1aWOlsr3TTZGgyE8KQjoRh7krcGbhtdBqRKhXY4c4
g7rM0x4KIpzffLMAHxkpMuB8tQbxFuQR/hv5fk+f0Lxi6Vx5MTl4hts2tlTmlnhL
ea2J7vgFQe+lTMRMhHyyJq+20Jf72bUueCOBQsTR8kG7ZJG70bzNRAzB2QePTMJO
SHuMV43OMoL5iJ3MVSSmexxElXlNx2pQQKWX81R6uj6StPUUUdv3Pg7zGHIX5x0x
JtnWr67RD7ZNC1GszCUB8gpsTejhPXTdimOMVJndzfSm1t4IkuEoM179o20E4gG6
D6ti82bYPhdEKec=
-----END CERTIFICATE-----
Generated at Fri Apr 25 08:18:48 2025 by rpki-client