Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d3c1d5-e923-4831-804c-c7586282fe13/1/nqRmyRsi2-hKiZqffDikHhIZIA8.roa
File: nqRmyRsi2-hKiZqffDikHhIZIA8.roa (raw, json)
Hash identifier: vx+mbFW9leAh9kJ2X2Cv3OUNnkvDKbo77etkxvxrmFM=
Subject key identifier: 9E:A4:66:C9:1B:22:DB:E8:4A:89:9A:9F:7C:38:A4:1E:12:19:20:0F
Certificate issuer: /CN=b4d8b27aaa55e51a345f6a4519e367955046c30a
Certificate serial: 0194214450B7039FFD273D60A42380F5EB76
Authority key identifier: B4:D8:B2:7A:AA:55:E5:1A:34:5F:6A:45:19:E3:67:95:50:46:C3:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tNiyeqpV5Ro0X2pFGeNnlVBGwwo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/d3c1d5-e923-4831-804c-c7586282fe13/1/nqRmyRsi2-hKiZqffDikHhIZIA8.roa
Signing time: Wed 01 Jan 2025 09:48:32 +0000
ROA not before: Wed 01 Jan 2025 09:48:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200729
IP address blocks: 5.191.240.0/20 maxlen: 24
185.96.124.0/24 maxlen: 24
185.96.125.0/24 maxlen: 24
185.96.126.0/24 maxlen: 24
185.96.127.0/24 maxlen: 24
185.143.196.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:50:b7:03:9f:fd:27:3d:60:a4:23:80:f5:eb:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4d8b27aaa55e51a345f6a4519e367955046c30a
Validity
Not Before: Jan 1 09:48:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9ea466c91b22dbe84a899a9f7c38a41e1219200f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:ff:fa:8a:4e:44:ef:1d:04:0b:54:b9:97:8c:
ad:c4:69:60:51:dc:b6:a2:4c:fa:74:bd:d1:22:65:
32:f4:34:de:f2:c3:c5:3d:53:e6:71:ef:82:14:c4:
52:4b:f2:89:cd:8a:d4:3c:55:71:f0:f3:76:df:31:
34:30:81:70:e3:bc:e0:38:f2:89:58:f0:b3:11:ed:
96:1e:47:b4:f6:e1:91:dc:3e:d2:12:d4:d3:79:83:
f2:42:d9:0c:a0:5d:3d:6a:b5:02:a0:7f:e7:1d:c0:
12:26:61:e8:e9:84:b4:f5:b8:e7:f4:e7:db:78:41:
d4:08:cd:d1:15:e5:a4:5c:8f:08:00:c4:bc:01:03:
e3:1d:ff:a1:36:16:df:0e:bc:bf:7a:67:ab:05:a5:
63:4d:07:dd:8a:7d:6a:45:9f:9f:7b:8b:cd:a9:8f:
46:b2:90:c7:07:e7:af:b1:53:49:9b:f0:57:c2:de:
52:05:a3:f2:71:db:51:a4:73:d8:cb:4e:8f:1d:36:
bc:8e:e6:fd:fc:6b:64:89:94:fd:6d:06:36:46:3f:
39:e5:d8:fd:fa:33:32:58:b7:ea:23:35:49:3a:d2:
e8:25:21:93:ff:33:33:e7:35:74:93:7c:6d:61:86:
c0:c7:82:fe:8a:07:31:be:98:82:0b:77:80:0f:62:
77:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:A4:66:C9:1B:22:DB:E8:4A:89:9A:9F:7C:38:A4:1E:12:19:20:0F
X509v3 Authority Key Identifier:
keyid:B4:D8:B2:7A:AA:55:E5:1A:34:5F:6A:45:19:E3:67:95:50:46:C3:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNiyeqpV5Ro0X2pFGeNnlVBGwwo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d3c1d5-e923-4831-804c-c7586282fe13/1/nqRmyRsi2-hKiZqffDikHhIZIA8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d3c1d5-e923-4831-804c-c7586282fe13/1/tNiyeqpV5Ro0X2pFGeNnlVBGwwo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.191.240.0/20
185.96.124.0/22
185.143.196.0/22
Signature Algorithm: sha256WithRSAEncryption
57:2b:86:30:e2:bd:c9:54:9f:9d:2b:5d:f6:d4:19:72:02:ec:
f6:e2:1f:d6:c0:ce:10:96:ea:a9:d2:63:c9:b1:8d:8c:81:f9:
0b:7f:ab:dd:a5:2d:04:96:a3:29:08:0f:2d:fb:a8:b7:0c:e2:
0a:3c:60:31:82:78:74:06:bb:57:c3:18:a5:7c:42:6a:5a:86:
d6:84:7a:e8:f4:90:a4:32:a2:17:a5:48:bd:03:eb:91:d9:e3:
d1:40:bb:cf:9b:58:88:c1:aa:7e:1c:35:38:09:87:4b:af:84:
3d:c2:24:7f:34:e7:d9:a2:3a:b5:b5:83:d6:a9:2e:79:df:be:
bd:75:e3:dc:36:ed:b0:73:88:5a:a9:1f:b1:10:0b:2d:ac:23:
fb:71:dd:39:ad:54:1f:56:f8:2b:5f:bc:8a:88:cd:f1:3f:49:
e1:32:1e:9c:b7:82:6c:eb:8c:5b:ab:2a:99:75:14:4b:83:91:
41:c3:49:65:13:1a:f0:09:88:e2:ae:7e:eb:2c:57:14:f6:4e:
f7:9d:9c:83:23:80:ba:22:c1:7c:be:75:13:40:29:74:81:cd:
89:dc:53:f7:87:a4:51:5b:f1:68:87:f5:f7:54:84:01:b5:0a:
e1:67:32:b5:61:fe:c9:0b:a0:0e:70:67:73:00:71:e4:b7:a7:
32:29:48:d8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhRFC3A5/9Jz1gpCOA9et2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDhiMjdhYWE1NWU1MWEzNDVmNmE0NTE5ZTM2Nzk1NTA0
NmMzMGEwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE0NjZjOTFiMjJkYmU4NGE4OTlhOWY3YzM4YTQxZTEyMTkyMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf/6ik5E7x0EC1S5l4ytxGlgUdy2
okz6dL3RImUy9DTe8sPFPVPmce+CFMRSS/KJzYrUPFVx8PN23zE0MIFw47zgOPKJ
WPCzEe2WHke09uGR3D7SEtTTeYPyQtkMoF09arUCoH/nHcASJmHo6YS09bjn9Ofb
eEHUCM3RFeWkXI8IAMS8AQPjHf+hNhbfDry/emerBaVjTQfdin1qRZ+fe4vNqY9G
spDHB+evsVNJm/BXwt5SBaPycdtRpHPYy06PHTa8jub9/GtkiZT9bQY2Rj855dj9
+jMyWLfqIzVJOtLoJSGT/zMz5zV0k3xtYYbAx4L+igcxvpiCC3eAD2J3cQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ6kZskbItvoSoman3w4pB4SGSAPMB8GA1UdIwQY
MBaAFLTYsnqqVeUaNF9qRRnjZ5VQRsMKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5peWVxcFY1Um8wWDJwRkdlTm5sVkJHd3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kM2MxZDUtZTkyMy00ODMxLTgwNGMt
Yzc1ODYyODJmZTEzLzEvbnFSbXlSc2kyLWhLaVpxZmZEaWtIaElaSUE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kM2MxZDUtZTkyMy00ODMxLTgwNGMtYzc1ODYyODJmZTEz
LzEvdE5peWVxcFY1Um8wWDJwRkdlTm5sVkJHd3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEBb/wAwQC
uWB8AwQCuY/EMA0GCSqGSIb3DQEBCwUAA4IBAQBXK4Yw4r3JVJ+dK1321BlyAuz2
4h/WwM4Qluqp0mPJsY2MgfkLf6vdpS0ElqMpCA8t+6i3DOIKPGAxgnh0BrtXwxil
fEJqWobWhHro9JCkMqIXpUi9A+uR2ePRQLvPm1iIwap+HDU4CYdLr4Q9wiR/NOfZ
ojq1tYPWqS553769dePcNu2wc4haqR+xEAstrCP7cd05rVQfVvgrX7yKiM3xP0nh
Mh6ct4Js64xbqyqZdRRLg5FBw0llExrwCYjirn7rLFcU9k73nZyDI4C6IsF8vnUT
QCl0gc2J3FP3h6RRW/Foh/X3VIQBtQrhZzK1Yf7JC6AOcGdzAHHkt6cyKUjY
-----END CERTIFICATE-----
Generated at Fri Apr 25 06:07:28 2025 by rpki-client