Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/T4QdznfKpSjNfD9Ck7lioi05I4Q.roa
File: T4QdznfKpSjNfD9Ck7lioi05I4Q.roa (raw, json)
Hash identifier: kVYb7i5HexPnNg+kSdloHtnwoOqfCU5tsBBqfYxbTn8=
Subject key identifier: 4F:84:1D:CE:77:CA:A5:28:CD:7C:3F:42:93:B9:62:A2:2D:39:23:84
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01954394899116163C2C86F38CC863260C61
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/T4QdznfKpSjNfD9Ck7lioi05I4Q.roa
Signing time: Wed 26 Feb 2025 18:46:02 +0000
ROA not before: Wed 26 Feb 2025 18:46:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398343
IP address blocks: 193.124.24.0/24 maxlen: 24
194.135.104.0/24 maxlen: 24
212.193.25.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:43:94:89:91:16:16:3c:2c:86:f3:8c:c8:63:26:0c:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Feb 26 18:46:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4f841dce77caa528cd7c3f4293b962a22d392384
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ce:8f:6e:5e:c3:13:e8:31:c6:73:b4:45:55:
f8:91:35:1b:fa:1c:ec:b3:19:77:3f:d9:47:6a:2d:
e1:f3:3b:d6:47:53:fc:64:b2:3a:8d:05:30:40:5f:
d5:e3:fe:aa:8d:59:37:16:04:80:90:48:f7:7c:d1:
53:d2:01:73:33:c0:91:37:4c:68:1d:dc:b8:93:d3:
3d:38:f6:d2:6d:9f:0b:d7:eb:c0:54:00:1b:3a:13:
4b:b5:1b:89:7d:93:7a:e6:67:75:7e:ca:70:ab:33:
a9:f4:a5:97:87:c3:3a:9d:3b:e6:05:35:32:4f:3b:
37:fd:0a:12:51:f8:e3:2d:6b:5c:68:0a:73:46:66:
64:dc:76:63:6f:5f:00:a5:cf:51:15:7d:59:86:a0:
39:34:bb:ca:27:e4:d5:a0:93:f6:ca:9d:58:1c:41:
b7:29:76:b6:ee:87:89:90:a6:51:aa:06:2d:3a:bc:
26:c5:79:cf:ca:c6:5e:ab:87:e2:27:b6:ea:88:8d:
66:6d:c1:9d:31:d5:0c:7e:2f:c8:56:ec:19:a5:3e:
91:c0:f9:7b:dd:88:5e:d5:f6:66:33:ea:06:c3:0a:
a8:f2:92:02:51:54:4f:15:f6:12:e6:f0:ea:2f:81:
48:ba:dc:35:a0:00:75:d7:94:73:c7:24:3b:ea:30:
41:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:84:1D:CE:77:CA:A5:28:CD:7C:3F:42:93:B9:62:A2:2D:39:23:84
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/T4QdznfKpSjNfD9Ck7lioi05I4Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.24.0/24
194.135.104.0/24
212.193.25.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:38:e3:50:c6:46:73:d8:15:92:02:a3:29:04:e6:0e:d6:e5:
0c:19:e9:d5:69:fe:8e:9c:f9:f2:5a:93:b7:5a:c9:80:e4:a9:
48:5f:be:f2:c8:88:da:b2:0a:37:c3:5c:54:98:6e:a9:a1:c7:
0c:36:c3:e4:77:b9:e4:1e:4c:a7:8f:39:ee:8f:f4:9b:99:72:
c0:61:bd:c4:7b:f5:e2:32:fa:bc:28:3d:bd:4f:e3:64:e1:ed:
29:a1:cd:6f:e2:9b:c8:7c:0c:7c:f1:35:db:d4:77:d0:50:25:
d1:d1:45:cc:2f:a5:00:bf:cf:1f:88:4c:ad:93:80:ef:4a:dc:
31:71:36:08:c7:a6:60:51:75:23:e4:fe:3a:c4:92:0a:1a:fe:
2b:74:49:1c:3a:1f:e4:5e:81:17:c4:e0:31:4e:ff:b4:be:91:
f7:79:5e:c0:ba:ed:cb:a9:91:d9:4c:4e:5a:89:dc:a5:b6:42:
ee:10:e4:89:e4:24:50:bb:ec:cd:9d:9b:59:61:c0:b9:ba:1f:
21:8b:ef:ff:4d:d8:ac:22:02:9b:71:05:03:b4:b4:9a:73:cb:
8c:76:21:43:67:c8:a8:3f:9d:04:8b:17:83:d8:6f:21:44:2e:
e6:bc:ec:15:c6:2b:2b:c5:af:78:ad:2f:b8:67:c4:87:4f:1a:
5b:65:e5:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZVDlImRFhY8LIbzjMhjJgxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMjI2MTg0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Zjg0MWRjZTc3Y2FhNTI4Y2Q3YzNmNDI5M2I5NjJhMjJkMzkyMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus6Pbl7DE+gxxnO0RVX4kTUb+hzs
sxl3P9lHai3h8zvWR1P8ZLI6jQUwQF/V4/6qjVk3FgSAkEj3fNFT0gFzM8CRN0xo
Hdy4k9M9OPbSbZ8L1+vAVAAbOhNLtRuJfZN65md1fspwqzOp9KWXh8M6nTvmBTUy
Tzs3/QoSUfjjLWtcaApzRmZk3HZjb18Apc9RFX1ZhqA5NLvKJ+TVoJP2yp1YHEG3
KXa27oeJkKZRqgYtOrwmxXnPysZeq4fiJ7bqiI1mbcGdMdUMfi/IVuwZpT6RwPl7
3Yhe1fZmM+oGwwqo8pICUVRPFfYS5vDqL4FIutw1oAB115RzxyQ76jBBfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE+EHc53yqUozXw/QpO5YqItOSOEMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVDRRZHpuZktwU2pOZkQ5Q2s3bGlvaTA1STRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXwYAwQA
wodoAwQA1MEZMA0GCSqGSIb3DQEBCwUAA4IBAQAMOONQxkZz2BWSAqMpBOYO1uUM
GenVaf6OnPnyWpO3WsmA5KlIX77yyIjasgo3w1xUmG6poccMNsPkd7nkHkynjznu
j/SbmXLAYb3Ee/XiMvq8KD29T+Nk4e0poc1v4pvIfAx88TXb1HfQUCXR0UXML6UA
v88fiEytk4DvStwxcTYIx6ZgUXUj5P46xJIKGv4rdEkcOh/kXoEXxOAxTv+0vpH3
eV7Auu3LqZHZTE5aidyltkLuEOSJ5CRQu+zNnZtZYcC5uh8hi+//TdisIgKbcQUD
tLSac8uMdiFDZ8ioP50EixeD2G8hRC7mvOwVxisrxa94rS+4Z8SHTxpbZeWf
-----END CERTIFICATE-----
Generated at Sat Apr 5 08:44:43 2025 by rpki-client