Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b648fb-f50b-4cc2-a2b1-2f68216b7424/1/LXgER9TQ6vRX8_SSmPuUTpJQ_Tg.roa
File: LXgER9TQ6vRX8_SSmPuUTpJQ_Tg.roa (raw, json)
Hash identifier: KAUb4k9VX0zNCKUi+PPz3zFCakwLeDSDR9BXcsV4fHo=
Subject key identifier: 2D:78:04:47:D4:D0:EA:F4:57:F3:F4:92:98:FB:94:4E:92:50:FD:38
Certificate issuer: /CN=32010f70276e418d58f08c56a79a82b99aca1763
Certificate serial: 019420D6609F162D9E4E3B971DE20316D29D
Authority key identifier: 32:01:0F:70:27:6E:41:8D:58:F0:8C:56:A7:9A:82:B9:9A:CA:17:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MgEPcCduQY1Y8IxWp5qCuZrKF2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/b648fb-f50b-4cc2-a2b1-2f68216b7424/1/LXgER9TQ6vRX8_SSmPuUTpJQ_Tg.roa
Signing time: Wed 01 Jan 2025 07:48:27 +0000
ROA not before: Wed 01 Jan 2025 07:48:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57365
IP address blocks: 128.140.200.0/21 maxlen: 21
128.140.200.0/24 maxlen: 24
128.140.201.0/24 maxlen: 24
128.140.202.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:60:9f:16:2d:9e:4e:3b:97:1d:e2:03:16:d2:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=32010f70276e418d58f08c56a79a82b99aca1763
Validity
Not Before: Jan 1 07:48:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2d780447d4d0eaf457f3f49298fb944e9250fd38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:53:75:35:ae:44:09:93:2f:eb:38:f0:85:17:
75:35:9e:a3:c1:21:1f:df:3c:71:87:c8:90:0c:31:
53:c4:58:ce:2e:eb:3c:76:48:f1:76:22:fe:6c:7c:
fc:2e:bd:a9:70:e1:2a:02:70:74:15:86:b6:11:26:
38:b6:62:3b:3a:eb:e3:a0:7a:02:5c:ac:4b:4e:d3:
87:e9:65:d0:00:cd:9f:98:b9:b6:ca:23:98:d0:62:
30:a9:c4:f0:d5:5f:1b:7c:bf:ea:65:20:4d:00:7e:
33:90:38:d7:79:4a:ca:5d:54:4c:24:8c:38:2d:41:
7a:b7:8f:da:0a:d9:46:fd:a8:02:c8:65:04:32:3d:
5d:23:09:d6:98:57:23:47:e8:f8:86:a3:cd:c9:45:
ec:74:70:1f:f0:48:20:66:29:c3:c5:5f:16:0a:4b:
ea:f7:31:47:10:70:8f:90:4f:e0:ea:48:cc:03:78:
aa:f8:cd:69:e8:ee:f4:a6:0d:c7:cd:2a:df:3d:58:
f4:0f:31:67:d6:3a:56:43:71:ff:d2:6a:5e:3a:d6:
e2:de:bf:0f:a8:82:9a:c7:0b:eb:8e:68:c7:cf:c6:
49:6c:1b:07:99:11:d7:18:e1:a5:c1:3c:50:23:33:
d3:eb:b3:c6:e9:74:5d:35:71:44:c5:3e:26:5c:7a:
0a:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:78:04:47:D4:D0:EA:F4:57:F3:F4:92:98:FB:94:4E:92:50:FD:38
X509v3 Authority Key Identifier:
keyid:32:01:0F:70:27:6E:41:8D:58:F0:8C:56:A7:9A:82:B9:9A:CA:17:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MgEPcCduQY1Y8IxWp5qCuZrKF2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b648fb-f50b-4cc2-a2b1-2f68216b7424/1/LXgER9TQ6vRX8_SSmPuUTpJQ_Tg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b648fb-f50b-4cc2-a2b1-2f68216b7424/1/MgEPcCduQY1Y8IxWp5qCuZrKF2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
128.140.200.0/21
Signature Algorithm: sha256WithRSAEncryption
4a:95:28:a5:f4:8f:84:1e:22:ce:8e:2f:ca:03:38:39:1a:63:
38:c5:e4:72:8b:51:fa:2c:29:5e:86:83:b7:bb:c9:c6:85:3e:
b4:05:69:e7:54:c0:31:dd:85:dd:7f:46:ab:49:8c:b6:c6:eb:
fc:83:96:d8:37:25:0f:f9:18:2e:fd:cf:84:5a:55:64:fd:59:
08:46:51:e3:1b:00:e5:b9:97:09:52:c5:00:d5:07:4c:91:4f:
b0:fe:e1:bf:19:25:72:5e:44:2f:8f:cf:6a:e5:0a:d0:98:31:
4b:99:0c:2b:5f:a4:ec:ae:de:ea:77:f4:d2:a7:f9:c1:83:cf:
30:61:b1:27:ef:3f:86:28:91:41:f9:3f:d7:50:7b:36:cb:8c:
64:ba:56:dc:14:77:3e:a6:fd:0f:4e:88:b4:12:74:0b:0a:a0:
4f:47:0f:6c:7d:8f:22:fd:46:7a:05:ee:86:6f:6c:c5:28:47:
7d:84:2c:a5:d1:e4:32:5d:93:4b:de:70:66:0e:5f:60:5e:51:
0d:ba:68:36:f9:48:08:32:da:98:91:85:7f:ba:42:68:1e:b1:
0f:23:7e:c3:30:f9:e9:62:e9:64:f4:a6:bd:fb:41:21:e5:7b:
12:d0:57:3d:b7:47:cb:a1:68:5c:c0:ea:3a:ba:31:61:4a:88:
be:ca:af:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mCfFi2eTjuXHeIDFtKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMDEwZjcwMjc2ZTQxOGQ1OGYwOGM1NmE3OWE4MmI5OWFj
YTE3NjMwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc4MDQ0N2Q0ZDBlYWY0NTdmM2Y0OTI5OGZiOTQ0ZTkyNTBmZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlN1Na5ECZMv6zjwhRd1NZ6jwSEf
3zxxh8iQDDFTxFjOLus8dkjxdiL+bHz8Lr2pcOEqAnB0FYa2ESY4tmI7OuvjoHoC
XKxLTtOH6WXQAM2fmLm2yiOY0GIwqcTw1V8bfL/qZSBNAH4zkDjXeUrKXVRMJIw4
LUF6t4/aCtlG/agCyGUEMj1dIwnWmFcjR+j4hqPNyUXsdHAf8EggZinDxV8WCkvq
9zFHEHCPkE/g6kjMA3iq+M1p6O70pg3HzSrfPVj0DzFn1jpWQ3H/0mpeOtbi3r8P
qIKaxwvrjmjHz8ZJbBsHmRHXGOGlwTxQIzPT67PG6XRdNXFExT4mXHoK6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC14BEfU0Or0V/P0kpj7lE6SUP04MB8GA1UdIwQY
MBaAFDIBD3AnbkGNWPCMVqeagrmayhdjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWdFUGNDZHVRWTFZOEl4V3A1cUN1WnJLRjJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNjQ4ZmItZjUwYi00Y2MyLWEyYjEt
MmY2ODIxNmI3NDI0LzEvTFhnRVI5VFE2dlJYOF9TU21QdVVUcEpRX1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNjQ4ZmItZjUwYi00Y2MyLWEyYjEtMmY2ODIxNmI3NDI0
LzEvTWdFUGNDZHVRWTFZOEl4V3A1cUN1WnJLRjJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDgIzIMA0G
CSqGSIb3DQEBCwUAA4IBAQBKlSil9I+EHiLOji/KAzg5GmM4xeRyi1H6LClehoO3
u8nGhT60BWnnVMAx3YXdf0arSYy2xuv8g5bYNyUP+Rgu/c+EWlVk/VkIRlHjGwDl
uZcJUsUA1QdMkU+w/uG/GSVyXkQvj89q5QrQmDFLmQwrX6Tsrt7qd/TSp/nBg88w
YbEn7z+GKJFB+T/XUHs2y4xkulbcFHc+pv0PToi0EnQLCqBPRw9sfY8i/UZ6Be6G
b2zFKEd9hCyl0eQyXZNL3nBmDl9gXlENumg2+UgIMtqYkYV/ukJoHrEPI37DMPnp
Yulk9Ka9+0Eh5XsS0Fc9t0fLoWhcwOo6ujFhSoi+yq9Z
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:17:29 2025 by rpki-client