Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/X0jlPh6e-kZkAllO0YRLXGSgDns.roa
File: X0jlPh6e-kZkAllO0YRLXGSgDns.roa (raw, json)
Hash identifier: fOzjwl+fWwzss4YSzsRBfE9rTuqVHxBRysYK0qEx+RE=
Subject key identifier: 5F:48:E5:3E:1E:9E:FA:46:64:02:59:4E:D1:84:4B:5C:64:A0:0E:7B
Certificate issuer: /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial: 0195A608CF1580C3C4F9904655F081015827
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/X0jlPh6e-kZkAllO0YRLXGSgDns.roa
Signing time: Mon 17 Mar 2025 21:35:49 +0000
ROA not before: Mon 17 Mar 2025 21:35:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30938
IP address blocks: 5.39.248.0/24 maxlen: 24
5.178.97.0/24 maxlen: 24
45.12.216.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a6:08:cf:15:80:c3:c4:f9:90:46:55:f0:81:01:58:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
Validity
Not Before: Mar 17 21:35:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5f48e53e1e9efa466402594ed1844b5c64a00e7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:10:0d:2b:a6:b6:9e:81:7c:37:d3:ca:d3:0e:
40:77:f7:fe:fd:95:c8:3d:b0:31:df:ea:c0:2a:06:
75:13:e0:ee:52:19:17:cc:e2:fb:38:a1:8f:ee:66:
24:9e:7a:0b:29:3b:71:cb:9d:cf:80:4a:96:6e:64:
72:3f:6a:92:82:81:fa:ee:bb:2a:2c:65:9f:65:88:
5c:28:2e:a8:12:bf:80:f3:ca:ad:26:a6:80:d1:f5:
df:a4:f3:fe:d8:61:79:c4:90:d8:6a:19:46:c1:ed:
c1:0c:00:a5:33:3d:d2:d1:e1:70:a7:df:21:05:f2:
4b:5a:49:4e:6d:74:57:94:84:7e:47:c9:f0:70:40:
99:4f:27:2f:3c:27:ce:1c:83:e9:9f:a2:4f:4d:42:
30:2c:d1:fc:99:3f:d7:fb:91:4c:2e:bd:38:dc:f1:
de:e4:d1:cc:ab:e9:06:29:00:d1:c7:67:8f:f8:f5:
5f:a1:59:2f:9b:da:43:97:a3:75:5c:81:6e:a9:c2:
6f:cf:13:a3:28:76:eb:0c:11:fd:69:b9:e5:2d:26:
ec:95:ab:4e:b8:ee:cb:d3:dc:cf:59:50:76:4e:66:
3f:19:79:a1:02:bb:ff:75:75:7d:c7:33:91:a5:1e:
ab:9e:65:d8:a9:8a:23:f2:d2:16:43:c6:38:36:8b:
21:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:48:E5:3E:1E:9E:FA:46:64:02:59:4E:D1:84:4B:5C:64:A0:0E:7B
X509v3 Authority Key Identifier:
keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/X0jlPh6e-kZkAllO0YRLXGSgDns.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.39.248.0/24
5.178.97.0/24
45.12.216.0/24
Signature Algorithm: sha256WithRSAEncryption
85:a9:8e:43:f1:2a:11:97:f1:04:07:d8:b9:0a:ee:52:f5:c4:
ed:1b:fc:71:f1:36:c7:75:0f:08:eb:ef:c0:2c:43:79:b9:98:
3f:57:97:15:b6:c5:eb:af:4d:ea:6f:ba:80:c2:83:3c:5f:17:
04:0a:a8:6c:76:0e:a7:a5:5c:9d:d3:19:5d:26:98:75:ad:2a:
0e:f8:ec:30:c4:d2:e9:5d:78:69:ef:68:9b:b0:b9:b1:d5:28:
99:f6:41:52:3d:11:84:7c:ba:0a:1e:c3:06:67:f4:97:f9:3e:
51:18:ca:58:5f:d4:48:91:0c:69:3b:60:84:c0:ba:d4:72:3b:
61:4a:55:3c:2f:d5:e2:d4:18:2b:60:72:92:ac:3b:0d:44:7d:
e0:a8:23:b6:59:ec:bc:38:0d:a7:62:cb:12:17:71:a4:04:c3:
cc:4d:97:61:d5:2c:d3:5b:e0:ca:f5:bc:5e:c0:30:6e:54:fc:
34:56:ca:09:eb:49:48:e1:69:29:67:c0:6b:3a:0b:80:4d:08:
ea:08:93:04:8d:3b:53:31:0a:03:e0:1f:6e:a0:06:46:00:da:
91:8f:41:31:d7:10:95:1d:2b:cd:ae:0d:d1:13:21:c0:5f:3d:
44:3f:eb:53:c9:0b:36:09:07:ea:6a:fa:e9:22:6c:db:f6:40:
9e:36:1e:32
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWmCM8VgMPE+ZBGVfCBAVgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUwMzE3MjEzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjQ4ZTUzZTFlOWVmYTQ2NjQwMjU5NGVkMTg0NGI1YzY0YTAwZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRANK6a2noF8N9PK0w5Ad/f+/ZXI
PbAx3+rAKgZ1E+DuUhkXzOL7OKGP7mYknnoLKTtxy53PgEqWbmRyP2qSgoH67rsq
LGWfZYhcKC6oEr+A88qtJqaA0fXfpPP+2GF5xJDYahlGwe3BDAClMz3S0eFwp98h
BfJLWklObXRXlIR+R8nwcECZTycvPCfOHIPpn6JPTUIwLNH8mT/X+5FMLr043PHe
5NHMq+kGKQDRx2eP+PVfoVkvm9pDl6N1XIFuqcJvzxOjKHbrDBH9abnlLSbslatO
uO7L09zPWVB2TmY/GXmhArv/dXV9xzORpR6rnmXYqYoj8tIWQ8Y4Nosh+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF9I5T4envpGZAJZTtGES1xkoA57MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWDBqbFBoNmUta1prQWxsTzBZUkxYR1NnRG5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABSf4AwQA
BbJhAwQALQzYMA0GCSqGSIb3DQEBCwUAA4IBAQCFqY5D8SoRl/EEB9i5Cu5S9cTt
G/xx8TbHdQ8I6+/ALEN5uZg/V5cVtsXrr03qb7qAwoM8XxcECqhsdg6npVyd0xld
Jph1rSoO+OwwxNLpXXhp72ibsLmx1SiZ9kFSPRGEfLoKHsMGZ/SX+T5RGMpYX9RI
kQxpO2CEwLrUcjthSlU8L9Xi1BgrYHKSrDsNRH3gqCO2Wey8OA2nYssSF3GkBMPM
TZdh1SzTW+DK9bxewDBuVPw0VsoJ60lI4WkpZ8BrOguATQjqCJMEjTtTMQoD4B9u
oAZGANqRj0Ex1xCVHSvNrg3REyHAXz1EP+tTyQs2CQfqavrpImzb9kCeNh4y
-----END CERTIFICATE-----
Generated at Sun Apr 6 12:33:54 2025 by rpki-client