Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/nP8InoGgHMEZtDhXEUPvG_pzRwA.roa
File: nP8InoGgHMEZtDhXEUPvG_pzRwA.roa (raw, json)
Hash identifier: xkuDzh03gBq1G5UmOxmTgO6edMG72WrElontLW61TCo=
Subject key identifier: 9C:FF:08:9E:81:A0:1C:C1:19:B4:38:57:11:43:EF:1B:FA:73:47:00
Certificate issuer: /CN=37ed49efac9795987771acdc77a0e228904277ad
Certificate serial: 0196CFD9A8DAAC4CE7DFA4F68101D2F72079
Authority key identifier: 37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/nP8InoGgHMEZtDhXEUPvG_pzRwA.roa
Signing time: Wed 14 May 2025 17:31:10 +0000
ROA not before: Wed 14 May 2025 17:31:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44477
IP address blocks: 109.172.16.0/24 maxlen: 24
109.172.17.0/24 maxlen: 24
109.172.18.0/24 maxlen: 24
109.172.19.0/24 maxlen: 24
109.172.20.0/24 maxlen: 24
109.172.21.0/24 maxlen: 24
109.172.22.0/24 maxlen: 24
109.172.23.0/24 maxlen: 24
109.172.96.0/24 maxlen: 24
109.172.97.0/24 maxlen: 24
109.172.98.0/24 maxlen: 24
109.172.99.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:cf:d9:a8:da:ac:4c:e7:df:a4:f6:81:01:d2:f7:20:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=37ed49efac9795987771acdc77a0e228904277ad
Validity
Not Before: May 14 17:31:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cff089e81a01cc119b438571143ef1bfa734700
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:3d:1b:cd:c2:7a:a2:ce:0e:d0:42:2a:28:04:
de:2d:dc:4e:db:a5:51:72:9f:d8:e6:26:ef:d7:3f:
7b:d1:16:9e:53:27:a8:d8:06:11:48:b6:4e:df:f1:
1b:98:d0:a3:5f:ba:2d:9f:b9:21:48:3e:7f:80:c0:
20:8b:22:92:3c:7f:25:0c:e7:50:33:03:24:fc:08:
98:05:3b:7e:51:1a:30:26:e5:e7:c0:07:1f:e1:88:
78:8a:d0:d8:88:cd:1c:46:da:a3:87:9b:c8:f7:25:
2d:b8:bd:c5:bb:31:78:61:b8:be:95:be:19:ea:44:
59:a0:c0:28:da:eb:88:e2:41:35:70:d5:30:f6:ab:
d8:7a:b8:1c:ae:0c:89:1b:c3:88:0a:0a:07:28:c9:
0d:7c:4e:b2:32:17:b8:54:8b:6a:79:43:15:4d:35:
9f:e7:d7:61:10:39:2d:b9:65:ae:5b:e8:6a:9a:24:
ce:f3:a9:2b:4c:49:8b:28:39:f4:ad:81:1e:36:a1:
31:b2:82:08:b2:89:48:4a:63:01:4c:4c:bd:2b:f8:
32:93:ad:3e:5b:b9:b5:1f:c9:1c:91:92:37:71:ea:
52:c5:05:00:3e:94:78:6c:e6:1d:05:6e:c2:f5:7f:
77:09:39:f5:31:08:e1:81:59:19:f0:5e:c5:f1:cb:
82:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:FF:08:9E:81:A0:1C:C1:19:B4:38:57:11:43:EF:1B:FA:73:47:00
X509v3 Authority Key Identifier:
keyid:37:ED:49:EF:AC:97:95:98:77:71:AC:DC:77:A0:E2:28:90:42:77:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-1J76yXlZh3cazcd6DiKJBCd60.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/nP8InoGgHMEZtDhXEUPvG_pzRwA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/2171be-b083-479b-a580-6a06b7502bd7/1/N-1J76yXlZh3cazcd6DiKJBCd60.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.172.16.0/21
109.172.96.0/22
Signature Algorithm: sha256WithRSAEncryption
99:fb:60:72:a4:89:41:4a:3f:09:8d:cc:e9:56:49:ad:39:35:
d4:34:c9:1a:f0:c4:bc:80:d3:dc:4f:3b:3b:5a:76:63:0d:12:
19:ea:f1:d3:3a:c0:ac:79:3f:69:a8:7c:f1:41:87:a9:5d:3a:
86:ab:b0:4a:ee:34:11:d5:ad:ab:41:66:db:8a:26:a6:ab:c7:
fb:c6:79:92:75:a7:04:ea:ae:84:5a:1f:81:b9:7c:1c:11:0e:
fe:eb:77:4d:c0:6c:76:83:60:e4:50:70:1e:f8:b5:9b:2d:87:
e6:d4:81:0c:34:83:e8:a5:81:d2:5c:4b:5f:1e:0d:87:3b:3b:
5b:68:2b:c9:8b:8c:31:8f:91:d6:08:a0:c5:30:c6:7d:c6:6c:
e4:ab:ec:ce:a8:da:80:03:33:79:e3:01:0f:bd:86:23:32:24:
fb:66:9d:4b:87:9e:a8:76:a5:e7:6e:54:e5:de:40:35:db:a5:
18:de:cc:96:d7:f5:92:eb:74:72:9d:83:89:5f:27:9f:5b:a0:
16:99:6b:08:55:24:bc:57:46:50:53:57:17:b9:18:72:4b:75:
44:32:3c:67:d8:58:3c:4e:84:fc:44:03:c9:a9:b4:4d:1d:b2:
ec:51:08:6e:22:bc:db:21:29:2d:17:b9:29:ef:8d:95:14:82:
5b:e1:00:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbP2ajarEzn36T2gQHS9yB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZWQ0OWVmYWM5Nzk1OTg3NzcxYWNkYzc3YTBlMjI4OTA0
Mjc3YWQwHhcNMjUwNTE0MTczMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ZmMDg5ZTgxYTAxY2MxMTliNDM4NTcxMTQzZWYxYmZhNzM0NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3j0bzcJ6os4O0EIqKATeLdxO26VR
cp/Y5ibv1z970RaeUyeo2AYRSLZO3/EbmNCjX7otn7khSD5/gMAgiyKSPH8lDOdQ
MwMk/AiYBTt+URowJuXnwAcf4Yh4itDYiM0cRtqjh5vI9yUtuL3FuzF4Ybi+lb4Z
6kRZoMAo2uuI4kE1cNUw9qvYergcrgyJG8OICgoHKMkNfE6yMhe4VItqeUMVTTWf
59dhEDktuWWuW+hqmiTO86krTEmLKDn0rYEeNqExsoIIsolISmMBTEy9K/gyk60+
W7m1H8kckZI3cepSxQUAPpR4bOYdBW7C9X93CTn1MQjhgVkZ8F7F8cuCpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJz/CJ6BoBzBGbQ4VxFD7xv6c0cAMB8GA1UdIwQY
MBaAFDftSe+sl5WYd3Gs3Heg4iiQQnetMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAt
NmEwNmI3NTAyYmQ3LzEvblA4SW5vR2dITUVadERoWEVVUHZHX3B6UndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8yMTcxYmUtYjA4My00NzliLWE1ODAtNmEwNmI3NTAyYmQ3
LzEvTi0xSjc2eVhsWmgzY2F6Y2Q2RGlLSkJDZDYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDbawQAwQC
baxgMA0GCSqGSIb3DQEBCwUAA4IBAQCZ+2BypIlBSj8JjczpVkmtOTXUNMka8MS8
gNPcTzs7WnZjDRIZ6vHTOsCseT9pqHzxQYepXTqGq7BK7jQR1a2rQWbbiiamq8f7
xnmSdacE6q6EWh+BuXwcEQ7+63dNwGx2g2DkUHAe+LWbLYfm1IEMNIPopYHSXEtf
Hg2HOztbaCvJi4wxj5HWCKDFMMZ9xmzkq+zOqNqAAzN54wEPvYYjMiT7Zp1Lh56o
dqXnblTl3kA126UY3syW1/WS63RynYOJXyefW6AWmWsIVSS8V0ZQU1cXuRhyS3VE
Mjxn2Fg8ToT8RAPJqbRNHbLsUQhuIrzbISktF7kp742VFIJb4QDy
-----END CERTIFICATE-----
Generated at Sat Jul 26 11:46:37 2025 by rpki-client