Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/WKm9gfLmh9gbNd7OL_Z9GQQj-to.roa
File: WKm9gfLmh9gbNd7OL_Z9GQQj-to.roa (raw, json)
Hash identifier: yOVpMjgb9d3KCk7UcytvG0Q8hhZlMlDsZlBH70cOu1Y=
Subject key identifier: 58:A9:BD:81:F2:E6:87:D8:1B:35:DE:CE:2F:F6:7D:19:04:23:FA:DA
Certificate issuer: /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial: 019421440ADEEBBC32445EB8512D32CE667C
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/WKm9gfLmh9gbNd7OL_Z9GQQj-to.roa
Signing time: Wed 01 Jan 2025 09:48:14 +0000
ROA not before: Wed 01 Jan 2025 09:48:14 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59729
IP address blocks: 5.42.192.0/24 maxlen: 24
5.42.195.0/24 maxlen: 24
5.42.209.0/24 maxlen: 24
5.42.210.0/24 maxlen: 24
193.9.20.0/24 maxlen: 24
193.200.199.0/24 maxlen: 24
194.26.204.0/24 maxlen: 24
194.55.170.0/24 maxlen: 24
212.18.120.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:0a:de:eb:bc:32:44:5e:b8:51:2d:32:ce:66:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Validity
Not Before: Jan 1 09:48:14 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=58a9bd81f2e687d81b35dece2ff67d190423fada
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:4b:6f:e7:e8:dd:6b:22:49:a3:5d:57:44:9d:
51:01:4a:40:e1:b3:98:23:25:14:f8:8d:d9:ca:f2:
8e:2b:d7:26:54:eb:06:73:fb:03:74:45:36:51:2e:
79:19:11:fd:fa:3d:4f:65:2c:cc:d4:c2:eb:17:49:
2d:bb:19:c7:47:36:98:f9:41:23:7c:6b:49:fd:d8:
ff:25:e8:85:5e:41:95:c9:5d:eb:f1:c7:eb:67:fa:
3f:5f:9c:1a:df:dd:51:de:da:ce:96:6d:6d:33:87:
34:b6:47:c3:91:41:1c:3d:cd:23:39:58:30:35:8a:
9d:d4:33:6e:ad:a0:9b:e1:0c:ee:d8:1a:25:77:80:
00:9c:59:e1:c2:94:10:52:70:46:78:a2:c5:9f:ab:
79:b1:33:34:0b:64:97:ac:00:b8:f9:09:95:32:72:
07:fa:f9:e3:f4:bb:f7:ab:ef:b3:dc:51:c0:31:f1:
b9:30:94:46:13:91:ab:bc:61:60:96:d6:1f:0a:e3:
d2:a4:ef:0d:5d:96:18:19:fd:1f:97:1f:49:71:ff:
e7:d0:fd:90:6a:ae:55:e6:00:c8:6c:f6:bb:21:cb:
66:d6:fd:02:79:16:24:e6:50:3c:4e:53:ea:49:5d:
6f:35:64:cd:16:3c:63:45:6e:60:de:77:56:3f:c8:
25:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:A9:BD:81:F2:E6:87:D8:1B:35:DE:CE:2F:F6:7D:19:04:23:FA:DA
X509v3 Authority Key Identifier:
keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/WKm9gfLmh9gbNd7OL_Z9GQQj-to.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.192.0/24
5.42.195.0/24
5.42.209.0-5.42.210.255
193.9.20.0/24
193.200.199.0/24
194.26.204.0/24
194.55.170.0/24
212.18.120.0/24
Signature Algorithm: sha256WithRSAEncryption
43:4a:0a:04:d6:2f:e7:9b:41:ca:2d:c0:b4:d5:55:c0:42:f1:
d1:ab:e8:5e:24:5c:13:00:33:1b:f7:f0:5c:9e:c0:b3:ac:8e:
18:4d:79:91:a9:d9:d4:dd:7e:15:8a:3c:5e:f8:90:ee:7a:27:
51:7c:af:a0:84:c3:80:99:3a:f4:a4:68:f0:45:73:2c:c1:2d:
92:44:9a:f1:4c:ac:4f:a4:0a:08:62:3b:58:ea:2a:e8:6c:f6:
d6:44:95:6e:5c:97:f5:cb:fc:4a:2a:23:9c:7a:55:11:f8:60:
0a:bd:27:fd:fa:e8:81:2d:e4:be:3e:79:87:e2:4c:fd:c7:ef:
a4:4d:9f:94:75:eb:ab:0e:c8:d3:96:84:46:e5:50:95:9d:be:
89:4c:6d:17:cd:eb:5a:84:7d:b8:c6:44:a4:1a:ad:04:9a:f6:
c1:f4:3f:c2:1a:28:7f:6d:17:0f:39:0e:4c:c0:c2:87:0e:49:
e1:c1:f9:07:43:8a:ec:6a:f2:88:5e:c6:21:3b:97:27:57:bb:
69:c2:ec:57:c3:69:4a:15:cf:52:05:75:8f:e3:08:70:1b:e9:
4e:db:de:51:54:2a:e3:4b:dd:69:e9:ab:35:ef:bf:b4:fc:8d:
3a:6a:96:60:2d:90:47:69:9d:0d:eb:36:a9:c8:a5:79:c9:a8:
a2:4c:b4:dd
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZQhRAre67wyRF64US0yzmZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE5YmQ4MWYyZTY4N2Q4MWIzNWRlY2UyZmY2N2QxOTA0MjNmYWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0tv5+jdayJJo11XRJ1RAUpA4bOY
IyUU+I3ZyvKOK9cmVOsGc/sDdEU2US55GRH9+j1PZSzM1MLrF0ktuxnHRzaY+UEj
fGtJ/dj/JeiFXkGVyV3r8cfrZ/o/X5wa391R3trOlm1tM4c0tkfDkUEcPc0jOVgw
NYqd1DNuraCb4Qzu2Bold4AAnFnhwpQQUnBGeKLFn6t5sTM0C2SXrAC4+QmVMnIH
+vnj9Lv3q++z3FHAMfG5MJRGE5GrvGFgltYfCuPSpO8NXZYYGf0flx9Jcf/n0P2Q
aq5V5gDIbPa7Ictm1v0CeRYk5lA8TlPqSV1vNWTNFjxjRW5g3ndWP8glKwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFipvYHy5ofYGzXezi/2fRkEI/raMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvV0ttOWdmTG1oOWdiTmQ3T0xfWjlHUVFqLXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQABSrAAwQA
BSrDMAwDBAAFKtEDBAAFKtIDBADBCRQDBADByMcDBADCGswDBADCN6oDBADUEngw
DQYJKoZIhvcNAQELBQADggEBAENKCgTWL+ebQcotwLTVVcBC8dGr6F4kXBMAMxv3
8FyewLOsjhhNeZGp2dTdfhWKPF74kO56J1F8r6CEw4CZOvSkaPBFcyzBLZJEmvFM
rE+kCghiO1jqKuhs9tZElW5cl/XL/EoqI5x6VRH4YAq9J/366IEt5L4+eYfiTP3H
76RNn5R166sOyNOWhEblUJWdvolMbRfN61qEfbjGRKQarQSa9sH0P8IaKH9tFw85
DkzAwocOSeHB+QdDiuxq8ohexiE7lydXu2nC7FfDaUoVz1IFdY/jCHAb6U7b3lFU
KuNL3WnpqzXvv7T8jTpqlmAtkEdpnQ3rNqnIpXnJqKJMtN0=
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:59:04 2025 by rpki-client