Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/Kd7tkS6D6OIC_ttNItP7c_fNa-k.roa
File: Kd7tkS6D6OIC_ttNItP7c_fNa-k.roa (raw, json)
Hash identifier: N1BVy/KuUFpEDCoGKJGNcVR+kViJHNXU5UmQd9NSKDM=
Subject key identifier: 29:DE:ED:91:2E:83:E8:E2:02:FE:DB:4D:22:D3:FB:73:F7:CD:6B:E9
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 0195199EA77C5CAFAD9D822A76E51F4D4E3B
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/Kd7tkS6D6OIC_ttNItP7c_fNa-k.roa
Signing time: Tue 18 Feb 2025 15:13:02 +0000
ROA not before: Tue 18 Feb 2025 15:13:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9583
IP address blocks: 159.151.196.0/24 maxlen: 24
192.109.146.0/24 maxlen: 24
2a07:8145::/36 maxlen: 36
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:19:9e:a7:7c:5c:af:ad:9d:82:2a:76:e5:1f:4d:4e:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Feb 18 15:13:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=29deed912e83e8e202fedb4d22d3fb73f7cd6be9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:8e:aa:be:db:da:4f:bb:19:c2:ce:2f:34:dc:
02:a0:eb:f1:e8:88:72:d8:d6:86:e3:ab:53:03:10:
2d:65:ed:61:a9:b0:77:ef:a3:48:f3:3c:11:f9:ca:
0d:f5:7f:b7:ec:be:9c:df:49:41:df:ab:47:f3:ae:
e2:1f:76:0f:6c:02:3a:fd:ea:e0:9f:7e:88:eb:ae:
a5:fa:b2:ec:d6:59:45:0d:98:4b:b4:21:12:4b:f5:
bc:1c:0b:c9:50:48:dd:79:9e:21:31:04:94:c6:cf:
d5:72:10:aa:49:87:29:1e:e5:0a:57:d2:f3:4c:8a:
cf:b3:cc:1c:7a:cf:a9:83:8a:79:77:1b:28:53:2d:
ab:f9:9b:f5:d1:ac:f2:16:f6:71:75:9a:ae:6c:16:
0d:e1:cc:ac:0d:f1:66:8e:51:a0:3c:9f:17:49:f8:
07:74:f8:91:2e:e7:e0:97:cf:b6:37:22:d0:1e:af:
de:d6:23:e7:0d:62:e4:99:02:c1:5d:df:66:94:2c:
a0:7f:97:73:c7:16:01:46:e9:d3:f4:78:fe:72:27:
38:c2:90:dc:c7:3b:3a:57:7d:a4:8b:ad:b7:5e:b3:
5a:94:44:a2:e9:bc:63:7e:c2:02:7c:13:b8:16:20:
e5:5c:ba:56:2a:32:f5:a9:c0:3c:d2:70:9e:50:c4:
dd:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:DE:ED:91:2E:83:E8:E2:02:FE:DB:4D:22:D3:FB:73:F7:CD:6B:E9
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/Kd7tkS6D6OIC_ttNItP7c_fNa-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.196.0/24
192.109.146.0/24
IPv6:
2a07:8145::/36
Signature Algorithm: sha256WithRSAEncryption
5d:6c:48:05:14:40:dd:d7:1a:56:4d:5a:fd:b4:75:f9:bf:ce:
d9:06:78:78:a7:80:33:9d:0e:eb:44:7a:0c:45:c3:a3:46:ef:
71:b3:9d:22:b4:9d:4d:9f:cb:12:0c:ac:f9:e8:4d:da:01:a0:
fc:c7:a9:96:c2:46:6f:16:51:cc:bc:0a:2b:f1:a5:f7:3a:54:
0f:68:29:79:3a:5d:c1:08:92:53:ac:f8:d0:72:9e:5f:f1:d8:
f5:7b:54:33:8c:9f:56:57:e2:ca:b0:30:83:46:41:4d:34:1e:
f2:85:6a:6f:70:4c:2e:9b:c6:67:d6:a8:0e:fc:5c:9f:db:f7:
9e:79:ab:91:5a:76:3e:98:7b:d0:73:cf:ba:da:29:a8:94:00:
43:df:48:94:84:bb:58:14:8e:60:19:fc:88:53:25:49:71:fc:
03:7e:1d:86:27:7a:0a:04:c9:70:b2:72:34:3f:d1:0a:50:59:
ed:3d:52:9f:18:d5:83:a4:aa:13:bb:12:a6:d0:d8:80:b4:85:
c0:3d:ab:f2:7a:9d:83:5c:fd:4c:ae:33:ad:90:8d:79:31:ff:
3b:13:6b:b6:e6:75:d5:3b:f9:cc:d6:8e:e4:13:78:75:47:55:
8f:d0:47:30:0a:ce:2d:15:88:03:5c:90:9a:81:4e:a5:24:fe:
40:13:32:af
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZUZnqd8XK+tnYIqduUfTU47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMjE4MTUxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWRlZWQ5MTJlODNlOGUyMDJmZWRiNGQyMmQzZmI3M2Y3Y2Q2YmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso6qvtvaT7sZws4vNNwCoOvx6Ihy
2NaG46tTAxAtZe1hqbB376NI8zwR+coN9X+37L6c30lB36tH867iH3YPbAI6/erg
n36I666l+rLs1llFDZhLtCESS/W8HAvJUEjdeZ4hMQSUxs/VchCqSYcpHuUKV9Lz
TIrPs8wces+pg4p5dxsoUy2r+Zv10azyFvZxdZqubBYN4cysDfFmjlGgPJ8XSfgH
dPiRLufgl8+2NyLQHq/e1iPnDWLkmQLBXd9mlCygf5dzxxYBRunT9Hj+cic4wpDc
xzs6V32ki623XrNalESi6bxjfsICfBO4FiDlXLpWKjL1qcA80nCeUMTd3wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFCne7ZEug+jiAv7bTSLT+3P3zWvpMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvS2Q3dGtTNkQ2T0lDX3R0Tkl0UDdjX2ZOYS1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQAn5fEAwQA
wG2SMA4EAgACMAgDBgQqB4FFADANBgkqhkiG9w0BAQsFAAOCAQEAXWxIBRRA3dca
Vk1a/bR1+b/O2QZ4eKeAM50O60R6DEXDo0bvcbOdIrSdTZ/LEgys+ehN2gGg/Mep
lsJGbxZRzLwKK/Gl9zpUD2gpeTpdwQiSU6z40HKeX/HY9XtUM4yfVlfiyrAwg0ZB
TTQe8oVqb3BMLpvGZ9aoDvxcn9v3nnmrkVp2Pph70HPPutopqJQAQ99IlIS7WBSO
YBn8iFMlSXH8A34dhid6CgTJcLJyND/RClBZ7T1SnxjVg6SqE7sSptDYgLSFwD2r
8nqdg1z9TK4zrZCNeTH/OxNrtuZ11Tv5zNaO5BN4dUdVj9BHMArOLRWIA1yQmoFO
pST+QBMyrw==
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:28:42 2025 by rpki-client