Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/lbRMrKUagBNury-urjZX3f75_Qw.roa
File: lbRMrKUagBNury-urjZX3f75_Qw.roa (raw, json)
Hash identifier: mq29IIHcb8ubsfXIgUD4LUU90hH0YRXl8dREvVbfEwI=
Subject key identifier: 95:B4:4C:AC:A5:1A:80:13:6E:AF:2F:AE:AE:36:57:DD:FE:F9:FD:0C
Certificate issuer: /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial: 01953776BAAD52D330360ACAA7AC5934AB8A
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/lbRMrKUagBNury-urjZX3f75_Qw.roa
Signing time: Mon 24 Feb 2025 10:18:02 +0000
ROA not before: Mon 24 Feb 2025 10:18:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51964
IP address blocks: 149.238.0.0/19 maxlen: 24
149.238.32.0/19 maxlen: 24
149.238.64.0/19 maxlen: 24
149.238.96.0/19 maxlen: 24
149.238.128.0/19 maxlen: 24
149.238.160.0/19 maxlen: 24
149.238.192.0/19 maxlen: 24
149.238.224.0/19 maxlen: 24
192.77.114.0/23 maxlen: 24
192.112.208.0/24 maxlen: 24
193.33.52.0/23 maxlen: 24
193.202.20.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:37:76:ba:ad:52:d3:30:36:0a:ca:a7:ac:59:34:ab:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Validity
Not Before: Feb 24 10:18:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=95b44caca51a80136eaf2faeae3657ddfef9fd0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:83:b4:d6:be:87:f0:bf:c1:d4:a7:53:c9:49:
95:b1:16:93:7e:13:70:87:7f:75:93:74:7c:cc:5f:
9b:dd:a0:0d:f9:b7:78:dc:bb:65:36:f2:19:84:5d:
d7:d9:5f:2f:32:6f:6e:8b:bf:dc:21:98:60:5e:25:
8e:ac:e1:de:a9:c1:2c:a0:8e:20:06:07:4a:a8:60:
7c:bc:48:0a:b2:46:5e:21:f6:30:09:32:d6:f4:ae:
cf:ef:00:c7:c4:47:ab:f9:33:81:17:b9:e3:52:ae:
74:7b:90:2a:9d:b3:53:dc:48:fb:e5:8f:37:41:0d:
ff:4a:c4:52:4e:20:a4:76:31:d9:a2:7c:8e:cd:b7:
6b:a9:16:2f:f8:9c:6a:fb:e5:5e:c1:38:aa:e4:2e:
a2:88:72:51:c5:dd:72:d2:f7:e0:ae:a8:01:1b:92:
09:2e:7b:c1:dc:3a:4f:6f:ad:a8:a4:7e:18:6d:55:
02:12:33:9a:c3:9f:5c:03:85:2b:66:f3:8c:63:fe:
76:86:ea:fd:60:33:27:41:4c:db:8b:5c:99:f1:e9:
0d:70:ef:c6:4b:49:7c:e0:66:c2:4e:2c:a1:ef:73:
dd:f8:95:47:65:00:3b:b7:65:db:ac:40:fd:4c:42:
c5:b7:a1:44:b5:e8:ee:3f:18:1d:ff:33:c0:75:52:
14:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:B4:4C:AC:A5:1A:80:13:6E:AF:2F:AE:AE:36:57:DD:FE:F9:FD:0C
X509v3 Authority Key Identifier:
keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/lbRMrKUagBNury-urjZX3f75_Qw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.238.0.0/16
192.77.114.0/23
192.112.208.0/24
193.33.52.0/23
193.202.20.0/24
Signature Algorithm: sha256WithRSAEncryption
74:7b:c0:db:72:de:21:a4:ba:05:4f:63:38:e1:c7:d3:d0:4b:
bd:b2:b1:59:b4:70:47:d3:7f:dc:f8:ea:17:2b:3a:6f:8b:fa:
c1:97:e8:de:7c:3c:71:67:4b:9b:43:fe:ff:57:8a:18:60:40:
d8:b8:32:19:64:d1:00:32:37:c6:8e:1f:22:4e:f3:08:56:82:
63:6f:f0:9e:a6:59:55:61:74:91:19:0f:56:d9:26:0c:eb:93:
c4:af:94:b4:8c:12:86:3d:fe:e2:1c:96:8b:96:2b:13:90:2d:
1a:a6:5a:bb:af:f7:f6:41:e3:b5:ba:a5:9c:41:8e:4b:81:74:
22:e8:54:ea:3a:ff:84:fc:be:9b:55:9f:c2:56:cd:d0:c9:4d:
40:0a:48:99:b1:44:41:6b:39:71:7b:db:89:a7:19:35:f1:b6:
50:ca:b8:52:9f:00:39:98:74:e2:d8:cd:15:5b:a6:be:84:3d:
2b:39:bb:c3:f9:2e:07:77:11:61:65:01:23:71:d6:d7:95:a1:
73:ac:1c:7d:8e:02:78:f4:90:86:d7:82:57:c9:c6:1b:2c:d4:
f9:f3:c6:29:a5:9d:55:5d:ae:5a:ac:32:97:6f:bf:5e:28:b9:
a4:66:3e:63:e5:46:90:67:53:d5:1e:a4:0c:8b:17:e0:6b:05:
04:1b:6d:28
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZU3drqtUtMwNgrKp6xZNKuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjUwMjI0MTAxODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI0NGNhY2E1MWE4MDEzNmVhZjJmYWVhZTM2NTdkZGZlZjlmZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoO01r6H8L/B1KdTyUmVsRaTfhNw
h391k3R8zF+b3aAN+bd43LtlNvIZhF3X2V8vMm9ui7/cIZhgXiWOrOHeqcEsoI4g
BgdKqGB8vEgKskZeIfYwCTLW9K7P7wDHxEer+TOBF7njUq50e5AqnbNT3Ej75Y83
QQ3/SsRSTiCkdjHZonyOzbdrqRYv+Jxq++VewTiq5C6iiHJRxd1y0vfgrqgBG5IJ
LnvB3DpPb62opH4YbVUCEjOaw59cA4UrZvOMY/52hur9YDMnQUzbi1yZ8ekNcO/G
S0l84GbCTiyh73Pd+JVHZQA7t2XbrED9TELFt6FEtejuPxgd/zPAdVIUGwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJW0TKylGoATbq8vrq42V93++f0MMB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvbGJSTXJLVWFnQk51cnktdXJqWlgzZjc1X1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAATAdAwMAle4DBAHA
TXIDBADAcNADBAHBITQDBADByhQwDQYJKoZIhvcNAQELBQADggEBAHR7wNty3iGk
ugVPYzjhx9PQS72ysVm0cEfTf9z46hcrOm+L+sGX6N58PHFnS5tD/v9XihhgQNi4
Mhlk0QAyN8aOHyJO8whWgmNv8J6mWVVhdJEZD1bZJgzrk8SvlLSMEoY9/uIclouW
KxOQLRqmWruv9/ZB47W6pZxBjkuBdCLoVOo6/4T8vptVn8JWzdDJTUAKSJmxREFr
OXF724mnGTXxtlDKuFKfADmYdOLYzRVbpr6EPSs5u8P5Lgd3EWFlASNx1teVoXOs
HH2OAnj0kIbXglfJxhss1PnzximlnVVdrlqsMpdvv14ouaRmPmPlRpBnU9UepAyL
F+BrBQQbbSg=
-----END CERTIFICATE-----
Generated at Sun Apr 6 03:33:57 2025 by rpki-client