Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/okjHh5pYfdYF5wPXK5rOgrhQIVE.roa
File: okjHh5pYfdYF5wPXK5rOgrhQIVE.roa (raw, json)
Hash identifier: nVcUdaUhD2ApvfBRPrmGwHk/pqmV1K7CNhHXO43os3E=
Subject key identifier: A2:48:C7:87:9A:58:7D:D6:05:E7:03:D7:2B:9A:CE:82:B8:50:21:51
Certificate issuer: /CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Certificate serial: 01954C12424420BB66B505D9A3D2429C0ED4
Authority key identifier: 5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/okjHh5pYfdYF5wPXK5rOgrhQIVE.roa
Signing time: Fri 28 Feb 2025 10:20:19 +0000
ROA not before: Fri 28 Feb 2025 10:20:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212655
IP address blocks: 88.97.192.0/18 maxlen: 18
88.97.192.0/21 maxlen: 21
88.97.200.0/21 maxlen: 21
88.97.208.0/21 maxlen: 21
88.97.216.0/21 maxlen: 21
88.97.224.0/21 maxlen: 21
88.97.232.0/21 maxlen: 21
88.97.240.0/22 maxlen: 22
88.97.240.0/23 maxlen: 23
88.97.244.0/22 maxlen: 22
88.97.248.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:4c:12:42:44:20:bb:66:b5:05:d9:a3:d2:42:9c:0e:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Validity
Not Before: Feb 28 10:20:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a248c7879a587dd605e703d72b9ace82b8502151
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:54:e4:eb:14:81:20:42:b6:52:67:8f:af:f7:
eb:c1:26:bb:da:86:c0:cd:63:4e:d3:25:91:5e:8d:
9c:ba:7e:32:9b:95:36:58:05:87:25:33:9e:90:3b:
24:a2:59:bd:c2:ce:bc:08:1f:c6:62:4a:99:26:47:
0a:8a:d9:a0:52:b0:14:b1:7d:ca:60:89:10:a2:8d:
25:3b:9d:7f:44:eb:ba:3d:48:18:a1:94:22:dc:c5:
fc:96:14:3a:c9:f3:75:84:bd:24:63:32:47:b1:8b:
5d:1a:2d:2d:c5:c7:5c:96:a7:fd:71:de:df:66:e4:
4d:2a:73:94:e1:c8:ee:6e:5c:19:08:bd:e6:da:9e:
ea:09:b3:1e:4c:3a:3d:e1:64:c8:21:41:05:fe:ea:
78:88:8a:9c:82:dd:cb:5d:55:94:25:6f:72:c0:83:
8d:6d:5e:80:93:48:4d:4d:5b:76:e0:fe:bf:29:9c:
fd:21:11:68:ac:20:2c:6c:2d:db:7b:56:b3:e9:41:
a0:e1:9f:a2:a6:5b:f1:d9:f8:b1:df:2f:64:0e:1b:
dd:59:3b:0c:fa:22:b9:74:65:8d:7c:67:c1:55:9d:
38:04:1f:52:18:1d:70:84:6d:c1:06:b1:81:e0:08:
f8:9e:6f:3f:56:87:e3:06:b9:e1:f6:2f:05:d4:c7:
5d:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:48:C7:87:9A:58:7D:D6:05:E7:03:D7:2B:9A:CE:82:B8:50:21:51
X509v3 Authority Key Identifier:
keyid:5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/okjHh5pYfdYF5wPXK5rOgrhQIVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.97.192.0/18
Signature Algorithm: sha256WithRSAEncryption
58:b5:bb:86:92:42:e5:5e:eb:fb:22:98:f9:91:eb:a9:3a:69:
d9:76:f8:a7:fb:19:e8:3e:8f:40:57:27:fc:22:53:48:eb:53:
27:a0:4a:59:ff:c9:ad:0d:62:0c:64:77:f9:5a:d3:19:46:21:
57:ac:03:71:26:69:b1:42:10:7d:6a:72:46:81:0a:50:56:42:
00:75:3d:72:55:c9:e2:8c:81:6c:ea:99:40:4b:21:bd:a1:6b:
19:48:f3:91:cb:a9:f1:fb:33:2d:88:f9:b6:94:cb:27:da:67:
7c:a5:91:eb:a1:d0:6d:ef:db:fc:7d:30:50:0c:1d:1e:b0:e9:
d5:2d:b8:69:dd:29:f5:2d:e7:09:89:e0:a6:d5:6e:59:06:51:
91:ac:3d:d6:5e:15:bc:0e:dd:ca:a3:58:11:c8:9a:48:3d:98:
51:a3:3c:5c:f5:65:8d:eb:08:ba:0c:50:c7:a2:c6:7d:78:e5:
0a:f7:7d:1c:ba:d0:08:93:3c:47:e6:9b:96:d9:5c:48:fd:46:
78:ec:62:19:22:53:24:e5:17:b0:55:d9:52:3a:1c:e3:17:7d:
90:94:97:e7:e9:eb:f8:33:da:89:3d:59:f1:50:a9:8c:b1:7d:
0d:a0:0e:6d:43:a2:af:1d:32:50:10:7b:95:0c:ee:a9:96:51:
8a:01:46:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVMEkJEILtmtQXZo9JCnA7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1MDFiNzU1MDAyZDkxNDNlOGZhNjczNjgxNWU5ZjBm
OTM2OTUwHhcNMjUwMjI4MTAyMDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ4Yzc4NzlhNTg3ZGQ2MDVlNzAzZDcyYjlhY2U4MmI4NTAyMTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlTk6xSBIEK2UmePr/frwSa72obA
zWNO0yWRXo2cun4ym5U2WAWHJTOekDskolm9ws68CB/GYkqZJkcKitmgUrAUsX3K
YIkQoo0lO51/ROu6PUgYoZQi3MX8lhQ6yfN1hL0kYzJHsYtdGi0txcdclqf9cd7f
ZuRNKnOU4cjublwZCL3m2p7qCbMeTDo94WTIIUEF/up4iIqcgt3LXVWUJW9ywION
bV6Ak0hNTVt24P6/KZz9IRForCAsbC3be1az6UGg4Z+iplvx2fix3y9kDhvdWTsM
+iK5dGWNfGfBVZ04BB9SGB1whG3BBrGB4Aj4nm8/VofjBrnh9i8F1MddwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJIx4eaWH3WBecD1yuazoK4UCFRMB8GA1UdIwQY
MBaAFFz0UBt1UALZFD6PpnNoFenw+TaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUt
NjBjZjlhYjFiMTNlLzEvb2tqSGg1cFlmZFlGNXdQWEs1ck9ncmhRSVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUtNjBjZjlhYjFiMTNl
LzEvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGWGHAMA0G
CSqGSIb3DQEBCwUAA4IBAQBYtbuGkkLlXuv7Ipj5keupOmnZdvin+xnoPo9AVyf8
IlNI61MnoEpZ/8mtDWIMZHf5WtMZRiFXrANxJmmxQhB9anJGgQpQVkIAdT1yVcni
jIFs6plASyG9oWsZSPORy6nx+zMtiPm2lMsn2md8pZHrodBt79v8fTBQDB0esOnV
Lbhp3Sn1LecJieCm1W5ZBlGRrD3WXhW8Dt3Ko1gRyJpIPZhRozxc9WWN6wi6DFDH
osZ9eOUK930cutAIkzxH5puW2VxI/UZ47GIZIlMk5RewVdlSOhzjF32QlJfn6ev4
M9qJPVnxUKmMsX0NoA5tQ6KvHTJQEHuVDO6pllGKAUYZ
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:06:44 2025 by rpki-client