Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/BMH7yN7PouSiyBrHB2tXQ540hS4.roa
File: BMH7yN7PouSiyBrHB2tXQ540hS4.roa (raw, json)
Hash identifier: 1sWgiJ9tu8gFyj0i9nAQ2loyQGn29V+MtSfMiEYKJdw=
Subject key identifier: 04:C1:FB:C8:DE:CF:A2:E4:A2:C8:1A:C7:07:6B:57:43:9E:34:85:2E
Certificate issuer: /CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Certificate serial: 019422FB37BB6D2EC4C4581D3CEDE44D5727
Authority key identifier: 41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/BMH7yN7PouSiyBrHB2tXQ540hS4.roa
Signing time: Wed 01 Jan 2025 17:47:56 +0000
ROA not before: Wed 01 Jan 2025 17:47:56 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 199760
IP address blocks: 192.109.200.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:37:bb:6d:2e:c4:c4:58:1d:3c:ed:e4:4d:57:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=41f5a10e4fd2655adbbb40ede18b2615ac558ea9
Validity
Not Before: Jan 1 17:47:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04c1fbc8decfa2e4a2c81ac7076b57439e34852e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:80:ae:a0:d9:e3:45:9f:a1:c1:84:46:ef:08:
50:71:6b:f8:2f:c3:7d:73:bd:f3:89:2d:cf:e4:67:
1b:8a:68:e5:42:40:19:1f:47:fa:e9:dd:93:7a:7e:
3e:08:68:73:c5:d5:45:af:e4:21:1a:f2:d7:e2:b0:
97:e0:0c:4c:61:6e:91:3f:18:07:c0:d7:8c:43:1c:
eb:f9:0a:fd:53:9f:05:4d:61:15:7b:ba:a8:e3:25:
b8:d8:a7:43:8a:c6:65:68:b6:3a:ce:7c:9d:ed:a0:
eb:90:2c:e5:06:c6:74:12:ea:07:3d:50:b0:3b:a2:
61:6b:33:71:b8:45:e2:ed:7f:12:c7:97:c1:a8:e5:
e9:8d:54:75:f7:a0:13:d7:9a:27:2a:f0:70:fc:b4:
b8:54:39:3c:9a:6c:bc:1b:53:4f:ce:1d:36:b8:87:
95:1d:77:f3:60:6a:b8:7f:06:80:4f:b8:83:0e:38:
3f:42:c8:99:f1:27:46:3a:02:ea:96:f1:22:7c:99:
18:6c:ec:08:3c:10:02:84:19:cb:27:1c:c2:1d:b9:
b3:a1:1b:bd:d7:21:5f:76:45:e2:8d:45:ed:a5:35:
a3:f8:ad:e1:50:2a:59:51:a2:35:25:d1:d8:6d:56:
2b:6e:be:d4:c8:b0:d9:5f:47:a8:cb:af:7f:dd:40:
a4:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:C1:FB:C8:DE:CF:A2:E4:A2:C8:1A:C7:07:6B:57:43:9E:34:85:2E
X509v3 Authority Key Identifier:
keyid:41:F5:A1:0E:4F:D2:65:5A:DB:BB:40:ED:E1:8B:26:15:AC:55:8E:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/BMH7yN7PouSiyBrHB2tXQ540hS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8d3c82-e403-4da6-b315-8790206f0d74/1/QfWhDk_SZVrbu0Dt4YsmFaxVjqk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.109.200.0/24
Signature Algorithm: sha256WithRSAEncryption
41:74:94:e6:93:3e:b5:4c:b9:88:c4:b2:fc:5a:87:15:8b:e1:
21:9a:e3:ce:ed:87:3d:03:48:69:51:a6:70:46:b6:ce:d0:01:
0e:00:95:a1:ed:0d:1e:63:03:21:ee:08:8d:fb:9e:01:df:31:
9e:4e:22:99:45:7b:0c:84:8f:38:d3:31:ca:51:e9:d8:a8:06:
30:61:08:78:31:85:4a:20:05:cd:e7:bf:1b:8d:b8:97:82:38:
f1:fb:c7:75:6b:5d:ae:fe:3a:31:6e:2d:25:5e:eb:0c:2a:e4:
a4:e9:2c:9f:f7:31:52:af:78:dd:2c:d5:31:86:62:61:8b:c6:
b4:d6:f6:f5:8c:ee:19:0b:d7:b5:c0:b1:69:da:c8:74:86:95:
72:8c:ca:86:b0:2a:f7:f8:8b:c8:14:d2:e6:bd:01:e0:b0:14:
b1:d2:90:d2:d3:0e:0a:26:52:4b:04:b5:0b:e9:7a:ca:db:a3:
4a:b4:59:94:a2:2e:47:55:2e:1b:dc:1d:b2:06:75:ea:60:ce:
4b:c9:10:86:bb:a5:b4:2c:b3:37:37:b2:6a:bc:41:cd:99:10:
01:6c:ff:4c:9c:2b:04:b1:23:51:f5:ae:5e:9d:25:66:7a:f2:
49:56:2e:9b:95:78:f8:b6:a9:2d:64:1f:1f:ef:7e:a3:ef:4a:
0f:4e:8a:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+ze7bS7ExFgdPO3kTVcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZjVhMTBlNGZkMjY1NWFkYmJiNDBlZGUxOGIyNjE1YWM1
NThlYTkwHhcNMjUwMTAxMTc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGMxZmJjOGRlY2ZhMmU0YTJjODFhYzcwNzZiNTc0MzllMzQ4NTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoCuoNnjRZ+hwYRG7whQcWv4L8N9
c73ziS3P5GcbimjlQkAZH0f66d2Ten4+CGhzxdVFr+QhGvLX4rCX4AxMYW6RPxgH
wNeMQxzr+Qr9U58FTWEVe7qo4yW42KdDisZlaLY6znyd7aDrkCzlBsZ0EuoHPVCw
O6JhazNxuEXi7X8Sx5fBqOXpjVR196AT15onKvBw/LS4VDk8mmy8G1NPzh02uIeV
HXfzYGq4fwaAT7iDDjg/QsiZ8SdGOgLqlvEifJkYbOwIPBAChBnLJxzCHbmzoRu9
1yFfdkXijUXtpTWj+K3hUCpZUaI1JdHYbVYrbr7UyLDZX0eoy69/3UCkwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATB+8jez6LkosgaxwdrV0OeNIUuMB8GA1UdIwQY
MBaAFEH1oQ5P0mVa27tA7eGLJhWsVY6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUt
ODc5MDIwNmYwZDc0LzEvQk1IN3lON1BvdVNpeUJySEIydFhRNTQwaFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84ZDNjODItZTQwMy00ZGE2LWIzMTUtODc5MDIwNmYwZDc0
LzEvUWZXaERrX1NaVnJidTBEdDRZc21GYXhWanFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3IMA0G
CSqGSIb3DQEBCwUAA4IBAQBBdJTmkz61TLmIxLL8WocVi+EhmuPO7Yc9A0hpUaZw
RrbO0AEOAJWh7Q0eYwMh7giN+54B3zGeTiKZRXsMhI840zHKUenYqAYwYQh4MYVK
IAXN578bjbiXgjjx+8d1a12u/joxbi0lXusMKuSk6Syf9zFSr3jdLNUxhmJhi8a0
1vb1jO4ZC9e1wLFp2sh0hpVyjMqGsCr3+IvIFNLmvQHgsBSx0pDS0w4KJlJLBLUL
6XrK26NKtFmUoi5HVS4b3B2yBnXqYM5LyRCGu6W0LLM3N7JqvEHNmRABbP9MnCsE
sSNR9a5enSVmevJJVi6blXj4tqktZB8f736j70oPTope
-----END CERTIFICATE-----
Generated at Mon Apr 7 17:33:19 2025 by rpki-client