Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/0gLTYHFKjg375hsnlvJFz59V6iA.roa
File: 0gLTYHFKjg375hsnlvJFz59V6iA.roa (raw, json)
Hash identifier: llgY0FMidtstSH+ZglQ3pmXrL20fdwyExaunpMoHzJU=
Subject key identifier: D2:02:D3:60:71:4A:8E:0D:FB:E6:1B:27:96:F2:45:CF:9F:55:EA:20
Certificate issuer: /CN=eed5b3af0064981e96bb5e27d8f04d86e6306cfa
Certificate serial: 0194274821B06BC1F8F5015F7C6B1F0FBAE7
Authority key identifier: EE:D5:B3:AF:00:64:98:1E:96:BB:5E:27:D8:F0:4D:86:E6:30:6C:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/0gLTYHFKjg375hsnlvJFz59V6iA.roa
Signing time: Thu 02 Jan 2025 13:50:26 +0000
ROA not before: Thu 02 Jan 2025 13:50:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 12561
IP address blocks: 46.31.8.0/21 maxlen: 21
46.31.8.0/22 maxlen: 22
46.31.12.0/22 maxlen: 22
2a02:4980::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:21:b0:6b:c1:f8:f5:01:5f:7c:6b:1f:0f:ba:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eed5b3af0064981e96bb5e27d8f04d86e6306cfa
Validity
Not Before: Jan 2 13:50:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d202d360714a8e0dfbe61b2796f245cf9f55ea20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:40:7b:fc:9d:c4:7e:5e:07:b3:dc:72:2b:d8:
5f:c7:86:4e:32:06:74:8d:ac:ee:66:9b:b3:0d:e4:
79:5e:5d:d5:3c:cc:94:54:22:fc:f7:60:a6:0a:87:
14:19:37:71:c8:e8:c6:48:7c:9d:e2:5e:ef:98:90:
bd:60:b9:fe:3f:92:e5:da:1d:37:ab:fe:40:78:f4:
5c:f6:00:d8:bb:6a:01:c9:0e:58:1e:8f:09:75:54:
71:11:d4:af:cd:41:17:c5:91:34:c5:24:74:89:3d:
b3:57:17:4c:f6:9c:51:e2:ed:e0:df:4c:72:e2:92:
34:25:33:a0:1d:5d:b0:e8:a3:fd:6f:11:a4:47:08:
b5:6f:09:02:e7:84:7d:f9:f5:a5:7a:b7:03:4d:3b:
cb:7d:2b:93:05:32:77:6f:88:4b:34:38:41:7e:33:
f3:ee:23:d0:48:75:e2:25:48:4a:30:2f:5c:83:e9:
d6:a9:e9:94:4d:56:62:99:ee:5d:9a:09:51:87:22:
d0:88:1b:e5:0a:2e:3c:3d:26:5c:15:56:37:3d:fc:
bd:b0:b3:c5:0f:bb:e1:2c:37:d3:bb:aa:29:ab:af:
9c:32:cc:b8:a1:fd:e5:29:67:d0:12:c7:99:e9:7b:
4d:99:17:a7:fd:0c:1c:b4:27:e6:74:13:f6:6a:a1:
b5:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:02:D3:60:71:4A:8E:0D:FB:E6:1B:27:96:F2:45:CF:9F:55:EA:20
X509v3 Authority Key Identifier:
keyid:EE:D5:B3:AF:00:64:98:1E:96:BB:5E:27:D8:F0:4D:86:E6:30:6C:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/0gLTYHFKjg375hsnlvJFz59V6iA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/7tWzrwBkmB6Wu14n2PBNhuYwbPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.31.8.0/21
IPv6:
2a02:4980::/32
Signature Algorithm: sha256WithRSAEncryption
83:c4:08:a7:a8:5b:d9:47:5c:78:45:a6:ba:b2:5a:f2:e1:81:
05:e3:d1:13:2a:a7:4c:68:38:58:f7:dd:b7:7e:af:94:9d:5e:
5a:4f:c9:09:69:a5:69:fd:eb:b5:e9:72:75:30:15:ec:76:43:
0b:be:99:97:1a:0a:04:76:c6:7c:e7:82:10:cb:52:84:79:ac:
82:d5:41:69:e5:c0:b9:5e:c7:c3:ba:8e:f1:19:54:1f:a3:72:
6b:54:e2:d7:58:cf:41:a1:f1:87:73:79:87:3e:bb:31:e5:ac:
c5:fd:e2:68:68:16:ca:ae:1e:2a:c0:f5:10:71:b5:62:26:0a:
15:1d:f0:a1:6e:1d:ae:d6:0a:e0:24:4a:b4:1c:a0:b2:e4:cb:
af:02:30:e9:b8:14:3a:91:03:dc:d6:10:56:81:c8:e3:35:27:
29:30:25:f7:f7:b0:07:ce:16:7e:e1:c2:f3:a8:96:2d:a2:23:
90:4a:c7:47:8b:1c:a2:f7:5c:40:77:f3:88:47:46:b1:86:01:
3e:da:f8:f3:fe:d8:5e:41:8f:13:bc:da:9a:f1:58:ef:ca:d6:
68:58:8b:e8:93:cc:20:b3:48:d2:65:7d:7c:7f:82:bd:bc:00:
8d:1b:95:b0:62:ab:11:fe:7c:a5:6c:f0:d4:e0:f7:d7:d9:b7:
3d:9a:1e:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSCGwa8H49QFffGsfD7rnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDViM2FmMDA2NDk4MWU5NmJiNWUyN2Q4ZjA0ZDg2ZTYz
MDZjZmEwHhcNMjUwMTAyMTM1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjAyZDM2MDcxNGE4ZTBkZmJlNjFiMjc5NmYyNDVjZjlmNTVlYTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0B7/J3Efl4Hs9xyK9hfx4ZOMgZ0
jazuZpuzDeR5Xl3VPMyUVCL892CmCocUGTdxyOjGSHyd4l7vmJC9YLn+P5Ll2h03
q/5AePRc9gDYu2oByQ5YHo8JdVRxEdSvzUEXxZE0xSR0iT2zVxdM9pxR4u3g30xy
4pI0JTOgHV2w6KP9bxGkRwi1bwkC54R9+fWlercDTTvLfSuTBTJ3b4hLNDhBfjPz
7iPQSHXiJUhKMC9cg+nWqemUTVZime5dmglRhyLQiBvlCi48PSZcFVY3Pfy9sLPF
D7vhLDfTu6opq6+cMsy4of3lKWfQEseZ6XtNmRen/QwctCfmdBP2aqG1/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNIC02BxSo4N++YbJ5byRc+fVeogMB8GA1UdIwQY
MBaAFO7Vs68AZJgelrteJ9jwTYbmMGz6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RXenJ3QmttQjZXdTE0bjJQQk5odVl3YlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8zYWFiZTAtOWU1Zi00OThkLWI1NTAt
MDMwYWNkM2FlMzM2LzEvMGdMVFlIRktqZzM3NWhzbmx2SkZ6NTlWNmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8zYWFiZTAtOWU1Zi00OThkLWI1NTAtMDMwYWNkM2FlMzM2
LzEvN3RXenJ3QmttQjZXdTE0bjJQQk5odVl3YlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLh8IMA0E
AgACMAcDBQAqAkmAMA0GCSqGSIb3DQEBCwUAA4IBAQCDxAinqFvZR1x4Raa6slry
4YEF49ETKqdMaDhY9923fq+UnV5aT8kJaaVp/eu16XJ1MBXsdkMLvpmXGgoEdsZ8
54IQy1KEeayC1UFp5cC5XsfDuo7xGVQfo3JrVOLXWM9BofGHc3mHPrsx5azF/eJo
aBbKrh4qwPUQcbViJgoVHfChbh2u1grgJEq0HKCy5MuvAjDpuBQ6kQPc1hBWgcjj
NScpMCX397AHzhZ+4cLzqJYtoiOQSsdHixyi91xAd/OIR0axhgE+2vjz/theQY8T
vNqa8VjvytZoWIvok8wgs0jSZX18f4K9vACNG5WwYqsR/nylbPDU4PfX2bc9mh5c
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:32:45 2025 by rpki-client