Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/XhfMqezXvZ9Gr1SfZAFxxiBLdqw.roa
File: XhfMqezXvZ9Gr1SfZAFxxiBLdqw.roa (raw, json)
Hash identifier: QCoblTw77lmvmm3xeIb8Fg5RScedsC6Svua+HgD7wlE=
Subject key identifier: 5E:17:CC:A9:EC:D7:BD:9F:46:AF:54:9F:64:01:71:C6:20:4B:76:AC
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 019482E2260EC4D36D0583DF4FBEB8E970FF
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/XhfMqezXvZ9Gr1SfZAFxxiBLdqw.roa
Signing time: Mon 20 Jan 2025 08:44:06 +0000
ROA not before: Mon 20 Jan 2025 08:44:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214238
IP address blocks: 2.58.124.0/24 maxlen: 24
2.58.125.0/24 maxlen: 24
2.58.126.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:82:e2:26:0e:c4:d3:6d:05:83:df:4f:be:b8:e9:70:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jan 20 08:44:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5e17cca9ecd7bd9f46af549f640171c6204b76ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:22:2b:41:45:91:07:0d:0c:13:01:68:a9:c8:
4d:a4:25:d9:16:80:c5:95:7b:ab:f7:45:c1:e5:2b:
38:6c:b7:47:0c:d1:62:8e:03:83:39:3f:0b:e0:28:
ed:35:03:46:b0:01:84:c8:64:e6:de:af:2a:ed:02:
f8:ee:b0:b5:75:5c:77:84:6b:00:34:2c:d4:b6:46:
43:52:46:a1:59:73:36:2a:38:7b:75:7c:30:51:46:
ec:a0:95:b6:9d:93:2e:41:34:54:fc:9c:fb:31:32:
5c:b4:17:13:3c:95:9c:d4:43:e2:7c:f7:a8:d4:ff:
2c:c5:2d:3f:b8:bc:96:2a:35:df:1e:ed:84:97:3e:
a2:c1:b8:00:79:ea:6c:05:3b:93:24:67:6a:f0:0a:
41:5c:1a:bf:f2:fe:2e:04:49:6d:41:50:64:dc:8f:
7c:03:a9:0c:87:b1:db:c5:1a:9c:02:45:91:f7:67:
59:cf:cf:4c:3a:5b:79:31:94:8d:d8:1b:75:f5:79:
a6:4d:1d:98:97:b1:91:38:77:71:0e:f2:ba:61:e1:
f7:12:f1:8f:28:14:c6:36:54:91:14:f1:fe:4b:6f:
76:c9:28:1b:f5:8d:a1:cd:db:03:f0:10:fc:e7:72:
75:80:55:ea:7c:20:77:e8:fe:eb:5c:1e:00:0e:e3:
c1:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:17:CC:A9:EC:D7:BD:9F:46:AF:54:9F:64:01:71:C6:20:4B:76:AC
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/XhfMqezXvZ9Gr1SfZAFxxiBLdqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.124.0-2.58.126.255
Signature Algorithm: sha256WithRSAEncryption
14:c8:82:95:ce:0f:da:88:9c:7d:d9:d9:d6:70:cf:dd:ef:97:
a4:60:41:0e:8e:8c:fd:97:a8:0e:bb:d4:5f:79:74:ce:43:64:
bd:a8:89:db:c9:49:63:80:3d:ed:5b:37:19:79:ba:8e:1b:4d:
3b:da:ab:39:bc:ed:03:61:2c:38:c3:80:a9:ed:7a:46:2d:74:
ee:20:1e:76:0c:1e:10:56:a8:7b:58:94:93:52:af:e8:52:57:
e1:da:de:c6:a1:55:6b:db:0f:36:16:b9:fe:ab:7e:46:00:d2:
d4:ec:bb:a0:c8:50:e2:27:67:41:e9:de:90:17:88:6b:88:18:
f9:59:fd:bc:97:3f:65:b1:49:ca:96:dd:90:37:07:09:4d:64:
49:16:2b:98:52:84:29:56:69:8a:46:4c:95:5f:c4:48:cd:89:
9b:83:f5:b0:e9:e8:94:a0:2d:bd:ac:09:50:c9:c6:97:57:f0:
a8:6b:0e:5f:58:b7:73:07:ce:34:1f:a9:7f:cb:07:20:63:38:
b0:9a:bd:2a:67:32:dc:24:1b:8f:91:7d:2f:aa:24:c9:78:aa:
44:c8:d2:03:59:92:e3:6c:97:d4:d2:a1:cf:11:ca:fe:f8:43:
15:85:ce:4e:70:b8:23:1a:91:48:0f:b9:e8:23:b3:d7:21:d2:
5a:3b:b7:e0
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZSC4iYOxNNtBYPfT7646XD/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjUwMTIwMDg0NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTE3Y2NhOWVjZDdiZDlmNDZhZjU0OWY2NDAxNzFjNjIwNGI3NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCIrQUWRBw0MEwFoqchNpCXZFoDF
lXur90XB5Ss4bLdHDNFijgODOT8L4CjtNQNGsAGEyGTm3q8q7QL47rC1dVx3hGsA
NCzUtkZDUkahWXM2Kjh7dXwwUUbsoJW2nZMuQTRU/Jz7MTJctBcTPJWc1EPifPeo
1P8sxS0/uLyWKjXfHu2Elz6iwbgAeepsBTuTJGdq8ApBXBq/8v4uBEltQVBk3I98
A6kMh7HbxRqcAkWR92dZz89MOlt5MZSN2Bt19XmmTR2Yl7GROHdxDvK6YeH3EvGP
KBTGNlSRFPH+S292ySgb9Y2hzdsD8BD853J1gFXqfCB36P7rXB4ADuPBpwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF4XzKns172fRq9Un2QBccYgS3asMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvWGhmTXFlelh2WjlHcjFTZlpBRnh4aUJMZHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAICOnwD
BAACOn4wDQYJKoZIhvcNAQELBQADggEBABTIgpXOD9qInH3Z2dZwz93vl6RgQQ6O
jP2XqA671F95dM5DZL2oidvJSWOAPe1bNxl5uo4bTTvaqzm87QNhLDjDgKntekYt
dO4gHnYMHhBWqHtYlJNSr+hSV+Ha3sahVWvbDzYWuf6rfkYA0tTsu6DIUOInZ0Hp
3pAXiGuIGPlZ/byXP2WxScqW3ZA3BwlNZEkWK5hShClWaYpGTJVfxEjNiZuD9bDp
6JSgLb2sCVDJxpdX8KhrDl9Yt3MHzjQfqX/LByBjOLCavSpnMtwkG4+RfS+qJMl4
qkTI0gNZkuNsl9TSoc8Ryv74QxWFzk5wuCMakUgPuegjs9ch0lo7t+A=
-----END CERTIFICATE-----
Generated at Sat Apr 5 13:22:23 2025 by rpki-client