Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/hfGXrKTt6u41NiQkrNCRG03FgTo.roa
File: hfGXrKTt6u41NiQkrNCRG03FgTo.roa (raw, json)
Hash identifier: DUf/jFg7LXlvnvWQ7PksqyhLZu7mleW34Ka9y48nKKE=
Subject key identifier: 85:F1:97:AC:A4:ED:EA:EE:35:36:24:24:AC:D0:91:1B:4D:C5:81:3A
Certificate issuer: /CN=0ff8e93f3472ea6be58f3feb74495470095a177d
Certificate serial: 0194266B9007932AFFFFA3159CEB67FA2E82
Authority key identifier: 0F:F8:E9:3F:34:72:EA:6B:E5:8F:3F:EB:74:49:54:70:09:5A:17:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/hfGXrKTt6u41NiQkrNCRG03FgTo.roa
Signing time: Thu 02 Jan 2025 09:49:30 +0000
ROA not before: Thu 02 Jan 2025 09:49:30 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212341
IP address blocks: 139.28.152.0/22 maxlen: 22
2a13:1440::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:90:07:93:2a:ff:ff:a3:15:9c:eb:67:fa:2e:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ff8e93f3472ea6be58f3feb74495470095a177d
Validity
Not Before: Jan 2 09:49:30 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85f197aca4edeaee35362424acd0911b4dc5813a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:0b:7b:87:71:f5:cd:a3:f0:8b:8e:23:0f:b5:
b6:5a:15:6f:15:fe:c6:88:e7:47:cf:b2:73:82:5b:
e5:cd:02:9f:37:46:e3:3a:07:b9:a3:e1:a9:70:13:
ef:37:7b:28:40:35:f3:40:f4:01:7d:a0:42:9c:15:
e9:99:1f:70:7b:49:92:f7:07:52:54:f2:46:b7:7f:
ad:f4:38:ea:f1:5e:96:52:66:1e:fa:aa:83:76:b5:
db:56:1b:73:c4:fd:f6:16:7b:37:71:71:27:30:f5:
68:f1:b8:a1:1f:b3:3c:59:a9:e4:cc:14:30:4e:26:
93:4c:c1:5e:1f:5f:19:32:7f:54:9d:de:ff:34:2c:
a7:bc:32:c0:f5:f6:4c:d9:f2:fe:c4:12:ec:3b:12:
d8:28:6e:46:ab:0f:a1:8b:1a:ce:cf:57:46:8d:aa:
94:48:44:a7:7f:12:38:47:01:f3:9a:a4:e5:1d:09:
3c:46:ae:34:62:fd:58:89:c9:0b:5c:bf:8e:13:d9:
ac:10:78:c7:c0:c5:b3:73:ee:4a:3f:9c:1a:e5:cc:
95:65:20:57:0c:dc:2f:97:a1:07:48:95:06:fb:5f:
42:fb:6c:83:94:29:40:34:f7:14:41:99:c4:cc:44:
7c:8e:6b:23:93:a3:16:9e:40:56:f9:67:de:1d:11:
72:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:F1:97:AC:A4:ED:EA:EE:35:36:24:24:AC:D0:91:1B:4D:C5:81:3A
X509v3 Authority Key Identifier:
keyid:0F:F8:E9:3F:34:72:EA:6B:E5:8F:3F:EB:74:49:54:70:09:5A:17:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_jpPzRy6mvljz_rdElUcAlaF30.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/hfGXrKTt6u41NiQkrNCRG03FgTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/8b93a4-868d-4f30-b44f-fce3d590c6db/1/D_jpPzRy6mvljz_rdElUcAlaF30.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
139.28.152.0/22
IPv6:
2a13:1440::/29
Signature Algorithm: sha256WithRSAEncryption
24:bf:bf:ce:d7:66:cd:f5:63:67:58:2f:be:d9:72:73:48:d9:
f8:0f:76:34:50:54:52:2b:c8:3c:9c:fe:af:9d:94:cc:43:74:
a3:0c:5b:07:5a:b1:81:bf:da:17:fd:ec:4c:91:ae:ff:00:ef:
21:7d:64:2a:b3:49:1e:ef:c2:a8:28:33:83:c1:dc:00:b5:f0:
93:28:b9:ab:b5:b5:f1:e2:f8:60:37:98:32:4e:9e:ad:7c:c0:
7b:1f:90:45:6f:9f:df:70:e4:d1:82:7e:f6:80:22:19:4c:02:
74:43:a4:42:79:7d:8b:7f:a5:36:6c:d5:d1:ae:af:2c:21:c5:
1f:cc:e7:f4:7f:5e:71:04:82:c4:1b:2b:c4:30:f2:5b:76:d3:
b7:ba:25:24:56:67:38:9a:2b:fc:99:22:fe:0d:d4:d1:7b:54:
62:79:f3:2b:9d:6e:bb:a8:21:55:d6:1b:ea:3e:18:1c:0f:1b:
67:3c:ff:4a:86:c3:e7:9c:b0:3a:4a:ce:81:ec:3c:36:62:b3:
fd:7e:ab:68:cd:39:2d:42:5d:52:6e:34:8e:a2:8d:1b:88:44:
13:3b:dc:04:4d:ce:ae:1d:c4:f8:bc:67:7b:c6:e7:d1:0a:7d:
5e:dc:6d:ed:25:38:95:0c:74:01:dd:32:f5:c0:24:40:3e:bc:
0a:bb:4e:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma5AHkyr//6MVnOtn+i6CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjhlOTNmMzQ3MmVhNmJlNThmM2ZlYjc0NDk1NDcwMDk1
YTE3N2QwHhcNMjUwMTAyMDk0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWYxOTdhY2E0ZWRlYWVlMzUzNjI0MjRhY2QwOTExYjRkYzU4MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gt7h3H1zaPwi44jD7W2WhVvFf7G
iOdHz7JzglvlzQKfN0bjOge5o+GpcBPvN3soQDXzQPQBfaBCnBXpmR9we0mS9wdS
VPJGt3+t9Djq8V6WUmYe+qqDdrXbVhtzxP32Fns3cXEnMPVo8bihH7M8WankzBQw
TiaTTMFeH18ZMn9Und7/NCynvDLA9fZM2fL+xBLsOxLYKG5Gqw+hixrOz1dGjaqU
SESnfxI4RwHzmqTlHQk8Rq40Yv1YickLXL+OE9msEHjHwMWzc+5KP5wa5cyVZSBX
DNwvl6EHSJUG+19C+2yDlClANPcUQZnEzER8jmsjk6MWnkBW+WfeHRFyDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIXxl6yk7eruNTYkJKzQkRtNxYE6MB8GA1UdIwQY
MBaAFA/46T80cupr5Y8/63RJVHAJWhd9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9qcFB6Unk2bXZsanpfcmRFbFVjQWxhRjMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84YjkzYTQtODY4ZC00ZjMwLWI0NGYt
ZmNlM2Q1OTBjNmRiLzEvaGZHWHJLVHQ2dTQxTmlRa3JOQ1JHMDNGZ1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84YjkzYTQtODY4ZC00ZjMwLWI0NGYtZmNlM2Q1OTBjNmRi
LzEvRF9qcFB6Unk2bXZsanpfcmRFbFVjQWxhRjMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCixyYMA0E
AgACMAcDBQMqExRAMA0GCSqGSIb3DQEBCwUAA4IBAQAkv7/O12bN9WNnWC++2XJz
SNn4D3Y0UFRSK8g8nP6vnZTMQ3SjDFsHWrGBv9oX/exMka7/AO8hfWQqs0ke78Ko
KDODwdwAtfCTKLmrtbXx4vhgN5gyTp6tfMB7H5BFb5/fcOTRgn72gCIZTAJ0Q6RC
eX2Lf6U2bNXRrq8sIcUfzOf0f15xBILEGyvEMPJbdtO3uiUkVmc4miv8mSL+DdTR
e1RiefMrnW67qCFV1hvqPhgcDxtnPP9KhsPnnLA6Ss6B7Dw2YrP9fqtozTktQl1S
bjSOoo0biEQTO9wETc6uHcT4vGd7xufRCn1e3G3tJTiVDHQB3TL1wCRAPrwKu05S
-----END CERTIFICATE-----
Generated at Sun Apr 6 13:43:55 2025 by rpki-client