Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/KP1-R8Ozo5sN8i5g7eaE07K0eTQ.roa
File: KP1-R8Ozo5sN8i5g7eaE07K0eTQ.roa (raw, json)
Hash identifier: mLvAtndHxWdPvRVZIiOq/nwf/VdytfBFv0z3meNar9k=
Subject key identifier: 28:FD:7E:47:C3:B3:A3:9B:0D:F2:2E:60:ED:E6:84:D3:B2:B4:79:34
Certificate issuer: /CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
Certificate serial: 019427B5728DE651749F0DD1D80F5B4B27E7
Authority key identifier: 23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/KP1-R8Ozo5sN8i5g7eaE07K0eTQ.roa
Signing time: Thu 02 Jan 2025 15:49:50 +0000
ROA not before: Thu 02 Jan 2025 15:49:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 198002
IP address blocks: 149.255.64.0/19 maxlen: 19
2a03:1180::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:72:8d:e6:51:74:9f:0d:d1:d8:0f:5b:4b:27:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
Validity
Not Before: Jan 2 15:49:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28fd7e47c3b3a39b0df22e60ede684d3b2b47934
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:a9:90:64:1c:a9:af:9c:f8:90:ba:f2:e8:7e:
63:03:12:39:81:8d:48:c6:05:d8:e0:bf:e7:d4:ae:
12:e2:e9:a2:8a:86:07:03:23:11:8b:d3:64:e8:2c:
6f:67:ce:76:53:5f:3c:74:53:b8:89:a1:f0:c5:6d:
50:8b:87:df:cc:d2:8e:cb:0d:3f:c5:4b:96:11:f3:
fd:f4:c4:70:47:59:e3:e8:5f:9f:11:6b:fd:d6:32:
bb:60:29:2b:2d:93:b2:db:a6:13:ba:0c:e5:6d:d9:
f2:64:a7:4f:c5:60:b8:c6:ca:13:d1:4d:96:e3:34:
e9:28:95:75:69:45:1c:2e:bc:17:15:f7:7f:0b:49:
92:f4:b9:95:e9:3e:e4:0a:ab:c0:32:80:b4:cc:51:
a1:5e:a8:f7:36:1d:c0:28:85:70:6f:6c:fb:16:75:
96:e7:97:01:c6:d3:2e:48:4a:74:4e:1d:59:72:28:
fe:97:4f:e0:be:e7:c5:4a:3e:26:90:20:29:08:33:
ef:e7:d7:c3:c0:84:d8:6d:59:cb:72:5a:61:ce:ac:
ec:6e:6e:16:8b:ac:21:3e:a2:90:4e:e1:21:4a:de:
b3:f4:a5:c9:14:53:9e:37:ba:1f:c8:17:33:d2:95:
13:3a:c1:c2:ed:c0:a0:f0:9e:ba:14:06:19:6d:31:
a8:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:FD:7E:47:C3:B3:A3:9B:0D:F2:2E:60:ED:E6:84:D3:B2:B4:79:34
X509v3 Authority Key Identifier:
keyid:23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/KP1-R8Ozo5sN8i5g7eaE07K0eTQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.255.64.0/19
IPv6:
2a03:1180::/32
Signature Algorithm: sha256WithRSAEncryption
81:bd:01:c2:d1:13:02:4c:a2:ef:a3:16:53:c2:5b:d6:05:50:
a6:ef:aa:e9:36:d0:e5:65:8b:8e:1f:01:7d:b0:a3:71:58:18:
0a:bd:ec:63:fb:84:38:da:45:1b:f3:e2:ab:f5:5f:22:7e:31:
ac:dd:f5:64:bc:aa:82:44:73:0f:88:7e:91:b4:46:7a:bc:0f:
15:45:be:ef:21:8b:a3:60:da:c7:90:31:a5:82:e3:44:ab:53:
8e:a9:b2:df:99:60:fd:07:01:13:a2:e2:0f:3e:ca:93:2a:ed:
60:71:d5:88:93:43:4e:8e:b9:1f:41:19:ab:45:21:74:8e:52:
3d:36:7a:d2:19:c0:e0:25:89:b0:1f:6d:ed:a8:60:1b:33:79:
62:d5:d9:4c:53:4d:a1:c8:ba:be:37:ec:ae:b1:0a:1d:f6:5f:
0d:29:52:64:21:4e:eb:8f:5d:c6:8c:7d:26:91:65:f0:94:d8:
38:df:eb:07:e9:f6:21:e9:5d:49:19:9d:0f:cf:3b:ad:d6:84:
b1:0a:76:b1:14:83:6f:ee:d6:1e:16:8b:fb:38:a8:c5:bf:04:
52:88:0d:72:a6:0f:52:42:e1:59:62:09:cb:1e:b0:24:32:1d:
39:8a:0c:d5:7b:83:7a:aa:93:e0:f4:7b:ab:f9:e4:e8:a8:2b:
c2:c3:8c:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntXKN5lF0nw3R2A9bSyfnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjU5ZGEzYjFiMzhjYTA5MzlmNDkwZmI5MDQzZmNkODlj
ZmQwNjIwHhcNMjUwMTAyMTU0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGZkN2U0N2MzYjNhMzliMGRmMjJlNjBlZGU2ODRkM2IyYjQ3OTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6mQZBypr5z4kLry6H5jAxI5gY1I
xgXY4L/n1K4S4umiioYHAyMRi9Nk6CxvZ852U188dFO4iaHwxW1Qi4ffzNKOyw0/
xUuWEfP99MRwR1nj6F+fEWv91jK7YCkrLZOy26YTugzlbdnyZKdPxWC4xsoT0U2W
4zTpKJV1aUUcLrwXFfd/C0mS9LmV6T7kCqvAMoC0zFGhXqj3Nh3AKIVwb2z7FnWW
55cBxtMuSEp0Th1Zcij+l0/gvufFSj4mkCApCDPv59fDwITYbVnLclphzqzsbm4W
i6whPqKQTuEhSt6z9KXJFFOeN7ofyBcz0pUTOsHC7cCg8J66FAYZbTGoIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCj9fkfDs6ObDfIuYO3mhNOytHk0MB8GA1UdIwQY
MBaAFCMlnaOxs4ygk59JD7kEP82Jz9BiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUt
NjU0ZGQ2NDQyY2U0LzEvS1AxLVI4T3pvNXNOOGk1ZzdlYUUwN0swZVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUtNjU0ZGQ2NDQyY2U0
LzEvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFlf9AMA0E
AgACMAcDBQAqAxGAMA0GCSqGSIb3DQEBCwUAA4IBAQCBvQHC0RMCTKLvoxZTwlvW
BVCm76rpNtDlZYuOHwF9sKNxWBgKvexj+4Q42kUb8+Kr9V8ifjGs3fVkvKqCRHMP
iH6RtEZ6vA8VRb7vIYujYNrHkDGlguNEq1OOqbLfmWD9BwETouIPPsqTKu1gcdWI
k0NOjrkfQRmrRSF0jlI9NnrSGcDgJYmwH23tqGAbM3li1dlMU02hyLq+N+yusQod
9l8NKVJkIU7rj13GjH0mkWXwlNg43+sH6fYh6V1JGZ0Pzzut1oSxCnaxFINv7tYe
Fov7OKjFvwRSiA1ypg9SQuFZYgnLHrAkMh05igzVe4N6qpPg9Hur+eToqCvCw4yO
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:33:33 2025 by rpki-client