Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KLoPgmUcQJn1-AuYIp0b43J0Ng0.roa
File: KLoPgmUcQJn1-AuYIp0b43J0Ng0.roa (raw, json)
Hash identifier: d687TEbRA7ckJCy2xG70YCNu0X68g/goULfKYdquVb8=
Subject key identifier: 28:BA:0F:82:65:1C:40:99:F5:F8:0B:98:22:9D:1B:E3:72:74:36:0D
Certificate issuer: /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial: 01856D8B0B9C50BCAC4DA933BE0A2729E062
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KLoPgmUcQJn1-AuYIp0b43J0Ng0.roa
Signing time: Sun 01 Jan 2023 13:35:06 +0000
ROA not before: Sun 01 Jan 2023 13:35:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51820
IP address blocks: 138.188.138.0/24 maxlen: 24
138.188.136.0/24 maxlen: 24
195.65.47.0/24 maxlen: 24
194.209.67.0/24 maxlen: 24
193.5.63.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8b:0b:9c:50:bc:ac:4d:a9:33:be:0a:27:29:e0:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
Validity
Not Before: Jan 1 13:35:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28ba0f82651c4099f5f80b98229d1be37274360d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:06:d5:3a:96:7c:fd:31:41:2a:5a:43:90:5d:
44:6e:93:ee:27:62:1c:5f:70:9a:5b:1a:b5:4a:88:
a6:22:64:51:b1:c5:89:f1:94:a4:d4:6e:5c:e6:ef:
4e:c0:18:e4:97:28:a4:f3:cd:7f:e1:9c:a6:29:c2:
b3:97:48:a1:6e:ff:71:cf:b7:5e:82:1f:cb:c4:3b:
47:bd:77:a1:5b:cc:d1:aa:54:1d:6c:41:b1:f4:21:
db:e1:04:a3:d5:58:a3:b2:a1:1c:07:ae:07:cd:71:
fe:43:83:d2:bf:0e:38:dd:02:60:97:64:ff:47:32:
81:fc:6e:1f:ca:07:e0:66:bf:6b:31:76:8c:cf:37:
15:93:3e:6b:ce:54:bf:fe:83:fb:0f:5c:96:25:63:
73:c1:3c:f6:21:72:2c:94:c6:37:41:fa:90:3d:71:
a2:54:b1:b4:8a:8e:cb:39:bf:25:68:3e:10:4b:f5:
03:88:aa:87:e7:be:47:1a:85:c6:e8:cd:51:01:5a:
eb:f4:15:38:a4:38:93:d7:25:36:d8:8a:a6:af:01:
29:82:18:87:53:a7:cb:6b:52:30:2a:81:76:0e:e5:
77:07:f0:e7:52:3c:35:b6:73:61:02:00:36:7b:71:
b6:b3:b3:00:11:83:02:1d:4d:48:61:d6:88:f3:74:
3b:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:BA:0F:82:65:1C:40:99:F5:F8:0B:98:22:9D:1B:E3:72:74:36:0D
X509v3 Authority Key Identifier:
keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/KLoPgmUcQJn1-AuYIp0b43J0Ng0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.188.136.0/24
138.188.138.0/24
193.5.63.0/24
194.209.67.0/24
195.65.47.0/24
Signature Algorithm: sha256WithRSAEncryption
24:8d:ff:ef:ef:f6:f9:f4:d8:e7:b7:38:b2:ff:3e:ad:16:32:
8f:5b:5e:b6:f1:8e:1e:5c:26:bd:24:2f:57:a2:91:58:91:9a:
49:fc:84:03:24:ed:53:8c:f5:4d:ca:9a:1d:02:b1:f5:95:00:
be:8f:6b:25:57:df:e9:b7:01:64:7e:40:e8:f2:8c:04:96:c4:
29:91:2b:5d:c9:8a:b2:83:3a:0b:a0:18:75:e8:bb:c6:b5:e3:
62:1d:ae:d6:cb:e8:99:fb:9e:a6:96:ad:1e:af:fe:94:d6:ac:
4a:0d:95:9a:19:70:e2:c8:21:4f:fd:b3:89:64:1e:4c:76:bb:
1e:7a:54:b9:e0:ec:8b:22:a6:a6:5d:39:19:da:f7:0c:4b:f7:
88:3f:f2:8f:c6:59:41:34:be:75:57:cd:42:fd:7a:d7:c2:f2:
f3:69:eb:44:d3:42:f8:27:58:86:9f:3a:3d:f7:81:5c:39:b7:
fc:a0:c0:ba:d2:c5:d5:32:57:4f:ba:4d:bc:78:7f:2d:a2:32:
ad:38:0e:f5:86:c3:14:40:e7:a0:98:39:d8:e8:22:bc:ad:73:
6f:9b:1a:35:20:41:d2:03:ad:2a:ea:17:ec:d8:07:a4:3d:14:
6e:6a:08:14:d8:d1:0b:66:b8:f6:c9:79:3a:57:38:a0:59:be:
ba:3e:5c:41
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVtiwucULysTakzvgonKeBiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjMwMTAxMTMzNTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJhMGY4MjY1MWM0MDk5ZjVmODBiOTgyMjlkMWJlMzcyNzQzNjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgbVOpZ8/TFBKlpDkF1EbpPuJ2Ic
X3CaWxq1SoimImRRscWJ8ZSk1G5c5u9OwBjklyik881/4ZymKcKzl0ihbv9xz7de
gh/LxDtHvXehW8zRqlQdbEGx9CHb4QSj1VijsqEcB64HzXH+Q4PSvw443QJgl2T/
RzKB/G4fygfgZr9rMXaMzzcVkz5rzlS//oP7D1yWJWNzwTz2IXIslMY3QfqQPXGi
VLG0io7LOb8laD4QS/UDiKqH575HGoXG6M1RAVrr9BU4pDiT1yU22IqmrwEpghiH
U6fLa1IwKoF2DuV3B/DnUjw1tnNhAgA2e3G2s7MAEYMCHU1IYdaI83Q75wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCi6D4JlHECZ9fgLmCKdG+NydDYNMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvS0xvUGdtVWNRSm4xLUF1WUlwMGI0M0owTmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAiryIAwQA
iryKAwQAwQU/AwQAwtFDAwQAw0EvMA0GCSqGSIb3DQEBCwUAA4IBAQAkjf/v7/b5
9Njntziy/z6tFjKPW1628Y4eXCa9JC9XopFYkZpJ/IQDJO1TjPVNypodArH1lQC+
j2slV9/ptwFkfkDo8owElsQpkStdyYqygzoLoBh16LvGteNiHa7Wy+iZ+56mlq0e
r/6U1qxKDZWaGXDiyCFP/bOJZB5MdrseelS54OyLIqamXTkZ2vcMS/eIP/KPxllB
NL51V81C/XrXwvLzaetE00L4J1iGnzo994FcObf8oMC60sXVMldPuk28eH8tojKt
OA71hsMUQOegmDnY6CK8rXNvmxo1IEHSA60q6hfs2AekPRRuaggU2NELZrj2yXk6
VzigWb66PlxB
-----END CERTIFICATE-----
Generated at Sun Apr 6 10:27:51 2025 by rpki-client