Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/1-9Z39awtCUNqeCcuYwIOQubEoEY.roa
File: 1-9Z39awtCUNqeCcuYwIOQubEoEY.roa (raw, json)
Hash identifier: AJvelHrJ42adBWeCqNbgdbqaGB/A4YMI32J/x3+LlBI=
Subject key identifier: FB:D6:77:F5:AC:2D:09:43:6A:78:27:2E:63:02:0E:42:E6:C4:A0:46
Certificate issuer: /CN=a3c963d1a11d00d384adedf9bb86e53849a9b18c
Certificate serial: 019425FCC25EC192EC46BD55F3AE650B2DF0
Authority key identifier: A3:C9:63:D1:A1:1D:00:D3:84:AD:ED:F9:BB:86:E5:38:49:A9:B1:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o8lj0aEdANOEre35u4blOEmpsYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/1-9Z39awtCUNqeCcuYwIOQubEoEY.roa
Signing time: Thu 02 Jan 2025 07:48:29 +0000
ROA not before: Thu 02 Jan 2025 07:48:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39232
IP address blocks: 37.26.0.0/18 maxlen: 18
37.26.0.0/19 maxlen: 19
37.26.32.0/19 maxlen: 19
109.239.16.0/20 maxlen: 20
109.239.16.0/21 maxlen: 21
109.239.24.0/21 maxlen: 21
185.80.172.0/22 maxlen: 22
185.80.172.0/23 maxlen: 23
185.80.174.0/23 maxlen: 23
217.25.16.0/20 maxlen: 20
217.25.16.0/21 maxlen: 21
217.25.24.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:c2:5e:c1:92:ec:46:bd:55:f3:ae:65:0b:2d:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a3c963d1a11d00d384adedf9bb86e53849a9b18c
Validity
Not Before: Jan 2 07:48:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fbd677f5ac2d09436a78272e63020e42e6c4a046
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:26:98:11:f6:08:7e:85:da:f2:77:5a:2a:29:
98:5e:f3:b7:1e:aa:1d:fa:3b:d2:bc:a1:dd:d5:69:
d2:8d:e1:5e:76:f2:f6:e7:89:96:8e:71:c2:5c:52:
a8:75:dd:e1:62:96:37:b5:12:90:ca:b2:73:13:2a:
1c:85:18:08:98:83:43:dc:35:fa:bd:e2:6d:c9:a7:
3f:f1:01:72:07:4b:6c:e4:13:4b:05:4f:86:33:bf:
3d:d6:96:7b:38:bf:14:13:3f:f0:0a:ce:fb:82:26:
63:01:5e:58:76:8a:73:58:8a:b2:49:d8:e2:42:c4:
f0:1c:00:97:51:5a:99:7d:ee:5d:01:00:fc:77:d1:
96:41:c1:da:65:aa:7b:1a:ac:a1:9c:d4:65:ff:ec:
cd:9d:5a:ef:91:7f:8f:60:bd:ba:3d:80:36:13:fd:
14:cd:32:66:6a:b8:c5:94:90:42:1e:75:eb:b0:ba:
47:11:8b:83:82:dd:23:44:04:54:6b:b0:f5:1a:22:
6f:d0:bb:38:46:d4:b3:12:e0:e4:eb:ce:61:04:9b:
4b:32:75:f1:9a:d5:1b:59:47:b2:59:55:52:15:28:
ac:ff:2a:51:5c:90:9c:4c:3e:5f:b3:28:72:54:af:
fc:ce:d0:3c:70:72:8c:8f:ad:29:35:c4:66:54:8a:
69:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:D6:77:F5:AC:2D:09:43:6A:78:27:2E:63:02:0E:42:E6:C4:A0:46
X509v3 Authority Key Identifier:
keyid:A3:C9:63:D1:A1:1D:00:D3:84:AD:ED:F9:BB:86:E5:38:49:A9:B1:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8lj0aEdANOEre35u4blOEmpsYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/1-9Z39awtCUNqeCcuYwIOQubEoEY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/fc52a0-e0f7-480b-ba7d-1042ea8e3bfb/1/o8lj0aEdANOEre35u4blOEmpsYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.26.0.0/18
109.239.16.0/20
185.80.172.0/22
217.25.16.0/20
Signature Algorithm: sha256WithRSAEncryption
87:24:5f:6c:af:9c:65:43:5a:31:1a:1d:76:65:ca:56:7b:5d:
27:bd:f1:4a:44:b0:64:0f:73:38:05:9e:c7:70:e9:02:03:83:
e6:bf:28:a6:04:38:38:2a:a7:e7:8d:9e:c4:cc:b9:cb:19:48:
8c:29:e2:78:17:48:09:e9:2e:48:97:7a:8b:f0:51:b3:ad:69:
34:12:0f:46:9d:c6:09:2d:cf:e3:46:bd:94:fd:96:76:26:00:
9d:19:d5:f4:0d:12:dd:59:56:13:ca:2b:39:13:a1:6b:8d:b8:
2f:de:31:bb:57:6c:d0:5a:ee:1b:fc:ad:8b:d1:a7:e9:16:48:
6c:a5:1c:d3:f6:10:97:56:c7:a2:31:ed:c1:87:f8:69:7a:17:
e0:6e:2d:81:f0:90:8b:62:b9:58:21:1b:ab:70:42:1e:c7:92:
fc:d2:77:f1:7b:fb:b3:45:5a:ae:58:51:94:68:a7:70:fd:86:
48:21:a3:1e:33:aa:df:20:87:1b:10:8a:b2:99:0c:52:4b:7c:
26:03:f1:4e:a9:1d:03:89:fd:69:6e:6c:09:98:b7:e2:15:38:
47:bc:d2:84:ab:a9:b7:76:aa:87:45:df:2a:d0:56:48:5d:12:
5f:22:78:af:95:16:35:4f:33:b2:4b:3b:6c:7f:25:ee:29:eb:
c8:6e:57:d7
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQl/MJewZLsRr1V865lCy3wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYzk2M2QxYTExZDAwZDM4NGFkZWRmOWJiODZlNTM4NDlh
OWIxOGMwHhcNMjUwMTAyMDc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmQ2NzdmNWFjMmQwOTQzNmE3ODI3MmU2MzAyMGU0MmU2YzRhMDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCaYEfYIfoXa8ndaKimYXvO3Hqod
+jvSvKHd1WnSjeFedvL254mWjnHCXFKodd3hYpY3tRKQyrJzEyochRgImIND3DX6
veJtyac/8QFyB0ts5BNLBU+GM7891pZ7OL8UEz/wCs77giZjAV5YdopzWIqySdji
QsTwHACXUVqZfe5dAQD8d9GWQcHaZap7GqyhnNRl/+zNnVrvkX+PYL26PYA2E/0U
zTJmarjFlJBCHnXrsLpHEYuDgt0jRARUa7D1GiJv0Ls4RtSzEuDk685hBJtLMnXx
mtUbWUeyWVVSFSis/ypRXJCcTD5fsyhyVK/8ztA8cHKMj60pNcRmVIppUwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPvWd/WsLQlDangnLmMCDkLmxKBGMB8GA1UdIwQY
MBaAFKPJY9GhHQDThK3t+buG5ThJqbGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhsajBhRWRBTk9FcmUzNXU0YmxPRW1wc1l3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9mYzUyYTAtZTBmNy00ODBiLWJhN2Qt
MTA0MmVhOGUzYmZiLzEvMS05WjM5YXd0Q1VOcWVDY3VZd0lPUXViRW9FWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvZmM1MmEwLWUwZjctNDgwYi1iYTdkLTEwNDJlYThlM2Jm
Yi8xL284bGowYUVkQU5PRXJlMzV1NGJsT0VtcHNZdy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEBiUaAAME
BG3vEAMEArlQrAMEBNkZEDANBgkqhkiG9w0BAQsFAAOCAQEAhyRfbK+cZUNaMRod
dmXKVntdJ73xSkSwZA9zOAWex3DpAgOD5r8opgQ4OCqn542exMy5yxlIjCnieBdI
CekuSJd6i/BRs61pNBIPRp3GCS3P40a9lP2WdiYAnRnV9A0S3VlWE8orOROha424
L94xu1ds0FruG/yti9Gn6RZIbKUc0/YQl1bHojHtwYf4aXoX4G4tgfCQi2K5WCEb
q3BCHseS/NJ38Xv7s0VarlhRlGincP2GSCGjHjOq3yCHGxCKspkMUkt8JgPxTqkd
A4n9aW5sCZi34hU4R7zShKupt3aqh0XfKtBWSF0SXyJ4r5UWNU8zsks7bH8l7inr
yG5X1w==
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:45:24 2025 by rpki-client