Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/mkwmtA0jkOM7SyrpcKgMENjsfM8.roa
File: mkwmtA0jkOM7SyrpcKgMENjsfM8.roa (raw, json)
Hash identifier: DpZOMziaIwpgbCMUZXXUtREgsIKDmDG6pHqHnMxidcc=
Subject key identifier: 9A:4C:26:B4:0D:23:90:E3:3B:4B:2A:E9:70:A8:0C:10:D8:EC:7C:CF
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 018C410F0F13F4976B3803221C9767454822
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/mkwmtA0jkOM7SyrpcKgMENjsfM8.roa
Signing time: Wed 06 Dec 2023 21:35:55 +0000
ROA not before: Wed 06 Dec 2023 21:35:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5650
IP address blocks: 176.102.124.0/22 maxlen: 22
176.102.120.0/22 maxlen: 22
176.102.120.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:41:0f:0f:13:f4:97:6b:38:03:22:1c:97:67:45:48:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Dec 6 21:35:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9a4c26b40d2390e33b4b2ae970a80c10d8ec7ccf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:78:b4:42:fb:88:0e:cc:bb:0e:69:9f:9e:73:
30:12:f0:5e:97:03:0a:a9:27:cd:97:b0:d7:8d:27:
8d:30:76:47:cd:a8:11:57:40:12:af:23:ea:3d:57:
ac:9d:63:49:b8:89:c3:cf:44:bb:bf:19:c7:cc:44:
ca:ac:00:04:8e:c5:a3:b8:74:24:93:72:ac:c9:47:
ad:11:be:19:db:28:b6:5a:33:b4:f8:34:cd:00:eb:
4a:50:3d:8b:3a:57:3f:3f:48:3a:83:1c:9d:de:15:
f5:09:45:ce:c6:77:63:d2:b4:1e:ad:3f:ab:cd:11:
6c:0f:1c:30:e6:6b:a2:df:78:1b:41:a3:62:d1:72:
0c:db:d7:c2:9f:be:4f:cb:fe:cd:eb:b3:eb:a6:68:
20:1c:39:92:85:33:1b:a2:48:4d:9e:3b:1a:bd:b5:
ad:7a:a1:c4:2f:54:41:05:34:fe:5b:0c:a7:36:c1:
67:dd:72:b2:28:91:59:1d:33:6b:73:d2:62:18:64:
24:f1:50:38:a7:a3:24:df:55:c5:47:eb:ee:fb:0b:
7b:c9:fa:97:52:d9:c4:69:02:30:79:93:6e:8e:4f:
aa:19:dd:98:c6:a8:61:7a:c3:3e:e9:54:aa:48:46:
52:d7:07:cb:aa:2e:50:0e:71:a9:00:48:f7:56:f4:
dc:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:4C:26:B4:0D:23:90:E3:3B:4B:2A:E9:70:A8:0C:10:D8:EC:7C:CF
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/mkwmtA0jkOM7SyrpcKgMENjsfM8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.102.120.0/21
Signature Algorithm: sha256WithRSAEncryption
9b:83:0f:9c:96:d2:b7:33:7d:31:7d:fc:1b:cf:ef:6b:14:c9:
a1:63:93:c1:ce:91:28:7e:10:3d:54:02:80:56:55:9e:d9:97:
8b:f5:c8:25:88:6c:ba:6d:1e:c2:ab:6a:b2:3d:91:d2:3d:89:
91:78:5d:14:8f:32:2f:4a:64:38:fd:4e:2b:df:fa:a6:d1:b5:
fe:2e:d6:82:90:42:be:2b:01:51:c9:1d:95:f3:a2:16:4b:89:
e2:6c:46:2b:ff:41:15:68:52:f8:a1:88:49:fb:fd:2e:75:c3:
46:99:5f:0a:be:e6:3b:98:02:dc:b5:4b:a0:ef:ff:91:94:be:
7b:1b:f1:61:bb:28:56:4b:03:5c:2e:df:4f:d0:31:b9:70:2e:
4e:59:42:12:8c:80:ee:36:c2:b7:9d:e5:62:b2:c7:f7:fe:75:
e8:51:62:a3:b0:74:3d:0c:6e:c1:dc:22:98:63:a1:b6:32:2b:
9a:b8:0f:4c:49:4a:d8:21:38:bd:a3:9c:09:59:64:6c:14:6e:
94:10:12:38:0a:0a:19:90:22:e2:73:ee:98:06:d9:63:cb:98:
ff:6d:81:3d:dd:3f:15:40:6e:51:d4:7c:79:41:d3:48:ad:d9:
d5:f0:a7:c5:57:ab:ae:e6:41:e0:cc:4f:2f:18:cc:02:cb:85:
02:21:54:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxBDw8T9JdrOAMiHJdnRUgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMxMjA2MjEzNTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTRjMjZiNDBkMjM5MGUzM2I0YjJhZTk3MGE4MGMxMGQ4ZWM3Y2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXi0QvuIDsy7DmmfnnMwEvBelwMK
qSfNl7DXjSeNMHZHzagRV0ASryPqPVesnWNJuInDz0S7vxnHzETKrAAEjsWjuHQk
k3KsyUetEb4Z2yi2WjO0+DTNAOtKUD2LOlc/P0g6gxyd3hX1CUXOxndj0rQerT+r
zRFsDxww5mui33gbQaNi0XIM29fCn75Py/7N67PrpmggHDmShTMbokhNnjsavbWt
eqHEL1RBBTT+WwynNsFn3XKyKJFZHTNrc9JiGGQk8VA4p6Mk31XFR+vu+wt7yfqX
UtnEaQIweZNujk+qGd2YxqhhesM+6VSqSEZS1wfLqi5QDnGpAEj3VvTcVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpMJrQNI5DjO0sq6XCoDBDY7HzPMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvbWt3bXRBMGprT003U3lycGNLZ01FTmpzZk04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQCbgw+cltK3M30xffwbz+9rFMmhY5PBzpEofhA9VAKA
VlWe2ZeL9cgliGy6bR7Cq2qyPZHSPYmReF0UjzIvSmQ4/U4r3/qm0bX+LtaCkEK+
KwFRyR2V86IWS4nibEYr/0EVaFL4oYhJ+/0udcNGmV8KvuY7mALctUug7/+RlL57
G/FhuyhWSwNcLt9P0DG5cC5OWUISjIDuNsK3neVissf3/nXoUWKjsHQ9DG7B3CKY
Y6G2MiuauA9MSUrYITi9o5wJWWRsFG6UEBI4CgoZkCLic+6YBtljy5j/bYE93T8V
QG5R1Hx5QdNIrdnV8KfFV6uu5kHgzE8vGMwCy4UCIVRp
-----END CERTIFICATE-----
Generated at Sun Apr 6 04:48:13 2025 by rpki-client