Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/oHw7wrhs1qz9tzh4TUZjM8oea6k.roa
File: oHw7wrhs1qz9tzh4TUZjM8oea6k.roa (raw, json)
Hash identifier: IIsyfj8tmjqckisgTytL6hssPf4b/V3+My7Zj1/h7d0=
Subject key identifier: A0:7C:3B:C2:B8:6C:D6:AC:FD:B7:38:78:4D:46:63:33:CA:1E:6B:A9
Certificate issuer: /CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Certificate serial: 0194236A30496C16E51122A03BD04AFF684F
Authority key identifier: 34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/oHw7wrhs1qz9tzh4TUZjM8oea6k.roa
Signing time: Wed 01 Jan 2025 19:49:09 +0000
ROA not before: Wed 01 Jan 2025 19:49:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60558
IP address blocks: 185.52.52.0/22 maxlen: 22
185.52.55.0/24 maxlen: 24
2a01:b960:2301::/48 maxlen: 64
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:30:49:6c:16:e5:11:22:a0:3b:d0:4a:ff:68:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34f1726ea4bd6d3c8091ae0c8ad1a03e91e359a2
Validity
Not Before: Jan 1 19:49:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a07c3bc2b86cd6acfdb738784d466333ca1e6ba9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:eb:2f:1e:5a:26:ab:c9:48:fc:d5:8b:ff:8b:
17:ac:b4:ce:ca:a1:1b:6f:36:23:a4:a2:e5:97:58:
82:76:46:1c:21:06:0d:b5:e5:b0:ff:fa:b5:f3:2f:
2f:6e:58:f3:69:19:27:e9:c2:09:78:10:28:fb:25:
5f:28:e7:b3:da:c5:0b:fa:82:b4:74:6e:fc:1b:30:
6b:2d:12:01:81:e8:a0:09:a5:df:c6:bb:6d:65:ad:
02:9d:fe:1a:21:43:dd:be:fd:e2:63:43:d8:73:da:
c4:71:4b:2e:78:d7:e9:c8:2c:e6:e6:98:9e:cb:17:
52:49:2b:30:e5:48:73:21:ff:c2:62:ad:2a:3d:51:
f5:15:a1:29:45:5e:eb:77:76:90:ad:50:b6:5e:c1:
b0:93:6d:4b:7f:0f:61:89:66:81:ed:e1:80:c0:d7:
6b:6b:56:86:27:c7:9a:c4:a8:6e:ea:af:0b:fe:d7:
8f:a7:f2:41:ab:a8:d1:21:b6:ae:31:fd:41:ad:4a:
b8:24:d7:32:fb:a9:5c:01:d5:e2:11:0c:cd:d6:eb:
c4:2f:1b:39:84:c3:c7:7c:df:bb:4e:00:2f:61:59:
08:3d:e3:cd:19:2c:72:37:3a:d8:bb:14:bd:47:b6:
de:e7:a8:21:1c:03:b3:0c:71:53:06:b4:05:14:f4:
bf:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:7C:3B:C2:B8:6C:D6:AC:FD:B7:38:78:4D:46:63:33:CA:1E:6B:A9
X509v3 Authority Key Identifier:
keyid:34:F1:72:6E:A4:BD:6D:3C:80:91:AE:0C:8A:D1:A0:3E:91:E3:59:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPFybqS9bTyAka4MitGgPpHjWaI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/oHw7wrhs1qz9tzh4TUZjM8oea6k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/ef8e84-9161-402c-81ad-e8e8d2fe70fe/1/NPFybqS9bTyAka4MitGgPpHjWaI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.52.52.0/22
IPv6:
2a01:b960:2301::/48
Signature Algorithm: sha256WithRSAEncryption
97:c1:17:9e:2f:89:96:aa:f2:a7:0a:dc:a7:03:fd:55:df:b9:
f5:05:35:05:c4:e2:52:69:43:14:34:a9:6c:1a:21:bd:5a:eb:
64:3b:95:ed:5e:be:27:72:56:52:45:e7:47:eb:9e:d7:5f:9b:
5d:50:4a:10:f8:f3:a7:eb:8f:f4:3f:d5:8b:db:d1:71:a1:de:
d2:fd:8a:16:8f:5f:d6:05:f3:f6:e0:e0:7d:6d:1b:0b:5f:f9:
7d:94:3d:87:48:9d:86:46:ba:0a:ab:b2:6d:33:35:8c:e2:12:
94:5e:d3:e9:64:a0:57:f1:31:bd:36:79:04:17:c7:28:ce:4b:
a3:ff:12:ed:9b:f1:8c:05:e2:db:a4:6f:67:e7:ef:f1:ba:72:
c7:6a:9b:f6:4c:29:9f:68:ab:9b:8a:21:3a:5f:ec:a1:ee:d8:
dc:60:94:5b:c2:06:ab:43:48:a1:e8:b5:db:b0:49:44:d8:79:
fc:e0:6c:19:e7:d9:ea:bb:c7:3a:5c:c6:c2:14:2e:89:47:ef:
47:c2:4b:06:74:0c:d0:18:f7:a4:52:84:fc:4a:f3:0e:26:29:
3c:ff:26:d4:94:4c:60:9c:24:34:0b:b2:14:e9:4b:8a:d6:7c:
42:d9:f9:aa:04:26:11:51:d6:c9:2c:b0:93:22:5d:2e:5e:47:
c2:fb:2d:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjajBJbBblESKgO9BK/2hPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjE3MjZlYTRiZDZkM2M4MDkxYWUwYzhhZDFhMDNlOTFl
MzU5YTIwHhcNMjUwMTAxMTk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDdjM2JjMmI4NmNkNmFjZmRiNzM4Nzg0ZDQ2NjMzM2NhMWU2YmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOsvHlomq8lI/NWL/4sXrLTOyqEb
bzYjpKLll1iCdkYcIQYNteWw//q18y8vbljzaRkn6cIJeBAo+yVfKOez2sUL+oK0
dG78GzBrLRIBgeigCaXfxrttZa0Cnf4aIUPdvv3iY0PYc9rEcUsueNfpyCzm5pie
yxdSSSsw5UhzIf/CYq0qPVH1FaEpRV7rd3aQrVC2XsGwk21Lfw9hiWaB7eGAwNdr
a1aGJ8eaxKhu6q8L/tePp/JBq6jRIbauMf1BrUq4JNcy+6lcAdXiEQzN1uvELxs5
hMPHfN+7TgAvYVkIPePNGSxyNzrYuxS9R7be56ghHAOzDHFTBrQFFPS/RQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKB8O8K4bNas/bc4eE1GYzPKHmupMB8GA1UdIwQY
MBaAFDTxcm6kvW08gJGuDIrRoD6R41miMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQt
ZThlOGQyZmU3MGZlLzEvb0h3N3dyaHMxcXo5dHpoNFRVWmpNOG9lYTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lZjhlODQtOTE2MS00MDJjLTgxYWQtZThlOGQyZmU3MGZl
LzEvTlBGeWJxUzliVHlBa2E0TWl0R2dQcEhqV2FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuTQ0MA8E
AgACMAkDBwAqAblgIwEwDQYJKoZIhvcNAQELBQADggEBAJfBF54viZaq8qcK3KcD
/VXfufUFNQXE4lJpQxQ0qWwaIb1a62Q7le1evidyVlJF50frntdfm11QShD486fr
j/Q/1Yvb0XGh3tL9ihaPX9YF8/bg4H1tGwtf+X2UPYdInYZGugqrsm0zNYziEpRe
0+lkoFfxMb02eQQXxyjOS6P/Eu2b8YwF4tukb2fn7/G6csdqm/ZMKZ9oq5uKITpf
7KHu2NxglFvCBqtDSKHotduwSUTYefzgbBnn2eq7xzpcxsIULolH70fCSwZ0DNAY
96RShPxK8w4mKTz/JtSUTGCcJDQLshTpS4rWfELZ+aoEJhFR1skssJMiXS5eR8L7
LaE=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:11:22 2025 by rpki-client