Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/sq9dX2y5oygslTbXeDpJSx4iqdw.roa
File: sq9dX2y5oygslTbXeDpJSx4iqdw.roa (raw, json)
Hash identifier: m17OPoKv1pjz2qDkIfpj2o8Nzfwy0OmAlARPr95x+uI=
Subject key identifier: B2:AF:5D:5F:6C:B9:A3:28:2C:95:36:D7:78:3A:49:4B:1E:22:A9:DC
Certificate issuer: /CN=239c45e43625522080aec53952989a13a28abd00
Certificate serial: 019426D9979BC2C2D1ADB671589F86FBB6AC
Authority key identifier: 23:9C:45:E4:36:25:52:20:80:AE:C5:39:52:98:9A:13:A2:8A:BD:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I5xF5DYlUiCArsU5UpiaE6KKvQA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/sq9dX2y5oygslTbXeDpJSx4iqdw.roa
Signing time: Thu 02 Jan 2025 11:49:41 +0000
ROA not before: Thu 02 Jan 2025 11:49:41 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205845
IP address blocks: 45.154.168.0/22 maxlen: 24
185.204.120.0/22 maxlen: 24
2a0a:f740::/29 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:97:9b:c2:c2:d1:ad:b6:71:58:9f:86:fb:b6:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=239c45e43625522080aec53952989a13a28abd00
Validity
Not Before: Jan 2 11:49:41 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b2af5d5f6cb9a3282c9536d7783a494b1e22a9dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:26:04:b6:c0:bf:a6:93:09:c1:69:78:81:7a:
a3:3e:cc:51:18:95:ac:75:e2:9f:a8:90:25:4e:bd:
aa:2c:4b:1e:2a:22:74:d0:92:00:3f:13:ce:c6:7c:
6b:0b:d9:31:48:c2:76:f6:23:45:ef:ff:a3:0a:55:
aa:32:f5:4d:86:1e:ac:62:1b:bb:e8:5f:7f:45:d1:
15:3f:21:c7:54:35:9a:f2:d7:fb:f1:f0:98:71:be:
0e:35:d8:1e:25:cc:89:2f:18:ec:bb:68:c9:c4:98:
d8:10:2a:3e:68:8f:c1:cf:89:70:9f:c8:c0:49:04:
20:62:1b:35:66:27:3e:f3:9b:62:a3:73:0b:f0:84:
38:da:4f:43:81:38:65:e4:0b:7c:e5:97:fb:78:72:
4d:2d:ba:a6:70:4a:ea:10:85:65:6a:26:5e:5b:62:
99:c7:4d:24:98:c4:8a:5c:6e:59:c9:07:33:15:0c:
4b:36:1c:33:b7:15:51:c3:26:ba:7a:93:18:11:64:
90:64:63:90:ca:fb:64:94:b1:70:c1:44:ef:42:b1:
cc:aa:d6:8b:f8:85:c0:06:b3:58:b5:e1:95:03:10:
97:a1:0e:a1:79:d9:2d:c8:1d:c7:86:1f:9b:20:05:
e3:b9:b8:ff:aa:69:76:43:a7:5e:09:78:a5:41:b2:
7b:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:AF:5D:5F:6C:B9:A3:28:2C:95:36:D7:78:3A:49:4B:1E:22:A9:DC
X509v3 Authority Key Identifier:
keyid:23:9C:45:E4:36:25:52:20:80:AE:C5:39:52:98:9A:13:A2:8A:BD:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I5xF5DYlUiCArsU5UpiaE6KKvQA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/sq9dX2y5oygslTbXeDpJSx4iqdw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/4c4894-80fc-48ef-b668-975a237ecd06/1/I5xF5DYlUiCArsU5UpiaE6KKvQA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.154.168.0/22
185.204.120.0/22
IPv6:
2a0a:f740::/29
Signature Algorithm: sha256WithRSAEncryption
96:22:8a:f6:d7:bf:bf:6e:11:47:3a:58:90:fb:ea:40:5c:a4:
35:35:b8:1e:85:f1:fe:2e:de:90:65:ed:61:f0:49:c5:2c:40:
04:ad:ca:88:a4:ff:1a:15:9c:e9:df:72:fe:c4:ca:e2:2f:54:
7b:cf:78:1c:09:ef:21:46:f9:bf:0b:c0:cf:c1:85:74:73:8c:
5b:c9:09:ed:32:81:d2:d4:48:bf:8f:3c:f6:5a:bb:9e:37:c1:
49:b6:75:8e:bb:3b:5f:48:72:60:0a:7f:5a:8e:c0:2b:6e:c8:
4d:f5:1e:5c:60:f5:03:12:52:7d:4b:f3:cb:f4:3b:24:74:be:
30:4d:59:6e:a4:26:10:65:af:ad:1b:cf:55:6b:32:b0:6d:c2:
10:30:bb:16:6d:92:ee:6a:ec:62:64:22:6e:3a:fb:c4:6b:3f:
66:e6:6b:be:b7:84:a6:4e:39:7e:8f:c1:32:f9:7b:bc:b2:f1:
30:7a:6b:b8:54:65:8f:bb:c9:4d:7e:e9:6c:86:71:d8:42:70:
44:a7:8f:6e:38:6d:48:29:da:fb:db:d2:28:fd:68:a4:c9:7c:
3e:ca:4d:cd:82:6b:8a:94:a1:83:a5:5c:8d:e4:5b:b9:bb:ba:
0c:82:aa:a6:7b:7a:26:ef:c5:c4:67:e7:bb:d3:41:c1:a2:20:
60:11:4b:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQm2ZebwsLRrbZxWJ+G+7asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzOWM0NWU0MzYyNTUyMjA4MGFlYzUzOTUyOTg5YTEzYTI4
YWJkMDAwHhcNMjUwMTAyMTE0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmFmNWQ1ZjZjYjlhMzI4MmM5NTM2ZDc3ODNhNDk0YjFlMjJhOWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySYEtsC/ppMJwWl4gXqjPsxRGJWs
deKfqJAlTr2qLEseKiJ00JIAPxPOxnxrC9kxSMJ29iNF7/+jClWqMvVNhh6sYhu7
6F9/RdEVPyHHVDWa8tf78fCYcb4ONdgeJcyJLxjsu2jJxJjYECo+aI/Bz4lwn8jA
SQQgYhs1Zic+85tio3ML8IQ42k9DgThl5At85Zf7eHJNLbqmcErqEIVlaiZeW2KZ
x00kmMSKXG5ZyQczFQxLNhwztxVRwya6epMYEWSQZGOQyvtklLFwwUTvQrHMqtaL
+IXABrNYteGVAxCXoQ6hedktyB3Hhh+bIAXjubj/qml2Q6deCXilQbJ7ZwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLKvXV9suaMoLJU213g6SUseIqncMB8GA1UdIwQY
MBaAFCOcReQ2JVIggK7FOVKYmhOiir0AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTV4RjVEWWxVaUNBcnNVNVVwaWFFNktLdlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80YzQ4OTQtODBmYy00OGVmLWI2Njgt
OTc1YTIzN2VjZDA2LzEvc3E5ZFgyeTVveWdzbFRiWGVEcEpTeDRpcWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80YzQ4OTQtODBmYy00OGVmLWI2NjgtOTc1YTIzN2VjZDA2
LzEvSTV4RjVEWWxVaUNBcnNVNVVwaWFFNktLdlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZqoAwQC
ucx4MA0EAgACMAcDBQMqCvdAMA0GCSqGSIb3DQEBCwUAA4IBAQCWIor217+/bhFH
OliQ++pAXKQ1NbgehfH+Lt6QZe1h8EnFLEAErcqIpP8aFZzp33L+xMriL1R7z3gc
Ce8hRvm/C8DPwYV0c4xbyQntMoHS1Ei/jzz2WrueN8FJtnWOuztfSHJgCn9ajsAr
bshN9R5cYPUDElJ9S/PL9DskdL4wTVlupCYQZa+tG89VazKwbcIQMLsWbZLuauxi
ZCJuOvvEaz9m5mu+t4SmTjl+j8Ey+Xu8svEwemu4VGWPu8lNfulshnHYQnBEp49u
OG1IKdr729Io/WikyXw+yk3NgmuKlKGDpVyN5Fu5u7oMgqqme3om78XEZ+e700HB
oiBgEUsh
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:40:11 2025 by rpki-client