Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/3cfolha5-Y-keIgl3j-ukMRu5nQ.roa
File: 3cfolha5-Y-keIgl3j-ukMRu5nQ.roa (raw, json)
Hash identifier: BQrU5Phy/xAtort4zjZjH8gAv4mg2agVu08FECKFlvU=
Subject key identifier: DD:C7:E8:96:16:B9:F9:8F:A4:78:88:25:DE:3F:AE:90:C4:6E:E6:74
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 019422FB5AEF73B81BDD07FE8879F7725E0C
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/3cfolha5-Y-keIgl3j-ukMRu5nQ.roa
Signing time: Wed 01 Jan 2025 17:48:05 +0000
ROA not before: Wed 01 Jan 2025 17:48:05 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200590
IP address blocks: 91.198.101.0/24 maxlen: 24
91.231.66.0/24 maxlen: 24
91.231.67.0/24 maxlen: 24
193.106.98.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:5a:ef:73:b8:1b:dd:07:fe:88:79:f7:72:5e:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: Jan 1 17:48:05 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ddc7e89616b9f98fa4788825de3fae90c46ee674
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e5:89:ad:78:f9:72:6c:91:cf:43:f9:0b:7d:
1c:8d:cd:0f:65:81:79:59:e2:26:1d:49:76:d4:b4:
c4:4e:81:c0:8d:9e:d4:84:c2:9b:6b:ef:c5:17:3b:
1f:da:9e:0f:18:97:b4:dc:c0:da:a5:fe:91:92:42:
a8:cb:a1:53:f2:60:45:42:24:ce:88:2a:ad:8c:1d:
40:9a:f9:a6:c8:6b:3f:56:5e:57:76:1d:ba:82:84:
bc:7f:62:d7:31:7c:1d:a0:a9:0b:01:1a:3b:c2:af:
48:f0:61:80:c8:91:e1:4d:ce:ee:37:6a:3f:07:2b:
07:ae:87:f3:e1:8e:41:bc:59:b1:25:e0:03:f6:29:
21:0a:e2:80:6e:91:ca:85:ee:27:06:c4:8c:ed:81:
98:38:df:28:ff:29:7d:a0:a5:cc:12:d1:01:a1:c9:
5c:b4:cf:9e:ed:09:80:29:9d:37:72:3f:c9:64:21:
b4:36:39:cc:89:e2:3c:dd:ba:f4:41:6e:ee:29:39:
a4:54:0f:7a:fe:17:9c:06:6b:61:b5:f3:17:2f:2b:
ff:87:ff:b9:3a:46:ac:f6:3c:92:e1:e1:e4:dc:9f:
16:a9:9c:3b:96:59:21:c5:84:0e:0f:29:43:af:ae:
67:6b:18:2f:99:e3:f3:fb:66:a9:83:78:0d:23:7a:
4d:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C7:E8:96:16:B9:F9:8F:A4:78:88:25:DE:3F:AE:90:C4:6E:E6:74
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/3cfolha5-Y-keIgl3j-ukMRu5nQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.101.0/24
91.231.66.0/23
193.106.98.0/24
Signature Algorithm: sha256WithRSAEncryption
2e:43:d4:e5:b1:c1:53:38:91:d1:46:14:19:a4:96:fb:3a:a3:
b2:ec:16:75:55:89:fd:d1:0c:4f:ec:f8:ce:54:7c:13:cb:b0:
b8:4b:44:ad:15:3a:f3:c0:ff:78:c0:92:e7:34:b6:61:42:9e:
61:e8:46:10:a3:34:37:97:6e:7b:10:20:b1:fd:c5:bd:35:a4:
0e:d2:0a:a1:c3:e1:9f:12:91:d7:38:d2:e3:9e:da:60:8d:c5:
c2:dc:04:69:71:20:94:51:bf:2c:83:77:8c:dd:fd:f0:d1:2e:
62:36:55:c6:f8:2b:78:72:73:51:e5:1e:80:cd:3f:98:4a:22:
55:27:d0:0a:27:c3:17:d1:a1:e0:3b:c1:1e:a3:78:68:e0:da:
16:33:aa:3c:b1:6c:67:4c:fa:8a:96:0d:ab:a9:6b:a7:9e:22:
22:05:e8:dd:e3:82:96:31:8b:45:40:ed:9e:62:a3:25:54:9e:
97:cd:9f:70:54:c0:a8:bf:70:11:a2:3e:f6:9d:ac:29:1f:fc:
8a:79:52:59:64:80:e1:16:16:a2:b1:09:8f:ea:32:c3:b3:83:
0e:9c:15:11:fd:dd:74:7a:c9:dc:32:e5:74:db:b6:04:a8:07:
4e:14:db:bc:62:3e:54:fc:34:66:71:a2:3d:0e:c3:32:3f:da:
d8:f5:59:38
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi+1rvc7gb3Qf+iHn3cl4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwMTAxMTc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGM3ZTg5NjE2YjlmOThmYTQ3ODg4MjVkZTNmYWU5MGM0NmVlNjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOWJrXj5cmyRz0P5C30cjc0PZYF5
WeImHUl21LTEToHAjZ7UhMKba+/FFzsf2p4PGJe03MDapf6RkkKoy6FT8mBFQiTO
iCqtjB1AmvmmyGs/Vl5Xdh26goS8f2LXMXwdoKkLARo7wq9I8GGAyJHhTc7uN2o/
BysHrofz4Y5BvFmxJeAD9ikhCuKAbpHKhe4nBsSM7YGYON8o/yl9oKXMEtEBoclc
tM+e7QmAKZ03cj/JZCG0NjnMieI83br0QW7uKTmkVA96/hecBmthtfMXLyv/h/+5
Okas9jyS4eHk3J8WqZw7llkhxYQODylDr65naxgvmePz+2apg3gNI3pNawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN3H6JYWufmPpHiIJd4/rpDEbuZ0MB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvM2Nmb2xoYTUtWS1rZUlnbDNqLXVrTVJ1NW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8ZlAwQB
W+dCAwQAwWpiMA0GCSqGSIb3DQEBCwUAA4IBAQAuQ9TlscFTOJHRRhQZpJb7OqOy
7BZ1VYn90QxP7PjOVHwTy7C4S0StFTrzwP94wJLnNLZhQp5h6EYQozQ3l257ECCx
/cW9NaQO0gqhw+GfEpHXONLjntpgjcXC3ARpcSCUUb8sg3eM3f3w0S5iNlXG+Ct4
cnNR5R6AzT+YSiJVJ9AKJ8MX0aHgO8Eeo3ho4NoWM6o8sWxnTPqKlg2rqWunniIi
Bejd44KWMYtFQO2eYqMlVJ6XzZ9wVMCov3ARoj72nawpH/yKeVJZZIDhFhaisQmP
6jLDs4MOnBUR/d10esncMuV027YEqAdOFNu8Yj5U/DRmcaI9DsMyP9rY9Vk4
-----END CERTIFICATE-----
Generated at Mon Apr 7 05:18:49 2025 by rpki-client