Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/Q_rN5Zw_tvTEKtD6Hb050047ags.roa
File: Q_rN5Zw_tvTEKtD6Hb050047ags.roa (raw, json)
Hash identifier: SuCNIjhQ9gWTn1K9ouISSkWKu/jfyF1L7RQlUBD9Wkk=
Subject key identifier: 43:FA:CD:E5:9C:3F:B6:F4:C4:2A:D0:FA:1D:BD:39:D3:4E:3B:6A:0B
Certificate issuer: /CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Certificate serial: 018CCA2BCD8FD8202FA7985CCC1D092EBC0D
Authority key identifier: A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/Q_rN5Zw_tvTEKtD6Hb050047ags.roa
Signing time: Tue 02 Jan 2024 12:35:17 +0000
ROA not before: Tue 02 Jan 2024 12:35:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 52180
IP address blocks: 185.126.253.0/24 maxlen: 24
141.105.129.0/24 maxlen: 24
141.105.139.0/24 maxlen: 24
212.79.123.0/24 maxlen: 24
212.79.124.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2b:cd:8f:d8:20:2f:a7:98:5c:cc:1d:09:2e:bc:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a865bae25778beed8880c08df2d3f37fc37abc1e
Validity
Not Before: Jan 2 12:35:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=43facde59c3fb6f4c42ad0fa1dbd39d34e3b6a0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:ce:9f:86:ed:a8:0e:1b:a5:f8:40:cb:9a:ae:
0f:d8:4c:ec:25:f3:90:bb:a5:52:6a:9e:1e:1f:9d:
26:51:72:3c:31:3f:48:e3:fa:f0:2c:dd:87:cb:d0:
78:0f:7d:98:79:2b:d6:fc:fb:44:51:a0:58:27:bd:
aa:f7:cd:6e:04:d8:6a:6d:e1:dc:a5:a8:42:09:5d:
4b:17:1a:b9:1a:14:54:e0:79:ab:72:71:d9:52:de:
4d:1b:a3:28:a5:50:92:d3:8c:9b:45:ea:31:f9:64:
b7:34:48:f2:3e:ee:ac:18:38:76:75:68:b9:92:8b:
ca:75:7a:c0:79:f7:48:eb:ed:9c:b7:c3:4a:52:2f:
03:ac:92:08:a6:41:af:db:ec:65:60:76:da:d9:65:
57:22:3d:66:85:6c:2b:3b:60:0a:d3:56:90:f4:6c:
03:07:88:c5:d3:17:4f:d4:d7:1c:00:5f:7a:9f:10:
67:de:ab:ba:a3:18:67:05:ae:4e:6c:ea:56:46:9a:
4a:eb:be:68:03:c1:15:f1:92:5a:06:1c:42:d6:42:
a6:db:e2:94:db:7c:30:10:eb:b6:cf:29:3c:9f:84:
c6:ad:5e:c4:59:e4:5f:b2:10:eb:f1:21:e2:cf:7b:
8d:61:e7:17:73:23:11:9c:5f:74:7d:8e:c4:d8:d1:
4a:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:FA:CD:E5:9C:3F:B6:F4:C4:2A:D0:FA:1D:BD:39:D3:4E:3B:6A:0B
X509v3 Authority Key Identifier:
keyid:A8:65:BA:E2:57:78:BE:ED:88:80:C0:8D:F2:D3:F3:7F:C3:7A:BC:1E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qGW64ld4vu2IgMCN8tPzf8N6vB4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/Q_rN5Zw_tvTEKtD6Hb050047ags.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/6444d1-5f00-4e50-8019-1b6f750cf9a2/1/qGW64ld4vu2IgMCN8tPzf8N6vB4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.129.0/24
141.105.139.0/24
185.126.253.0/24
212.79.123.0-212.79.124.255
Signature Algorithm: sha256WithRSAEncryption
90:97:87:90:8c:67:f8:72:c9:33:36:c0:18:e1:92:bd:1e:1a:
24:92:88:e7:bd:cd:3e:27:1a:4f:45:11:b1:20:99:48:64:8a:
0f:a1:42:14:1f:c5:59:a3:18:e7:76:31:77:42:59:78:8f:7f:
61:11:43:98:30:2b:71:45:54:ee:53:39:80:c4:f7:1e:b6:c4:
88:01:a6:50:8f:65:aa:c4:68:12:6a:a6:0d:5b:40:75:fb:c4:
8d:e8:97:78:37:b1:a6:5a:53:62:b4:fd:1c:bb:31:83:68:b6:
e9:4a:2b:df:11:ad:94:ef:80:ee:85:e5:7b:82:cf:6a:de:63:
6c:f2:21:24:c6:03:49:63:93:3c:54:4e:f2:a8:9a:48:e9:e5:
14:da:6d:1d:26:44:52:40:88:96:60:d4:a0:83:5e:4e:ff:f9:
8c:c2:53:ec:f8:3e:0c:93:a9:71:ab:b9:e7:1a:0f:f9:fe:45:
51:d1:ad:bc:b7:04:f5:66:c0:82:42:2e:45:27:11:b2:ad:91:
5c:dd:b9:e1:ef:08:4d:c5:ae:fd:a1:44:f1:65:8c:ba:95:aa:
a8:4f:b6:d4:1e:7f:d7:03:31:94:fd:25:c9:85:90:a2:a5:b2:
85:dd:74:c2:b1:55:64:87:e5:6d:9b:c7:54:b2:bc:c5:e6:b0:
e2:26:a9:d9
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzKK82P2CAvp5hczB0JLrwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NjViYWUyNTc3OGJlZWQ4ODgwYzA4ZGYyZDNmMzdmYzM3
YWJjMWUwHhcNMjQwMTAyMTIzNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2ZhY2RlNTljM2ZiNmY0YzQyYWQwZmExZGJkMzlkMzRlM2I2YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlc6fhu2oDhul+EDLmq4P2EzsJfOQ
u6VSap4eH50mUXI8MT9I4/rwLN2Hy9B4D32YeSvW/PtEUaBYJ72q981uBNhqbeHc
pahCCV1LFxq5GhRU4HmrcnHZUt5NG6MopVCS04ybReox+WS3NEjyPu6sGDh2dWi5
kovKdXrAefdI6+2ct8NKUi8DrJIIpkGv2+xlYHba2WVXIj1mhWwrO2AK01aQ9GwD
B4jF0xdP1NccAF96nxBn3qu6oxhnBa5ObOpWRppK675oA8EV8ZJaBhxC1kKm2+KU
23wwEOu2zyk8n4TGrV7EWeRfshDr8SHiz3uNYecXcyMRnF90fY7E2NFKGwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFEP6zeWcP7b0xCrQ+h29OdNOO2oLMB8GA1UdIwQY
MBaAFKhluuJXeL7tiIDAjfLT83/DerweMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTkt
MWI2Zjc1MGNmOWEyLzEvUV9yTjVad190dlRFS3RENkhiMDUwMDQ3YWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82NDQ0ZDEtNWYwMC00ZTUwLTgwMTktMWI2Zjc1MGNmOWEy
LzEvcUdXNjRsZDR2dTJJZ01DTjh0UHpmOE42dkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAjWmBAwQA
jWmLAwQAuX79MAwDBADUT3sDBADUT3wwDQYJKoZIhvcNAQELBQADggEBAJCXh5CM
Z/hyyTM2wBjhkr0eGiSSiOe9zT4nGk9FEbEgmUhkig+hQhQfxVmjGOd2MXdCWXiP
f2ERQ5gwK3FFVO5TOYDE9x62xIgBplCPZarEaBJqpg1bQHX7xI3ol3g3saZaU2K0
/Ry7MYNotulKK98RrZTvgO6F5XuCz2reY2zyISTGA0ljkzxUTvKomkjp5RTabR0m
RFJAiJZg1KCDXk7/+YzCU+z4PgyTqXGruecaD/n+RVHRrby3BPVmwIJCLkUnEbKt
kVzdueHvCE3Frv2hRPFljLqVqqhPttQef9cDMZT9JcmFkKKlsoXddMKxVWSH5W2b
x1SyvMXmsOImqdk=
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:27:31 2025 by rpki-client