Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/dcujdY7nZpLDRD7umvphEez-qpw.roa
File: dcujdY7nZpLDRD7umvphEez-qpw.roa (raw, json)
Hash identifier: DCDyLYPDKXFLZDtPjhfGEgVVy0YwKX5izGR8g7lqUrY=
Subject key identifier: 75:CB:A3:75:8E:E7:66:92:C3:44:3E:EE:9A:FA:61:11:EC:FE:AA:9C
Certificate issuer: /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial: 01942220332E43CA1A8D36F73D01E455734C
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/dcujdY7nZpLDRD7umvphEez-qpw.roa
Signing time: Wed 01 Jan 2025 13:48:43 +0000
ROA not before: Wed 01 Jan 2025 13:48:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207713
IP address blocks: 2.59.161.0/24 maxlen: 24
62.133.60.0/22 maxlen: 24
62.133.61.0/24 maxlen: 24
194.156.102.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:20:33:2e:43:ca:1a:8d:36:f7:3d:01:e4:55:73:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Validity
Not Before: Jan 1 13:48:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=75cba3758ee76692c3443eee9afa6111ecfeaa9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:3a:bd:06:95:a8:de:f7:01:0e:95:ab:f3:f2:
e8:3a:10:f8:0d:81:2c:56:69:6b:25:92:08:a0:e8:
1a:52:f1:b8:ba:ab:65:7d:4e:20:94:a7:86:ea:92:
bd:2a:f6:1b:bf:21:3b:58:47:af:54:c2:72:49:3a:
50:2f:88:a9:c8:69:80:61:ad:20:63:c6:90:87:2c:
93:98:ed:cc:08:cb:64:21:bf:86:87:86:1c:a7:66:
2e:2d:6a:08:63:0a:9a:93:38:c9:b6:4a:3c:b8:80:
e0:5c:7d:fd:05:fe:53:77:ee:32:79:bf:88:f9:b1:
e2:18:e0:ee:92:b8:ad:bb:14:14:ac:72:53:71:1a:
b0:82:9c:cc:47:a4:ea:49:ce:75:4d:e2:82:8c:ef:
5d:71:84:32:ec:40:c4:0a:ec:62:98:42:7c:de:85:
a9:a2:bf:05:c7:6a:b6:a9:1f:b5:c1:ce:7f:8e:27:
6e:09:a3:a0:58:48:7e:07:bb:85:49:d1:16:22:6c:
c4:47:3c:cb:5a:05:88:91:dd:0c:38:a8:0c:88:e9:
99:80:8f:5b:7c:dc:83:74:62:c4:d9:0b:8c:09:4e:
98:df:5c:66:da:a3:54:4d:bf:b9:6f:6e:a0:74:42:
bc:5a:75:f0:67:e2:5e:0f:61:4f:25:23:0d:b2:3b:
34:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:CB:A3:75:8E:E7:66:92:C3:44:3E:EE:9A:FA:61:11:EC:FE:AA:9C
X509v3 Authority Key Identifier:
keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/dcujdY7nZpLDRD7umvphEez-qpw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.161.0/24
62.133.60.0/22
194.156.102.0/24
Signature Algorithm: sha256WithRSAEncryption
88:96:ed:d8:cf:52:f7:16:26:ca:e8:6d:89:f5:05:4d:2e:db:
9f:b3:15:e2:fd:f3:69:61:8a:6d:82:0a:fd:75:98:4a:8e:4e:
b8:3e:3f:08:07:ed:08:15:4c:6a:69:81:e2:e9:b6:60:38:69:
1d:ca:f1:ab:59:8a:cf:ea:5b:92:87:ce:40:4e:ae:c2:f1:6d:
0f:80:ab:0d:1f:2d:78:3e:ac:ac:f2:36:34:e2:0a:37:63:9f:
f4:60:99:01:62:db:75:ba:30:f9:69:66:c5:bd:3f:d8:8a:59:
ae:8c:0a:c0:98:49:df:25:57:87:67:eb:a4:42:e8:32:ef:bf:
b1:db:1a:5c:4a:9d:5d:9d:02:30:93:2e:00:47:69:f2:97:a6:
3b:71:1f:c8:e9:26:e6:67:52:a5:99:f9:55:9d:0b:1d:83:6d:
c2:07:ca:88:82:c6:d5:04:e4:ab:25:24:2e:c9:d1:71:f3:cf:
fc:f9:ab:68:7b:50:b3:27:67:f8:9f:cc:14:fd:af:49:f1:49:
6d:fd:e5:fd:d9:b7:7f:32:f4:83:08:64:cb:2f:10:fe:8d:de:
df:b9:04:90:f3:5d:4e:eb:63:8b:3f:11:57:72:55:ae:eb:d8:
71:b4:7d:e5:3d:09:d8:50:57:0e:f7:2a:87:33:2a:d7:60:9d:
93:5c:cb:8c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiIDMuQ8oajTb3PQHkVXNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWNiYTM3NThlZTc2NjkyYzM0NDNlZWU5YWZhNjExMWVjZmVhYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjq9BpWo3vcBDpWr8/LoOhD4DYEs
VmlrJZIIoOgaUvG4uqtlfU4glKeG6pK9KvYbvyE7WEevVMJySTpQL4ipyGmAYa0g
Y8aQhyyTmO3MCMtkIb+Gh4Ycp2YuLWoIYwqakzjJtko8uIDgXH39Bf5Td+4yeb+I
+bHiGODukrituxQUrHJTcRqwgpzMR6TqSc51TeKCjO9dcYQy7EDECuximEJ83oWp
or8Fx2q2qR+1wc5/jiduCaOgWEh+B7uFSdEWImzERzzLWgWIkd0MOKgMiOmZgI9b
fNyDdGLE2QuMCU6Y31xm2qNUTb+5b26gdEK8WnXwZ+JeD2FPJSMNsjs0YwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHXLo3WO52aSw0Q+7pr6YRHs/qqcMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvZGN1amRZN25acExEUkQ3dW12cGhFZXotcXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAjuhAwQC
PoU8AwQAwpxmMA0GCSqGSIb3DQEBCwUAA4IBAQCIlu3Yz1L3FibK6G2J9QVNLtuf
sxXi/fNpYYptggr9dZhKjk64Pj8IB+0IFUxqaYHi6bZgOGkdyvGrWYrP6luSh85A
Tq7C8W0PgKsNHy14Pqys8jY04go3Y5/0YJkBYtt1ujD5aWbFvT/YilmujArAmEnf
JVeHZ+ukQugy77+x2xpcSp1dnQIwky4AR2nyl6Y7cR/I6SbmZ1KlmflVnQsdg23C
B8qIgsbVBOSrJSQuydFx88/8+atoe1CzJ2f4n8wU/a9J8Ult/eX92bd/MvSDCGTL
LxD+jd7fuQSQ811O62OLPxFXclWu69hxtH3lPQnYUFcO9yqHMyrXYJ2TXMuM
-----END CERTIFICATE-----
Generated at Sun Apr 6 20:07:06 2025 by rpki-client