Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hfmiNeZtmT4vWYjW9X0OMp25Bms.roa
File: hfmiNeZtmT4vWYjW9X0OMp25Bms.roa (raw, json)
Hash identifier: /aEKxS0L/Hh1ZeztoJUv692TfC7lp74ik74jxbj84p4=
Subject key identifier: 85:F9:A2:35:E6:6D:99:3E:2F:59:88:D6:F5:7D:0E:32:9D:B9:06:6B
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01942521DBC7574B1DDF51644C55DF32E47D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hfmiNeZtmT4vWYjW9X0OMp25Bms.roa
Signing time: Thu 02 Jan 2025 03:49:23 +0000
ROA not before: Thu 02 Jan 2025 03:49:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58087
IP address blocks: 2a0e:97c0:3e3::/48 maxlen: 48
2a0e:97c0:710::/48 maxlen: 48
2a0e:97c0:711::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:db:c7:57:4b:1d:df:51:64:4c:55:df:32:e4:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jan 2 03:49:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85f9a235e66d993e2f5988d6f57d0e329db9066b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:4a:d4:88:9e:ae:f4:41:7f:db:7c:68:f4:83:
99:c0:43:2c:19:34:f5:93:77:a1:e5:48:ea:da:bd:
46:ee:47:cb:80:71:1e:d9:7c:2f:6b:e3:28:d5:43:
4b:7c:54:5b:ba:ee:3f:96:9a:e9:ea:37:25:94:90:
f3:2e:10:c7:ab:a5:a8:e3:82:af:99:2c:0d:aa:04:
4e:85:d4:e4:8e:bf:f8:73:84:df:c7:3e:25:d0:c4:
01:dc:07:5c:5f:10:a4:b3:b5:e0:d3:be:64:54:6d:
b4:08:86:ee:12:d5:91:f6:85:12:49:d3:fa:a3:7b:
46:66:6a:49:df:25:bb:ed:45:e0:bb:5a:66:09:35:
66:f9:40:69:95:85:97:e8:f8:9c:e0:7e:4a:5a:0e:
a4:76:be:90:e9:e1:9d:31:10:7b:3b:8e:f5:6c:39:
f1:fa:1c:b8:db:12:71:ea:fc:05:3d:94:f7:9e:10:
fa:92:20:9b:6f:92:45:54:10:4d:b5:d4:9a:3f:2e:
4b:6a:e7:fb:2b:c4:bf:eb:03:f7:e9:70:ce:41:77:
10:e3:81:74:51:5b:ec:fc:75:1d:3e:61:7b:dd:72:
59:24:43:1b:e1:54:8c:8c:15:03:eb:2f:3c:07:7b:
28:48:57:34:64:21:83:86:48:be:a2:c2:17:2a:24:
ba:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:F9:A2:35:E6:6D:99:3E:2F:59:88:D6:F5:7D:0E:32:9D:B9:06:6B
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hfmiNeZtmT4vWYjW9X0OMp25Bms.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:97c0:3e3::/48
2a0e:97c0:710::/47
Signature Algorithm: sha256WithRSAEncryption
b1:3e:33:40:4a:b1:44:dc:8d:b2:17:b2:6d:31:ff:ad:80:fe:
7d:02:a6:ba:14:05:d5:49:8b:0b:20:3d:b5:c4:36:30:f3:27:
dd:5b:07:52:5e:23:77:a6:da:95:a6:3f:ba:64:f5:85:79:3e:
29:35:69:f2:3b:e9:10:ff:87:86:93:72:37:33:da:24:3b:0b:
9a:87:91:aa:ae:db:c1:e4:ad:7a:4c:6c:55:b6:fe:25:6f:ab:
02:92:88:d4:75:9d:f2:06:aa:b0:73:ca:c9:7a:7d:c4:62:57:
e9:88:ed:e8:08:4d:ef:1b:a1:cc:4a:4c:18:73:3d:ab:8f:ca:
87:63:a0:e9:05:dc:87:f3:88:16:60:6f:95:9c:2a:96:f7:54:
89:23:92:4e:00:ba:5c:d5:3e:d7:c8:a2:0b:da:b0:33:e1:99:
31:aa:0e:d2:09:21:32:5c:0b:aa:65:35:85:b0:68:4b:d0:09:
ff:4c:1b:e5:ba:4c:75:1b:b9:24:5d:d4:56:7f:ee:75:52:ad:
b6:9b:bb:be:f6:32:00:01:f3:da:cc:3d:cd:61:d7:d6:02:74:
e1:f3:27:95:a3:eb:6d:32:78:90:9d:c9:e6:f1:95:81:3c:e1:
82:ac:a4:fd:33:8f:cf:9f:13:b7:02:e4:d3:05:0f:bc:af:d0:
92:f4:2c:bd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIdvHV0sd31FkTFXfMuR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWY5YTIzNWU2NmQ5OTNlMmY1OTg4ZDZmNTdkMGUzMjlkYjkwNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUrUiJ6u9EF/23xo9IOZwEMsGTT1
k3eh5Ujq2r1G7kfLgHEe2Xwva+Mo1UNLfFRbuu4/lprp6jcllJDzLhDHq6Wo44Kv
mSwNqgROhdTkjr/4c4Tfxz4l0MQB3AdcXxCks7Xg075kVG20CIbuEtWR9oUSSdP6
o3tGZmpJ3yW77UXgu1pmCTVm+UBplYWX6Pic4H5KWg6kdr6Q6eGdMRB7O471bDnx
+hy42xJx6vwFPZT3nhD6kiCbb5JFVBBNtdSaPy5Lauf7K8S/6wP36XDOQXcQ44F0
UVvs/HUdPmF73XJZJEMb4VSMjBUD6y88B3soSFc0ZCGDhki+osIXKiS6AwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIX5ojXmbZk+L1mI1vV9DjKduQZrMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaGZtaU5lWnRtVDR2V1lqVzlYME9NcDI1Qm1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAPj
AwcBKg6XwAcQMA0GCSqGSIb3DQEBCwUAA4IBAQCxPjNASrFE3I2yF7JtMf+tgP59
Aqa6FAXVSYsLID21xDYw8yfdWwdSXiN3ptqVpj+6ZPWFeT4pNWnyO+kQ/4eGk3I3
M9okOwuah5GqrtvB5K16TGxVtv4lb6sCkojUdZ3yBqqwc8rJen3EYlfpiO3oCE3v
G6HMSkwYcz2rj8qHY6DpBdyH84gWYG+VnCqW91SJI5JOALpc1T7XyKIL2rAz4Zkx
qg7SCSEyXAuqZTWFsGhL0An/TBvlukx1G7kkXdRWf+51Uq22m7u+9jIAAfPazD3N
YdfWAnTh8yeVo+ttMniQncnm8ZWBPOGCrKT9M4/PnxO3AuTTBQ+8r9CS9Cy9
-----END CERTIFICATE-----
Generated at Wed Feb 19 20:52:06 2025 by rpki-client