Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/2xBb1eN1uQhPtol-uKswad7hTL8.roa
File: 2xBb1eN1uQhPtol-uKswad7hTL8.roa (raw, json)
Hash identifier: dXJffbqWVGzT51NatOrFAZ7XiueTLyhLa5jFxa/I29Y=
Subject key identifier: DB:10:5B:D5:E3:75:B9:08:4F:B6:89:7E:B8:AB:30:69:DE:E1:4C:BF
Certificate issuer: /CN=ffca997d390cd6e46e0128e50d70b84e7ab6740f
Certificate serial: 019514223BC4151554A3398E3062C9F61520
Authority key identifier: FF:CA:99:7D:39:0C:D6:E4:6E:01:28:E5:0D:70:B8:4E:7A:B6:74:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/2xBb1eN1uQhPtol-uKswad7hTL8.roa
Signing time: Mon 17 Feb 2025 13:39:02 +0000
ROA not before: Mon 17 Feb 2025 13:39:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9215
IP address blocks: 43.229.92.0/24 maxlen: 24
43.229.93.0/24 maxlen: 24
43.229.94.0/24 maxlen: 24
43.229.95.0/24 maxlen: 24
103.132.128.0/24 maxlen: 24
103.132.129.0/24 maxlen: 24
103.132.130.0/24 maxlen: 24
185.57.64.0/24 maxlen: 24
185.57.65.0/24 maxlen: 24
185.57.66.0/24 maxlen: 24
185.57.67.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:14:22:3b:c4:15:15:54:a3:39:8e:30:62:c9:f6:15:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffca997d390cd6e46e0128e50d70b84e7ab6740f
Validity
Not Before: Feb 17 13:39:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=db105bd5e375b9084fb6897eb8ab3069dee14cbf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:68:81:e3:47:d7:d7:76:1d:f1:c0:59:89:c9:
28:a3:05:07:fc:bc:12:b4:96:cf:01:fe:dc:2c:64:
f0:f5:73:7b:f9:04:4c:1b:02:e4:1f:74:ba:93:07:
ec:79:bb:43:67:d7:8f:38:06:95:34:cd:f0:89:2b:
c9:e4:85:49:56:19:60:f6:1e:e1:b4:c4:3a:55:2d:
e0:4a:a8:ae:1d:5b:a4:de:38:f3:4a:c2:0e:8a:48:
37:d3:65:a9:3e:a4:9a:48:44:0e:b9:0b:bf:9d:ff:
62:f4:56:e3:f5:08:f2:84:26:7e:4b:4b:5a:d4:4a:
6b:e5:05:1f:ad:5c:c5:eb:f4:57:cf:65:40:b0:3a:
10:3c:1f:e7:40:5d:01:22:0c:82:8d:9c:5f:e5:71:
04:e2:1b:ed:9f:9d:52:ed:45:27:06:85:0d:74:39:
66:fd:64:a7:80:89:90:eb:a8:8b:5c:6e:70:f0:e0:
3b:3b:5d:9c:c6:d0:d3:e8:cf:bf:db:9d:43:c4:a9:
56:de:42:c8:73:5b:a3:b5:74:0e:a6:90:61:de:74:
5a:2f:71:47:9a:6a:c4:14:83:4d:55:fa:59:ea:44:
5e:46:6a:e5:e5:9b:2d:0f:8b:48:64:a3:1e:97:9e:
74:bf:46:31:17:2d:5c:db:b3:d4:19:07:67:1c:aa:
14:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:10:5B:D5:E3:75:B9:08:4F:B6:89:7E:B8:AB:30:69:DE:E1:4C:BF
X509v3 Authority Key Identifier:
keyid:FF:CA:99:7D:39:0C:D6:E4:6E:01:28:E5:0D:70:B8:4E:7A:B6:74:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8qZfTkM1uRuASjlDXC4Tnq2dA8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/2xBb1eN1uQhPtol-uKswad7hTL8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/af0a2a-7ebf-4dc0-a319-819b7a7ec434/1/_8qZfTkM1uRuASjlDXC4Tnq2dA8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
43.229.92.0/22
103.132.128.0-103.132.130.255
185.57.64.0/22
Signature Algorithm: sha256WithRSAEncryption
b7:b5:1e:87:fa:60:a5:c9:25:42:35:0b:88:84:dc:bc:96:9e:
1f:08:70:81:b5:32:0e:dc:46:6b:4e:52:53:8e:7b:fb:38:56:
0a:93:82:c5:6b:b6:8d:a2:62:33:2a:e6:bd:c3:55:da:03:e3:
e6:24:d5:d5:38:dc:6f:2f:52:74:4c:56:36:34:d0:0c:69:fb:
5b:dd:be:a3:fb:b1:4a:83:13:d5:de:ed:b8:6e:24:31:98:1f:
2d:e2:78:09:87:06:2c:83:6b:5d:74:58:20:8b:af:0c:9d:ea:
29:9d:72:b4:58:bb:cf:1e:bf:12:31:66:85:9d:08:49:58:3c:
6a:7e:ce:6e:1b:80:99:36:15:06:40:5d:56:17:01:34:23:30:
8d:e6:f4:f0:10:3c:1b:77:e1:7f:3a:51:67:6b:c1:8b:49:59:
c5:4a:02:9e:8e:9e:96:21:d5:21:67:96:a8:7e:ee:9f:02:c0:
08:f6:a1:d3:3a:a6:92:0c:d8:70:da:f7:b9:ef:01:c5:a1:45:
d1:77:ed:eb:00:ae:d9:3a:05:f1:4e:f9:6d:ad:dc:bb:ec:9c:
f4:21:d6:b5:07:02:d1:3f:a7:01:8c:15:19:c6:75:75:d8:4a:
44:17:b1:3e:e8:1a:25:c3:19:b7:f7:56:5b:f1:a5:f6:57:88:
60:c9:87:b8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZUUIjvEFRVUozmOMGLJ9hUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmY2E5OTdkMzkwY2Q2ZTQ2ZTAxMjhlNTBkNzBiODRlN2Fi
Njc0MGYwHhcNMjUwMjE3MTMzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjEwNWJkNWUzNzViOTA4NGZiNjg5N2ViOGFiMzA2OWRlZTE0Y2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmiB40fX13Yd8cBZickoowUH/LwS
tJbPAf7cLGTw9XN7+QRMGwLkH3S6kwfsebtDZ9ePOAaVNM3wiSvJ5IVJVhlg9h7h
tMQ6VS3gSqiuHVuk3jjzSsIOikg302WpPqSaSEQOuQu/nf9i9Fbj9QjyhCZ+S0ta
1Epr5QUfrVzF6/RXz2VAsDoQPB/nQF0BIgyCjZxf5XEE4hvtn51S7UUnBoUNdDlm
/WSngImQ66iLXG5w8OA7O12cxtDT6M+/251DxKlW3kLIc1ujtXQOppBh3nRaL3FH
mmrEFINNVfpZ6kReRmrl5ZstD4tIZKMel550v0YxFy1c27PUGQdnHKoUwwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNsQW9XjdbkIT7aJfrirMGne4Uy/MB8GA1UdIwQY
MBaAFP/KmX05DNbkbgEo5Q1wuE56tnQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhxWmZUa00xdVJ1QVNqbERYQzRUbnEyZEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9hZjBhMmEtN2ViZi00ZGMwLWEzMTkt
ODE5YjdhN2VjNDM0LzEvMnhCYjFlTjF1UWhQdG9sLXVLc3dhZDdoVEw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9hZjBhMmEtN2ViZi00ZGMwLWEzMTktODE5YjdhN2VjNDM0
LzEvXzhxWmZUa00xdVJ1QVNqbERYQzRUbnEyZEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCK+VcMAwD
BAdnhIADBABnhIIDBAK5OUAwDQYJKoZIhvcNAQELBQADggEBALe1Hof6YKXJJUI1
C4iE3LyWnh8IcIG1Mg7cRmtOUlOOe/s4VgqTgsVrto2iYjMq5r3DVdoD4+Yk1dU4
3G8vUnRMVjY00Axp+1vdvqP7sUqDE9Xe7bhuJDGYHy3ieAmHBiyDa110WCCLrwyd
6imdcrRYu88evxIxZoWdCElYPGp+zm4bgJk2FQZAXVYXATQjMI3m9PAQPBt34X86
UWdrwYtJWcVKAp6OnpYh1SFnlqh+7p8CwAj2odM6ppIM2HDa97nvAcWhRdF37esA
rtk6BfFO+W2t3LvsnPQh1rUHAtE/pwGMFRnGdXXYSkQXsT7oGiXDGbf3VlvxpfZX
iGDJh7g=
-----END CERTIFICATE-----
Generated at Tue Apr 8 00:22:41 2025 by rpki-client