Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/DX2NKzxjPKtziJV-Mc4jyDw69wo.roa
File: DX2NKzxjPKtziJV-Mc4jyDw69wo.roa (raw, json)
Hash identifier: MGZi2+6aUJhXuosWvSv+DuWg3beWpRoeRvfGpPE0IBk=
Subject key identifier: 0D:7D:8D:2B:3C:63:3C:AB:73:88:95:7E:31:CE:23:C8:3C:3A:F7:0A
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019425FD12934406B67631CD0F493D3BD0A0
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/DX2NKzxjPKtziJV-Mc4jyDw69wo.roa
Signing time: Thu 02 Jan 2025 07:48:49 +0000
ROA not before: Thu 02 Jan 2025 07:48:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1239
IP address blocks: 104.167.10.0/24 maxlen: 24
104.238.4.0/24 maxlen: 24
104.238.5.0/24 maxlen: 24
104.238.8.0/24 maxlen: 24
104.238.9.0/24 maxlen: 24
104.239.30.0/23 maxlen: 23
104.239.94.0/24 maxlen: 24
138.128.148.0/24 maxlen: 24
138.128.157.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:12:93:44:06:b6:76:31:cd:0f:49:3d:3b:d0:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jan 2 07:48:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0d7d8d2b3c633cab7388957e31ce23c83c3af70a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:ff:c9:6e:31:7c:56:2f:44:5a:88:20:c7:fd:
33:03:8b:7d:1f:f7:63:d5:4e:da:f5:fb:b2:c0:71:
a9:0d:8b:62:d2:7e:a6:da:76:d4:84:42:56:a0:c8:
43:df:1c:77:67:10:c8:31:98:8c:ce:d6:89:02:fe:
c0:2e:71:f6:46:36:ba:68:77:09:c2:f3:1a:89:18:
f4:93:b0:17:a7:da:3e:8a:db:6c:c4:bd:47:d4:0d:
7e:e1:d0:38:6e:b2:c8:95:82:7a:9a:a4:5c:0b:13:
a7:4d:e3:8f:24:d7:d1:35:20:c7:c1:e1:52:8b:7e:
b3:b0:50:3f:d6:8d:cc:17:25:65:ce:a9:83:95:22:
8a:8e:e9:91:f0:4d:da:c7:a0:36:5d:a0:5c:28:76:
49:66:10:87:5f:5a:03:9f:bc:c1:c8:59:7e:8b:7e:
50:b6:c5:a1:5b:ee:52:71:06:21:ec:7b:8a:ea:89:
b5:05:9c:93:67:b4:45:c8:38:dc:0b:bd:22:a3:5f:
b8:a4:bd:cf:5c:c9:1a:fb:ec:c4:38:92:11:96:51:
75:c8:22:80:a5:65:81:08:76:2a:77:f0:48:7f:be:
57:5e:2c:fe:50:42:4c:82:11:f9:e5:b2:a2:db:f2:
87:d2:48:21:a0:e7:49:7c:f7:89:04:11:5b:17:08:
fa:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:7D:8D:2B:3C:63:3C:AB:73:88:95:7E:31:CE:23:C8:3C:3A:F7:0A
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/DX2NKzxjPKtziJV-Mc4jyDw69wo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.167.10.0/24
104.238.4.0/23
104.238.8.0/23
104.239.30.0/23
104.239.94.0/24
138.128.148.0/24
138.128.157.0/24
Signature Algorithm: sha256WithRSAEncryption
75:9e:b7:26:63:b8:52:cb:ed:94:0b:73:9e:e6:43:8d:cb:88:
57:59:b2:af:aa:98:a4:20:6c:57:1a:b0:97:ba:a8:4e:5c:9e:
94:9d:e9:cf:6f:1a:15:a3:17:d2:28:92:5e:1f:11:b2:7b:92:
66:81:51:35:b4:68:8e:b3:c3:8a:98:6a:6b:0e:a2:2d:9f:dd:
2f:0a:9e:09:bd:72:25:7c:20:ca:eb:1c:47:cb:f9:81:c4:63:
81:fb:8e:c6:e7:c6:61:de:d6:d2:c5:0d:d3:ad:c1:ce:57:a8:
77:b4:98:a7:ed:44:24:81:d3:86:65:1d:36:1b:91:94:b8:c7:
05:f8:df:a7:2a:b1:b7:08:76:82:5f:93:42:63:e1:a6:5a:db:
1e:7c:17:e4:a2:4c:65:19:51:79:8c:9c:1b:3f:5c:67:d1:d6:
e4:9e:76:1e:07:7d:71:4f:1a:dd:35:3a:1f:36:4a:3e:6f:5c:
96:ac:e7:9f:db:45:e9:2e:6f:0c:94:2d:1c:df:88:3f:9b:b8:
8c:81:03:26:5c:c8:34:42:a0:1f:ba:bb:1e:59:76:0c:36:15:
21:17:09:a1:3a:e4:e8:66:d2:77:96:85:76:6e:a6:fb:7f:a7:
04:cb:73:2e:79:f9:61:16:ee:4d:d6:1f:f0:66:63:db:37:3d:
d5:a1:1a:32
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZQl/RKTRAa2djHND0k9O9CgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDdkOGQyYjNjNjMzY2FiNzM4ODk1N2UzMWNlMjNjODNjM2FmNzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz//JbjF8Vi9EWoggx/0zA4t9H/dj
1U7a9fuywHGpDYti0n6m2nbUhEJWoMhD3xx3ZxDIMZiMztaJAv7ALnH2Rja6aHcJ
wvMaiRj0k7AXp9o+ittsxL1H1A1+4dA4brLIlYJ6mqRcCxOnTeOPJNfRNSDHweFS
i36zsFA/1o3MFyVlzqmDlSKKjumR8E3ax6A2XaBcKHZJZhCHX1oDn7zByFl+i35Q
tsWhW+5ScQYh7HuK6om1BZyTZ7RFyDjcC70io1+4pL3PXMka++zEOJIRllF1yCKA
pWWBCHYqd/BIf75XXiz+UEJMghH55bKi2/KH0kghoOdJfPeJBBFbFwj6CQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFA19jSs8Yzyrc4iVfjHOI8g8OvcKMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvRFgyTkt6eGpQS3R6aUpWLU1jNGp5RHc2OXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAaKcKAwQB
aO4EAwQBaO4IAwQBaO8eAwQAaO9eAwQAioCUAwQAioCdMA0GCSqGSIb3DQEBCwUA
A4IBAQB1nrcmY7hSy+2UC3Oe5kONy4hXWbKvqpikIGxXGrCXuqhOXJ6UnenPbxoV
oxfSKJJeHxGye5JmgVE1tGiOs8OKmGprDqItn90vCp4JvXIlfCDK6xxHy/mBxGOB
+47G58Zh3tbSxQ3TrcHOV6h3tJin7UQkgdOGZR02G5GUuMcF+N+nKrG3CHaCX5NC
Y+GmWtsefBfkokxlGVF5jJwbP1xn0dbknnYeB31xTxrdNTofNko+b1yWrOef20Xp
Lm8MlC0c34g/m7iMgQMmXMg0QqAfurseWXYMNhUhFwmhOuToZtJ3loV2bqb7f6cE
y3MueflhFu5N1h/wZmPbNz3VoRoy
-----END CERTIFICATE-----
Generated at Sat Apr 5 07:10:58 2025 by rpki-client