Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/h54LjhvpFonP09FnDyrMEeih0es.roa
File: h54LjhvpFonP09FnDyrMEeih0es.roa (raw, json)
Hash identifier: AvrKAH+Q6E9pQ+/plEsw5D9ozqHMCXUxQ1YlkYwSO0k=
Subject key identifier: 87:9E:0B:8E:1B:E9:16:89:CF:D3:D1:67:0F:2A:CC:11:E8:A1:D1:EB
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019425FD1944F1B20AF19A533A164CC18EE0
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/h54LjhvpFonP09FnDyrMEeih0es.roa
Signing time: Thu 02 Jan 2025 07:48:51 +0000
ROA not before: Thu 02 Jan 2025 07:48:51 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13886
IP address blocks: 45.43.165.0/24 maxlen: 24
45.150.32.0/22 maxlen: 22
64.137.51.0/24 maxlen: 24
204.52.112.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:19:44:f1:b2:0a:f1:9a:53:3a:16:4c:c1:8e:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jan 2 07:48:51 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=879e0b8e1be91689cfd3d1670f2acc11e8a1d1eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:b6:99:b7:60:8d:2c:1e:ec:16:f2:dc:4a:22:
33:5f:b5:a9:95:49:3a:68:88:0d:a1:31:99:e6:dd:
61:49:0c:94:83:60:f9:6d:35:d9:26:8c:9e:2f:28:
a9:ea:0e:31:fd:17:55:6b:fa:3a:56:53:53:ad:07:
e1:11:bd:f9:70:cd:d7:c7:1f:8a:4e:6f:89:a0:d3:
4e:75:28:45:de:47:37:50:40:4b:43:32:95:7d:a4:
83:06:72:23:3f:ab:af:a3:9b:1d:1b:e9:9e:6e:b4:
a5:fa:b6:33:5b:52:c0:58:92:fa:f7:37:35:62:79:
4b:d0:8f:49:88:11:6a:c3:53:68:31:2c:1f:29:a2:
60:09:79:fb:7a:3b:83:b5:32:df:7b:ce:ea:e9:9e:
0e:ce:7e:13:29:ba:1a:fd:bb:f9:0f:50:2c:46:10:
86:11:39:44:da:ae:ff:ac:68:68:9c:15:e5:ad:68:
c3:e7:d7:30:77:ad:34:29:3f:70:76:b0:0e:47:c6:
95:0f:3a:b0:86:5a:67:45:30:f4:c2:d9:74:ca:45:
56:78:d5:9a:2b:59:e1:4a:93:4e:14:7e:22:2f:99:
23:40:0d:ea:c5:38:02:1a:97:dc:35:06:94:a5:12:
e6:58:08:e9:4c:7e:54:bd:65:af:77:13:91:9d:d2:
e6:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:9E:0B:8E:1B:E9:16:89:CF:D3:D1:67:0F:2A:CC:11:E8:A1:D1:EB
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/h54LjhvpFonP09FnDyrMEeih0es.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.43.165.0/24
45.150.32.0/22
64.137.51.0/24
204.52.112.0/24
Signature Algorithm: sha256WithRSAEncryption
19:d7:03:25:e3:de:87:24:87:3f:06:8f:35:9a:16:78:fc:97:
c8:47:a0:f0:0a:17:3f:22:fc:8c:32:4a:b6:29:82:94:90:5a:
09:f2:6a:64:44:80:ec:a4:48:21:a1:32:e6:cb:20:7f:42:a4:
fc:f8:91:ae:85:28:f0:0c:b1:cc:7f:d8:85:7a:f9:f0:d0:55:
64:ef:00:7e:8a:eb:ef:db:7f:07:1b:1f:2d:b1:11:76:66:b5:
fb:45:7d:5b:ee:ad:1d:8a:8b:c9:f2:04:bb:9c:0e:db:01:bf:
c5:7f:f3:76:6e:66:e6:79:9e:32:6b:cf:5d:c3:fb:f3:e8:ab:
59:57:1f:81:88:b3:1f:f2:9d:5c:7b:a9:fe:9c:76:a6:ee:f8:
08:bd:fb:38:2e:80:a5:5c:05:bf:88:4d:d5:14:bb:d8:1a:cc:
94:55:8d:f7:db:b9:94:14:b6:48:7e:27:7c:83:b9:ef:37:b4:
0a:6d:75:f3:54:b7:b1:bb:48:7a:ba:6f:ef:48:5c:d9:c9:bd:
1b:5d:7f:01:51:bb:21:69:a9:06:d7:9c:a6:fb:48:a7:a8:90:
69:12:d6:d3:52:ee:84:bf:f5:82:67:f2:45:2e:fb:b6:6c:3e:
22:1b:dc:76:35:42:94:60:4f:13:c2:6e:33:6b:de:2d:06:8b:
9a:7b:4b:8c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQl/RlE8bIK8ZpTOhZMwY7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzllMGI4ZTFiZTkxNjg5Y2ZkM2QxNjcwZjJhY2MxMWU4YTFkMWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLaZt2CNLB7sFvLcSiIzX7WplUk6
aIgNoTGZ5t1hSQyUg2D5bTXZJoyeLyip6g4x/RdVa/o6VlNTrQfhEb35cM3Xxx+K
Tm+JoNNOdShF3kc3UEBLQzKVfaSDBnIjP6uvo5sdG+mebrSl+rYzW1LAWJL69zc1
YnlL0I9JiBFqw1NoMSwfKaJgCXn7ejuDtTLfe87q6Z4Ozn4TKboa/bv5D1AsRhCG
ETlE2q7/rGhonBXlrWjD59cwd600KT9wdrAOR8aVDzqwhlpnRTD0wtl0ykVWeNWa
K1nhSpNOFH4iL5kjQA3qxTgCGpfcNQaUpRLmWAjpTH5UvWWvdxORndLmzwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIeeC44b6RaJz9PRZw8qzBHoodHrMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvaDU0TGpodnBGb25QMDlGbkR5ck1FZWloMGVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALSulAwQC
LZYgAwQAQIkzAwQAzDRwMA0GCSqGSIb3DQEBCwUAA4IBAQAZ1wMl496HJIc/Bo81
mhZ4/JfIR6DwChc/IvyMMkq2KYKUkFoJ8mpkRIDspEghoTLmyyB/QqT8+JGuhSjw
DLHMf9iFevnw0FVk7wB+iuvv238HGx8tsRF2ZrX7RX1b7q0diovJ8gS7nA7bAb/F
f/N2bmbmeZ4ya89dw/vz6KtZVx+BiLMf8p1ce6n+nHam7vgIvfs4LoClXAW/iE3V
FLvYGsyUVY3327mUFLZIfid8g7nvN7QKbXXzVLexu0h6um/vSFzZyb0bXX8BUbsh
aakG15ym+0inqJBpEtbTUu6Ev/WCZ/JFLvu2bD4iG9x2NUKUYE8Twm4za94tBoua
e0uM
-----END CERTIFICATE-----
Generated at Sun Apr 6 15:59:40 2025 by rpki-client