Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/99a3ca-7e5c-48d4-b975-9f214d1ba934/1/fhqhrm_dY2gYWI5oCp04pibtM_o.roa
File: fhqhrm_dY2gYWI5oCp04pibtM_o.roa (raw, json)
Hash identifier: s8FH9ikZ8P5QdYR5uDaZwWuPJb6gYAb8hHHjeN9RXKc=
Subject key identifier: 7E:1A:A1:AE:6F:DD:63:68:18:58:8E:68:0A:9D:38:A6:26:ED:33:FA
Certificate issuer: /CN=90dff31d1b0444d4204de1584d00ddf968d0b012
Certificate serial: 019423D6A23B8A742CF585C4017B98E01F14
Authority key identifier: 90:DF:F3:1D:1B:04:44:D4:20:4D:E1:58:4D:00:DD:F9:68:D0:B0:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kN_zHRsERNQgTeFYTQDd-WjQsBI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/99a3ca-7e5c-48d4-b975-9f214d1ba934/1/fhqhrm_dY2gYWI5oCp04pibtM_o.roa
Signing time: Wed 01 Jan 2025 21:47:36 +0000
ROA not before: Wed 01 Jan 2025 21:47:36 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 205544
IP address blocks: 23.19.56.0/21 maxlen: 24
23.19.56.0/24 maxlen: 24
23.19.59.0/24 maxlen: 24
23.19.62.0/24 maxlen: 24
23.81.32.0/21 maxlen: 21
23.106.32.0/21 maxlen: 21
23.106.56.0/21 maxlen: 21
23.106.232.0/21 maxlen: 21
81.17.56.0/21 maxlen: 24
81.17.56.0/22 maxlen: 22
81.17.60.0/24 maxlen: 24
81.17.61.0/24 maxlen: 24
81.17.62.0/24 maxlen: 24
81.17.63.0/24 maxlen: 24
95.168.176.0/20 maxlen: 24
95.168.176.0/21 maxlen: 21
95.168.184.0/24 maxlen: 24
95.168.185.0/24 maxlen: 24
95.168.186.0/23 maxlen: 23
95.168.186.0/24 maxlen: 24
95.168.187.0/24 maxlen: 24
95.168.188.0/22 maxlen: 22
173.208.48.0/21 maxlen: 21
173.234.16.0/21 maxlen: 24
173.234.16.0/24 maxlen: 24
173.234.17.0/24 maxlen: 24
173.234.18.0/23 maxlen: 23
173.234.18.0/24 maxlen: 24
173.234.19.0/24 maxlen: 24
173.234.20.0/23 maxlen: 23
173.234.22.0/23 maxlen: 23
173.234.72.0/21 maxlen: 21
173.234.136.0/21 maxlen: 21
185.222.24.0/22 maxlen: 24
185.222.24.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:a2:3b:8a:74:2c:f5:85:c4:01:7b:98:e0:1f:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=90dff31d1b0444d4204de1584d00ddf968d0b012
Validity
Not Before: Jan 1 21:47:36 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7e1aa1ae6fdd636818588e680a9d38a626ed33fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:2b:4d:a5:76:59:96:f9:ba:eb:91:56:34:f8:
2c:fe:26:56:c2:ec:53:ef:48:ab:da:28:38:58:a7:
fb:0b:4c:37:04:6c:de:83:06:31:fd:46:1e:33:40:
bb:63:fe:05:d1:29:74:0b:99:7d:da:3c:f3:d2:4f:
2d:e5:be:8c:ea:db:47:9c:82:f6:bd:78:82:b8:de:
67:1d:4f:fc:0b:d0:7b:f4:12:a2:f5:c9:43:a2:cd:
71:a1:df:fa:e1:68:db:71:66:4e:10:4d:fc:29:ab:
21:66:93:b9:97:2e:31:c9:a8:2d:b5:90:ab:77:6f:
1f:b5:29:1a:4a:dd:6a:d4:e6:d5:9e:16:97:3f:eb:
6c:9d:6e:03:9d:e5:99:32:bb:59:84:6e:75:d7:dd:
d2:e2:76:a1:60:6d:94:72:50:95:32:be:c2:35:b3:
bd:c7:96:cd:98:b8:cc:03:19:87:f5:e0:3b:3b:5c:
12:93:a1:ee:b7:73:f6:ff:bb:34:98:93:44:9e:15:
3c:fa:7d:59:f2:f4:25:a2:40:92:6f:54:11:c2:f4:
6a:e2:f6:bf:37:02:cd:b5:4b:68:12:d2:bb:ab:7d:
ad:a1:6d:1d:90:7d:4f:fc:57:cc:a5:ee:ba:aa:b2:
6d:84:4d:aa:3a:0f:33:2d:39:1b:63:8d:8d:ff:02:
0e:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:1A:A1:AE:6F:DD:63:68:18:58:8E:68:0A:9D:38:A6:26:ED:33:FA
X509v3 Authority Key Identifier:
keyid:90:DF:F3:1D:1B:04:44:D4:20:4D:E1:58:4D:00:DD:F9:68:D0:B0:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kN_zHRsERNQgTeFYTQDd-WjQsBI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/99a3ca-7e5c-48d4-b975-9f214d1ba934/1/fhqhrm_dY2gYWI5oCp04pibtM_o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/99a3ca-7e5c-48d4-b975-9f214d1ba934/1/kN_zHRsERNQgTeFYTQDd-WjQsBI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
23.19.56.0/21
23.81.32.0/21
23.106.32.0/21
23.106.56.0/21
23.106.232.0/21
81.17.56.0/21
95.168.176.0/20
173.208.48.0/21
173.234.16.0/21
173.234.72.0/21
173.234.136.0/21
185.222.24.0/22
Signature Algorithm: sha256WithRSAEncryption
55:f2:a4:63:3f:f6:3c:81:db:ed:44:3c:73:11:2a:94:ed:83:
c1:b6:56:df:c6:83:72:60:54:f1:d6:54:2b:67:12:b6:14:9c:
59:58:d6:f8:ba:51:28:d1:4b:62:42:f2:04:91:89:bb:6f:3f:
be:82:ec:ff:4a:0c:11:3d:ee:91:da:09:b8:3e:6d:f6:80:60:
50:55:18:26:b9:8a:b7:b3:df:b4:2e:cd:c6:50:56:0a:6e:f9:
e5:98:cd:58:73:9d:77:a5:23:d6:23:65:c3:d5:ae:02:ee:4f:
20:1f:3c:34:17:b3:97:bd:09:54:9a:52:91:05:d4:0b:16:70:
7a:84:47:af:5c:3e:18:11:4c:49:32:ab:c9:65:a1:ef:7a:86:
0c:c6:07:2a:76:31:14:81:8e:ba:a3:95:83:0f:14:4e:e9:c6:
33:62:d2:db:14:e5:9d:8c:5d:ad:91:d4:92:07:5c:b9:01:ff:
6b:a6:73:0d:f5:12:5d:ba:81:b0:5a:6f:13:f2:53:8b:d2:f1:
e0:6b:58:92:ba:5f:b3:af:be:f4:9b:a2:3f:76:44:fc:a4:16:
be:d4:f7:fb:ae:71:8b:7c:af:62:17:74:bf:e7:d7:92:5a:d7:
5f:07:11:48:d5:0b:25:63:d4:ae:86:cb:2a:ec:cb:65:5a:c3:
35:79:4c:e5
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAZQj1qI7inQs9YXEAXuY4B8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZGZmMzFkMWIwNDQ0ZDQyMDRkZTE1ODRkMDBkZGY5Njhk
MGIwMTIwHhcNMjUwMTAxMjE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTFhYTFhZTZmZGQ2MzY4MTg1ODhlNjgwYTlkMzhhNjI2ZWQzM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCtNpXZZlvm665FWNPgs/iZWwuxT
70ir2ig4WKf7C0w3BGzegwYx/UYeM0C7Y/4F0Sl0C5l92jzz0k8t5b6M6ttHnIL2
vXiCuN5nHU/8C9B79BKi9clDos1xod/64WjbcWZOEE38KashZpO5ly4xyagttZCr
d28ftSkaSt1q1ObVnhaXP+tsnW4DneWZMrtZhG51193S4nahYG2UclCVMr7CNbO9
x5bNmLjMAxmH9eA7O1wSk6Hut3P2/7s0mJNEnhU8+n1Z8vQlokCSb1QRwvRq4va/
NwLNtUtoEtK7q32toW0dkH1P/FfMpe66qrJthE2qOg8zLTkbY42N/wIO0wIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFH4aoa5v3WNoGFiOaAqdOKYm7TP6MB8GA1UdIwQY
MBaAFJDf8x0bBETUIE3hWE0A3flo0LASMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva05fekhSc0VSTlFnVGVGWVRRRGQtV2pRc0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC85OWEzY2EtN2U1Yy00OGQ0LWI5NzUt
OWYyMTRkMWJhOTM0LzEvZmhxaHJtX2RZMmdZV0k1b0NwMDRwaWJ0TV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC85OWEzY2EtN2U1Yy00OGQ0LWI5NzUtOWYyMTRkMWJhOTM0
LzEva05fekhSc0VSTlFnVGVGWVRRRGQtV2pRc0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQDFxM4AwQD
F1EgAwQDF2ogAwQDF2o4AwQDF2roAwQDURE4AwQEX6iwAwQDrdAwAwQDreoQAwQD
repIAwQDreqIAwQCud4YMA0GCSqGSIb3DQEBCwUAA4IBAQBV8qRjP/Y8gdvtRDxz
ESqU7YPBtlbfxoNyYFTx1lQrZxK2FJxZWNb4ulEo0UtiQvIEkYm7bz++guz/SgwR
Pe6R2gm4Pm32gGBQVRgmuYq3s9+0Ls3GUFYKbvnlmM1Yc513pSPWI2XD1a4C7k8g
Hzw0F7OXvQlUmlKRBdQLFnB6hEevXD4YEUxJMqvJZaHveoYMxgcqdjEUgY66o5WD
DxRO6cYzYtLbFOWdjF2tkdSSB1y5Af9rpnMN9RJduoGwWm8T8lOL0vHga1iSul+z
r770m6I/dkT8pBa+1Pf7rnGLfK9iF3S/59eSWtdfBxFI1QslY9Suhssq7MtlWsM1
eUzl
-----END CERTIFICATE-----
Generated at Sat Apr 5 16:38:25 2025 by rpki-client