Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fc763b-83e6-4bd1-b93a-f8785a58106c/1/xbK0xWiY34_RomWctzp72CJLeyA.roa
File: xbK0xWiY34_RomWctzp72CJLeyA.roa (raw, json)
Hash identifier: uGlhM5SP1wH5GgbXheJ7ZYAOlhLuCV1Bj19dNLN10ho=
Subject key identifier: C5:B2:B4:C5:68:98:DF:8F:D1:A2:65:9C:B7:3A:7B:D8:22:4B:7B:20
Certificate issuer: /CN=0b8fb1deb09e72425b309a1414917daf893bef59
Certificate serial: 01942746CDFCFDB385B061E840E7B2832F24
Authority key identifier: 0B:8F:B1:DE:B0:9E:72:42:5B:30:9A:14:14:91:7D:AF:89:3B:EF:59
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/C4-x3rCeckJbMJoUFJF9r4k771k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/fc763b-83e6-4bd1-b93a-f8785a58106c/1/xbK0xWiY34_RomWctzp72CJLeyA.roa
Signing time: Thu 02 Jan 2025 13:48:59 +0000
ROA not before: Thu 02 Jan 2025 13:48:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 44066
IP address blocks: 37.17.224.0/21 maxlen: 21
2a00:5fc0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:46:cd:fc:fd:b3:85:b0:61:e8:40:e7:b2:83:2f:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b8fb1deb09e72425b309a1414917daf893bef59
Validity
Not Before: Jan 2 13:48:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c5b2b4c56898df8fd1a2659cb73a7bd8224b7b20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:ee:63:1d:63:e9:45:e8:e0:c3:5d:2a:35:2d:
1b:7a:c3:b2:ae:15:61:9d:90:d7:c5:de:63:13:82:
91:b0:a2:e7:26:94:df:9d:13:0b:99:70:3d:57:a5:
bb:60:92:9c:bb:4c:c3:8d:66:06:41:c4:62:f8:c4:
a3:e3:ee:79:f2:e5:cf:4b:f2:d7:70:fb:d9:59:88:
5e:78:f1:69:57:35:e2:fe:55:33:a8:1e:b0:75:55:
55:ce:1e:5d:f3:08:07:4b:1a:b6:a8:0c:0a:4d:7b:
dd:52:4a:fe:7b:b5:6b:80:45:40:99:48:49:68:88:
35:02:f3:9b:36:13:e3:11:60:8f:b6:dd:03:d9:9c:
41:51:14:a4:19:d6:0c:f8:f6:79:fd:f5:c8:32:7f:
77:30:41:0f:09:a8:96:f5:90:5e:ba:fe:83:d1:0b:
61:cf:33:d3:1b:10:4e:22:c1:70:06:ab:89:78:32:
4f:03:00:cc:dc:b3:ea:1a:97:7c:7b:ac:77:a8:b6:
25:2e:1a:f5:76:58:eb:f5:e1:46:f7:e6:d9:ef:92:
a1:fe:e7:5a:28:b7:10:03:e7:67:a4:3f:20:ed:e9:
a8:dc:e0:1f:0f:ca:cf:be:29:cf:39:39:38:de:1d:
41:76:90:c1:7a:04:7f:f6:5f:bc:d1:61:e7:14:ca:
df:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:B2:B4:C5:68:98:DF:8F:D1:A2:65:9C:B7:3A:7B:D8:22:4B:7B:20
X509v3 Authority Key Identifier:
keyid:0B:8F:B1:DE:B0:9E:72:42:5B:30:9A:14:14:91:7D:AF:89:3B:EF:59
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C4-x3rCeckJbMJoUFJF9r4k771k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fc763b-83e6-4bd1-b93a-f8785a58106c/1/xbK0xWiY34_RomWctzp72CJLeyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fc763b-83e6-4bd1-b93a-f8785a58106c/1/C4-x3rCeckJbMJoUFJF9r4k771k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.17.224.0/21
IPv6:
2a00:5fc0::/32
Signature Algorithm: sha256WithRSAEncryption
02:22:86:0f:e5:a3:4d:c1:e9:a4:f9:9a:28:0a:c1:a3:9a:97:
5a:eb:0e:a0:3b:b3:89:7a:97:28:8f:10:84:21:8e:4b:5d:4d:
7d:17:7e:da:62:fe:e4:04:a0:ba:30:50:1e:c0:5b:1c:42:a7:
70:92:c6:90:d9:40:ad:03:3b:fe:e0:3a:c3:19:13:2c:95:f9:
17:e4:9e:d3:57:7e:98:78:f0:23:f7:7b:02:1b:4d:25:6b:59:
e7:f1:5d:ad:1d:1c:7d:1f:a0:c5:b9:b3:7e:71:36:92:d5:ff:
a1:a2:1c:d7:65:1f:56:3f:8f:c6:bc:9b:83:4c:28:b2:af:1b:
f8:91:05:ba:7d:a0:60:75:29:f8:d7:86:ae:58:65:41:57:f4:
9e:ad:66:c9:cd:91:c1:81:f7:f0:24:95:78:dc:22:75:13:a5:
52:df:d5:44:fd:42:f1:db:f4:b7:4d:e1:b1:32:1f:97:de:25:
1e:e8:1f:96:9a:67:9f:62:8d:24:e5:19:e4:c5:4e:31:1c:ac:
8c:d0:f3:6f:bc:45:44:b9:13:b6:ca:c1:a6:c0:41:83:0e:87:
e8:7d:f4:97:81:f2:f2:07:44:68:17:52:fc:61:fb:a9:94:b2:
92:45:2f:ef:9a:c2:b6:2b:4e:c6:25:c3:76:83:a7:c2:05:81:
52:f2:8f:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnRs38/bOFsGHoQOeygy8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiOGZiMWRlYjA5ZTcyNDI1YjMwOWExNDE0OTE3ZGFmODkz
YmVmNTkwHhcNMjUwMTAyMTM0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIyYjRjNTY4OThkZjhmZDFhMjY1OWNiNzNhN2JkODIyNGI3YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAte5jHWPpRejgw10qNS0besOyrhVh
nZDXxd5jE4KRsKLnJpTfnRMLmXA9V6W7YJKcu0zDjWYGQcRi+MSj4+558uXPS/LX
cPvZWYheePFpVzXi/lUzqB6wdVVVzh5d8wgHSxq2qAwKTXvdUkr+e7VrgEVAmUhJ
aIg1AvObNhPjEWCPtt0D2ZxBURSkGdYM+PZ5/fXIMn93MEEPCaiW9ZBeuv6D0Qth
zzPTGxBOIsFwBquJeDJPAwDM3LPqGpd8e6x3qLYlLhr1dljr9eFG9+bZ75Kh/uda
KLcQA+dnpD8g7emo3OAfD8rPvinPOTk43h1BdpDBegR/9l+80WHnFMrfBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMWytMVomN+P0aJlnLc6e9giS3sgMB8GA1UdIwQY
MBaAFAuPsd6wnnJCWzCaFBSRfa+JO+9ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzQteDNyQ2Vja0piTUpvVUZKRjlyNGs3NzFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mYzc2M2ItODNlNi00YmQxLWI5M2Et
Zjg3ODVhNTgxMDZjLzEveGJLMHhXaVkzNF9Sb21XY3R6cDcyQ0pMZXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mYzc2M2ItODNlNi00YmQxLWI5M2EtZjg3ODVhNTgxMDZj
LzEvQzQteDNyQ2Vja0piTUpvVUZKRjlyNGs3NzFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDJRHgMA0E
AgACMAcDBQAqAF/AMA0GCSqGSIb3DQEBCwUAA4IBAQACIoYP5aNNwemk+ZooCsGj
mpda6w6gO7OJepcojxCEIY5LXU19F37aYv7kBKC6MFAewFscQqdwksaQ2UCtAzv+
4DrDGRMslfkX5J7TV36YePAj93sCG00la1nn8V2tHRx9H6DFubN+cTaS1f+hohzX
ZR9WP4/GvJuDTCiyrxv4kQW6faBgdSn414auWGVBV/SerWbJzZHBgffwJJV43CJ1
E6VS39VE/ULx2/S3TeGxMh+X3iUe6B+WmmefYo0k5RnkxU4xHKyM0PNvvEVEuRO2
ysGmwEGDDofoffSXgfLyB0RoF1L8YfuplLKSRS/vmsK2K07GJcN2g6fCBYFS8o8h
-----END CERTIFICATE-----
Generated at Mon Apr 7 19:03:45 2025 by rpki-client