Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/sUKcclZahYIz3onbKqmP3P88pdI.roa
File: sUKcclZahYIz3onbKqmP3P88pdI.roa (raw, json)
Hash identifier: CBZMv3jQPhyiFf/dy9HbfwPs9kQApWp7DL2KyK40I5c=
Subject key identifier: B1:42:9C:72:56:5A:85:82:33:DE:89:DB:2A:A9:8F:DC:FF:3C:A5:D2
Certificate issuer: /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial: 0194221FE7E647D6B595EB8D6DF68481E919
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/sUKcclZahYIz3onbKqmP3P88pdI.roa
Signing time: Wed 01 Jan 2025 13:48:23 +0000
ROA not before: Wed 01 Jan 2025 13:48:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 212330
IP address blocks: 109.230.121.0/24 maxlen: 24
109.230.122.0/24 maxlen: 24
109.230.124.0/24 maxlen: 24
109.230.125.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:e7:e6:47:d6:b5:95:eb:8d:6d:f6:84:81:e9:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
Validity
Not Before: Jan 1 13:48:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b1429c72565a858233de89db2aa98fdcff3ca5d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:38:12:3d:07:32:e8:50:e9:fb:33:54:7c:53:
73:cf:9d:16:3a:c8:df:fb:28:df:ac:be:32:74:48:
6f:85:5b:03:bd:ee:d8:98:9a:d8:bf:ce:e9:b9:23:
a7:ce:c1:87:2b:bc:5f:3a:62:e0:7e:9d:c0:77:cb:
d3:3b:c9:1d:e9:f8:65:8d:66:73:de:46:4e:3b:93:
20:f5:8a:ff:69:13:d4:c0:a3:33:d7:c4:d1:5c:a4:
86:06:5b:6e:ca:88:d9:f3:cf:89:d7:c4:ca:9b:e4:
1d:ac:f8:42:41:44:d7:05:25:d1:e3:f5:89:72:c7:
a1:cc:02:f6:d9:b9:65:5e:0b:8c:1f:ee:8b:74:f6:
6c:0c:95:2a:c4:57:d2:47:12:c2:7b:51:7f:8d:6f:
72:23:fa:1e:df:c5:39:98:36:88:5c:c2:33:dd:63:
af:5b:ac:fc:1f:b2:5a:fe:77:68:76:12:51:17:0f:
48:de:b0:7a:5b:ff:16:d5:29:a2:24:26:c4:34:5e:
dd:09:66:25:a3:b1:08:84:cd:61:c5:1c:a4:37:5b:
bb:64:96:55:17:bc:44:97:65:18:ba:ba:80:1b:df:
1d:e1:d8:90:82:dc:a0:c1:87:27:11:91:52:52:44:
84:a0:01:76:52:75:a4:88:61:6f:bf:5e:0e:90:33:
02:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:42:9C:72:56:5A:85:82:33:DE:89:DB:2A:A9:8F:DC:FF:3C:A5:D2
X509v3 Authority Key Identifier:
keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/sUKcclZahYIz3onbKqmP3P88pdI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.230.121.0-109.230.122.255
109.230.124.0/23
Signature Algorithm: sha256WithRSAEncryption
20:a5:2e:fb:07:2a:23:b0:1c:06:82:13:05:ce:db:fd:21:a7:
be:c3:50:25:50:d5:a8:97:66:b2:69:cd:00:04:c1:e4:2b:67:
36:29:6b:84:d4:c4:5a:fd:43:a3:1f:5a:7f:7e:25:da:cc:24:
eb:a0:62:89:da:a9:f1:23:0e:a6:c5:1d:58:8c:e8:17:9a:fd:
09:05:f4:d8:92:72:df:17:f2:4e:7b:1e:58:ce:c9:dd:38:28:
35:1b:b6:57:cb:31:ff:35:8e:77:97:af:6e:67:9e:f7:8c:7f:
1d:15:92:55:67:80:c1:81:99:b1:13:1e:94:62:33:c4:64:12:
98:32:35:d2:19:60:3c:05:5f:9f:36:20:9e:b9:83:98:b8:8a:
5d:42:f5:8f:c8:95:9a:6e:7d:c4:5a:85:06:95:93:d6:0a:bb:
50:d3:cc:4f:ba:36:29:3c:37:ca:40:a9:fa:18:3d:51:2f:07:
f3:f7:fc:f5:b7:a8:bc:6f:58:c2:7d:8b:51:f9:00:3c:c0:c0:
0a:7d:58:03:3f:43:8c:25:14:73:44:c6:b4:1f:93:b3:b9:1b:
4a:86:f1:13:42:55:29:74:cc:4e:ca:a5:2e:96:05:04:2b:b0:
26:b8:4a:92:d4:13:23:a6:15:8b:7a:18:1c:cd:9e:07:b5:9e:
b2:fa:0d:90
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQiH+fmR9a1leuNbfaEgekZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjUwMTAxMTM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQyOWM3MjU2NWE4NTgyMzNkZTg5ZGIyYWE5OGZkY2ZmM2NhNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTgSPQcy6FDp+zNUfFNzz50WOsjf
+yjfrL4ydEhvhVsDve7YmJrYv87puSOnzsGHK7xfOmLgfp3Ad8vTO8kd6fhljWZz
3kZOO5Mg9Yr/aRPUwKMz18TRXKSGBltuyojZ88+J18TKm+QdrPhCQUTXBSXR4/WJ
csehzAL22bllXguMH+6LdPZsDJUqxFfSRxLCe1F/jW9yI/oe38U5mDaIXMIz3WOv
W6z8H7Ja/ndodhJRFw9I3rB6W/8W1SmiJCbENF7dCWYlo7EIhM1hxRykN1u7ZJZV
F7xEl2UYurqAG98d4diQgtygwYcnEZFSUkSEoAF2UnWkiGFvv14OkDMCnQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLFCnHJWWoWCM96J2yqpj9z/PKXSMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvc1VLY2NsWmFoWUl6M29uYktxbVAzUDg4cGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABt5nkD
BABt5noDBAFt5nwwDQYJKoZIhvcNAQELBQADggEBACClLvsHKiOwHAaCEwXO2/0h
p77DUCVQ1aiXZrJpzQAEweQrZzYpa4TUxFr9Q6MfWn9+JdrMJOugYonaqfEjDqbF
HViM6Bea/QkF9NiSct8X8k57HljOyd04KDUbtlfLMf81jneXr25nnveMfx0VklVn
gMGBmbETHpRiM8RkEpgyNdIZYDwFX582IJ65g5i4il1C9Y/IlZpufcRahQaVk9YK
u1DTzE+6Nik8N8pAqfoYPVEvB/P3/PW3qLxvWMJ9i1H5ADzAwAp9WAM/Q4wlFHNE
xrQfk7O5G0qG8RNCVSl0zE7KpS6WBQQrsCa4SpLUEyOmFYt6GBzNnge1nrL6DZA=
-----END CERTIFICATE-----
Generated at Tue Apr 8 07:34:08 2025 by rpki-client