Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/FNMboaNFS4dq_J98ARIGXoPZgMk.roa
File: FNMboaNFS4dq_J98ARIGXoPZgMk.roa (raw, json)
Hash identifier: g+DjQQe5PR9O6yvqsBwCFmOG/XGs/TtjlyZg5KiU2nw=
Subject key identifier: 14:D3:1B:A1:A3:45:4B:87:6A:FC:9F:7C:01:12:06:5E:83:D9:80:C9
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 019421B16DEFE72B5EEA27A62768A3C5777A
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/FNMboaNFS4dq_J98ARIGXoPZgMk.roa
Signing time: Wed 01 Jan 2025 11:47:43 +0000
ROA not before: Wed 01 Jan 2025 11:47:43 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3741
IP address blocks: 192.109.144.0/24 maxlen: 24
2a07:8146::/36 maxlen: 36
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:6d:ef:e7:2b:5e:ea:27:a6:27:68:a3:c5:77:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Jan 1 11:47:43 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=14d31ba1a3454b876afc9f7c0112065e83d980c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:df:ce:80:47:d0:18:d1:23:81:31:47:fc:71:
9e:14:fe:a6:b2:4e:9f:96:25:25:22:42:7b:e5:f2:
f6:54:7e:af:37:e8:8d:f0:91:3c:dc:d4:db:9f:cd:
cf:d8:73:27:53:a8:30:bc:8c:02:55:aa:9f:25:14:
b4:ee:60:df:94:c3:18:f0:9a:85:19:aa:62:99:ec:
e5:66:b3:0e:5c:a0:f0:54:9c:fb:26:c9:65:82:6e:
69:2c:5d:c6:ad:0c:2a:7c:5c:97:25:38:77:bc:84:
c7:ec:29:1d:39:db:d4:61:cc:27:c5:d6:cf:61:45:
0c:06:60:26:27:79:33:64:7e:9d:df:f1:09:c3:b2:
e2:d7:ad:20:43:73:29:a6:b9:18:aa:23:3c:5f:3e:
95:42:f6:d7:88:8c:13:c9:43:53:28:cd:9a:14:5e:
f0:af:f8:90:5c:ba:ac:b3:a6:0e:6b:75:62:99:8c:
7f:d1:63:ae:76:70:0c:09:bb:87:c6:23:52:e1:6b:
0b:11:de:3d:e4:3c:f9:2c:ed:c0:ea:b6:16:30:6d:
d5:4c:c8:b0:59:aa:08:f4:9a:42:3a:f3:52:fe:aa:
c6:ff:47:59:9c:ef:cb:25:17:06:ff:fb:9c:e1:2c:
eb:e0:c8:2b:f8:e6:d9:65:ec:8e:d4:21:b8:38:ad:
3b:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:D3:1B:A1:A3:45:4B:87:6A:FC:9F:7C:01:12:06:5E:83:D9:80:C9
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/FNMboaNFS4dq_J98ARIGXoPZgMk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.109.144.0/24
IPv6:
2a07:8146::/36
Signature Algorithm: sha256WithRSAEncryption
ae:61:52:bf:f5:5a:1c:33:48:6b:2b:6e:26:82:56:6f:08:93:
c6:6f:0b:b0:c1:34:17:1d:94:17:ab:70:e3:45:f5:2e:7c:8a:
4e:25:ab:7d:f7:22:0c:3b:f8:4d:f1:cf:29:98:fd:61:fc:a9:
08:a2:97:09:e2:20:d5:8e:93:e1:36:a8:16:0c:04:02:f7:8d:
ba:46:5e:99:03:ba:83:a6:64:7a:07:94:b2:37:95:94:2d:e3:
dc:0e:ba:4b:23:b4:13:fc:55:b9:5b:62:92:aa:46:60:0e:a3:
2d:19:a0:ef:e9:e9:3b:73:53:24:f3:a4:68:b8:d0:f6:7d:c2:
ef:78:b8:bb:9b:02:4e:d7:ac:26:b4:1b:8d:35:0c:dd:bd:a2:
54:a6:dd:7c:99:de:83:d3:ac:09:4f:3f:25:6f:c1:85:d3:62:
08:a3:fa:33:13:44:df:7f:ae:e2:d7:2b:e4:50:98:c3:af:c6:
21:85:3a:c8:63:3a:1d:1d:b9:2a:9e:81:3b:7f:8e:c2:bc:cf:
4b:7c:85:09:ca:81:17:fe:8a:73:1c:33:20:a9:17:9c:43:e9:
85:85:2e:79:84:7b:1c:f8:da:af:fa:d4:8f:a8:6d:d4:ac:a2:
59:73:3e:54:a0:30:8e:14:19:f5:74:21:27:85:10:97:6e:54:
f7:0b:06:05
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQhsW3v5yte6iemJ2ijxXd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMTAxMTE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQzMWJhMWEzNDU0Yjg3NmFmYzlmN2MwMTEyMDY1ZTgzZDk4MGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt/OgEfQGNEjgTFH/HGeFP6msk6f
liUlIkJ75fL2VH6vN+iN8JE83NTbn83P2HMnU6gwvIwCVaqfJRS07mDflMMY8JqF
GapimezlZrMOXKDwVJz7Jsllgm5pLF3GrQwqfFyXJTh3vITH7CkdOdvUYcwnxdbP
YUUMBmAmJ3kzZH6d3/EJw7Li160gQ3MpprkYqiM8Xz6VQvbXiIwTyUNTKM2aFF7w
r/iQXLqss6YOa3VimYx/0WOudnAMCbuHxiNS4WsLEd495Dz5LO3A6rYWMG3VTMiw
WaoI9JpCOvNS/qrG/0dZnO/LJRcG//uc4Szr4Mgr+ObZZeyO1CG4OK078wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBTTG6GjRUuHavyffAESBl6D2YDJMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvRk5NYm9hTkZTNGRxX0o5OEFSSUdYb1BaZ01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwG2QMA4E
AgACMAgDBgQqB4FGADANBgkqhkiG9w0BAQsFAAOCAQEArmFSv/VaHDNIaytuJoJW
bwiTxm8LsME0Fx2UF6tw40X1LnyKTiWrffciDDv4TfHPKZj9YfypCKKXCeIg1Y6T
4TaoFgwEAveNukZemQO6g6ZkegeUsjeVlC3j3A66SyO0E/xVuVtikqpGYA6jLRmg
7+npO3NTJPOkaLjQ9n3C73i4u5sCTtesJrQbjTUM3b2iVKbdfJneg9OsCU8/JW/B
hdNiCKP6MxNE33+u4tcr5FCYw6/GIYU6yGM6HR25Kp6BO3+OwrzPS3yFCcqBF/6K
cxwzIKkXnEPphYUueYR7HPjar/rUj6ht1KyiWXM+VKAwjhQZ9XQhJ4UQl25U9wsG
BQ==
-----END CERTIFICATE-----
Generated at Tue Apr 8 01:10:00 2025 by rpki-client