Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/436b56-5b55-4ff4-83bf-98ac665b1908/1/on5-XY5_69ZqoMpI3X4OhIb7uc4.roa
File: on5-XY5_69ZqoMpI3X4OhIb7uc4.roa (raw, json)
Hash identifier: 4oa5fFDXWm4dHc0nsqOubqefekgWac8ztkJvtrP5fzs=
Subject key identifier: A2:7E:7E:5D:8E:7F:EB:D6:6A:A0:CA:48:DD:7E:0E:84:86:FB:B9:CE
Certificate issuer: /CN=966f8e37e4a6c84b3f3b5ba77e2109d3ef59aae0
Certificate serial: 019541DC2A60038883A344AB7B59C651CCFA
Authority key identifier: 96:6F:8E:37:E4:A6:C8:4B:3F:3B:5B:A7:7E:21:09:D3:EF:59:AA:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lm-ON-SmyEs_O1unfiEJ0-9ZquA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/436b56-5b55-4ff4-83bf-98ac665b1908/1/on5-XY5_69ZqoMpI3X4OhIb7uc4.roa
Signing time: Wed 26 Feb 2025 10:45:02 +0000
ROA not before: Wed 26 Feb 2025 10:45:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34210
IP address blocks: 109.237.78.0/23 maxlen: 23
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:41:dc:2a:60:03:88:83:a3:44:ab:7b:59:c6:51:cc:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=966f8e37e4a6c84b3f3b5ba77e2109d3ef59aae0
Validity
Not Before: Feb 26 10:45:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a27e7e5d8e7febd66aa0ca48dd7e0e8486fbb9ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:84:12:7a:5a:79:1d:1a:ef:6d:80:85:94:05:
ca:b5:dc:01:0c:b0:af:f2:96:3d:7e:88:64:45:d4:
22:b2:f1:15:44:86:f8:c0:d4:fe:43:9c:dc:e5:2e:
7e:66:48:ab:e5:f0:73:49:bc:aa:06:d3:eb:06:ad:
92:b8:ca:3a:01:e9:d4:98:6d:ff:1f:dc:bb:c0:eb:
05:23:cc:4e:bf:5b:d0:47:6a:9b:e4:ca:6a:28:f1:
28:0e:29:cf:fb:4c:71:d7:74:db:14:da:f3:f2:02:
62:6d:df:25:9a:37:68:dd:ca:c9:d3:0e:74:03:22:
fd:ae:a7:26:39:a2:63:66:75:4e:ab:79:08:56:3a:
26:c6:de:99:92:14:5e:44:d8:47:1b:88:2a:0e:38:
1e:9e:f8:e3:f2:19:b7:e8:be:ab:1c:80:50:4b:ec:
9f:1f:9d:a3:ad:e0:73:75:f3:66:e7:33:a2:0f:50:
d5:46:29:b2:0a:17:ca:cd:99:11:8a:0f:02:20:62:
f9:f7:30:e9:00:d0:77:b2:89:68:68:62:a9:b2:b4:
98:59:65:d8:26:7c:79:c4:89:04:56:3e:0a:10:6d:
76:87:7b:2c:53:d8:48:11:9c:55:a7:58:df:5e:fb:
7f:ad:fe:89:05:98:58:3e:3e:3f:26:ae:c1:0b:83:
50:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:7E:7E:5D:8E:7F:EB:D6:6A:A0:CA:48:DD:7E:0E:84:86:FB:B9:CE
X509v3 Authority Key Identifier:
keyid:96:6F:8E:37:E4:A6:C8:4B:3F:3B:5B:A7:7E:21:09:D3:EF:59:AA:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lm-ON-SmyEs_O1unfiEJ0-9ZquA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/436b56-5b55-4ff4-83bf-98ac665b1908/1/on5-XY5_69ZqoMpI3X4OhIb7uc4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/436b56-5b55-4ff4-83bf-98ac665b1908/1/lm-ON-SmyEs_O1unfiEJ0-9ZquA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.237.78.0/23
Signature Algorithm: sha256WithRSAEncryption
0c:46:3b:e7:9a:29:23:cd:f4:ed:fa:f6:d1:00:13:3f:41:c7:
46:21:d8:8f:77:18:17:da:34:73:80:63:27:c6:e2:17:e1:51:
b3:b4:09:9f:47:3a:00:e7:8e:25:5b:ba:22:3d:d9:86:8c:3d:
87:2b:6e:eb:6f:29:ea:a8:d2:5a:1d:b2:aa:67:40:8f:9c:5d:
b2:42:ff:44:7b:c2:65:47:79:53:59:ea:0f:68:5b:d1:a9:f1:
94:46:3f:49:12:e2:02:4b:28:4a:fd:7f:29:54:23:e0:8f:74:
22:bc:89:39:d0:5f:19:d0:7a:45:02:e5:bb:26:ad:eb:2b:6e:
67:d7:8a:5c:f5:e1:fb:59:80:a0:d6:27:49:de:66:fa:71:9f:
22:bb:1d:48:92:a1:14:44:6f:d2:4c:8c:ab:52:11:36:cd:f3:
e9:4b:25:67:66:74:b4:e7:c7:99:00:4b:1a:84:f2:f1:62:33:
98:81:a6:1d:38:13:f5:6c:64:4c:f8:a7:0e:b2:12:c7:f5:50:
78:ec:de:b1:d9:6e:9b:f7:da:ec:a6:04:8b:e2:19:a1:59:7a:
02:c1:fa:3e:b6:53:24:88:0d:aa:72:fa:76:57:05:e4:ad:4d:
0b:ee:a0:8e:d0:79:b3:e6:e9:18:a1:2e:06:86:88:6e:ec:bb:
78:a8:6b:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVB3CpgA4iDo0Sre1nGUcz6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NmY4ZTM3ZTRhNmM4NGIzZjNiNWJhNzdlMjEwOWQzZWY1
OWFhZTAwHhcNMjUwMjI2MTA0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjdlN2U1ZDhlN2ZlYmQ2NmFhMGNhNDhkZDdlMGU4NDg2ZmJiOWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoQSelp5HRrvbYCFlAXKtdwBDLCv
8pY9fohkRdQisvEVRIb4wNT+Q5zc5S5+Zkir5fBzSbyqBtPrBq2SuMo6AenUmG3/
H9y7wOsFI8xOv1vQR2qb5MpqKPEoDinP+0xx13TbFNrz8gJibd8lmjdo3crJ0w50
AyL9rqcmOaJjZnVOq3kIVjomxt6ZkhReRNhHG4gqDjgenvjj8hm36L6rHIBQS+yf
H52jreBzdfNm5zOiD1DVRimyChfKzZkRig8CIGL59zDpANB3soloaGKpsrSYWWXY
Jnx5xIkEVj4KEG12h3ssU9hIEZxVp1jfXvt/rf6JBZhYPj4/Jq7BC4NQJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJ+fl2Of+vWaqDKSN1+DoSG+7nOMB8GA1UdIwQY
MBaAFJZvjjfkpshLPztbp34hCdPvWargMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbG0tT04tU215RXNfTzF1bmZpRUowLTlacXVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80MzZiNTYtNWI1NS00ZmY0LTgzYmYt
OThhYzY2NWIxOTA4LzEvb241LVhZNV82OVpxb01wSTNYNE9oSWI3dWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80MzZiNTYtNWI1NS00ZmY0LTgzYmYtOThhYzY2NWIxOTA4
LzEvbG0tT04tU215RXNfTzF1bmZpRUowLTlacXVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBbe1OMA0G
CSqGSIb3DQEBCwUAA4IBAQAMRjvnmikjzfTt+vbRABM/QcdGIdiPdxgX2jRzgGMn
xuIX4VGztAmfRzoA544lW7oiPdmGjD2HK27rbynqqNJaHbKqZ0CPnF2yQv9Ee8Jl
R3lTWeoPaFvRqfGURj9JEuICSyhK/X8pVCPgj3QivIk50F8Z0HpFAuW7Jq3rK25n
14pc9eH7WYCg1idJ3mb6cZ8iux1IkqEURG/STIyrUhE2zfPpSyVnZnS058eZAEsa
hPLxYjOYgaYdOBP1bGRM+KcOshLH9VB47N6x2W6b99rspgSL4hmhWXoCwfo+tlMk
iA2qcvp2VwXkrU0L7qCO0Hmz5ukYoS4Ghohu7Lt4qGvh
-----END CERTIFICATE-----
Generated at Tue Apr 8 10:30:06 2025 by rpki-client