Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/KnG8E7kezj3tf5epLozmTXTa310.roa
File: KnG8E7kezj3tf5epLozmTXTa310.roa (raw, json)
Hash identifier: DtT9ixAjwNWnGrRh0hq/H61cwW7Mp11Bc6qafI15X5M=
Subject key identifier: 2A:71:BC:13:B9:1E:CE:3D:ED:7F:97:A9:2E:8C:E6:4D:74:DA:DF:5D
Certificate issuer: /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial: 0195917EF1A28AEB1F81272A4A875E4FFF3E
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/KnG8E7kezj3tf5epLozmTXTa310.roa
Signing time: Thu 13 Mar 2025 21:52:50 +0000
ROA not before: Thu 13 Mar 2025 21:52:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211407
IP address blocks: 45.145.153.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:91:7e:f1:a2:8a:eb:1f:81:27:2a:4a:87:5e:4f:ff:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
Validity
Not Before: Mar 13 21:52:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2a71bc13b91ece3ded7f97a92e8ce64d74dadf5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f9:e5:74:40:d5:97:10:a1:34:5f:b7:17:07:
78:fc:91:8f:46:ab:59:10:fb:0e:23:c0:99:df:85:
6a:df:11:9a:b6:c1:01:2c:4e:2e:d8:be:37:90:86:
64:8d:02:1f:eb:be:85:3b:e7:4f:de:56:3c:6c:9a:
80:02:86:8a:91:65:fc:c0:77:61:8c:99:6a:21:26:
d6:1d:5f:3b:ba:c6:65:07:67:55:09:94:a0:d7:44:
ff:09:7a:b5:73:56:9e:a6:bd:67:ba:87:a0:00:da:
88:b3:4d:90:4b:97:99:2c:a4:c6:03:63:0f:2e:3d:
86:a7:32:f4:38:05:41:d9:67:b4:1b:7b:c7:42:6b:
fd:c6:a1:4c:b6:99:4f:fe:5b:2d:f6:20:27:56:2a:
bf:60:f4:df:af:e7:96:6d:c2:4b:f9:9a:12:8c:aa:
13:a0:cf:2c:b6:90:2f:9d:84:2f:74:6a:7a:a8:22:
fb:c1:31:09:65:e9:fd:dc:6d:cc:cf:16:d7:2d:7e:
4c:66:bf:de:67:78:84:2d:1a:61:a7:0d:35:13:c9:
30:d4:a6:ef:1b:94:44:d1:4a:9e:e3:02:d2:5c:1b:
ff:d8:21:0a:f4:ba:0f:55:a3:ff:f6:ab:00:d0:ce:
98:6b:f4:d8:1a:ad:69:77:21:56:e8:d1:ee:db:56:
dc:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:71:BC:13:B9:1E:CE:3D:ED:7F:97:A9:2E:8C:E6:4D:74:DA:DF:5D
X509v3 Authority Key Identifier:
keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/KnG8E7kezj3tf5epLozmTXTa310.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.145.153.0/24
Signature Algorithm: sha256WithRSAEncryption
41:1d:74:67:21:4e:8b:e9:27:3a:d2:95:ed:4b:12:bb:cf:34:
a2:56:90:23:b8:bd:87:fe:9a:c7:ce:12:c6:6b:99:e4:f9:4e:
9a:96:a9:6b:e1:f0:fa:ce:6b:d0:cb:98:d5:f3:58:ed:20:73:
1c:d8:6d:72:df:8b:75:08:43:56:67:b9:47:15:1f:13:e6:b4:
43:08:26:8f:62:7b:f0:9d:91:6c:6b:60:dc:09:95:c6:7b:cb:
f7:3c:81:43:11:41:08:e1:99:b9:0c:78:1d:81:96:d6:8f:2c:
c0:c1:54:a2:eb:96:94:56:97:86:e9:86:76:34:2b:2e:3d:be:
fe:49:c6:dd:f4:48:76:5e:56:31:fc:f6:46:8c:8e:1c:9a:d2:
b6:45:c2:09:f7:4c:fc:12:4a:2b:e0:9a:31:25:fa:d6:d3:9e:
b7:63:59:db:63:c3:57:c4:9d:8b:b2:07:88:de:f9:d2:30:d1:
df:ba:6b:85:35:86:61:9b:b7:d7:6b:8b:a7:14:77:6d:56:e1:
0d:19:6b:b7:26:60:68:f0:5d:c8:cd:b6:e3:25:6f:0f:48:a9:
53:fc:b5:ea:9f:4c:44:53:80:fe:bb:84:06:eb:ca:fc:3e:0b:
6d:ab:59:6c:c1:2b:98:3b:36:a4:27:67:6d:d8:6c:bf:89:e4:
5f:c3:20:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWRfvGiiusfgScqSodeT/8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMzEzMjE1MjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTcxYmMxM2I5MWVjZTNkZWQ3Zjk3YTkyZThjZTY0ZDc0ZGFkZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovnldEDVlxChNF+3Fwd4/JGPRqtZ
EPsOI8CZ34Vq3xGatsEBLE4u2L43kIZkjQIf676FO+dP3lY8bJqAAoaKkWX8wHdh
jJlqISbWHV87usZlB2dVCZSg10T/CXq1c1aepr1nuoegANqIs02QS5eZLKTGA2MP
Lj2GpzL0OAVB2We0G3vHQmv9xqFMtplP/lst9iAnViq/YPTfr+eWbcJL+ZoSjKoT
oM8stpAvnYQvdGp6qCL7wTEJZen93G3MzxbXLX5MZr/eZ3iELRphpw01E8kw1Kbv
G5RE0Uqe4wLSXBv/2CEK9LoPVaP/9qsA0M6Ya/TYGq1pdyFW6NHu21bcaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCpxvBO5Hs497X+XqS6M5k102t9dMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvS25HOEU3a2V6ajN0ZjVlcExvem1UWFRhMzEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGZMA0G
CSqGSIb3DQEBCwUAA4IBAQBBHXRnIU6L6Sc60pXtSxK7zzSiVpAjuL2H/prHzhLG
a5nk+U6alqlr4fD6zmvQy5jV81jtIHMc2G1y34t1CENWZ7lHFR8T5rRDCCaPYnvw
nZFsa2DcCZXGe8v3PIFDEUEI4Zm5DHgdgZbWjyzAwVSi65aUVpeG6YZ2NCsuPb7+
Scbd9Eh2XlYx/PZGjI4cmtK2RcIJ90z8Ekor4JoxJfrW0563Y1nbY8NXxJ2LsgeI
3vnSMNHfumuFNYZhm7fXa4unFHdtVuENGWu3JmBo8F3IzbbjJW8PSKlT/LXqn0xE
U4D+u4QG68r8Pgttq1lswSuYOzakJ2dt2Gy/ieRfwyCx
-----END CERTIFICATE-----
Generated at Sun Apr 6 07:29:33 2025 by rpki-client