Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SnQp545PizABXlJmPfs6t_Bdx3A.roa
File: SnQp545PizABXlJmPfs6t_Bdx3A.roa (raw, json)
Hash identifier: hDklsVSAEeEI4JG+zHk72TGY8C4nzVK2zvz/sAVVKz4=
Subject key identifier: 4A:74:29:E7:8E:4F:8B:30:01:5E:52:66:3D:FB:3A:B7:F0:5D:C7:70
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0195D8F99494D6A9EFF2FDF34E9AD39914B6
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SnQp545PizABXlJmPfs6t_Bdx3A.roa
Signing time: Thu 27 Mar 2025 18:59:49 +0000
ROA not before: Thu 27 Mar 2025 18:59:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 136501
IP address blocks: 151.242.11.0/24 maxlen: 24
151.242.14.0/24 maxlen: 24
151.242.27.0/24 maxlen: 24
151.242.255.0/24 maxlen: 24
151.243.2.0/24 maxlen: 24
151.243.3.0/24 maxlen: 24
151.243.10.0/24 maxlen: 24
151.243.35.0/24 maxlen: 24
151.243.37.0/24 maxlen: 24
151.243.38.0/24 maxlen: 24
151.243.39.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d8:f9:94:94:d6:a9:ef:f2:fd:f3:4e:9a:d3:99:14:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Mar 27 18:59:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4a7429e78e4f8b30015e52663dfb3ab7f05dc770
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:87:77:8a:cb:0d:72:04:48:b0:85:78:d7:3e:
32:4a:22:05:1f:92:0f:c5:14:3d:60:19:99:29:c5:
64:46:0b:51:53:2a:e6:96:31:14:a7:77:c9:e1:9e:
90:d1:3f:60:a2:8f:cd:b5:a8:d7:34:a7:e3:10:1c:
7e:18:47:a2:bc:db:e4:01:99:3b:5b:01:a2:4c:4f:
9d:d6:b6:d9:c3:85:51:b8:40:4e:8c:d9:a4:62:37:
f5:d2:0b:4a:e2:44:aa:dd:2a:9f:d8:e6:87:b3:28:
ad:c6:1d:8e:e1:a9:e6:97:38:8e:d5:e6:b5:2e:84:
bd:ab:1e:a9:38:d2:59:ae:d1:f9:5f:a6:d4:c2:85:
74:95:3b:a4:ff:9a:18:35:20:56:f3:f1:45:0d:3e:
20:45:89:2c:c4:a0:2a:15:d5:21:1d:6c:10:08:83:
71:4e:05:60:b4:f6:e8:4b:2b:e0:1c:f6:4b:79:81:
c6:03:0b:a1:e1:07:c7:7f:77:e1:c3:4a:d3:fc:57:
45:34:07:73:19:e6:9f:eb:e2:f3:f4:c5:ae:9f:c5:
23:ee:87:9e:54:8a:d5:3d:8a:ce:21:25:61:e2:a3:
0a:f2:02:6e:5e:c6:3a:7e:94:0a:bf:e3:88:6e:e2:
a6:c3:b7:a8:e0:79:82:31:ff:b8:9d:25:d4:7d:35:
cf:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:74:29:E7:8E:4F:8B:30:01:5E:52:66:3D:FB:3A:B7:F0:5D:C7:70
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/SnQp545PizABXlJmPfs6t_Bdx3A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.242.11.0/24
151.242.14.0/24
151.242.27.0/24
151.242.255.0/24
151.243.2.0/23
151.243.10.0/24
151.243.35.0/24
151.243.37.0-151.243.39.255
Signature Algorithm: sha256WithRSAEncryption
15:45:9d:fc:4d:21:33:ae:e1:fb:fe:bf:71:9f:fd:3d:f3:07:
7b:a9:f3:68:ff:76:13:7a:05:c8:01:2f:b9:24:22:9e:35:8e:
1e:b8:26:4e:b4:18:ff:83:d2:a7:76:82:78:be:29:dc:13:24:
c5:79:ed:c5:32:9f:65:47:db:6b:0c:26:c6:e1:d6:2d:39:c5:
39:e6:4c:9f:9d:d5:3e:7b:88:a6:53:07:a4:19:85:c6:c5:5e:
40:d9:2a:a2:a8:0a:54:5e:04:f9:8d:37:db:b3:3b:2a:25:cb:
b3:d5:ad:c8:00:74:a2:58:94:8b:0e:ba:65:6b:ca:a5:61:30:
1d:0e:f0:36:12:b7:60:3f:97:11:82:15:83:af:33:b9:e5:ca:
ce:4b:9c:3d:20:32:9b:5e:e6:25:b9:5e:95:54:23:69:e7:e1:
79:2c:2a:7a:96:df:03:ee:48:9b:fe:c9:56:ff:f5:97:26:a7:
aa:4f:9e:91:02:11:e0:09:49:6b:40:74:12:9b:72:5e:b5:72:
d4:2d:74:c1:d6:e5:0c:af:9b:79:8b:87:1e:ad:2d:24:c7:2d:
bf:95:a4:a9:74:5a:b6:9f:32:97:ca:98:c1:cf:08:4c:ce:43:
f0:52:7c:bb:b8:49:8c:e7:e9:3f:38:3f:7a:69:44:a3:fc:f6:
e9:a9:32:e9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZXY+ZSU1qnv8v3zTprTmRS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMzI3MTg1OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTc0MjllNzhlNGY4YjMwMDE1ZTUyNjYzZGZiM2FiN2YwNWRjNzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoId3issNcgRIsIV41z4ySiIFH5IP
xRQ9YBmZKcVkRgtRUyrmljEUp3fJ4Z6Q0T9goo/NtajXNKfjEBx+GEeivNvkAZk7
WwGiTE+d1rbZw4VRuEBOjNmkYjf10gtK4kSq3Sqf2OaHsyitxh2O4anmlziO1ea1
LoS9qx6pONJZrtH5X6bUwoV0lTuk/5oYNSBW8/FFDT4gRYksxKAqFdUhHWwQCINx
TgVgtPboSyvgHPZLeYHGAwuh4QfHf3fhw0rT/FdFNAdzGeaf6+Lz9MWun8Uj7oee
VIrVPYrOISVh4qMK8gJuXsY6fpQKv+OIbuKmw7eo4HmCMf+4nSXUfTXPXQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEp0KeeOT4swAV5SZj37OrfwXcdwMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvU25RcDU0NVBpekFCWGxKbVBmczZ0X0JkeDNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAl/ILAwQA
l/IOAwQAl/IbAwQAl/L/AwQBl/MCAwQAl/MKAwQAl/MjMAwDBACX8yUDBAOX8yAw
DQYJKoZIhvcNAQELBQADggEBABVFnfxNITOu4fv+v3Gf/T3zB3up82j/dhN6BcgB
L7kkIp41jh64Jk60GP+D0qd2gni+KdwTJMV57cUyn2VH22sMJsbh1i05xTnmTJ+d
1T57iKZTB6QZhcbFXkDZKqKoClReBPmNN9uzOyoly7PVrcgAdKJYlIsOumVryqVh
MB0O8DYSt2A/lxGCFYOvM7nlys5LnD0gMpte5iW5XpVUI2nn4XksKnqW3wPuSJv+
yVb/9Zcmp6pPnpECEeAJSWtAdBKbcl61ctQtdMHW5Qyvm3mLhx6tLSTHLb+VpKl0
WrafMpfKmMHPCEzOQ/BSfLu4SYzn6T84P3ppRKP89umpMuk=
-----END CERTIFICATE-----
Generated at Sat Apr 5 08:58:37 2025 by rpki-client