Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o4QZ_DW5LwUcZxFyHz4ELk8-5dc.roa
File: o4QZ_DW5LwUcZxFyHz4ELk8-5dc.roa (raw, json)
Hash identifier: MCDX+HoOVNRDjNpVMWUJahOMqr6SOoydXS3kvZsKDFs=
Subject key identifier: A3:84:19:FC:35:B9:2F:05:1C:67:11:72:1F:3E:04:2E:4F:3E:E5:D7
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 01955B9C3A7DDCD3169DBD19D824E5A90B49
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o4QZ_DW5LwUcZxFyHz4ELk8-5dc.roa
Signing time: Mon 03 Mar 2025 10:45:20 +0000
ROA not before: Mon 03 Mar 2025 10:45:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 398704
IP address blocks: 31.58.208.0/24 maxlen: 24
31.58.209.0/24 maxlen: 24
31.58.232.0/24 maxlen: 24
31.58.233.0/24 maxlen: 24
217.60.0.0/21 maxlen: 24
217.60.8.0/21 maxlen: 24
217.60.24.0/22 maxlen: 24
217.60.32.0/21 maxlen: 24
217.60.44.0/22 maxlen: 24
217.60.56.0/21 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:5b:9c:3a:7d:dc:d3:16:9d:bd:19:d8:24:e5:a9:0b:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Mar 3 10:45:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a38419fc35b92f051c6711721f3e042e4f3ee5d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:bb:3c:b3:a2:a9:57:ed:d1:77:30:d5:5f:db:
36:be:cd:9b:58:9c:55:ff:bc:fb:d9:8a:08:e1:0a:
10:46:13:40:e2:0c:ef:ee:54:b2:ff:a8:36:b4:cf:
9d:d6:09:fb:15:d8:06:6a:d0:30:4f:a7:c9:3a:1b:
71:3c:ab:b8:57:44:3a:04:83:40:e8:4f:68:6f:74:
11:10:58:ac:8d:cb:cb:ad:bb:ad:3c:2e:b0:00:54:
cf:5b:55:51:b1:90:40:6c:c7:d8:b1:cf:3d:b3:cb:
e1:ab:5c:46:6d:6c:9f:59:e7:fd:d6:b0:3f:56:78:
e8:6c:2e:57:56:9c:c3:20:8e:a4:e0:60:5b:7f:2e:
79:54:69:6f:48:11:11:9a:d3:ce:dd:a1:24:19:f2:
ea:5f:c9:ec:99:4b:58:f1:99:64:21:8a:df:fd:99:
d4:5d:1b:cd:79:43:40:a4:96:6f:8a:c1:9a:23:1a:
c5:6a:7b:a7:2c:bb:88:a9:80:d8:b9:65:2a:af:30:
bb:91:e4:3e:45:1e:fa:6e:4f:4f:6b:5f:23:b6:45:
de:0c:7f:18:06:47:ef:14:dd:5f:1f:b3:ef:e5:e6:
cb:a2:e7:27:b1:bf:1b:e5:38:6e:bc:b5:72:61:4d:
47:a4:3b:5e:a0:14:c3:0a:3c:20:ac:d8:25:c2:f7:
53:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:84:19:FC:35:B9:2F:05:1C:67:11:72:1F:3E:04:2E:4F:3E:E5:D7
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/o4QZ_DW5LwUcZxFyHz4ELk8-5dc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.58.208.0/23
31.58.232.0/23
217.60.0.0/20
217.60.24.0/22
217.60.32.0/21
217.60.44.0/22
217.60.56.0/21
Signature Algorithm: sha256WithRSAEncryption
3a:ad:02:21:fc:1e:1a:a5:36:3c:74:87:e2:20:a5:e6:c7:e6:
48:b4:cd:ca:80:6b:db:8a:2d:f3:34:70:2a:e6:ee:3a:e6:6e:
80:08:e5:f8:2c:34:03:5e:c4:d2:5a:db:36:4e:3e:68:fb:f8:
2e:b5:2e:8f:4f:6a:0a:ca:69:30:b9:c2:10:b8:a1:b8:21:85:
ae:90:b9:90:e4:99:04:88:7c:4f:f4:94:86:ef:6d:ac:06:57:
8a:8c:95:b7:41:fb:49:1d:b1:c3:13:3d:98:75:9c:19:6a:2d:
ac:17:df:88:ae:68:86:b6:0e:ff:2f:f2:06:5f:7a:e1:2c:73:
32:3e:bc:ad:89:f9:99:78:33:cb:6f:2d:24:3d:cc:4b:70:43:
18:de:60:5f:17:6c:38:04:b5:4b:e2:0d:c5:f1:16:c2:a9:b7:
19:ef:a5:66:19:d2:fa:78:66:2c:94:c0:bd:38:8c:c1:e4:c7:
ee:70:bc:cf:3d:03:b1:52:60:b0:cb:e7:54:3e:db:89:d8:3f:
ab:c2:c7:72:c3:23:be:5b:36:ac:71:c5:39:ae:a5:6d:74:88:
1f:00:5b:9c:77:87:7d:4a:1b:ea:1d:14:5b:f2:f3:c5:75:3b:
26:b2:e5:1f:0d:81:f7:76:3f:9d:f1:32:86:33:b3:4f:f8:23:
b5:f7:27:59
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZVbnDp93NMWnb0Z2CTlqQtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjUwMzAzMTA0NTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg0MTlmYzM1YjkyZjA1MWM2NzExNzIxZjNlMDQyZTRmM2VlNWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLs8s6KpV+3RdzDVX9s2vs2bWJxV
/7z72YoI4QoQRhNA4gzv7lSy/6g2tM+d1gn7FdgGatAwT6fJOhtxPKu4V0Q6BINA
6E9ob3QREFisjcvLrbutPC6wAFTPW1VRsZBAbMfYsc89s8vhq1xGbWyfWef91rA/
VnjobC5XVpzDII6k4GBbfy55VGlvSBERmtPO3aEkGfLqX8nsmUtY8ZlkIYrf/ZnU
XRvNeUNApJZvisGaIxrFanunLLuIqYDYuWUqrzC7keQ+RR76bk9Pa18jtkXeDH8Y
BkfvFN1fH7Pv5ebLoucnsb8b5ThuvLVyYU1HpDteoBTDCjwgrNglwvdTrQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKOEGfw1uS8FHGcRch8+BC5PPuXXMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvbzRRWl9EVzVMd1VjWnhGeUh6NEVMazgtNWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYtYjgxMWNmY2I5ZmQ1
LzEvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBHzrQAwQB
HzroAwQE2TwAAwQC2TwYAwQD2TwgAwQC2TwsAwQD2Tw4MA0GCSqGSIb3DQEBCwUA
A4IBAQA6rQIh/B4apTY8dIfiIKXmx+ZItM3KgGvbii3zNHAq5u465m6ACOX4LDQD
XsTSWts2Tj5o+/gutS6PT2oKymkwucIQuKG4IYWukLmQ5JkEiHxP9JSG722sBleK
jJW3QftJHbHDEz2YdZwZai2sF9+IrmiGtg7/L/IGX3rhLHMyPrytifmZeDPLby0k
PcxLcEMY3mBfF2w4BLVL4g3F8RbCqbcZ76VmGdL6eGYslMC9OIzB5MfucLzPPQOx
UmCwy+dUPtuJ2D+rwsdywyO+WzasccU5rqVtdIgfAFucd4d9ShvqHRRb8vPFdTsm
suUfDYH3dj+d8TKGM7NP+CO19ydZ
-----END CERTIFICATE-----
Generated at Sat Apr 5 08:58:42 2025 by rpki-client