Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/obqfL4R2IKMApxxeeUPFE0sW9OQ.roa
File: obqfL4R2IKMApxxeeUPFE0sW9OQ.roa (raw, json)
Hash identifier: 7Ovq+/kB1PpmG+7SGcAWS7Jl70fuixev1vRb1jw0DXk=
Subject key identifier: A1:BA:9F:2F:84:76:20:A3:00:A7:1C:5E:79:43:C5:13:4B:16:F4:E4
Certificate issuer: /CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
Certificate serial: 01955CD0C21B805ACC3FA5B83554E4BD73DD
Authority key identifier: 5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/obqfL4R2IKMApxxeeUPFE0sW9OQ.roa
Signing time: Mon 03 Mar 2025 16:22:19 +0000
ROA not before: Mon 03 Mar 2025 16:22:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 53356
IP address blocks: 2a0d:5100::/29 maxlen: 29
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:5c:d0:c2:1b:80:5a:cc:3f:a5:b8:35:54:e4:bd:73:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5cf31afc36cb6955007fe97ed4a5e3185d2271ba
Validity
Not Before: Mar 3 16:22:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1ba9f2f847620a300a71c5e7943c5134b16f4e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:1c:94:5c:ad:5c:62:c0:0a:dd:ea:89:f3:e7:
13:6c:f0:7c:b6:74:6e:05:ae:c8:2d:5c:36:ea:55:
ef:a7:42:0c:4e:52:d0:ac:17:e5:12:eb:c3:f4:64:
a0:ff:d8:f3:c6:ea:7d:20:19:04:26:c9:08:aa:c1:
f4:5b:22:57:18:c2:fa:b2:fd:96:60:ea:ef:ba:cd:
72:ed:2d:55:e3:53:33:b0:91:86:25:81:0e:04:8f:
27:4c:36:ba:30:6a:f7:cd:bf:01:53:b5:a1:09:d9:
eb:6b:3b:53:14:e9:17:71:d2:98:5c:1c:e8:eb:cc:
99:9c:75:56:18:ff:5d:62:2f:50:40:d1:42:09:cc:
6b:c1:e8:14:d7:1b:26:76:7b:f8:2d:4e:1d:17:21:
15:85:37:af:99:cb:bd:a0:7d:3c:9e:a3:d0:7b:d3:
7a:fb:36:8a:17:ba:71:86:3a:5b:bc:53:16:c5:41:
98:90:11:6a:48:fe:82:bc:12:cc:de:ca:98:5d:9b:
df:b7:32:b9:d7:4b:7a:6e:f8:e8:a3:e2:34:43:eb:
44:3d:e6:04:43:31:c4:58:40:b4:6e:c1:89:c2:77:
fe:c7:0d:51:76:2d:6b:44:91:8c:3e:a1:12:fa:17:
1c:2b:e5:e2:17:19:ec:fc:dc:39:01:fe:24:16:58:
95:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:BA:9F:2F:84:76:20:A3:00:A7:1C:5E:79:43:C5:13:4B:16:F4:E4
X509v3 Authority Key Identifier:
keyid:5C:F3:1A:FC:36:CB:69:55:00:7F:E9:7E:D4:A5:E3:18:5D:22:71:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPMa_DbLaVUAf-l-1KXjGF0icbo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/obqfL4R2IKMApxxeeUPFE0sW9OQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/458ec3-0451-4e41-9a34-736d12888ca8/1/XPMa_DbLaVUAf-l-1KXjGF0icbo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:5100::/29
Signature Algorithm: sha256WithRSAEncryption
68:52:b9:01:af:ad:4f:e4:ca:6e:35:be:a2:3e:ba:51:8c:eb:
e3:78:06:6a:2f:68:0e:c5:21:13:43:e8:ad:db:c7:a1:21:80:
7d:6d:46:11:2f:1b:c1:d4:45:c9:b0:be:ca:6b:ff:88:9e:b4:
8a:b7:05:6e:60:27:af:3b:aa:ed:46:c3:ec:9b:1b:15:43:9b:
93:7c:03:d4:01:61:29:de:58:d3:dd:05:7f:1d:a3:71:7c:b1:
93:5a:47:ca:f7:2f:7f:53:3d:e5:0a:a7:71:db:66:ad:87:3a:
45:bf:fe:6d:6b:1f:79:05:ce:9b:18:77:47:d6:ca:a4:4d:f9:
98:04:b3:4c:e2:3e:b7:47:05:77:20:dc:bf:13:a0:d4:ac:0e:
76:88:43:ba:03:81:da:fd:71:e4:3a:52:1b:94:8f:52:bb:1d:
3b:55:4e:18:8f:3e:db:21:fd:37:0b:d8:d3:a6:71:68:62:cd:
6b:a6:c0:5e:d3:54:14:05:21:aa:85:2c:d9:88:7a:07:46:a1:
cb:ac:97:bf:25:8b:34:b2:93:c5:63:7b:96:a6:83:16:71:21:
a9:88:5d:36:e0:ca:33:14:50:58:63:86:90:5c:b1:99:f5:70:
b9:55:f9:87:89:95:46:1b:14:66:ad:af:5c:1e:af:83:40:8e:
c1:7f:bd:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVc0MIbgFrMP6W4NVTkvXPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjMxYWZjMzZjYjY5NTUwMDdmZTk3ZWQ0YTVlMzE4NWQy
MjcxYmEwHhcNMjUwMzAzMTYyMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWJhOWYyZjg0NzYyMGEzMDBhNzFjNWU3OTQzYzUxMzRiMTZmNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxyUXK1cYsAK3eqJ8+cTbPB8tnRu
Ba7ILVw26lXvp0IMTlLQrBflEuvD9GSg/9jzxup9IBkEJskIqsH0WyJXGML6sv2W
YOrvus1y7S1V41MzsJGGJYEOBI8nTDa6MGr3zb8BU7WhCdnraztTFOkXcdKYXBzo
68yZnHVWGP9dYi9QQNFCCcxrwegU1xsmdnv4LU4dFyEVhTevmcu9oH08nqPQe9N6
+zaKF7pxhjpbvFMWxUGYkBFqSP6CvBLM3sqYXZvftzK510t6bvjoo+I0Q+tEPeYE
QzHEWEC0bsGJwnf+xw1Rdi1rRJGMPqES+hccK+XiFxns/Nw5Af4kFliV6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKG6ny+EdiCjAKccXnlDxRNLFvTkMB8GA1UdIwQY
MBaAFFzzGvw2y2lVAH/pftSl4xhdInG6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQt
NzM2ZDEyODg4Y2E4LzEvb2JxZkw0UjJJS01BcHh4ZWVVUEZFMHNXOU9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80NThlYzMtMDQ1MS00ZTQxLTlhMzQtNzM2ZDEyODg4Y2E4
LzEvWFBNYV9EYkxhVlVBZi1sLTFLWGpHRjBpY2JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg1RADAN
BgkqhkiG9w0BAQsFAAOCAQEAaFK5Aa+tT+TKbjW+oj66UYzr43gGai9oDsUhE0Po
rdvHoSGAfW1GES8bwdRFybC+ymv/iJ60ircFbmAnrzuq7UbD7JsbFUObk3wD1AFh
Kd5Y090Ffx2jcXyxk1pHyvcvf1M95QqncdtmrYc6Rb/+bWsfeQXOmxh3R9bKpE35
mASzTOI+t0cFdyDcvxOg1KwOdohDugOB2v1x5DpSG5SPUrsdO1VOGI8+2yH9NwvY
06ZxaGLNa6bAXtNUFAUhqoUs2Yh6B0ahy6yXvyWLNLKTxWN7lqaDFnEhqYhdNuDK
MxRQWGOGkFyxmfVwuVX5h4mVRhsUZq2vXB6vg0COwX+9CQ==
-----END CERTIFICATE-----
Generated at Mon Apr 7 20:17:19 2025 by rpki-client