Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/2KU1lG8tmW62eqBwxBBDds81m5A.roa
File: 2KU1lG8tmW62eqBwxBBDds81m5A.roa (raw, json)
Hash identifier: DXWqInrCKLzcQadKZzuaDGdIbNbzO5YygQPkSyOtdqY=
Subject key identifier: D8:A5:35:94:6F:2D:99:6E:B6:7A:A0:70:C4:10:43:76:CF:35:9B:90
Certificate issuer: /CN=68d425cc7b1b7880a875f76beda80fe3109319ed
Certificate serial: 01941FFA654CFD02521A315361F327EA21CC
Authority key identifier: 68:D4:25:CC:7B:1B:78:80:A8:75:F7:6B:ED:A8:0F:E3:10:93:19:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/2KU1lG8tmW62eqBwxBBDds81m5A.roa
Signing time: Wed 01 Jan 2025 03:48:11 +0000
ROA not before: Wed 01 Jan 2025 03:48:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51088
IP address blocks: 185.181.84.0/22 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:fa:65:4c:fd:02:52:1a:31:53:61:f3:27:ea:21:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68d425cc7b1b7880a875f76beda80fe3109319ed
Validity
Not Before: Jan 1 03:48:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d8a535946f2d996eb67aa070c4104376cf359b90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:4f:13:b1:cd:f9:fa:80:d5:f9:af:bd:a7:bb:
c5:ab:b1:6d:33:a7:10:63:8a:c7:dd:05:3b:b9:b4:
b8:be:bb:19:f9:a8:26:12:ac:51:17:75:5c:9c:9b:
c0:56:aa:d9:bf:89:36:f1:e3:87:5f:14:5b:b8:54:
57:be:4e:c1:2d:dd:76:0c:56:47:ad:cb:ad:1a:a1:
aa:c8:5b:c1:a7:e2:e8:28:2b:21:61:f6:7b:9d:03:
83:6a:7a:7c:2c:38:f7:ef:8f:31:c4:c9:8f:ed:15:
f7:7b:23:c5:bf:ba:a1:8e:df:af:49:d5:c2:e7:54:
8c:23:cf:ef:4c:fe:ac:fa:ab:63:a8:70:4a:32:dc:
af:e6:37:7e:5f:a6:b9:72:7a:00:97:85:0c:74:14:
d0:9a:0a:c6:dd:01:20:d4:71:1e:e9:fe:1c:9f:a8:
86:88:f8:7e:87:d3:8c:63:53:56:de:12:48:60:58:
55:e5:a7:ef:a9:bc:48:b2:f9:3c:b9:d7:dd:50:4e:
1b:01:6f:7b:e0:85:a1:52:00:b5:f5:8e:79:05:f2:
53:ba:9f:fd:35:0b:cf:d4:b6:1b:14:bf:1e:07:5c:
a9:57:7d:ca:57:46:93:bb:6d:b2:64:93:c0:91:28:
77:79:a8:c6:d3:fd:89:65:46:51:d3:8b:b1:e7:ce:
b9:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:A5:35:94:6F:2D:99:6E:B6:7A:A0:70:C4:10:43:76:CF:35:9B:90
X509v3 Authority Key Identifier:
keyid:68:D4:25:CC:7B:1B:78:80:A8:75:F7:6B:ED:A8:0F:E3:10:93:19:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aNQlzHsbeICodfdr7agP4xCTGe0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/2KU1lG8tmW62eqBwxBBDds81m5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/c0f7e3-63b9-4a5f-96ca-5c45b618f990/1/aNQlzHsbeICodfdr7agP4xCTGe0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.181.84.0/22
Signature Algorithm: sha256WithRSAEncryption
32:14:11:58:4f:e0:06:1f:a2:5b:d6:29:d4:59:76:f0:10:1f:
80:be:81:1d:b2:7d:48:85:cf:36:c8:0a:e8:4e:36:ab:e9:1c:
49:72:f6:03:4e:6a:71:02:3c:56:e2:8d:d2:17:ee:bf:dd:f3:
6a:41:65:98:6d:a8:75:ea:a4:94:e4:26:26:79:af:f0:31:b8:
63:b7:39:62:8a:93:76:63:87:55:b0:af:2d:24:0c:fc:d8:a6:
7a:b0:b8:ff:b7:8f:f3:62:28:66:2a:94:95:78:64:9e:68:de:
f3:f7:1e:f0:d4:e3:56:36:b9:4d:fb:af:87:f8:9d:45:72:e0:
ee:82:41:6d:c3:5b:33:87:fb:69:6a:1c:8d:a3:a1:88:a6:17:
7f:00:5c:f5:71:5b:19:4f:d4:32:7b:2d:7a:5c:eb:3f:b8:0c:
20:7d:95:ff:75:27:a9:f7:c5:22:3b:94:6b:19:ff:c0:a5:06:
46:7a:a8:c5:2b:64:86:4d:1d:16:ca:2b:7c:a9:a6:61:d3:ce:
d1:72:b0:b1:1d:ee:83:0e:b3:c1:ce:24:85:5a:69:7b:09:9e:
6e:35:51:0b:ae:34:1e:8d:99:13:72:f8:99:5f:86:04:78:ae:
f8:87:61:71:29:ed:ed:81:49:15:0e:fa:b8:7b:60:42:6d:f7:
1e:d7:e1:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+mVM/QJSGjFTYfMn6iHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZDQyNWNjN2IxYjc4ODBhODc1Zjc2YmVkYTgwZmUzMTA5
MzE5ZWQwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGE1MzU5NDZmMmQ5OTZlYjY3YWEwNzBjNDEwNDM3NmNmMzU5YjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq08Tsc35+oDV+a+9p7vFq7FtM6cQ
Y4rH3QU7ubS4vrsZ+agmEqxRF3VcnJvAVqrZv4k28eOHXxRbuFRXvk7BLd12DFZH
rcutGqGqyFvBp+LoKCshYfZ7nQODanp8LDj3748xxMmP7RX3eyPFv7qhjt+vSdXC
51SMI8/vTP6s+qtjqHBKMtyv5jd+X6a5cnoAl4UMdBTQmgrG3QEg1HEe6f4cn6iG
iPh+h9OMY1NW3hJIYFhV5afvqbxIsvk8udfdUE4bAW974IWhUgC19Y55BfJTup/9
NQvP1LYbFL8eB1ypV33KV0aTu22yZJPAkSh3eajG0/2JZUZR04ux5865FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNilNZRvLZlutnqgcMQQQ3bPNZuQMB8GA1UdIwQY
MBaAFGjUJcx7G3iAqHX3a+2oD+MQkxntMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU5RbHpIc2JlSUNvZGZkcjdhZ1A0eENUR2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9jMGY3ZTMtNjNiOS00YTVmLTk2Y2Et
NWM0NWI2MThmOTkwLzEvMktVMWxHOHRtVzYyZXFCd3hCQkRkczgxbTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9jMGY3ZTMtNjNiOS00YTVmLTk2Y2EtNWM0NWI2MThmOTkw
LzEvYU5RbHpIc2JlSUNvZGZkcjdhZ1A0eENUR2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubVUMA0G
CSqGSIb3DQEBCwUAA4IBAQAyFBFYT+AGH6Jb1inUWXbwEB+AvoEdsn1Ihc82yAro
Tjar6RxJcvYDTmpxAjxW4o3SF+6/3fNqQWWYbah16qSU5CYmea/wMbhjtzliipN2
Y4dVsK8tJAz82KZ6sLj/t4/zYihmKpSVeGSeaN7z9x7w1ONWNrlN+6+H+J1FcuDu
gkFtw1szh/tpahyNo6GIphd/AFz1cVsZT9Qyey16XOs/uAwgfZX/dSep98UiO5Rr
Gf/ApQZGeqjFK2SGTR0Wyit8qaZh087RcrCxHe6DDrPBziSFWml7CZ5uNVELrjQe
jZkTcviZX4YEeK74h2FxKe3tgUkVDvq4e2BCbfce1+Fz
-----END CERTIFICATE-----
Generated at Tue Apr 8 20:17:37 2025 by rpki-client