Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/H5zExKsN_X1SPJQSwEakZzqeC2I.roa
File: H5zExKsN_X1SPJQSwEakZzqeC2I.roa (raw, json)
Hash identifier: FjXiEi3V3MLLSMvrOdppNODHARmQ2b/yPySFztutI1Q=
Subject key identifier: 1F:9C:C4:C4:AB:0D:FD:7D:52:3C:94:12:C0:46:A4:67:3A:9E:0B:62
Certificate issuer: /CN=fdc680ee1b27c3a6f07013c8fc25ebff0c67fb9d
Certificate serial: 0194221F9536B896E2D0B392DFF30392907C
Authority key identifier: FD:C6:80:EE:1B:27:C3:A6:F0:70:13:C8:FC:25:EB:FF:0C:67:FB:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_caA7hsnw6bwcBPI_CXr_wxn-50.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/H5zExKsN_X1SPJQSwEakZzqeC2I.roa
Signing time: Wed 01 Jan 2025 13:48:02 +0000
ROA not before: Wed 01 Jan 2025 13:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3303
IP address blocks: 194.147.229.0/24 maxlen: 24
2001:67c:c0::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:95:36:b8:96:e2:d0:b3:92:df:f3:03:92:90:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fdc680ee1b27c3a6f07013c8fc25ebff0c67fb9d
Validity
Not Before: Jan 1 13:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f9cc4c4ab0dfd7d523c9412c046a4673a9e0b62
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:2b:c6:f8:01:66:13:ca:de:55:7b:a5:3c:a6:
41:f9:cf:fc:f6:fd:59:90:8c:cf:37:39:2d:4c:d6:
88:b8:c0:30:c1:0b:c4:6d:80:57:60:60:d0:aa:b9:
7b:ac:2c:61:cc:18:81:ae:0c:43:1f:19:18:f5:cc:
d5:71:28:cd:c2:c8:18:6c:83:c7:4a:f0:0a:e5:42:
ff:61:fa:7e:85:f1:64:8a:95:9c:fd:58:9a:13:07:
38:6c:5b:30:2c:7d:19:59:7a:a1:38:3b:e6:dc:47:
23:af:07:b9:f6:44:e7:e0:26:a7:40:79:57:2a:a2:
e8:22:4a:0b:af:fd:43:c7:ae:0f:90:cd:2e:4c:1a:
53:c3:a9:16:53:b8:4e:24:03:c4:9c:e6:f1:01:93:
6b:13:c7:b4:b6:6d:84:b0:6c:cb:b3:7f:ba:7c:15:
ba:88:db:eb:99:41:8e:4d:68:5f:cb:03:13:36:46:
44:41:3d:76:7c:3a:b9:55:17:29:1a:5f:1f:5a:79:
6d:b6:c3:96:25:de:c3:90:70:47:a8:c5:fe:e7:dd:
27:31:a2:fb:df:a3:0e:6f:34:25:73:c4:62:89:af:
b9:39:d7:32:fa:82:ad:a8:3f:40:e3:5f:d0:3f:10:
eb:e5:e7:74:c9:1c:9e:b8:f8:93:74:0a:c4:c5:8a:
21:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:9C:C4:C4:AB:0D:FD:7D:52:3C:94:12:C0:46:A4:67:3A:9E:0B:62
X509v3 Authority Key Identifier:
keyid:FD:C6:80:EE:1B:27:C3:A6:F0:70:13:C8:FC:25:EB:FF:0C:67:FB:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_caA7hsnw6bwcBPI_CXr_wxn-50.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/H5zExKsN_X1SPJQSwEakZzqeC2I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a12e1c-1b10-4938-96d3-7bed26743bcc/1/_caA7hsnw6bwcBPI_CXr_wxn-50.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.147.229.0/24
IPv6:
2001:67c:c0::/48
Signature Algorithm: sha256WithRSAEncryption
5d:52:83:9f:21:5a:fe:b8:71:d8:46:78:d9:2f:9c:44:60:c5:
71:9f:32:fb:3a:be:ed:8c:f3:48:05:5f:c4:84:e0:cc:61:d8:
66:4c:d4:ea:01:a3:b3:04:a3:5e:fa:e0:c9:c6:94:7b:02:3a:
1c:ed:af:77:3e:4d:2d:40:e9:c1:59:51:0c:48:cd:bf:cb:63:
e5:8c:36:6d:52:76:66:4d:dc:1c:94:f1:74:39:d2:e0:9d:83:
50:9d:a5:4a:9b:39:2d:0e:0b:5e:91:82:6b:0d:27:2d:35:5b:
f5:dd:b9:6f:79:53:24:7a:c8:5a:de:84:32:8b:bc:7d:97:63:
40:2b:35:b8:4e:68:20:d8:b9:f6:0e:57:09:c0:76:70:1c:f6:
14:6d:19:a9:32:f5:64:6b:02:ea:c3:ca:08:20:52:d6:8b:b9:
65:d4:e7:86:1b:0f:b9:99:06:10:b8:f9:fd:63:6f:ce:c9:27:
0b:38:d6:f3:af:9f:33:e6:87:b8:ce:b8:36:f2:03:6b:63:de:
22:fc:85:6c:f7:94:03:14:39:ac:fd:41:6b:81:9d:cb:94:29:
90:8c:04:e9:2b:e0:6c:fa:96:9f:a6:86:c9:04:b5:dd:e9:4b:
c2:32:d7:0b:86:35:1b:9d:9d:91:e0:33:e5:84:81:f2:ad:29:
92:fd:73:52
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH5U2uJbi0LOS3/MDkpB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkYzY4MGVlMWIyN2MzYTZmMDcwMTNjOGZjMjVlYmZmMGM2
N2ZiOWQwHhcNMjUwMTAxMTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjljYzRjNGFiMGRmZDdkNTIzYzk0MTJjMDQ2YTQ2NzNhOWUwYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmivG+AFmE8reVXulPKZB+c/89v1Z
kIzPNzktTNaIuMAwwQvEbYBXYGDQqrl7rCxhzBiBrgxDHxkY9czVcSjNwsgYbIPH
SvAK5UL/Yfp+hfFkipWc/ViaEwc4bFswLH0ZWXqhODvm3Ecjrwe59kTn4CanQHlX
KqLoIkoLr/1Dx64PkM0uTBpTw6kWU7hOJAPEnObxAZNrE8e0tm2EsGzLs3+6fBW6
iNvrmUGOTWhfywMTNkZEQT12fDq5VRcpGl8fWnlttsOWJd7DkHBHqMX+590nMaL7
36MObzQlc8Riia+5Odcy+oKtqD9A41/QPxDr5ed0yRyeuPiTdArExYohtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB+cxMSrDf19UjyUEsBGpGc6ngtiMB8GA1UdIwQY
MBaAFP3GgO4bJ8Om8HATyPwl6/8MZ/udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2NhQTdoc253NmJ3Y0JQSV9DWHJfd3huLTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hMTJlMWMtMWIxMC00OTM4LTk2ZDMt
N2JlZDI2NzQzYmNjLzEvSDV6RXhLc05fWDFTUEpRU3dFYWtaenFlQzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hMTJlMWMtMWIxMC00OTM4LTk2ZDMtN2JlZDI2NzQzYmNj
LzEvX2NhQTdoc253NmJ3Y0JQSV9DWHJfd3huLTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpPlMA8E
AgACMAkDBwAgAQZ8AMAwDQYJKoZIhvcNAQELBQADggEBAF1Sg58hWv64cdhGeNkv
nERgxXGfMvs6vu2M80gFX8SE4Mxh2GZM1OoBo7MEo1764MnGlHsCOhztr3c+TS1A
6cFZUQxIzb/LY+WMNm1SdmZN3ByU8XQ50uCdg1CdpUqbOS0OC16RgmsNJy01W/Xd
uW95UyR6yFrehDKLvH2XY0ArNbhOaCDYufYOVwnAdnAc9hRtGaky9WRrAurDyggg
UtaLuWXU54YbD7mZBhC4+f1jb87JJws41vOvnzPmh7jOuDbyA2tj3iL8hWz3lAMU
Oaz9QWuBncuUKZCMBOkr4Gz6lp+mhskEtd3pS8Iy1wuGNRudnZHgM+WEgfKtKZL9
c1I=
-----END CERTIFICATE-----
Generated at Sun Apr 6 22:42:50 2025 by rpki-client