Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/O3sXFCWDkxRLQArJVgciZYJOH2k.roa
File: O3sXFCWDkxRLQArJVgciZYJOH2k.roa (raw, json)
Hash identifier: wEiLpu8rEygqvBvHCRoBqicZ9xgf2J+eV7J8nj+KxjA=
Subject key identifier: 3B:7B:17:14:25:83:93:14:4B:40:0A:C9:56:07:22:65:82:4E:1F:69
Certificate issuer: /CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Certificate serial: 0194236906C0A601AEF42B450CB73DDBF7EE
Authority key identifier: B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/O3sXFCWDkxRLQArJVgciZYJOH2k.roa
Signing time: Wed 01 Jan 2025 19:47:53 +0000
ROA not before: Wed 01 Jan 2025 19:47:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 58653
IP address blocks: 153.112.224.0/22 maxlen: 22
153.112.228.0/22 maxlen: 22
192.157.14.0/24 maxlen: 24
192.157.15.0/24 maxlen: 24
193.53.29.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:69:06:c0:a6:01:ae:f4:2b:45:0c:b7:3d:db:f7:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4852ffba7d57c5a8afbb6ea5beaf7dfec0c145a
Validity
Not Before: Jan 1 19:47:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b7b1714258393144b400ac956072265824e1f69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:1e:82:1a:aa:98:b4:96:c7:0e:ed:74:df:f8:
53:0c:71:10:3c:79:0c:e2:80:d9:08:70:5d:5d:f2:
5e:91:da:ef:46:ca:b5:44:b8:7f:38:cb:da:06:f5:
44:dd:91:99:25:cf:e2:7e:c5:8d:c5:fb:4e:08:cb:
3d:1e:56:13:5f:08:91:29:15:09:3c:3d:d9:2d:e4:
60:20:f8:f2:04:9a:dd:5c:ef:6f:67:69:d9:77:31:
67:ac:2e:fc:54:50:d7:cd:2e:de:57:58:71:72:8e:
ff:eb:e4:7b:7e:f4:94:bf:f8:01:f4:b2:dd:6a:e5:
3c:a0:3f:ee:cf:66:7f:cc:5a:ed:b3:c1:0e:d1:8b:
de:0a:0d:3f:25:63:1c:0c:a6:7a:15:2a:ca:80:80:
6b:92:31:42:56:a3:0e:8e:53:93:42:73:ab:c2:7b:
78:f5:39:9c:91:9b:40:16:7e:87:c4:3d:1f:97:b8:
2c:20:ed:51:e4:95:b0:24:2a:62:56:cd:09:a7:64:
03:04:fc:97:66:d9:24:00:09:b2:cb:b2:cd:10:e6:
f0:ee:63:29:ef:84:8f:1c:a3:27:27:4b:2f:b9:dd:
a4:3b:ec:56:2c:7f:94:e8:fd:de:14:da:6e:5d:a8:
fd:f6:69:ab:7c:72:4a:a6:2d:ca:91:15:79:ab:ab:
67:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:7B:17:14:25:83:93:14:4B:40:0A:C9:56:07:22:65:82:4E:1F:69
X509v3 Authority Key Identifier:
keyid:B4:85:2F:FB:A7:D5:7C:5A:8A:FB:B6:EA:5B:EA:F7:DF:EC:0C:14:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIUv-6fVfFqK-7bqW-r33-wMFFo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/O3sXFCWDkxRLQArJVgciZYJOH2k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e45e30-e7d8-4fb8-90ad-f71038e967a4/1/tIUv-6fVfFqK-7bqW-r33-wMFFo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
153.112.224.0/21
192.157.14.0/23
193.53.29.0/24
Signature Algorithm: sha256WithRSAEncryption
83:e4:b3:af:6c:5a:bb:8b:28:99:76:9e:7f:bf:09:f9:09:fc:
fd:db:ab:27:14:a0:c2:02:02:e6:94:15:9d:ac:8a:6a:48:e0:
df:2e:67:da:38:48:95:12:5a:16:5a:bc:00:8f:2f:f7:3d:be:
c6:02:21:e1:42:86:5d:53:ae:61:d0:3e:b0:56:4e:05:33:12:
48:43:d3:f5:9a:93:f1:5d:cc:83:f7:f1:43:4e:b2:56:21:92:
b4:09:af:75:74:7c:e8:31:6b:59:7a:11:a7:7b:e5:66:30:76:
28:02:7d:71:bd:c9:76:71:f2:e6:d1:90:8d:c0:ad:13:25:b1:
59:fc:e5:46:e5:3d:6e:50:18:62:8e:b9:da:67:a5:b9:65:f7:
c0:ba:cb:36:09:96:25:60:3c:8f:89:19:1e:60:f8:3e:ec:5e:
a1:b1:a4:1d:ca:19:04:6c:e2:9a:87:35:43:ab:17:d2:71:ab:
22:23:49:3c:c1:18:c6:be:20:00:6d:1e:ec:77:3b:56:72:95:
c4:ff:dd:c8:ca:05:fb:5c:9f:bc:f3:d7:57:99:12:3f:53:a6:
ed:dc:96:5f:55:19:4f:54:aa:a4:ec:91:3c:02:df:a7:c7:bd:
e2:f3:8b:57:f8:57:32:db:6d:2a:56:0b:4a:96:d5:9f:6f:ac:
32:37:be:e2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjaQbApgGu9CtFDLc92/fuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ODUyZmZiYTdkNTdjNWE4YWZiYjZlYTViZWFmN2RmZWMw
YzE0NWEwHhcNMjUwMTAxMTk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjdiMTcxNDI1ODM5MzE0NGI0MDBhYzk1NjA3MjI2NTgyNGUxZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR6CGqqYtJbHDu103/hTDHEQPHkM
4oDZCHBdXfJekdrvRsq1RLh/OMvaBvVE3ZGZJc/ifsWNxftOCMs9HlYTXwiRKRUJ
PD3ZLeRgIPjyBJrdXO9vZ2nZdzFnrC78VFDXzS7eV1hxco7/6+R7fvSUv/gB9LLd
auU8oD/uz2Z/zFrts8EO0YveCg0/JWMcDKZ6FSrKgIBrkjFCVqMOjlOTQnOrwnt4
9TmckZtAFn6HxD0fl7gsIO1R5JWwJCpiVs0Jp2QDBPyXZtkkAAmyy7LNEObw7mMp
74SPHKMnJ0svud2kO+xWLH+U6P3eFNpuXaj99mmrfHJKpi3KkRV5q6tnTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDt7FxQlg5MUS0AKyVYHImWCTh9pMB8GA1UdIwQY
MBaAFLSFL/un1Xxaivu26lvq99/sDBRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQt
ZjcxMDM4ZTk2N2E0LzEvTzNzWEZDV0RreFJMUUFySlZnY2laWUpPSDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lNDVlMzAtZTdkOC00ZmI4LTkwYWQtZjcxMDM4ZTk2N2E0
LzEvdElVdi02ZlZmRnFLLTdicVctcjMzLXdNRkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDmXDgAwQB
wJ0OAwQAwTUdMA0GCSqGSIb3DQEBCwUAA4IBAQCD5LOvbFq7iyiZdp5/vwn5Cfz9
26snFKDCAgLmlBWdrIpqSODfLmfaOEiVEloWWrwAjy/3Pb7GAiHhQoZdU65h0D6w
Vk4FMxJIQ9P1mpPxXcyD9/FDTrJWIZK0Ca91dHzoMWtZehGne+VmMHYoAn1xvcl2
cfLm0ZCNwK0TJbFZ/OVG5T1uUBhijrnaZ6W5ZffAuss2CZYlYDyPiRkeYPg+7F6h
saQdyhkEbOKahzVDqxfScasiI0k8wRjGviAAbR7sdztWcpXE/93IygX7XJ+889dX
mRI/U6bt3JZfVRlPVKqk7JE8At+nx73i84tX+Fcy220qVgtKltWfb6wyN77i
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:00:06 2025 by rpki-client