Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/XrKKt_JxbNMZGjXoulTmr3xDG5Q.roa
File: XrKKt_JxbNMZGjXoulTmr3xDG5Q.roa (raw, json)
Hash identifier: f11YjtJ+XEcEDqhtgknq7hIx2BkA5rt08V/n2Td3MMU=
Subject key identifier: 5E:B2:8A:B7:F2:71:6C:D3:19:1A:35:E8:BA:54:E6:AF:7C:43:1B:94
Certificate issuer: /CN=8d66032e08894118d7998c5c060ca46eb3871338
Certificate serial: 019421440ECB2D5C4F7AA111D87A7553FBFB
Authority key identifier: 8D:66:03:2E:08:89:41:18:D7:99:8C:5C:06:0C:A4:6E:B3:87:13:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jWYDLgiJQRjXmYxcBgykbrOHEzg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/XrKKt_JxbNMZGjXoulTmr3xDG5Q.roa
Signing time: Wed 01 Jan 2025 09:48:15 +0000
ROA not before: Wed 01 Jan 2025 09:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49425
IP address blocks: 45.75.128.0/17 maxlen: 24
185.169.144.0/23 maxlen: 24
2a0a:4900::/29 maxlen: 29
2a0a:4900::/32 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:0e:cb:2d:5c:4f:7a:a1:11:d8:7a:75:53:fb:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d66032e08894118d7998c5c060ca46eb3871338
Validity
Not Before: Jan 1 09:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5eb28ab7f2716cd3191a35e8ba54e6af7c431b94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:7b:0a:17:ae:d3:37:d1:c8:5e:0b:41:fd:24:
bd:59:0a:c9:09:b5:1d:aa:5c:2e:94:75:9b:bf:53:
fc:00:cf:2d:24:36:e1:a9:43:a4:21:a6:47:46:f0:
43:d7:50:76:57:ea:3d:a9:e7:42:fc:27:13:e1:94:
15:b1:ed:3f:f4:a2:c8:95:a3:5b:b5:40:f7:43:5e:
e8:d0:93:e6:76:2b:2f:dd:26:47:9d:3c:6b:79:8f:
33:fe:6f:5c:d3:04:72:cf:57:be:9f:a6:bd:e2:84:
7d:0f:b7:82:51:9c:72:f7:8d:45:b5:da:36:ce:1a:
73:1c:f9:8c:eb:c4:0a:c7:ce:e4:a0:00:c9:7d:d9:
45:d6:fd:9a:dc:ca:55:24:f1:8c:8d:63:3d:f8:36:
f7:de:42:48:01:03:ca:76:59:dd:cb:36:0d:fb:79:
b5:31:8f:2a:b4:3a:d4:02:b2:7c:1f:1b:a2:10:d1:
e8:a4:53:ed:a0:80:5e:0e:10:3d:01:35:bb:4f:be:
11:a5:c3:94:eb:4d:76:31:95:50:80:1f:6b:60:12:
25:65:f5:09:6c:ef:53:ff:0f:bd:d2:ec:9d:de:2e:
f6:94:77:e2:38:79:eb:69:a7:fe:06:a3:80:1e:ce:
8b:6d:f6:31:6e:4c:45:e2:75:98:0b:d3:e2:68:0a:
2a:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:B2:8A:B7:F2:71:6C:D3:19:1A:35:E8:BA:54:E6:AF:7C:43:1B:94
X509v3 Authority Key Identifier:
keyid:8D:66:03:2E:08:89:41:18:D7:99:8C:5C:06:0C:A4:6E:B3:87:13:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWYDLgiJQRjXmYxcBgykbrOHEzg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/XrKKt_JxbNMZGjXoulTmr3xDG5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/872dc7-7c01-4e66-844e-599d1ca6a5fd/1/jWYDLgiJQRjXmYxcBgykbrOHEzg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.75.128.0/17
185.169.144.0/23
IPv6:
2a0a:4900::/29
Signature Algorithm: sha256WithRSAEncryption
41:f2:c8:81:e9:a3:b5:f8:57:c5:42:61:dc:67:dc:a6:86:cb:
87:b8:1d:35:94:a0:9a:06:cc:80:e6:04:47:61:16:72:71:87:
1f:65:1f:72:28:f9:18:83:68:37:13:24:42:00:da:3e:01:4c:
90:c1:3d:55:46:9d:f9:3a:36:2d:7a:53:8e:e5:20:9d:1f:66:
77:86:ee:16:da:61:54:5c:8c:c8:3a:8f:8b:37:12:ca:d0:33:
34:aa:c2:e8:02:0e:9e:0d:95:b9:60:96:6e:37:a6:c8:43:bc:
e0:23:ae:bc:8f:10:0e:f5:38:31:2d:7a:a5:9e:34:12:3b:87:
19:21:3b:05:1e:12:ab:50:3d:ba:54:d3:88:93:8b:28:a6:5f:
7b:b5:f7:9b:57:00:64:dd:45:84:83:13:42:77:67:22:49:0f:
4d:b9:35:73:2a:aa:ee:6c:2f:55:01:0a:03:31:e4:28:52:67:
47:29:03:3e:b0:d4:50:90:7e:ca:cf:a4:d7:59:0b:7d:7e:ac:
82:d8:64:26:82:42:76:c7:fc:f5:ef:6c:a5:ce:3e:70:04:8e:
3c:ae:3f:0d:65:9d:6d:1a:44:d1:de:c8:83:e2:c5:fc:6d:82:
0e:97:58:e0:5f:85:27:ec:6b:0e:51:42:16:bc:18:fc:67:0f:
2a:ba:fa:72
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhRA7LLVxPeqER2Hp1U/v7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjYwMzJlMDg4OTQxMThkNzk5OGM1YzA2MGNhNDZlYjM4
NzEzMzgwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWIyOGFiN2YyNzE2Y2QzMTkxYTM1ZThiYTU0ZTZhZjdjNDMxYjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sKF67TN9HIXgtB/SS9WQrJCbUd
qlwulHWbv1P8AM8tJDbhqUOkIaZHRvBD11B2V+o9qedC/CcT4ZQVse0/9KLIlaNb
tUD3Q17o0JPmdisv3SZHnTxreY8z/m9c0wRyz1e+n6a94oR9D7eCUZxy941Ftdo2
zhpzHPmM68QKx87koADJfdlF1v2a3MpVJPGMjWM9+Db33kJIAQPKdlndyzYN+3m1
MY8qtDrUArJ8HxuiENHopFPtoIBeDhA9ATW7T74RpcOU6012MZVQgB9rYBIlZfUJ
bO9T/w+90uyd3i72lHfiOHnraaf+BqOAHs6LbfYxbkxF4nWYC9PiaAoqcQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF6yirfycWzTGRo16LpU5q98QxuUMB8GA1UdIwQY
MBaAFI1mAy4IiUEY15mMXAYMpG6zhxM4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldZRExnaUpRUmpYbVl4Y0JneWtick9IRXpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84NzJkYzctN2MwMS00ZTY2LTg0NGUt
NTk5ZDFjYTZhNWZkLzEvWHJLS3RfSnhiTk1aR2pYb3VsVG1yM3hERzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84NzJkYzctN2MwMS00ZTY2LTg0NGUtNTk5ZDFjYTZhNWZk
LzEvaldZRExnaUpRUmpYbVl4Y0JneWtick9IRXpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHLUuAAwQB
uamQMA0EAgACMAcDBQMqCkkAMA0GCSqGSIb3DQEBCwUAA4IBAQBB8siB6aO1+FfF
QmHcZ9ymhsuHuB01lKCaBsyA5gRHYRZycYcfZR9yKPkYg2g3EyRCANo+AUyQwT1V
Rp35OjYtelOO5SCdH2Z3hu4W2mFUXIzIOo+LNxLK0DM0qsLoAg6eDZW5YJZuN6bI
Q7zgI668jxAO9TgxLXqlnjQSO4cZITsFHhKrUD26VNOIk4sopl97tfebVwBk3UWE
gxNCd2ciSQ9NuTVzKqrubC9VAQoDMeQoUmdHKQM+sNRQkH7Kz6TXWQt9fqyC2GQm
gkJ2x/z172ylzj5wBI48rj8NZZ1tGkTR3siD4sX8bYIOl1jgX4Un7GsOUUIWvBj8
Zw8quvpy
-----END CERTIFICATE-----
Generated at Thu Feb 20 03:10:45 2025 by rpki-client