Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/2bWjaCPUw-X9yUtaNeVHbtBR4RY.roa
File: 2bWjaCPUw-X9yUtaNeVHbtBR4RY.roa (raw, json)
Hash identifier: wUmEh6plZKTlbe1wgPAmlbbKo/l6BC2G8XZaRSw27eo=
Subject key identifier: D9:B5:A3:68:23:D4:C3:E5:FD:C9:4B:5A:35:E5:47:6E:D0:51:E1:16
Certificate issuer: /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial: 0195AF2FA3B7CFA986D0E2F92FDB52CA632B
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/2bWjaCPUw-X9yUtaNeVHbtBR4RY.roa
Signing time: Wed 19 Mar 2025 16:14:49 +0000
ROA not before: Wed 19 Mar 2025 16:14:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1239
IP address blocks: 31.132.52.0/24 maxlen: 24
162.218.95.0/24 maxlen: 24
192.145.71.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:af:2f:a3:b7:cf:a9:86:d0:e2:f9:2f:db:52:ca:63:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Validity
Not Before: Mar 19 16:14:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d9b5a36823d4c3e5fdc94b5a35e5476ed051e116
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:bf:7e:49:be:74:20:fa:87:55:03:b9:9a:ee:
fc:3f:82:30:bd:0f:d6:28:43:e0:c9:5b:4c:26:83:
45:aa:fd:43:53:8a:9f:ef:bf:e7:c0:75:d8:6a:a6:
e1:b9:0f:d2:c5:19:79:6e:e4:98:16:2b:52:0e:ac:
b0:50:6e:c5:d9:9c:6d:8f:8e:6b:ad:5a:f3:91:39:
27:f3:5c:bf:ea:c7:ab:c1:95:57:25:b3:ff:1f:cd:
41:e1:16:9b:f5:36:ae:a4:2c:6b:e4:fa:ee:25:5b:
4d:9f:7f:73:da:65:56:9e:44:fc:13:0f:2e:a2:39:
8b:7c:f9:11:1c:c5:5a:65:3e:23:e2:f3:18:c7:f1:
e3:4c:29:12:0e:22:1b:20:30:3e:31:47:1e:6b:5c:
5d:0b:ae:9f:bd:de:e0:a6:23:72:d1:de:82:28:12:
1f:b8:7f:55:82:16:24:43:cc:a1:95:fb:e8:d0:25:
e1:71:32:f5:89:84:32:4b:dc:5e:7e:ca:2e:75:25:
4d:2c:98:db:43:4e:42:42:2b:2d:1f:ad:0a:38:e0:
c3:bb:67:fb:3d:18:d7:61:9c:a1:02:a5:81:a5:bc:
09:50:ac:fa:8a:28:ba:48:3b:d6:61:bd:12:47:1a:
3a:bc:4c:22:c2:2d:5a:0d:08:78:05:cf:ad:3f:c8:
54:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:B5:A3:68:23:D4:C3:E5:FD:C9:4B:5A:35:E5:47:6E:D0:51:E1:16
X509v3 Authority Key Identifier:
keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/2bWjaCPUw-X9yUtaNeVHbtBR4RY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.132.52.0/24
162.218.95.0/24
192.145.71.0/24
Signature Algorithm: sha256WithRSAEncryption
08:c9:22:b3:89:92:b9:31:22:d7:a5:61:cc:5f:46:e7:22:1e:
db:ad:8e:ff:bd:a6:07:12:a1:57:a0:26:50:0c:88:af:ec:b0:
36:f0:ae:b5:f3:23:7a:56:63:3a:ba:d9:ce:36:aa:ca:18:9e:
e8:83:cc:21:5b:ca:17:43:a6:dd:4a:74:03:a5:4b:aa:16:a6:
a2:c4:40:67:34:4c:f8:d3:5c:ae:7e:31:dc:a4:24:86:e5:52:
43:ef:0a:3c:c7:b9:12:1c:9b:1d:7a:12:11:7e:bd:87:5f:72:
a8:6a:2f:df:71:ff:98:cd:2c:b6:2d:c2:d5:94:aa:df:2f:9c:
ae:63:44:18:37:3a:70:c5:ab:13:ca:62:61:85:54:ed:e3:ba:
73:39:2f:83:2a:ad:0c:39:3c:06:4b:59:5a:9e:47:99:83:ae:
82:2b:a5:c5:5f:87:cc:06:4f:11:e5:c7:4e:f5:e1:d1:b2:87:
71:12:f9:9a:e5:24:fc:43:3f:04:2f:00:43:32:1d:ac:54:77:
b5:7b:be:13:09:14:5b:93:f9:69:d3:de:09:95:0c:07:dc:45:
7b:91:6f:47:8b:af:a0:c6:cc:ee:13:42:3b:7b:21:e9:77:47:
94:ec:6e:1d:a5:fe:8a:9a:20:5a:50:64:8e:cd:f0:89:5d:e8:
4f:06:f5:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWvL6O3z6mG0OL5L9tSymMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjUwMzE5MTYxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWI1YTM2ODIzZDRjM2U1ZmRjOTRiNWEzNWU1NDc2ZWQwNTFlMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyb9+Sb50IPqHVQO5mu78P4IwvQ/W
KEPgyVtMJoNFqv1DU4qf77/nwHXYaqbhuQ/SxRl5buSYFitSDqywUG7F2Zxtj45r
rVrzkTkn81y/6serwZVXJbP/H81B4Rab9TaupCxr5PruJVtNn39z2mVWnkT8Ew8u
ojmLfPkRHMVaZT4j4vMYx/HjTCkSDiIbIDA+MUcea1xdC66fvd7gpiNy0d6CKBIf
uH9VghYkQ8yhlfvo0CXhcTL1iYQyS9xefsoudSVNLJjbQ05CQistH60KOODDu2f7
PRjXYZyhAqWBpbwJUKz6iii6SDvWYb0SRxo6vEwiwi1aDQh4Bc+tP8hUfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNm1o2gj1MPl/clLWjXlR27QUeEWMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvMmJXamFDUFV3LVg5eVV0YU5lVkhidEJSNFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH4Q0AwQA
otpfAwQAwJFHMA0GCSqGSIb3DQEBCwUAA4IBAQAIySKziZK5MSLXpWHMX0bnIh7b
rY7/vaYHEqFXoCZQDIiv7LA28K618yN6VmM6utnONqrKGJ7og8whW8oXQ6bdSnQD
pUuqFqaixEBnNEz401yufjHcpCSG5VJD7wo8x7kSHJsdehIRfr2HX3Koai/fcf+Y
zSy2LcLVlKrfL5yuY0QYNzpwxasTymJhhVTt47pzOS+DKq0MOTwGS1lankeZg66C
K6XFX4fMBk8R5cdO9eHRsodxEvma5ST8Qz8ELwBDMh2sVHe1e74TCRRbk/lp094J
lQwH3EV7kW9Hi6+gxszuE0I7eyHpd0eU7G4dpf6KmiBaUGSOzfCJXehPBvWD
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:28:57 2025 by rpki-client