Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1NJApXLqd60t0GUZmRncGVUsNGI.roa
File: 1NJApXLqd60t0GUZmRncGVUsNGI.roa (raw, json)
Hash identifier: pvAH1BBJRuw5TZvwgf+q1jSSd3ndfDiiCeI3oVyjO7Y=
Subject key identifier: D4:D2:40:A5:72:EA:77:AD:2D:D0:65:19:99:19:DC:19:55:2C:34:62
Certificate issuer: /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial: 0194266B0FFD51D4B6A537450B915851D045
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1NJApXLqd60t0GUZmRncGVUsNGI.roa
Signing time: Thu 02 Jan 2025 09:48:58 +0000
ROA not before: Thu 02 Jan 2025 09:48:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 397423
IP address blocks: 185.236.8.0/24 maxlen: 24
185.236.9.0/24 maxlen: 24
193.38.249.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:6b:0f:fd:51:d4:b6:a5:37:45:0b:91:58:51:d0:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Validity
Not Before: Jan 2 09:48:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d4d240a572ea77ad2dd065199919dc19552c3462
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:e9:9b:e9:18:fd:28:ae:03:d2:db:da:3a:12:
ce:76:2d:d6:1a:68:3a:bb:fc:40:19:20:1a:2e:1b:
b3:a5:dc:0d:bd:ca:11:e4:45:b4:12:57:bc:85:7d:
19:b6:7e:98:e7:d1:78:b0:71:c5:6b:7b:4c:b7:86:
f9:cf:8b:75:b9:e9:7f:83:3a:db:0d:97:f2:2a:d6:
f6:be:0b:49:cf:46:b9:7e:65:78:8d:09:5f:62:76:
0b:8e:26:e6:58:2d:d3:55:3b:50:a1:f4:91:f8:b8:
df:d2:5b:6d:d8:16:dc:f5:be:02:97:91:02:81:89:
f3:b2:bb:ef:ec:7d:fe:b4:48:bd:1a:1c:08:7d:c4:
f6:9c:ea:f9:a5:d3:7a:44:e8:51:f5:a7:97:a1:f8:
61:38:b5:72:ee:a4:53:8b:a0:21:bf:34:9f:c6:80:
55:43:06:9e:0d:c8:95:10:3d:41:de:85:41:9d:69:
e3:d5:0c:23:88:c6:0c:73:d7:ea:53:c6:e0:cc:83:
52:9e:61:b7:f8:30:be:6a:56:16:e9:8c:ce:57:69:
8b:37:7f:fa:e3:f6:54:da:0a:aa:24:ea:ee:50:ea:
6a:e8:81:5d:76:bd:46:5b:8b:1e:2b:1a:5a:7d:c4:
4d:a9:2d:79:d6:10:75:c6:6c:81:38:54:69:16:6f:
94:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:D2:40:A5:72:EA:77:AD:2D:D0:65:19:99:19:DC:19:55:2C:34:62
X509v3 Authority Key Identifier:
keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1NJApXLqd60t0GUZmRncGVUsNGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.236.8.0/23
193.38.249.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:c4:9e:7c:fc:35:b9:5d:dc:00:4c:f0:1e:72:93:c8:92:49:
a4:17:da:3b:ee:b3:79:df:e9:b5:d2:62:56:4a:04:3f:af:db:
f1:9d:b9:85:8b:db:b2:e0:c4:c4:ba:a1:1e:6c:85:ad:bc:e6:
18:3b:95:24:19:3b:fa:05:5d:61:d5:d7:10:c7:ed:ec:ea:f0:
49:3f:2a:63:52:b5:38:78:61:1f:7c:02:28:03:f1:e1:5f:68:
47:b6:7e:76:d7:70:14:7a:ce:11:9f:2b:d2:4d:dd:7d:cf:7f:
b0:35:fb:8b:a0:27:b7:dd:dc:8a:ae:c0:61:d5:c9:fb:e9:36:
a7:15:7d:61:51:22:16:c9:dc:da:cf:42:b1:03:6f:7f:2f:11:
59:07:17:53:66:48:b1:a2:52:5b:5a:d0:bd:a6:c5:c2:5c:e5:
61:40:c8:74:28:89:ef:c7:5c:75:6d:3b:9e:f3:3d:7f:d7:57:
6f:8c:52:f9:c6:0b:f6:2d:d3:6a:1d:29:33:ca:0b:25:fc:22:
a5:33:0f:e8:d4:d5:0c:78:e5:84:f8:39:9e:cd:33:72:ea:c3:
8c:6c:35:59:12:42:6a:60:00:4d:dc:39:11:e1:3d:08:c2:91:
28:de:e9:f2:cd:9b:c9:58:a9:d9:b5:dc:45:df:ab:af:b8:b3:
55:30:2f:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmaw/9UdS2pTdFC5FYUdBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwMTAyMDk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQyNDBhNTcyZWE3N2FkMmRkMDY1MTk5OTE5ZGMxOTU1MmMzNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOmb6Rj9KK4D0tvaOhLOdi3WGmg6
u/xAGSAaLhuzpdwNvcoR5EW0Ele8hX0Ztn6Y59F4sHHFa3tMt4b5z4t1uel/gzrb
DZfyKtb2vgtJz0a5fmV4jQlfYnYLjibmWC3TVTtQofSR+Ljf0ltt2Bbc9b4Cl5EC
gYnzsrvv7H3+tEi9GhwIfcT2nOr5pdN6ROhR9aeXofhhOLVy7qRTi6AhvzSfxoBV
QwaeDciVED1B3oVBnWnj1QwjiMYMc9fqU8bgzINSnmG3+DC+alYW6YzOV2mLN3/6
4/ZU2gqqJOruUOpq6IFddr1GW4seKxpafcRNqS151hB1xmyBOFRpFm+U2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNTSQKVy6netLdBlGZkZ3BlVLDRiMB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvMU5KQXBYTHFkNjB0MEdVWm1SbmNHVlVzTkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUtNjA4MDk1MmYwZTA0
LzEvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuewIAwQA
wSb5MA0GCSqGSIb3DQEBCwUAA4IBAQB6xJ58/DW5XdwATPAecpPIkkmkF9o77rN5
3+m10mJWSgQ/r9vxnbmFi9uy4MTEuqEebIWtvOYYO5UkGTv6BV1h1dcQx+3s6vBJ
PypjUrU4eGEffAIoA/HhX2hHtn5213AUes4RnyvSTd19z3+wNfuLoCe33dyKrsBh
1cn76TanFX1hUSIWydzaz0KxA29/LxFZBxdTZkixolJbWtC9psXCXOVhQMh0KInv
x1x1bTue8z1/11dvjFL5xgv2LdNqHSkzygsl/CKlMw/o1NUMeOWE+DmezTNy6sOM
bDVZEkJqYABN3DkR4T0IwpEo3unyzZvJWKnZtdxF36uvuLNVMC/l
-----END CERTIFICATE-----
Generated at Sat Apr 5 16:44:49 2025 by rpki-client