Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/5442ce-48bc-4164-9350-9240d9f75ae6/1/LxK49wQNApdxyp8v_k05CLgMI5E.roa
File: LxK49wQNApdxyp8v_k05CLgMI5E.roa (raw, json)
Hash identifier: cyuNB9STnC1KALLJGwZIhbMMjarSRyXyHryPQj2j9DA=
Subject key identifier: 2F:12:B8:F7:04:0D:02:97:71:CA:9F:2F:FE:4D:39:08:B8:0C:23:91
Certificate issuer: /CN=4283696716dbcc360b9a62ef7d84b4d28f958bdd
Certificate serial: 01942521B643CF5145BE804A52A568F20FC1
Authority key identifier: 42:83:69:67:16:DB:CC:36:0B:9A:62:EF:7D:84:B4:D2:8F:95:8B:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QoNpZxbbzDYLmmLvfYS00o-Vi90.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/5442ce-48bc-4164-9350-9240d9f75ae6/1/LxK49wQNApdxyp8v_k05CLgMI5E.roa
Signing time: Thu 02 Jan 2025 03:49:13 +0000
ROA not before: Thu 02 Jan 2025 03:49:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29386
IP address blocks: 5.0.128.0/21 maxlen: 21
5.0.136.0/21 maxlen: 21
5.0.144.0/21 maxlen: 21
5.0.152.0/21 maxlen: 21
5.0.160.0/21 maxlen: 21
5.0.168.0/21 maxlen: 21
5.0.176.0/21 maxlen: 21
5.0.184.0/21 maxlen: 21
5.155.128.0/21 maxlen: 21
5.155.136.0/21 maxlen: 21
5.155.144.0/21 maxlen: 21
5.155.152.0/21 maxlen: 21
5.155.160.0/21 maxlen: 21
5.155.168.0/21 maxlen: 21
5.155.176.0/21 maxlen: 21
5.155.184.0/21 maxlen: 21
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:b6:43:cf:51:45:be:80:4a:52:a5:68:f2:0f:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4283696716dbcc360b9a62ef7d84b4d28f958bdd
Validity
Not Before: Jan 2 03:49:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f12b8f7040d029771ca9f2ffe4d3908b80c2391
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:2c:3c:e4:90:57:4d:79:1c:3f:a1:19:17:04:
a7:e7:62:7c:32:88:eb:c1:36:8e:30:ac:75:f5:bc:
2b:05:1f:22:4f:30:c9:45:a1:32:3c:43:56:e4:15:
ab:70:16:f9:ba:13:51:a5:80:6d:e0:f2:18:30:d6:
2c:ee:62:ee:81:0e:0e:32:1a:1d:29:18:91:58:de:
13:35:13:56:13:29:23:dc:06:a1:e2:b7:0b:56:dd:
0e:37:d0:1b:62:32:a0:f9:e4:57:aa:3a:0f:63:f1:
17:8a:b4:64:e8:aa:38:f8:a1:f2:14:03:12:e4:cd:
3e:57:f3:48:50:52:46:a4:67:4c:37:1b:98:a6:a0:
ff:95:3c:f9:fb:63:12:be:01:16:79:59:e9:10:f3:
b3:1c:14:67:45:ce:2b:74:93:10:ab:94:41:4e:11:
65:31:11:cd:b3:6a:78:b7:db:0a:bb:5b:3b:88:46:
f1:81:29:3d:3a:a1:c1:60:a8:a6:cf:7e:c5:9a:3d:
85:67:22:54:f7:ca:57:54:b6:ac:f5:5c:9a:55:ed:
2e:8b:7d:5e:a2:ae:1d:87:32:d2:6e:40:4f:51:79:
2d:ea:00:af:a1:ad:1c:03:3e:30:2c:27:a7:1f:bf:
8d:36:40:2f:20:bc:69:10:1f:d5:0f:ac:9e:d9:8b:
41:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:12:B8:F7:04:0D:02:97:71:CA:9F:2F:FE:4D:39:08:B8:0C:23:91
X509v3 Authority Key Identifier:
keyid:42:83:69:67:16:DB:CC:36:0B:9A:62:EF:7D:84:B4:D2:8F:95:8B:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QoNpZxbbzDYLmmLvfYS00o-Vi90.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/5442ce-48bc-4164-9350-9240d9f75ae6/1/LxK49wQNApdxyp8v_k05CLgMI5E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/5442ce-48bc-4164-9350-9240d9f75ae6/1/QoNpZxbbzDYLmmLvfYS00o-Vi90.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.0.128.0/18
5.155.128.0/18
Signature Algorithm: sha256WithRSAEncryption
74:d5:92:f3:2a:59:e0:fa:98:d9:0b:b7:8c:89:6c:c1:7d:8c:
de:fb:df:7b:85:7b:32:4e:3d:db:19:e7:f9:e7:6a:26:d5:e8:
38:80:9a:b3:20:d9:6f:be:6c:52:35:1b:de:37:b7:28:ac:47:
2b:4e:60:5c:cd:d6:5a:13:46:02:49:bb:89:9e:6e:76:97:bc:
e3:e1:8f:87:75:17:1a:c5:85:b0:b0:a8:35:73:29:b4:09:70:
1d:97:b6:da:63:d7:21:f7:3c:aa:d3:14:f0:89:cd:66:6c:08:
7b:bc:cd:c3:04:ef:03:19:00:0c:3a:32:3b:59:2a:10:9d:42:
39:7c:12:9a:18:a2:9b:10:9e:e8:2c:00:f3:7c:31:b3:20:51:
47:4e:ae:89:17:05:b2:0e:00:79:55:36:69:10:81:40:b9:81:
9f:47:87:21:63:25:00:96:8d:f1:be:bb:ae:ef:e2:51:35:3a:
7c:8d:94:00:13:dc:92:e2:d5:0b:d5:aa:37:c1:d1:25:d5:af:
54:88:d7:35:48:5d:75:c6:3e:4a:6e:29:40:a9:23:22:a7:d1:
b3:11:2a:c5:7b:06:c3:56:b9:41:34:19:f6:2e:e8:09:97:b8:
eb:df:32:3f:3a:b7:01:23:aa:60:54:a3:8c:60:83:83:66:0c:
fe:48:a4:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIbZDz1FFvoBKUqVo8g/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyODM2OTY3MTZkYmNjMzYwYjlhNjJlZjdkODRiNGQyOGY5
NThiZGQwHhcNMjUwMTAyMDM0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjEyYjhmNzA0MGQwMjk3NzFjYTlmMmZmZTRkMzkwOGI4MGMyMzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyw85JBXTXkcP6EZFwSn52J8Mojr
wTaOMKx19bwrBR8iTzDJRaEyPENW5BWrcBb5uhNRpYBt4PIYMNYs7mLugQ4OMhod
KRiRWN4TNRNWEykj3Aah4rcLVt0ON9AbYjKg+eRXqjoPY/EXirRk6Ko4+KHyFAMS
5M0+V/NIUFJGpGdMNxuYpqD/lTz5+2MSvgEWeVnpEPOzHBRnRc4rdJMQq5RBThFl
MRHNs2p4t9sKu1s7iEbxgSk9OqHBYKimz37Fmj2FZyJU98pXVLas9VyaVe0ui31e
oq4dhzLSbkBPUXkt6gCvoa0cAz4wLCenH7+NNkAvILxpEB/VD6ye2YtByQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC8SuPcEDQKXccqfL/5NOQi4DCORMB8GA1UdIwQY
MBaAFEKDaWcW28w2C5pi732EtNKPlYvdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW9OcFp4YmJ6RFlMbW1MdmZZUzAwby1WaTkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS81NDQyY2UtNDhiYy00MTY0LTkzNTAt
OTI0MGQ5Zjc1YWU2LzEvTHhLNDl3UU5BcGR4eXA4dl9rMDVDTGdNSTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS81NDQyY2UtNDhiYy00MTY0LTkzNTAtOTI0MGQ5Zjc1YWU2
LzEvUW9OcFp4YmJ6RFlMbW1MdmZZUzAwby1WaTkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGBQCAAwQG
BZuAMA0GCSqGSIb3DQEBCwUAA4IBAQB01ZLzKlng+pjZC7eMiWzBfYze+997hXsy
Tj3bGef552om1eg4gJqzINlvvmxSNRveN7corEcrTmBczdZaE0YCSbuJnm52l7zj
4Y+HdRcaxYWwsKg1cym0CXAdl7baY9ch9zyq0xTwic1mbAh7vM3DBO8DGQAMOjI7
WSoQnUI5fBKaGKKbEJ7oLADzfDGzIFFHTq6JFwWyDgB5VTZpEIFAuYGfR4chYyUA
lo3xvruu7+JRNTp8jZQAE9yS4tUL1ao3wdEl1a9UiNc1SF11xj5KbilAqSMip9Gz
ESrFewbDVrlBNBn2LugJl7jr3zI/OrcBI6pgVKOMYIODZgz+SKQK
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:45:03 2025 by rpki-client