Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/t4aglK9u5BBs2nCD-lvEdZGnyNE.roa
File: t4aglK9u5BBs2nCD-lvEdZGnyNE.roa (raw, json)
Hash identifier: poJOpqUdh9mquobj4xZre8xkqBntoXYzhaUhNLYqXsg=
Subject key identifier: B7:86:A0:94:AF:6E:E4:10:6C:DA:70:83:FA:5B:C4:75:91:A7:C8:D1
Certificate issuer: /CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
Certificate serial: 019424450CB2662C01BAFB05F0ADC52374AC
Authority key identifier: 4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/t4aglK9u5BBs2nCD-lvEdZGnyNE.roa
Signing time: Wed 01 Jan 2025 23:48:12 +0000
ROA not before: Wed 01 Jan 2025 23:48:12 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 13113
IP address blocks: 5.172.208.0/21 maxlen: 24
5.198.224.0/20 maxlen: 24
37.60.32.0/21 maxlen: 24
87.253.96.0/19 maxlen: 24
93.88.112.0/20 maxlen: 24
109.75.112.0/20 maxlen: 24
185.3.252.0/22 maxlen: 24
185.145.84.0/22 maxlen: 24
213.144.64.0/19 maxlen: 24
2a03:3d80::/29 maxlen: 48
2a0c:8a80::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:24:45:0c:b2:66:2c:01:ba:fb:05:f0:ad:c5:23:74:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e622bc550687b6d0ef60788ceadb0fc820a381f
Validity
Not Before: Jan 1 23:48:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b786a094af6ee4106cda7083fa5bc47591a7c8d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:e0:64:5d:c4:6d:8e:6b:65:f7:0a:96:c6:a2:
ef:e0:13:4f:3f:20:6e:94:6d:94:1f:1f:51:25:e7:
b3:02:3f:c1:cd:3a:61:e3:50:07:f1:da:15:ed:a8:
e9:77:fb:b4:fd:24:2a:39:1d:41:5c:3a:e2:9b:fa:
1c:aa:58:a0:ec:a1:d5:0e:84:e3:38:8b:e7:7e:5a:
1d:d3:a4:7f:99:45:38:dc:68:d6:09:05:c6:b5:c8:
d8:84:44:b2:4a:41:a9:e7:0c:4e:03:18:bf:fb:89:
7e:e9:e6:e8:4f:d9:bc:aa:db:f8:a1:99:c6:2f:b2:
8c:18:84:59:99:c3:ce:8f:f0:3f:c3:a1:7d:e6:3a:
b5:aa:b0:16:fb:5d:40:87:5f:b4:7c:db:0d:d7:4e:
14:eb:0c:03:1d:2d:f7:95:9f:da:62:89:05:87:68:
98:fa:c9:88:a0:23:a5:be:d6:3b:92:c0:f2:39:00:
e5:2f:d0:c3:49:f6:44:e6:eb:ae:03:6d:f6:d8:57:
93:c0:e0:ae:ff:78:87:5e:e5:a8:c8:5e:fb:fc:07:
bf:5e:f3:0b:bc:e2:44:3b:52:53:44:18:f9:78:ff:
bd:12:96:5d:38:bc:cf:a5:97:7f:d2:fc:ca:2f:42:
fe:54:f2:67:0d:66:1f:bd:c1:9a:98:51:b5:6e:41:
13:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:86:A0:94:AF:6E:E4:10:6C:DA:70:83:FA:5B:C4:75:91:A7:C8:D1
X509v3 Authority Key Identifier:
keyid:4E:62:2B:C5:50:68:7B:6D:0E:F6:07:88:CE:AD:B0:FC:82:0A:38:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TmIrxVBoe20O9geIzq2w_IIKOB8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/t4aglK9u5BBs2nCD-lvEdZGnyNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca4c34-2704-4f82-bff8-a7ccd0098477/1/TmIrxVBoe20O9geIzq2w_IIKOB8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.208.0/21
5.198.224.0/20
37.60.32.0/21
87.253.96.0/19
93.88.112.0/20
109.75.112.0/20
185.3.252.0/22
185.145.84.0/22
213.144.64.0/19
IPv6:
2a03:3d80::/29
2a0c:8a80::/29
Signature Algorithm: sha256WithRSAEncryption
69:69:fa:a5:fd:35:5d:80:31:f7:3c:22:d3:9f:5a:83:3a:b1:
2e:c2:c7:b0:60:dc:e2:fe:39:d3:a4:79:e5:f8:2c:8d:ed:a2:
d0:ef:65:01:20:a3:f2:b7:2a:81:b4:20:2a:f5:98:e7:79:93:
ea:94:78:5e:2f:2c:3c:49:04:d4:11:34:9a:40:fd:c2:e1:ae:
4c:ab:cc:26:7e:38:eb:c2:cb:96:95:03:58:85:17:da:71:34:
32:ce:c1:9e:fb:9e:a8:df:c6:19:e3:5c:59:18:fb:36:5c:45:
64:db:0f:3d:39:2f:64:30:ed:d1:20:2d:6d:d1:2e:e4:c6:23:
23:e9:b4:67:71:ae:29:e3:02:75:d3:cc:d8:50:33:b0:ac:56:
42:78:f4:4c:8b:9e:36:13:9d:c5:64:18:cf:03:e8:cd:e3:54:
4f:f0:65:08:c5:f9:6d:5d:aa:25:4f:c0:64:e4:6b:44:77:d5:
e9:07:cb:ec:33:a1:2e:d9:34:07:3f:f9:54:91:a8:91:ad:aa:
11:2f:53:ea:bf:03:d6:2b:7e:73:61:df:0d:a2:22:18:2a:2c:
3d:51:ab:80:b4:3f:de:aa:aa:ef:4a:f1:68:43:b7:30:d5:62:
4c:9a:22:89:53:8b:33:58:04:09:0f:c7:35:29:33:ba:a6:2d:
b0:4d:ad:08
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAZQkRQyyZiwBuvsF8K3FI3SsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNjIyYmM1NTA2ODdiNmQwZWY2MDc4OGNlYWRiMGZjODIw
YTM4MWYwHhcNMjUwMTAxMjM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg2YTA5NGFmNmVlNDEwNmNkYTcwODNmYTViYzQ3NTkxYTdjOGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquBkXcRtjmtl9wqWxqLv4BNPPyBu
lG2UHx9RJeezAj/BzTph41AH8doV7ajpd/u0/SQqOR1BXDrim/ocqlig7KHVDoTj
OIvnflod06R/mUU43GjWCQXGtcjYhESySkGp5wxOAxi/+4l+6eboT9m8qtv4oZnG
L7KMGIRZmcPOj/A/w6F95jq1qrAW+11Ah1+0fNsN104U6wwDHS33lZ/aYokFh2iY
+smIoCOlvtY7ksDyOQDlL9DDSfZE5uuuA2322FeTwOCu/3iHXuWoyF77/Ae/XvML
vOJEO1JTRBj5eP+9EpZdOLzPpZd/0vzKL0L+VPJnDWYfvcGamFG1bkETRQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFLeGoJSvbuQQbNpwg/pbxHWRp8jRMB8GA1UdIwQY
MBaAFE5iK8VQaHttDvYHiM6tsPyCCjgfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgt
YTdjY2QwMDk4NDc3LzEvdDRhZ2xLOXU1QkJzMm5DRC1sdkVkWkdueU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jYTRjMzQtMjcwNC00ZjgyLWJmZjgtYTdjY2QwMDk4NDc3
LzEvVG1JcnhWQm9lMjBPOWdlSXpxMndfSUlLT0I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQDBazQAwQE
BcbgAwQDJTwgAwQFV/1gAwQEXVhwAwQEbUtwAwQCuQP8AwQCuZFUAwQF1ZBAMBQE
AgACMA4DBQMqAz2AAwUDKgyKgDANBgkqhkiG9w0BAQsFAAOCAQEAaWn6pf01XYAx
9zwi059agzqxLsLHsGDc4v4506R55fgsje2i0O9lASCj8rcqgbQgKvWY53mT6pR4
Xi8sPEkE1BE0mkD9wuGuTKvMJn4468LLlpUDWIUX2nE0Ms7BnvueqN/GGeNcWRj7
NlxFZNsPPTkvZDDt0SAtbdEu5MYjI+m0Z3GuKeMCddPM2FAzsKxWQnj0TIueNhOd
xWQYzwPozeNUT/BlCMX5bV2qJU/AZORrRHfV6QfL7DOhLtk0Bz/5VJGoka2qES9T
6r8D1it+c2HfDaIiGCosPVGrgLQ/3qqq70rxaEO3MNViTJoiiVOLM1gECQ/HNSkz
uqYtsE2tCA==
-----END CERTIFICATE-----
Generated at Fri Feb 21 12:34:34 2025 by rpki-client