Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/ckrq-xWy9dmxHUCFMOdOt359xMc.roa
File: ckrq-xWy9dmxHUCFMOdOt359xMc.roa (raw, json)
Hash identifier: Rrj1A3kTGmZ6GPx6N9soo7FlfXOroReQlh35Wi3wkRU=
Subject key identifier: 72:4A:EA:FB:15:B2:F5:D9:B1:1D:40:85:30:E7:4E:B7:7E:7D:C4:C7
Certificate issuer: /CN=042d9f4d6aff383c59e9de7802dbee024ee887dc
Certificate serial: 019428259FBC202CF0CE358164AADBEB1C06
Authority key identifier: 04:2D:9F:4D:6A:FF:38:3C:59:E9:DE:78:02:DB:EE:02:4E:E8:87:DC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/ckrq-xWy9dmxHUCFMOdOt359xMc.roa
Signing time: Thu 02 Jan 2025 17:52:21 +0000
ROA not before: Thu 02 Jan 2025 17:52:21 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59605
IP address blocks: 151.248.96.0/20 maxlen: 24
185.201.192.0/22 maxlen: 24
2a02:f040::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:9f:bc:20:2c:f0:ce:35:81:64:aa:db:eb:1c:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=042d9f4d6aff383c59e9de7802dbee024ee887dc
Validity
Not Before: Jan 2 17:52:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=724aeafb15b2f5d9b11d408530e74eb77e7dc4c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:33:85:1b:1d:78:4b:95:eb:4d:e6:65:36:85:
bf:0c:0d:37:43:b8:56:f9:5f:33:06:24:06:ee:40:
5e:20:00:a6:ce:23:ba:65:bc:01:8d:6c:4b:26:fb:
1d:32:ae:69:bc:46:e9:dd:af:47:82:d6:ff:84:8a:
fe:08:b3:27:ca:43:9d:de:c3:60:71:a8:b3:b7:8d:
5b:90:1d:f0:0d:d3:23:ea:20:72:d7:32:0f:94:67:
52:8c:de:63:39:43:e2:d2:92:76:e5:b3:46:23:3d:
dd:56:68:8e:b6:2e:9c:8b:78:67:91:cb:c0:62:cb:
21:7a:29:f2:b9:9a:e5:63:a7:2a:41:d0:78:f4:e7:
87:7b:eb:0d:2e:d2:40:1b:64:d2:fe:b7:21:dc:f5:
ef:59:1f:16:10:3e:71:1d:d1:fb:f3:3f:1b:06:ba:
80:f5:1a:04:23:87:64:a3:47:4d:53:6e:15:ec:4f:
74:bb:13:81:0f:41:7e:fb:b1:cd:dd:de:d2:ec:f4:
94:79:b7:39:f5:33:e4:56:da:b8:d3:73:cc:d0:f3:
93:77:1c:73:de:01:e5:a8:2b:1f:8c:2e:0d:c0:39:
35:4f:4e:25:78:37:06:fb:8d:d1:35:3e:f9:ea:c9:
c0:8c:78:5a:5b:93:08:d1:92:46:a3:93:45:b7:12:
5e:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:4A:EA:FB:15:B2:F5:D9:B1:1D:40:85:30:E7:4E:B7:7E:7D:C4:C7
X509v3 Authority Key Identifier:
keyid:04:2D:9F:4D:6A:FF:38:3C:59:E9:DE:78:02:DB:EE:02:4E:E8:87:DC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/ckrq-xWy9dmxHUCFMOdOt359xMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.248.96.0/20
185.201.192.0/22
IPv6:
2a02:f040::/29
Signature Algorithm: sha256WithRSAEncryption
96:03:4c:e2:e7:d8:b6:aa:af:c7:fc:1b:8c:5e:03:c3:ff:4e:
98:ed:17:8c:21:95:12:ba:da:28:b2:d0:ef:7e:62:85:41:b5:
ac:54:51:c8:4c:77:aa:0a:2d:4a:3f:90:16:62:a7:a0:c3:a6:
e0:54:82:fc:7d:49:44:31:9d:15:7a:b3:99:4b:e8:89:73:2e:
cc:96:f4:bd:0f:51:95:bf:a1:af:ff:f9:01:9b:cb:9a:a5:6f:
4a:97:77:78:03:8d:70:73:fe:31:7d:dc:fd:06:5c:8d:7e:f3:
71:f0:ad:25:45:f8:c4:db:ed:26:87:a3:da:a1:5b:ba:85:5b:
d5:c8:84:e7:91:ce:b1:48:ad:ed:eb:32:18:86:91:51:3a:cc:
09:40:c8:ea:67:35:66:a4:c6:3b:2a:a1:59:8e:ef:e9:93:c1:
b3:41:f3:27:40:b8:81:34:c9:40:43:cd:0e:1d:d5:b2:06:67:
94:e1:13:3b:20:30:88:89:eb:88:51:fe:08:e0:af:62:80:7b:
c4:b8:99:ac:80:ec:0d:b2:6c:d3:e5:f8:0c:93:a1:62:d8:6a:
c9:c2:f6:22:2c:6c:52:f0:79:1d:48:a1:80:bf:83:b2:c1:61:
89:21:65:7b:e9:4d:46:b4:a3:d9:11:fc:1a:33:ad:e3:b4:64:
11:0b:9b:4e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJZ+8ICzwzjWBZKrb6xwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MmQ5ZjRkNmFmZjM4M2M1OWU5ZGU3ODAyZGJlZTAyNGVl
ODg3ZGMwHhcNMjUwMTAyMTc1MjIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjRhZWFmYjE1YjJmNWQ5YjExZDQwODUzMGU3NGViNzdlN2RjNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTOFGx14S5XrTeZlNoW/DA03Q7hW
+V8zBiQG7kBeIACmziO6ZbwBjWxLJvsdMq5pvEbp3a9Hgtb/hIr+CLMnykOd3sNg
caizt41bkB3wDdMj6iBy1zIPlGdSjN5jOUPi0pJ25bNGIz3dVmiOti6ci3hnkcvA
YssheinyuZrlY6cqQdB49OeHe+sNLtJAG2TS/rch3PXvWR8WED5xHdH78z8bBrqA
9RoEI4dko0dNU24V7E90uxOBD0F++7HN3d7S7PSUebc59TPkVtq403PM0POTdxxz
3gHlqCsfjC4NwDk1T04leDcG+43RNT756snAjHhaW5MI0ZJGo5NFtxJeAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHJK6vsVsvXZsR1AhTDnTrd+fcTHMB8GA1UdIwQY
MBaAFAQtn01q/zg8WeneeALb7gJO6IfcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkMyZlRXcl9PRHhaNmQ1NEF0dnVBazdvaDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMTM2NGEtMDUwMS00ZmFmLWJjZmEt
YWFlMTQ0NzYwM2MwLzEvY2tycS14V3k5ZG14SFVDRk1PZE90MzU5eE1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMTM2NGEtMDUwMS00ZmFmLWJjZmEtYWFlMTQ0NzYwM2Mw
LzEvQkMyZlRXcl9PRHhaNmQ1NEF0dnVBazdvaDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEl/hgAwQC
ucnAMA0EAgACMAcDBQMqAvBAMA0GCSqGSIb3DQEBCwUAA4IBAQCWA0zi59i2qq/H
/BuMXgPD/06Y7ReMIZUSutoostDvfmKFQbWsVFHITHeqCi1KP5AWYqegw6bgVIL8
fUlEMZ0VerOZS+iJcy7MlvS9D1GVv6Gv//kBm8uapW9Kl3d4A41wc/4xfdz9BlyN
fvNx8K0lRfjE2+0mh6PaoVu6hVvVyITnkc6xSK3t6zIYhpFROswJQMjqZzVmpMY7
KqFZju/pk8GzQfMnQLiBNMlAQ80OHdWyBmeU4RM7IDCIieuIUf4I4K9igHvEuJms
gOwNsmzT5fgMk6Fi2GrJwvYiLGxS8HkdSKGAv4OywWGJIWV76U1GtKPZEfwaM63j
tGQRC5tO
-----END CERTIFICATE-----
Generated at Sun Apr 6 17:00:15 2025 by rpki-client