Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/PNxKt9EExJcdff8t4PlXHS3Zp8E.roa
File: PNxKt9EExJcdff8t4PlXHS3Zp8E.roa (raw, json)
Hash identifier: l/sm5m0RtWP1FamD6nvtIs4Wmty8En19TqcjOBknuMY=
Subject key identifier: 3C:DC:4A:B7:D1:04:C4:97:1D:7D:FF:2D:E0:F9:57:1D:2D:D9:A7:C1
Certificate issuer: /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial: 019420D63B2F9B5C05BFECB1F32E753198B0
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/PNxKt9EExJcdff8t4PlXHS3Zp8E.roa
Signing time: Wed 01 Jan 2025 07:48:18 +0000
ROA not before: Wed 01 Jan 2025 07:48:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 3257
IP address blocks: 5.63.24.0/21 maxlen: 21
91.190.168.0/21 maxlen: 21
185.85.76.0/22 maxlen: 22
2a02:798::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:d6:3b:2f:9b:5c:05:bf:ec:b1:f3:2e:75:31:98:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
Validity
Not Before: Jan 1 07:48:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3cdc4ab7d104c4971d7dff2de0f9571d2dd9a7c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:74:19:c4:63:2d:f9:2f:88:00:36:1a:5c:aa:
c4:69:dd:14:a9:ec:11:17:16:2d:b6:c0:67:e7:79:
96:6f:de:f9:93:be:99:8d:c0:7e:62:23:99:c5:4b:
b6:13:ac:13:fb:20:e0:79:0c:1a:d9:4d:9a:3b:f3:
f4:a5:fe:44:d3:d2:f4:d9:85:52:d7:76:87:09:30:
5d:2a:3a:6e:5f:d6:08:f8:59:e4:aa:7d:06:3c:e1:
64:5a:3b:da:51:04:f5:ad:0f:f9:28:39:2a:58:42:
fd:85:0c:24:bc:07:a5:78:b6:a5:6e:d7:b0:f8:96:
05:fe:d9:ca:af:5f:e9:f2:64:3a:99:c5:c1:79:a7:
ac:47:d8:12:5b:e8:4d:5b:4b:7c:32:b7:46:a2:e1:
a3:1b:e5:5b:ad:d9:8f:74:66:14:f6:dc:7d:3d:0d:
d0:58:f7:40:3c:e9:58:2e:9c:2d:ef:2d:b1:45:b5:
c4:8f:db:b7:50:50:1f:e5:71:d0:aa:cd:ae:24:48:
6d:c0:ab:d4:5f:e7:62:b1:f2:97:c1:9a:01:53:5b:
1a:90:3a:bb:21:d0:f6:54:68:f3:a9:4d:29:28:c0:
e2:77:6c:b6:e6:8c:5e:b4:73:c6:50:bf:0a:99:40:
c5:eb:07:12:06:9e:2c:ee:d4:82:f1:ae:b2:e9:2a:
ba:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:DC:4A:B7:D1:04:C4:97:1D:7D:FF:2D:E0:F9:57:1D:2D:D9:A7:C1
X509v3 Authority Key Identifier:
keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/PNxKt9EExJcdff8t4PlXHS3Zp8E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.24.0/21
91.190.168.0/21
185.85.76.0/22
IPv6:
2a02:798::/32
Signature Algorithm: sha256WithRSAEncryption
93:7c:53:e8:fb:d0:78:39:2a:89:35:e9:cd:de:b0:7a:d0:cb:
5a:9c:d6:3e:06:5c:76:d4:8f:dd:05:4e:ad:2c:ba:9c:c2:2e:
6f:f8:b2:fe:d5:ef:64:e9:3a:5b:cb:ec:78:86:e6:0b:d1:45:
85:db:3d:58:8f:7a:4f:07:b1:52:0a:f8:42:b7:38:73:3a:5a:
32:62:28:80:a6:de:22:aa:c5:02:0c:38:3d:cb:23:7f:d4:6d:
75:dc:06:92:38:b1:b6:4d:a9:2f:2f:6c:f9:10:18:74:6a:ff:
69:8d:3b:c2:8c:b7:2c:6c:ae:94:84:7a:d5:6b:2c:60:fa:67:
34:bb:96:06:6f:7e:51:7b:75:97:5a:5b:b4:a9:04:3f:12:15:
08:0e:b8:00:02:c7:47:75:92:1d:02:fc:14:c2:56:82:97:27:
40:51:50:a0:99:5a:71:b0:c6:37:42:be:99:de:18:c9:9a:b6:
46:8c:9e:31:0d:a8:d7:4f:57:c9:d7:9e:a0:d4:b6:5c:d4:e4:
a8:cd:78:f2:b4:5e:9a:b7:ca:23:0e:77:fe:eb:3b:51:5d:b9:
7d:2f:79:c3:49:d0:3d:9b:01:38:3f:bd:3f:89:df:23:40:e5:
f9:0a:47:95:e8:45:f9:5d:17:83:fa:14:a3:13:97:56:0c:d0:
6d:cb:50:ca
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQg1jsvm1wFv+yx8y51MZiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjUwMTAxMDc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RjNGFiN2QxMDRjNDk3MWQ3ZGZmMmRlMGY5NTcxZDJkZDlhN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHQZxGMt+S+IADYaXKrEad0UqewR
FxYttsBn53mWb975k76ZjcB+YiOZxUu2E6wT+yDgeQwa2U2aO/P0pf5E09L02YVS
13aHCTBdKjpuX9YI+Fnkqn0GPOFkWjvaUQT1rQ/5KDkqWEL9hQwkvAeleLalbtew
+JYF/tnKr1/p8mQ6mcXBeaesR9gSW+hNW0t8MrdGouGjG+VbrdmPdGYU9tx9PQ3Q
WPdAPOlYLpwt7y2xRbXEj9u3UFAf5XHQqs2uJEhtwKvUX+disfKXwZoBU1sakDq7
IdD2VGjzqU0pKMDid2y25oxetHPGUL8KmUDF6wcSBp4s7tSC8a6y6Sq6KQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDzcSrfRBMSXHX3/LeD5Vx0t2afBMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvUE54S3Q5RUV4SmNkZmY4dDRQbFhIUzNacDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQCTfFPo
+9B4OSqJNenN3rB60MtanNY+Blx21I/dBU6tLLqcwi5v+LL+1e9k6Tpby+x4huYL
0UWF2z1Yj3pPB7FSCvhCtzhzOloyYiiApt4iqsUCDDg9yyN/1G113AaSOLG2Takv
L2z5EBh0av9pjTvCjLcsbK6UhHrVayxg+mc0u5YGb35Re3WXWlu0qQQ/EhUIDrgA
AsdHdZIdAvwUwlaClydAUVCgmVpxsMY3Qr6Z3hjJmrZGjJ4xDajXT1fJ156g1LZc
1OSozXjytF6at8ojDnf+6ztRXbl9L3nDSdA9mwE4P70/id8jQOX5CkeV6EX5XReD
+hSjE5dWDNBty1DK
-----END CERTIFICATE-----
Generated at Sat Apr 5 23:24:30 2025 by rpki-client