Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/O-XPeQu-YyLqAWSz1Ih5K-O-Zn4.roa
File: O-XPeQu-YyLqAWSz1Ih5K-O-Zn4.roa (raw, json)
Hash identifier: qt91w+3/S+Ea26JEVNOvOodxAMoUk0pySpCeuSElj44=
Subject key identifier: 3B:E5:CF:79:0B:BE:63:22:EA:01:64:B3:D4:88:79:2B:E3:BE:66:7E
Certificate issuer: /CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Certificate serial: 0194221F8C22A177E2D10167BA8A55D2C413
Authority key identifier: DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/O-XPeQu-YyLqAWSz1Ih5K-O-Zn4.roa
Signing time: Wed 01 Jan 2025 13:48:00 +0000
ROA not before: Wed 01 Jan 2025 13:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 39138
IP address blocks: 31.172.0.0/18 maxlen: 24
31.172.96.0/21 maxlen: 24
83.243.0.0/21 maxlen: 24
185.148.248.0/22 maxlen: 24
195.182.2.0/24 maxlen: 24
2001:67c:194::/48 maxlen: 48
2a01:a700::/29 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:8c:22:a1:77:e2:d1:01:67:ba:8a:55:d2:c4:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df0ba4f56e6f037725286037afc3c14c293b9b82
Validity
Not Before: Jan 1 13:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3be5cf790bbe6322ea0164b3d488792be3be667e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:98:49:d8:c3:47:cd:38:a0:9b:a4:7e:e3:5b:
38:27:85:b8:14:92:4f:16:4d:d0:e7:3b:49:16:eb:
2c:a9:14:3f:ee:56:a5:db:df:31:a1:46:11:d2:5b:
e5:f0:46:fe:0d:01:71:ab:bc:6e:9e:89:65:1e:57:
6c:ed:37:91:c8:19:d8:c3:10:4b:06:d7:30:c7:9e:
f8:e7:d4:49:ea:4f:97:1b:00:aa:ad:96:bc:a1:9c:
f2:53:05:a0:b9:f3:21:a9:58:22:8d:9a:3f:8e:a7:
b2:06:c4:f6:e6:f0:01:f9:ab:ca:b8:1d:7d:b1:0b:
89:6b:54:a2:01:0e:8e:37:9d:01:59:5a:8a:87:95:
0b:c5:bd:fc:f7:2d:be:ee:cc:cf:1c:d0:45:2e:53:
79:95:88:56:6a:a1:3b:09:f5:e4:a2:10:d0:a2:57:
94:7d:3d:cc:cd:34:29:b8:f4:4a:f8:6e:59:fa:82:
84:f7:d6:a9:82:11:b6:5a:8d:04:c6:d6:d8:bb:5d:
db:a9:7f:f0:c9:f9:ee:25:7a:74:e8:cc:ec:24:55:
fe:21:75:26:58:ed:e1:19:22:4a:a2:53:48:d1:88:
c5:79:fd:c3:c4:67:7a:ee:ff:7b:af:bc:7e:c3:d0:
98:d5:69:85:17:24:fa:ea:82:e4:bb:78:a8:9f:21:
97:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:E5:CF:79:0B:BE:63:22:EA:01:64:B3:D4:88:79:2B:E3:BE:66:7E
X509v3 Authority Key Identifier:
keyid:DF:0B:A4:F5:6E:6F:03:77:25:28:60:37:AF:C3:C1:4C:29:3B:9B:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wuk9W5vA3clKGA3r8PBTCk7m4I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/O-XPeQu-YyLqAWSz1Ih5K-O-Zn4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/a80bd9-ba11-458e-84e2-36c678900f79/1/3wuk9W5vA3clKGA3r8PBTCk7m4I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.172.0.0/18
31.172.96.0/21
83.243.0.0/21
185.148.248.0/22
195.182.2.0/24
IPv6:
2001:67c:194::/48
2a01:a700::/29
Signature Algorithm: sha256WithRSAEncryption
32:08:16:25:df:94:0b:5b:5d:1e:7e:0b:61:b4:f5:83:51:e9:
8b:40:da:71:f6:16:2b:8e:b4:e7:21:c5:bb:9b:da:0f:ba:92:
1b:15:dc:c6:35:fe:04:85:b6:ef:af:47:85:58:5d:36:46:f2:
9c:9f:89:1a:18:4c:5c:85:22:01:86:be:dc:11:4b:d9:38:61:
e1:ac:8e:0c:a8:ce:0d:28:9b:40:fd:1b:59:bd:6f:13:3f:66:
da:18:38:ca:22:1a:86:cd:61:7f:86:37:e7:ee:fc:78:90:34:
01:07:3d:89:12:9a:26:d2:89:23:40:23:ec:1f:13:73:51:0e:
32:2b:f7:35:a6:95:8f:9d:ca:1e:ec:5e:b2:ef:53:57:df:7b:
5f:ce:ef:42:bf:9d:ff:6b:7b:83:84:0d:7b:8c:1d:a5:08:a5:
ce:3f:14:29:15:dc:f6:c1:28:f8:92:61:92:70:d7:5e:4a:26:
1c:f6:58:e1:91:e3:d1:b5:3a:95:32:3b:b5:9f:f1:0b:27:f3:
3a:1e:d4:52:77:cb:ee:b7:b9:9b:ca:b4:41:de:a9:b3:7d:cb:
da:99:5d:4b:67:21:df:af:92:d0:ce:b9:31:96:b1:c6:33:82:
01:f2:be:81:fc:15:be:3f:c2:75:e0:42:72:c2:08:b2:80:b8:
a0:8c:e6:3f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZQiH4wioXfi0QFnuopV0sQTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMGJhNGY1NmU2ZjAzNzcyNTI4NjAzN2FmYzNjMTRjMjkz
YjliODIwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmU1Y2Y3OTBiYmU2MzIyZWEwMTY0YjNkNDg4NzkyYmUzYmU2NjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZhJ2MNHzTigm6R+41s4J4W4FJJP
Fk3Q5ztJFussqRQ/7lal298xoUYR0lvl8Eb+DQFxq7xunollHlds7TeRyBnYwxBL
Btcwx57459RJ6k+XGwCqrZa8oZzyUwWgufMhqVgijZo/jqeyBsT25vAB+avKuB19
sQuJa1SiAQ6ON50BWVqKh5ULxb389y2+7szPHNBFLlN5lYhWaqE7CfXkohDQoleU
fT3MzTQpuPRK+G5Z+oKE99apghG2Wo0ExtbYu13bqX/wyfnuJXp06MzsJFX+IXUm
WO3hGSJKolNI0YjFef3DxGd67v97r7x+w9CY1WmFFyT66oLku3ionyGXxwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDvlz3kLvmMi6gFks9SIeSvjvmZ+MB8GA1UdIwQY
MBaAFN8LpPVubwN3JShgN6/DwUwpO5uCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTIt
MzZjNjc4OTAwZjc5LzEvTy1YUGVRdS1ZeUxxQVdTejFJaDVLLU8tWm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9hODBiZDktYmExMS00NThlLTg0ZTItMzZjNjc4OTAwZjc5
LzEvM3d1azlXNXZBM2NsS0dBM3I4UEJUQ2s3bTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQGH6wAAwQD
H6xgAwQDU/MAAwQCuZT4AwQAw7YCMBYEAgACMBADBwAgAQZ8AZQDBQMqAacAMA0G
CSqGSIb3DQEBCwUAA4IBAQAyCBYl35QLW10efgthtPWDUemLQNpx9hYrjrTnIcW7
m9oPupIbFdzGNf4Ehbbvr0eFWF02RvKcn4kaGExchSIBhr7cEUvZOGHhrI4MqM4N
KJtA/RtZvW8TP2baGDjKIhqGzWF/hjfn7vx4kDQBBz2JEpom0okjQCPsHxNzUQ4y
K/c1ppWPncoe7F6y71NX33tfzu9Cv53/a3uDhA17jB2lCKXOPxQpFdz2wSj4kmGS
cNdeSiYc9ljhkePRtTqVMju1n/ELJ/M6HtRSd8vut7mbyrRB3qmzfcvamV1LZyHf
r5LQzrkxlrHGM4IB8r6B/BW+P8J14EJywgiygLigjOY/
-----END CERTIFICATE-----
Generated at Wed Apr 9 08:19:10 2025 by rpki-client