Route Origin Authorization
$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
File: AS20473.roa (raw, json)
Hash identifier: ev/Da7tJc5nTlwbVpLwwD5sY3HBNQS50OIegyDsiknE=
Subject key identifier: 71:27:FC:05:56:A7:39:3E:2E:A3:E8:64:EA:9F:62:6E:EC:45:2B:2B
Certificate issuer: /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial: 2B2708BB59C06CEF0E7AEEA6A68D904F00140BEA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access: rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
Signing time: Fri 14 Mar 2025 09:44:01 +0000
ROA not before: Fri 14 Mar 2025 09:39:01 +0000
ROA not after: Fri 13 Mar 2026 09:44:01 +0000
asID: 20473
IP address blocks: 148.135.172.0/24 maxlen: 24
150.241.208.0/24 maxlen: 24
150.241.216.0/21 maxlen: 24
150.241.234.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:27:08:bb:59:c0:6c:ef:0e:7a:ee:a6:a6:8d:90:4f:00:14:0b:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Validity
Not Before: Mar 14 09:39:01 2025 GMT
Not After : Mar 13 09:44:01 2026 GMT
Subject: CN=7127FC0556A7393E2EA3E864EA9F626EEC452B2B
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:6a:87:60:10:c3:bb:33:99:d5:fd:df:1c:60:
91:6c:ff:7e:e4:3e:49:8a:5a:63:2f:4b:c5:f1:d0:
c0:4e:e6:65:c7:ca:71:53:c8:85:92:3e:9e:14:25:
29:33:f7:6c:d7:6e:51:d7:25:c1:31:1b:b5:26:39:
04:a4:25:f3:3f:b5:56:cf:d1:36:5d:eb:b8:cc:e0:
52:c6:9f:75:7a:d1:8a:59:3a:34:3f:1a:d2:20:91:
da:0c:48:0e:e1:9c:87:40:d7:78:36:c5:d1:37:5a:
30:5a:7a:92:d2:1e:d9:c9:cf:cc:1a:0c:27:4a:45:
58:cb:26:20:b9:84:da:cd:7b:c8:dd:73:1f:0f:2f:
02:2d:55:b8:13:dd:e0:7c:31:20:57:a9:dd:ec:21:
d5:50:3b:b5:7b:e4:ef:b6:a1:e4:9d:e4:f6:8d:a1:
91:ee:74:91:17:18:ff:99:df:bc:78:92:74:c1:a7:
cb:21:51:b8:dc:f5:51:e9:33:8d:f7:8b:a4:f8:0e:
9f:1a:61:94:76:5c:3a:02:f7:ee:a9:d5:53:50:0e:
4a:ee:9c:0f:f3:00:36:13:ee:2c:8c:31:e9:42:df:
8b:56:d9:b6:b4:7c:d3:a7:5a:0a:ff:c8:17:90:12:
e1:52:80:cc:79:e5:0f:42:d1:68:d9:f4:9a:1f:cb:
04:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:27:FC:05:56:A7:39:3E:2E:A3:E8:64:EA:9F:62:6E:EC:45:2B:2B
X509v3 Authority Key Identifier:
keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20473.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
148.135.172.0/24
150.241.208.0/24
150.241.216.0/21
150.241.234.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:8a:a7:c9:2a:46:db:91:b6:ba:01:a1:b6:fe:39:4e:4e:12:
83:2d:8f:3c:c9:ad:33:d7:c7:9a:f7:05:3b:0b:cf:74:38:95:
5e:da:16:5d:bb:e4:6f:da:79:0e:57:5d:4b:d0:45:19:ce:52:
cc:5b:86:9e:59:4a:3b:12:87:b2:db:aa:6b:00:68:77:03:6f:
2f:6e:33:04:e3:01:42:73:59:03:0b:ab:c2:dd:4e:86:33:c1:
53:4e:64:6b:03:db:87:6b:4a:77:5d:6e:3e:15:66:3d:af:a4:
bc:fb:2d:85:82:91:ee:2b:bb:be:d9:90:b4:39:55:f1:28:42:
18:b8:3d:22:0e:0c:37:66:67:c0:06:3f:4b:68:04:3c:88:6a:
38:9a:42:89:50:c0:ba:73:0a:39:c0:02:09:01:5a:33:7b:96:
99:a8:65:83:97:19:38:90:c1:84:06:7c:14:a2:84:c0:23:de:
8d:d8:fc:1b:ba:ad:3f:4f:f7:a5:8a:8c:05:24:ed:43:ad:9f:
61:f1:93:6c:69:99:68:92:e9:44:ee:20:46:38:b5:05:33:bf:
7c:13:ff:4b:71:61:64:05:04:cc:22:13:40:f2:f6:88:3b:58:
9c:a1:73:4c:b6:28:5b:e4:b4:30:ae:4c:52:ad:3c:7a:22:18:
e1:5b:40:29
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUKycIu1nAbO8Oeu6mpo2QTwAUC+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMTQwOTM5MDFaFw0yNjAzMTMwOTQ0MDFaMDMxMTAvBgNV
BAMTKDcxMjdGQzA1NTZBNzM5M0UyRUEzRTg2NEVBOUY2MjZFRUM0NTJCMkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRaodgEMO7M5nV/d8cYJFs/37k
PkmKWmMvS8Xx0MBO5mXHynFTyIWSPp4UJSkz92zXblHXJcExG7UmOQSkJfM/tVbP
0TZd67jM4FLGn3V60YpZOjQ/GtIgkdoMSA7hnIdA13g2xdE3WjBaepLSHtnJz8wa
DCdKRVjLJiC5hNrNe8jdcx8PLwItVbgT3eB8MSBXqd3sIdVQO7V75O+2oeSd5PaN
oZHudJEXGP+Z37x4knTBp8shUbjc9VHpM433i6T4Dp8aYZR2XDoC9+6p1VNQDkru
nA/zADYT7iyMMelC34tW2ba0fNOnWgr/yBeQEuFSgMx55Q9C0WjZ9JofywR1AgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUcSf8BVanOT4uo+hk6p9ibuxFKyswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBACUh6wD
BACW8dADBAOW8dgDBACW8eowDQYJKoZIhvcNAQELBQADggEBAAuKp8kqRtuRtroB
obb+OU5OEoMtjzzJrTPXx5r3BTsLz3Q4lV7aFl275G/aeQ5XXUvQRRnOUsxbhp5Z
SjsSh7LbqmsAaHcDby9uMwTjAUJzWQMLq8LdToYzwVNOZGsD24drSnddbj4VZj2v
pLz7LYWCke4ru77ZkLQ5VfEoQhi4PSIODDdmZ8AGP0toBDyIajiaQolQwLpzCjnA
AgkBWjN7lpmoZYOXGTiQwYQGfBSihMAj3o3Y/Bu6rT9P96WKjAUk7UOtn2Hxk2xp
mWiS6UTuIEY4tQUzv3wT/0txYWQFBMwiE0Dy9og7WJyhc0y2KFvktDCuTFKtPHoi
GOFbQCk=
-----END CERTIFICATE-----
Generated at Sat Apr 5 06:29:45 2025 by rpki-client