Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/nP5rnaXVHmCZ0PyFzyySKy8i92E.roa
File: nP5rnaXVHmCZ0PyFzyySKy8i92E.roa (raw, json)
Hash identifier: xIwtKSiPVYBB5AwJSlZHZJ32WsoJ+TQ1yzaR/hFabJw=
Subject key identifier: 9C:FE:6B:9D:A5:D5:1E:60:99:D0:FC:85:CF:2C:92:2B:2F:22:F7:61
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 0195ED47F22A0A3E4ED36DE3129C1E949905
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/nP5rnaXVHmCZ0PyFzyySKy8i92E.roa
Signing time: Mon 31 Mar 2025 17:37:49 +0000
ROA not before: Mon 31 Mar 2025 17:37:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 204490
IP address blocks: 2a09:da42::/32 maxlen: 32
2a09:da45::/32 maxlen: 32
2a0c:ac1::/32 maxlen: 32
2a0c:ac2::/32 maxlen: 32
2a11:5a43::/32 maxlen: 32
2a12:1544::/32 maxlen: 32
2a12:7303::/32 maxlen: 32
2a12:7306::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ed:47:f2:2a:0a:3e:4e:d3:6d:e3:12:9c:1e:94:99:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Mar 31 17:37:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cfe6b9da5d51e6099d0fc85cf2c922b2f22f761
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:9a:44:eb:00:ab:9e:14:24:3b:d8:85:81:c1:
f1:e4:96:32:30:35:79:ff:45:a5:ec:ed:de:a8:fe:
01:ba:ad:4e:e7:ec:24:cb:18:a6:75:fb:95:98:1f:
be:30:89:ef:9d:ba:a0:6c:f9:04:6f:78:3f:7a:ff:
6d:e7:7e:ea:67:3a:7c:b8:5d:6d:67:1f:7f:cd:fb:
dc:67:63:93:c6:0b:27:a3:a7:2b:9e:78:4c:21:c2:
1c:40:44:80:27:18:38:3b:b6:1c:99:3d:f4:a0:56:
75:dc:18:31:ee:22:66:3c:ae:ca:48:7a:cd:f7:4f:
6a:ed:6b:ff:93:ab:d8:2a:c8:71:17:a9:4f:4d:39:
e3:9b:26:e4:b9:fe:99:f9:b3:ef:42:ba:90:61:0c:
12:49:67:91:2e:d3:c7:ed:5c:2c:5b:f4:7e:5a:73:
c3:c6:0e:b2:c6:c6:46:f6:41:40:ca:b2:ae:c7:70:
63:9d:b1:04:46:e0:c2:02:95:d4:ce:d6:3c:e2:0a:
72:5f:57:de:8a:ad:58:17:7d:d2:58:88:67:fa:6a:
1a:96:d8:c0:43:3c:36:80:db:32:ee:70:7d:39:d5:
3a:78:31:2b:fa:76:38:47:e3:37:99:27:2a:26:94:
c1:4f:1f:76:c2:00:d4:8d:e6:4c:5c:81:51:9a:8b:
da:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:FE:6B:9D:A5:D5:1E:60:99:D0:FC:85:CF:2C:92:2B:2F:22:F7:61
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/nP5rnaXVHmCZ0PyFzyySKy8i92E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:da42::/32
2a09:da45::/32
2a0c:ac1::-2a0c:ac2:ffff:ffff:ffff:ffff:ffff:ffff
2a11:5a43::/32
2a12:1544::/32
2a12:7303::/32
2a12:7306::/32
Signature Algorithm: sha256WithRSAEncryption
31:38:33:f6:69:42:86:c1:ef:ca:64:5e:60:dc:bd:cd:f1:40:
87:d3:54:5a:eb:f0:20:e0:d7:51:ab:3b:27:be:16:d9:c4:d8:
5c:62:a1:c9:f2:81:d5:37:70:ea:79:1e:dd:1b:60:34:62:07:
60:f4:60:29:e4:4f:f5:3d:df:f2:f9:da:68:a1:2a:91:8f:f5:
31:13:fd:18:6f:0d:cb:fb:88:3b:e4:5d:30:15:fd:ac:e1:28:
85:39:30:2f:20:a6:1d:5e:64:93:89:5b:76:69:0a:c6:33:f2:
b1:33:d8:50:48:02:e3:e0:38:74:fb:a1:11:24:b0:70:63:c6:
16:7d:db:af:9d:d1:31:10:bd:d7:30:d9:bb:22:42:ea:17:b9:
26:58:e9:97:e3:02:86:89:f8:61:70:a3:14:a2:1d:d0:23:2d:
88:6c:dd:6c:70:56:98:a2:d1:dd:4d:75:1d:bc:60:fc:5f:3a:
27:e8:12:3d:7b:3c:d8:40:7f:7f:49:92:e2:98:9b:a0:10:ec:
e8:fd:8f:f1:4d:b9:a6:9b:ea:d7:ac:ac:18:7b:7a:67:ae:44:
17:9c:55:92:00:04:8d:e2:07:0e:66:70:a9:e9:3e:1e:1e:7f:
9e:8b:4c:89:27:ff:00:32:9a:bc:c5:cd:38:38:20:c6:f4:61:
39:29:15:12
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAZXtR/IqCj5O023jEpwelJkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjUwMzMxMTczNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ZlNmI5ZGE1ZDUxZTYwOTlkMGZjODVjZjJjOTIyYjJmMjJmNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJpE6wCrnhQkO9iFgcHx5JYyMDV5
/0Wl7O3eqP4Buq1O5+wkyximdfuVmB++MInvnbqgbPkEb3g/ev9t537qZzp8uF1t
Zx9/zfvcZ2OTxgsno6crnnhMIcIcQESAJxg4O7YcmT30oFZ13Bgx7iJmPK7KSHrN
909q7Wv/k6vYKshxF6lPTTnjmybkuf6Z+bPvQrqQYQwSSWeRLtPH7VwsW/R+WnPD
xg6yxsZG9kFAyrKux3BjnbEERuDCApXUztY84gpyX1feiq1YF33SWIhn+moaltjA
Qzw2gNsy7nB9OdU6eDEr+nY4R+M3mScqJpTBTx92wgDUjeZMXIFRmovaJwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFJz+a52l1R5gmdD8hc8skisvIvdhMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvblA1cm5hWFZIbUNaMFB5Rnp5eVNLeThpOTJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAAjA6AwUAKgnaQgMF
ACoJ2kUwDgMFACoMCsEDBQAqDArCAwUAKhFaQwMFACoSFUQDBQAqEnMDAwUAKhJz
BjANBgkqhkiG9w0BAQsFAAOCAQEAMTgz9mlChsHvymReYNy9zfFAh9NUWuvwIODX
Uas7J74W2cTYXGKhyfKB1Tdw6nke3RtgNGIHYPRgKeRP9T3f8vnaaKEqkY/1MRP9
GG8Ny/uIO+RdMBX9rOEohTkwLyCmHV5kk4lbdmkKxjPysTPYUEgC4+A4dPuhESSw
cGPGFn3br53RMRC91zDZuyJC6he5Jljpl+MChon4YXCjFKId0CMtiGzdbHBWmKLR
3U11Hbxg/F86J+gSPXs82EB/f0mS4piboBDs6P2P8U25ppvq16ysGHt6Z65EF5xV
kgAEjeIHDmZwqek+Hh5/notMiSf/ADKavMXNODggxvRhOSkVEg==
-----END CERTIFICATE-----
Generated at Tue Apr 1 23:46:37 2025 by rpki-client on console.sobornost.net