Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/z4TuXNmzGWUWMOcG2P3LFzD2odg.roa
File: z4TuXNmzGWUWMOcG2P3LFzD2odg.roa (raw, json)
Hash identifier: rGfooCaLiVQmN2fg0CBjkdPiVgR7ArvfZGGjGD5h3PI=
Subject key identifier: CF:84:EE:5C:D9:B3:19:65:16:30:E7:06:D8:FD:CB:17:30:F6:A1:D8
Certificate issuer: /CN=d2d891b0e328e7c856ad4b7a0764d82d856096d6
Certificate serial: 0193D06841E87FB03A26748476FB81479862
Authority key identifier: D2:D8:91:B0:E3:28:E7:C8:56:AD:4B:7A:07:64:D8:2D:85:60:96:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0tiRsOMo58hWrUt6B2TYLYVgltY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/z4TuXNmzGWUWMOcG2P3LFzD2odg.roa
Signing time: Mon 16 Dec 2024 16:58:33 +0000
ROA not before: Mon 16 Dec 2024 16:58:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203280
IP address blocks: 185.140.32.0/22 maxlen: 22
185.140.32.0/24 maxlen: 24
185.140.33.0/24 maxlen: 24
185.140.34.0/24 maxlen: 24
185.140.35.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:d0:68:41:e8:7f:b0:3a:26:74:84:76:fb:81:47:98:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d2d891b0e328e7c856ad4b7a0764d82d856096d6
Validity
Not Before: Dec 16 16:58:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cf84ee5cd9b319651630e706d8fdcb1730f6a1d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:4e:2c:9e:e7:4d:69:b4:e4:b4:0c:bd:ea:e6:
45:ba:48:95:38:79:32:06:13:2d:be:f0:4e:c4:f9:
a1:42:18:29:5f:8b:a8:fa:b6:4b:a3:ef:be:e3:e4:
89:61:5a:3e:7b:03:25:d0:4d:c4:03:05:3e:88:8f:
78:59:25:41:4e:da:b1:dd:c2:57:35:de:e4:e6:03:
28:d9:25:34:9e:d3:f4:16:b0:88:39:3d:68:34:91:
59:05:56:44:02:ec:06:42:5e:dc:26:d5:8e:39:4d:
0e:ac:8c:60:68:bc:bb:18:e9:68:a0:68:7b:c2:6a:
ef:ed:62:30:8c:e2:95:e2:6d:3f:b9:c8:f4:4f:20:
09:2f:7a:2b:3f:0b:fa:27:3d:1d:8c:96:0f:63:24:
c2:58:db:c9:7f:59:e1:0e:12:e7:c0:04:20:b6:c4:
a2:c9:1f:28:ff:3c:1c:3d:f0:c3:27:c1:8f:f5:04:
b0:47:07:42:21:1c:fe:b2:60:31:f9:8f:29:4e:e3:
6c:df:f8:f3:e4:1e:33:12:68:c3:a7:55:82:fc:17:
34:a7:b7:6e:da:69:f3:02:0a:8b:2d:da:67:24:e2:
24:ab:ff:22:56:59:e7:08:78:9e:7e:db:ac:a1:1f:
01:1a:a8:b3:75:f3:8e:d9:8f:68:88:d0:fe:b1:b7:
b8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:84:EE:5C:D9:B3:19:65:16:30:E7:06:D8:FD:CB:17:30:F6:A1:D8
X509v3 Authority Key Identifier:
keyid:D2:D8:91:B0:E3:28:E7:C8:56:AD:4B:7A:07:64:D8:2D:85:60:96:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0tiRsOMo58hWrUt6B2TYLYVgltY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/z4TuXNmzGWUWMOcG2P3LFzD2odg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/7fd85d-0152-4ef2-9ebf-1e240b97d2c4/1/0tiRsOMo58hWrUt6B2TYLYVgltY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.140.32.0/22
Signature Algorithm: sha256WithRSAEncryption
ce:5b:b0:3b:39:08:2a:63:4d:6e:2e:ea:4d:fd:02:94:6f:b6:
0b:aa:67:c1:a4:21:7a:15:57:b0:f9:34:a3:96:26:f6:cf:ad:
44:61:27:36:c5:e4:bc:a9:30:69:58:40:87:9f:58:ff:38:a9:
22:e4:3e:50:5d:7e:4e:f2:7d:f2:9d:2b:4a:ca:33:81:61:cd:
80:0c:48:54:d9:33:11:44:9d:ee:79:bc:f8:9b:dc:8c:59:1e:
a1:a8:52:d8:fc:ea:26:d2:a7:3f:53:67:ef:7b:80:42:98:f5:
b3:c4:59:65:bb:d0:0b:70:ae:62:8c:20:3f:e5:29:4e:8b:d3:
cd:c7:56:83:af:8a:88:11:2f:bf:3f:07:a8:fe:34:33:f2:4c:
99:1c:f1:a2:4c:00:46:13:03:25:57:27:f4:6c:6f:3a:a4:9e:
4e:c0:5d:ac:50:d4:45:5a:3f:99:39:71:af:69:e8:47:54:f1:
af:c7:c9:b3:4c:53:49:6f:9b:30:c7:6f:87:b4:1f:43:e7:b4:
7e:1e:e8:e6:71:3f:3f:dd:c9:35:b8:46:f5:61:fd:40:dd:4c:
56:2f:e1:48:c5:92:de:5e:dc:04:90:e0:2c:a3:d2:85:00:7a:
57:07:93:4b:61:9d:f4:c3:a0:2d:fc:38:31:bc:e6:80:76:31:
f2:6f:cc:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZPQaEHof7A6JnSEdvuBR5hiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZDg5MWIwZTMyOGU3Yzg1NmFkNGI3YTA3NjRkODJkODU2
MDk2ZDYwHhcNMjQxMjE2MTY1ODMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjg0ZWU1Y2Q5YjMxOTY1MTYzMGU3MDZkOGZkY2IxNzMwZjZhMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk4snudNabTktAy96uZFukiVOHky
BhMtvvBOxPmhQhgpX4uo+rZLo+++4+SJYVo+ewMl0E3EAwU+iI94WSVBTtqx3cJX
Nd7k5gMo2SU0ntP0FrCIOT1oNJFZBVZEAuwGQl7cJtWOOU0OrIxgaLy7GOlooGh7
wmrv7WIwjOKV4m0/ucj0TyAJL3orPwv6Jz0djJYPYyTCWNvJf1nhDhLnwAQgtsSi
yR8o/zwcPfDDJ8GP9QSwRwdCIRz+smAx+Y8pTuNs3/jz5B4zEmjDp1WC/Bc0p7du
2mnzAgqLLdpnJOIkq/8iVlnnCHieftusoR8BGqizdfOO2Y9oiND+sbe4KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM+E7lzZsxllFjDnBtj9yxcw9qHYMB8GA1UdIwQY
MBaAFNLYkbDjKOfIVq1Legdk2C2FYJbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHRpUnNPTW81OGhXclV0NkIyVFlMWVZnbHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi83ZmQ4NWQtMDE1Mi00ZWYyLTllYmYt
MWUyNDBiOTdkMmM0LzEvejRUdVhObXpHV1VXTU9jRzJQM0xGekQyb2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi83ZmQ4NWQtMDE1Mi00ZWYyLTllYmYtMWUyNDBiOTdkMmM0
LzEvMHRpUnNPTW81OGhXclV0NkIyVFlMWVZnbHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYwgMA0G
CSqGSIb3DQEBCwUAA4IBAQDOW7A7OQgqY01uLupN/QKUb7YLqmfBpCF6FVew+TSj
lib2z61EYSc2xeS8qTBpWECHn1j/OKki5D5QXX5O8n3ynStKyjOBYc2ADEhU2TMR
RJ3uebz4m9yMWR6hqFLY/Oom0qc/U2fve4BCmPWzxFllu9ALcK5ijCA/5SlOi9PN
x1aDr4qIES+/Pweo/jQz8kyZHPGiTABGEwMlVyf0bG86pJ5OwF2sUNRFWj+ZOXGv
aehHVPGvx8mzTFNJb5swx2+HtB9D57R+HujmcT8/3ck1uEb1Yf1A3UxWL+FIxZLe
XtwEkOAso9KFAHpXB5NLYZ30w6At/DgxvOaAdjHyb8zC
-----END CERTIFICATE-----