Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/E-D3ZGslYgKBnaQ36DuHk1Df9I0.roa
File: E-D3ZGslYgKBnaQ36DuHk1Df9I0.roa (raw, json)
Hash identifier: C7/eant2Zx3rg9iNoRomHYyEK3sus/zcsayhmh6HDO8=
Subject key identifier: 13:E0:F7:64:6B:25:62:02:81:9D:A4:37:E8:3B:87:93:50:DF:F4:8D
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 019421B17037D5EDDF6B60CDAB4CC10EDACA
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/E-D3ZGslYgKBnaQ36DuHk1Df9I0.roa
Signing time: Wed 01 Jan 2025 11:47:44 +0000
ROA not before: Wed 01 Jan 2025 11:47:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49690
IP address blocks: 159.151.0.0/18 maxlen: 18
159.151.192.0/19 maxlen: 19
159.151.224.0/20 maxlen: 20
159.151.240.0/21 maxlen: 21
159.151.248.0/23 maxlen: 23
159.151.252.0/24 maxlen: 24
159.151.253.0/24 maxlen: 24
192.109.140.0/24 maxlen: 24
192.109.141.0/24 maxlen: 24
2a07:8140::/36 maxlen: 36
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:70:37:d5:ed:df:6b:60:cd:ab:4c:c1:0e:da:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Jan 1 11:47:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=13e0f7646b256202819da437e83b879350dff48d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:9d:3e:41:62:7e:da:11:44:c0:7e:f9:60:1a:
f7:ed:0d:4f:73:ab:08:8e:c8:cc:2d:f8:8e:a6:fc:
e6:94:06:21:ed:2f:53:53:18:41:fc:2d:f4:54:0c:
61:bf:d0:33:0f:58:ce:4e:2e:31:3b:89:f8:5e:bd:
13:61:cf:ee:47:1a:2d:91:a3:a3:a9:43:fd:fd:d3:
56:11:ba:d2:91:5c:ce:4c:89:13:63:dd:98:0e:69:
99:c9:09:9d:5b:a0:4e:39:e7:cd:6a:4e:cd:59:d8:
9e:9e:34:e5:00:94:a7:e8:a0:58:6f:04:90:78:77:
3e:b9:ab:97:85:69:98:9f:3f:84:29:80:f1:14:b3:
bd:46:3f:bc:56:be:d3:c5:fd:00:5b:85:ba:93:09:
8d:46:01:37:42:bd:78:bb:c1:b2:df:e1:ba:5c:8c:
a0:9f:77:0d:20:aa:d3:12:f7:87:24:f9:53:c5:48:
98:86:c3:8d:cc:37:3c:de:bf:38:f6:4e:db:1e:3f:
e4:e8:44:95:a0:5e:35:cd:7e:13:c5:d5:0d:23:8c:
97:67:d2:67:4f:12:ca:c9:a6:8d:da:2a:d0:2e:1d:
29:92:41:16:5e:5c:41:38:e9:4d:7b:10:f1:66:90:
26:b9:00:41:ee:32:5d:b3:98:91:eb:09:79:d2:6d:
83:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:E0:F7:64:6B:25:62:02:81:9D:A4:37:E8:3B:87:93:50:DF:F4:8D
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/E-D3ZGslYgKBnaQ36DuHk1Df9I0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.0.0/18
159.151.192.0-159.151.249.255
159.151.252.0/23
192.109.140.0/23
IPv6:
2a07:8140::/36
Signature Algorithm: sha256WithRSAEncryption
ad:3e:e8:0f:30:6c:91:5e:7e:92:e1:56:82:b5:d1:35:0e:23:
69:04:a8:09:a2:b2:7c:39:2e:40:5a:4c:a9:c4:16:e0:0c:cf:
66:5a:dd:9f:e3:a6:39:3e:ba:2c:12:cf:2f:bf:b6:61:13:6f:
cd:04:8d:d0:65:9a:17:a3:9b:6f:5e:d1:c0:fd:16:c6:38:b7:
6f:c9:f0:cf:ba:03:d8:e8:f3:20:0f:70:fa:94:39:7b:ff:6d:
49:e4:3b:3c:89:b4:cf:68:59:38:1d:c2:f4:18:01:16:eb:c8:
07:62:83:84:3b:2f:b2:fe:8f:49:d1:35:b3:38:61:f7:4b:af:
65:0f:05:43:58:d3:72:e0:f2:9a:de:76:ba:0e:e4:34:3f:10:
d1:93:ff:57:34:98:81:dd:ea:d1:84:2b:9e:ef:80:e6:30:1a:
bd:f0:7c:b8:cd:c0:fc:50:6b:df:ff:84:34:f6:60:ea:b4:10:
62:bc:67:02:ee:40:91:1d:b4:ce:ba:63:8d:01:de:3e:7b:91:
b8:07:05:a1:0e:06:40:df:8b:eb:7f:37:b4:1b:35:f9:b6:ef:
6b:da:69:fa:9b:58:d1:23:bb:63:71:41:ff:a8:8f:91:b6:65:
c8:89:88:60:b5:a2:78:af:b8:ff:43:42:90:dc:60:14:94:83:
43:be:3c:16
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQhsXA31e3fa2DNq0zBDtrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMTAxMTE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2UwZjc2NDZiMjU2MjAyODE5ZGE0MzdlODNiODc5MzUwZGZmNDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJ0+QWJ+2hFEwH75YBr37Q1Pc6sI
jsjMLfiOpvzmlAYh7S9TUxhB/C30VAxhv9AzD1jOTi4xO4n4Xr0TYc/uRxotkaOj
qUP9/dNWEbrSkVzOTIkTY92YDmmZyQmdW6BOOefNak7NWdienjTlAJSn6KBYbwSQ
eHc+uauXhWmYnz+EKYDxFLO9Rj+8Vr7Txf0AW4W6kwmNRgE3Qr14u8Gy3+G6XIyg
n3cNIKrTEveHJPlTxUiYhsONzDc83r849k7bHj/k6ESVoF41zX4TxdUNI4yXZ9Jn
TxLKyaaN2irQLh0pkkEWXlxBOOlNexDxZpAmuQBB7jJds5iR6wl50m2DIwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBPg92RrJWICgZ2kN+g7h5NQ3/SNMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvRS1EM1pHc2xZZ0tCbmFRMzZEdUhrMURmOUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAmBAIAATAgAwQGn5cAMAwD
BAafl8ADBAGfl/gDBAGfl/wDBAHAbYwwDgQCAAIwCAMGBCoHgUAAMA0GCSqGSIb3
DQEBCwUAA4IBAQCtPugPMGyRXn6S4VaCtdE1DiNpBKgJorJ8OS5AWkypxBbgDM9m
Wt2f46Y5ProsEs8vv7ZhE2/NBI3QZZoXo5tvXtHA/RbGOLdvyfDPugPY6PMgD3D6
lDl7/21J5Ds8ibTPaFk4HcL0GAEW68gHYoOEOy+y/o9J0TWzOGH3S69lDwVDWNNy
4PKa3na6DuQ0PxDRk/9XNJiB3erRhCue74DmMBq98Hy4zcD8UGvf/4Q09mDqtBBi
vGcC7kCRHbTOumONAd4+e5G4BwWhDgZA34vrfze0GzX5tu9r2mn6m1jRI7tjcUH/
qI+RtmXIiYhgtaJ4r7j/Q0KQ3GAUlINDvjwW
-----END CERTIFICATE-----
Generated at Thu Jan 23 19:13:56 2025 by rpki-client on console.sobornost.net