Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/HzkqLbs1liYqOOnORyYsONDUWCk.roa
File: HzkqLbs1liYqOOnORyYsONDUWCk.roa (raw, json)
Hash identifier: uXYRvHJ6LJgN5jTlxHsTjXJyetqQoAXwubqH0//UAWg=
Subject key identifier: 1F:39:2A:2D:BB:35:96:26:2A:38:E9:CE:47:26:2C:38:D0:D4:58:29
Certificate issuer: /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial: 0194282559A4A38762C661D7359C814225A2
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/HzkqLbs1liYqOOnORyYsONDUWCk.roa
Signing time: Thu 02 Jan 2025 17:52:03 +0000
ROA not before: Thu 02 Jan 2025 17:52:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21334
IP address blocks: 2a01:870::/32 maxlen: 32
2a01:8f8::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:59:a4:a3:87:62:c6:61:d7:35:9c:81:42:25:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Validity
Not Before: Jan 2 17:52:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1f392a2dbb3596262a38e9ce47262c38d0d45829
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:5e:7b:af:b7:d2:d5:1d:5e:42:b0:ef:82:ce:
a2:83:73:a6:ea:29:db:b2:3f:08:51:32:3f:4e:74:
4c:d7:76:50:34:3d:e3:87:e4:8e:e8:e6:63:f3:32:
d8:ac:88:3b:72:98:34:c9:9a:bb:46:cf:cb:dd:a3:
da:e2:29:1c:fa:ea:87:66:28:b2:3a:0d:7c:c7:92:
8c:f1:88:1f:81:4e:4d:08:fb:d4:9a:8a:1a:96:fe:
78:38:e6:cf:2f:25:b6:71:36:79:fa:04:42:cb:b1:
ef:fe:fa:b7:d4:2a:fa:04:44:c5:d5:1e:fc:21:5f:
6c:e4:d6:6f:df:74:c8:15:d9:f3:7e:2c:cb:0c:80:
db:97:bf:8e:e8:7c:68:43:96:f9:18:f9:2d:92:27:
e9:b0:81:88:8e:51:be:0c:3f:87:40:b8:9e:6c:2f:
83:e9:5c:a1:09:a5:59:21:6c:64:9c:18:77:71:64:
64:4f:52:c8:90:6e:02:5e:a0:8b:25:9e:36:04:b0:
02:6e:48:6f:c7:aa:f4:27:67:40:49:54:bb:1e:65:
23:10:99:32:d5:81:f9:65:f2:aa:08:57:13:d7:02:
1f:8b:88:38:a2:2c:0e:73:32:be:4f:b8:bd:43:a4:
75:1c:e5:45:cc:1e:ec:6e:2a:f4:75:b6:87:34:d5:
b4:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:39:2A:2D:BB:35:96:26:2A:38:E9:CE:47:26:2C:38:D0:D4:58:29
X509v3 Authority Key Identifier:
keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/HzkqLbs1liYqOOnORyYsONDUWCk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:870::/32
2a01:8f8::/32
Signature Algorithm: sha256WithRSAEncryption
21:a5:1c:a2:8f:b5:91:bd:64:d2:bd:da:b8:90:de:00:e0:44:
ea:aa:b2:8a:69:e9:6a:35:3d:d1:3b:03:65:01:e5:76:07:f5:
97:9a:8d:0b:78:48:95:d3:ea:7d:f8:1f:c0:9b:e4:12:96:f8:
6b:f6:99:91:46:a2:16:f3:46:89:fc:96:bf:81:13:4d:3e:a0:
52:9d:07:49:0d:54:55:a0:b0:d9:63:6b:a2:66:3f:af:92:1d:
75:84:21:d6:26:50:6e:40:08:dd:d1:d2:94:5d:f6:78:c8:9d:
88:f0:98:87:7a:91:04:ef:84:bb:9b:4d:a5:a8:33:39:64:4b:
a5:90:ac:fc:27:38:f7:1d:24:a5:04:49:15:9d:87:a0:b7:8d:
d1:01:95:74:56:4a:19:49:98:5e:15:50:69:1e:a8:f8:08:2f:
37:a2:78:5b:9d:07:a2:35:fd:99:f8:ee:cd:df:9b:29:e3:1c:
ef:1c:77:bd:80:57:ae:74:a6:3b:f8:b1:c2:69:58:5a:45:de:
f2:d1:26:af:96:3b:d1:f2:df:40:e8:30:bc:4b:af:be:19:38:
8d:d2:85:99:9a:1e:fd:18:bd:cd:b6:56:64:59:ee:7a:fa:92:
2b:4c:a0:d0:00:b3:b3:d1:c0:04:46:8a:eb:bf:0a:a7:e0:b2:
73:b3:05:2d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQoJVmko4dixmHXNZyBQiWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjUwMTAyMTc1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjM5MmEyZGJiMzU5NjI2MmEzOGU5Y2U0NzI2MmMzOGQwZDQ1ODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl57r7fS1R1eQrDvgs6ig3Om6inb
sj8IUTI/TnRM13ZQND3jh+SO6OZj8zLYrIg7cpg0yZq7Rs/L3aPa4ikc+uqHZiiy
Og18x5KM8YgfgU5NCPvUmooalv54OObPLyW2cTZ5+gRCy7Hv/vq31Cr6BETF1R78
IV9s5NZv33TIFdnzfizLDIDbl7+O6HxoQ5b5GPktkifpsIGIjlG+DD+HQLiebC+D
6VyhCaVZIWxknBh3cWRkT1LIkG4CXqCLJZ42BLACbkhvx6r0J2dASVS7HmUjEJky
1YH5ZfKqCFcT1wIfi4g4oiwOczK+T7i9Q6R1HOVFzB7sbir0dbaHNNW0qQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB85Ki27NZYmKjjpzkcmLDjQ1FgpMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvSHprcUxiczFsaVlxT09uT1J5WXNPTkRVV0NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgEIcAMF
ACoBCPgwDQYJKoZIhvcNAQELBQADggEBACGlHKKPtZG9ZNK92riQ3gDgROqqsopp
6Wo1PdE7A2UB5XYH9ZeajQt4SJXT6n34H8Cb5BKW+Gv2mZFGohbzRon8lr+BE00+
oFKdB0kNVFWgsNlja6JmP6+SHXWEIdYmUG5ACN3R0pRd9njInYjwmId6kQTvhLub
TaWoMzlkS6WQrPwnOPcdJKUESRWdh6C3jdEBlXRWShlJmF4VUGkeqPgILzeieFud
B6I1/Zn47s3fmynjHO8cd72AV650pjv4scJpWFpF3vLRJq+WO9Hy30DoMLxLr74Z
OI3ShZmaHv0Yvc22VmRZ7nr6kitMoNAAs7PRwARGiuu/CqfgsnOzBS0=
-----END CERTIFICATE-----
Generated at Tue Apr 8 18:29:17 2025 by rpki-client