Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/N8YU9P6afQ3l1ax9yLIDe6D0fIk.roa
File: N8YU9P6afQ3l1ax9yLIDe6D0fIk.roa (raw, json)
Hash identifier: EU77Dk5F7GrtkJ85p7yvIHvzXNj6aNgdhN+Tn5j+zs0=
Subject key identifier: 37:C6:14:F4:FE:9A:7D:0D:E5:D5:AC:7D:C8:B2:03:7B:A0:F4:7C:89
Certificate issuer: /CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Certificate serial: 019428255A46B5A1992EE770BACCF922FC18
Authority key identifier: B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/N8YU9P6afQ3l1ax9yLIDe6D0fIk.roa
Signing time: Thu 02 Jan 2025 17:52:04 +0000
ROA not before: Thu 02 Jan 2025 17:52:04 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 30722
IP address blocks: 2a01:820::/32 maxlen: 32
2a01:827::/32 maxlen: 32
2a01:8d0::/32 maxlen: 32
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:28:25:5a:46:b5:a1:99:2e:e7:70:ba:cc:f9:22:fc:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b3a5d99863db2e49b44f6c324eb04388fc7515d2
Validity
Not Before: Jan 2 17:52:04 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=37c614f4fe9a7d0de5d5ac7dc8b2037ba0f47c89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:7d:14:f5:13:a8:f2:7e:a2:78:1b:d8:90:65:
f2:27:5e:70:9e:9a:76:30:37:21:77:06:ca:74:8b:
2f:35:0e:ee:b8:75:eb:6f:8a:a3:72:78:6d:50:54:
4c:0c:13:ba:db:4c:5e:dc:9d:bb:75:f4:79:3a:52:
89:c6:7f:4a:2b:c1:ca:ff:8d:fa:fc:e6:12:51:de:
a7:44:e8:35:98:07:25:e4:32:ba:79:61:75:d5:ff:
65:a3:33:b9:14:bd:8b:1b:34:71:8d:aa:42:1e:fe:
2a:c2:8c:12:e7:e1:b4:d5:61:87:5e:ec:bf:fa:cc:
20:2e:73:53:92:34:ac:2e:75:83:e0:2d:4c:19:48:
0f:a0:68:c6:b2:ae:ea:e5:77:a4:f2:e3:44:c8:4a:
d4:08:fa:88:59:50:52:ae:ec:fa:a8:91:ef:a5:b0:
6a:25:e0:a8:b9:71:d7:4d:60:ff:dc:c0:17:a7:c9:
a8:11:0a:e5:b8:f4:bb:70:62:4d:fb:34:1e:31:06:
00:62:77:6d:f3:94:d9:c0:1f:0f:bd:05:d2:2a:8c:
ef:3a:42:93:9a:2c:7b:30:e2:d3:f4:33:fb:8f:98:
aa:de:13:e7:40:7b:fa:d0:01:c2:55:2b:81:0a:49:
5b:c2:b3:24:dd:c5:31:53:53:c2:fa:7b:73:1c:c3:
4b:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:C6:14:F4:FE:9A:7D:0D:E5:D5:AC:7D:C8:B2:03:7B:A0:F4:7C:89
X509v3 Authority Key Identifier:
keyid:B3:A5:D9:98:63:DB:2E:49:B4:4F:6C:32:4E:B0:43:88:FC:75:15:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s6XZmGPbLkm0T2wyTrBDiPx1FdI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/N8YU9P6afQ3l1ax9yLIDe6D0fIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/29e9bc-b190-409e-86b0-eec5d50efa94/1/s6XZmGPbLkm0T2wyTrBDiPx1FdI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:820::/32
2a01:827::/32
2a01:8d0::/32
Signature Algorithm: sha256WithRSAEncryption
23:5d:aa:db:a2:c5:35:e7:7e:45:9c:6d:1b:81:02:21:a4:44:
31:15:d1:c4:e1:cf:5f:4e:61:c5:38:a1:6e:54:bd:0e:56:84:
a1:3d:24:4e:72:0a:7f:14:91:08:e6:96:7c:51:75:a0:e4:6d:
61:9d:62:62:e7:1a:33:c0:54:94:53:91:b2:d4:b8:6b:3a:4c:
02:0d:b9:da:6d:26:47:5c:9b:89:77:3c:33:16:d2:a2:0b:97:
ad:9b:00:3c:ed:3a:5f:f0:4c:98:e2:7d:aa:9f:d0:dd:cc:29:
8e:4a:7e:cb:25:45:c6:cf:2b:a9:7b:9c:b9:46:0a:d0:bc:33:
6f:e6:89:00:0a:36:ed:db:95:bd:2d:49:a9:37:5b:17:85:46:
f6:ad:53:7e:ec:a1:9d:db:b0:b4:af:0e:a2:4d:c1:f5:11:27:
ca:e4:9a:15:78:5b:22:b0:bd:6e:5c:08:57:9f:23:ba:59:ea:
1c:b8:21:c0:34:de:50:3a:9b:3d:03:1e:4d:f4:a5:83:33:dc:
1a:7f:f7:44:c3:92:d6:c0:cc:9a:99:1f:a2:7e:26:85:a4:38:
e7:f4:7a:36:35:29:03:15:0a:d2:7b:fe:c7:53:44:78:7b:a9:
0f:ca:e6:82:14:a6:a6:8d:d9:a7:3e:1e:ba:db:29:f5:04:a9:
4a:4b:07:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJVpGtaGZLudwusz5IvwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzYTVkOTk4NjNkYjJlNDliNDRmNmMzMjRlYjA0Mzg4ZmM3
NTE1ZDIwHhcNMjUwMTAyMTc1MjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2M2MTRmNGZlOWE3ZDBkZTVkNWFjN2RjOGIyMDM3YmEwZjQ3Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr30U9ROo8n6ieBvYkGXyJ15wnpp2
MDchdwbKdIsvNQ7uuHXrb4qjcnhtUFRMDBO620xe3J27dfR5OlKJxn9KK8HK/436
/OYSUd6nROg1mAcl5DK6eWF11f9lozO5FL2LGzRxjapCHv4qwowS5+G01WGHXuy/
+swgLnNTkjSsLnWD4C1MGUgPoGjGsq7q5Xek8uNEyErUCPqIWVBSruz6qJHvpbBq
JeCouXHXTWD/3MAXp8moEQrluPS7cGJN+zQeMQYAYndt85TZwB8PvQXSKozvOkKT
mix7MOLT9DP7j5iq3hPnQHv60AHCVSuBCklbwrMk3cUxU1PC+ntzHMNLVQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDfGFPT+mn0N5dWsfciyA3ug9HyJMB8GA1UdIwQY
MBaAFLOl2Zhj2y5JtE9sMk6wQ4j8dRXSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAt
ZWVjNWQ1MGVmYTk0LzEvTjhZVTlQNmFmUTNsMWF4OXlMSURlNkQwZklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8yOWU5YmMtYjE5MC00MDllLTg2YjAtZWVjNWQ1MGVmYTk0
LzEvczZYWm1HUGJMa20wVDJ3eVRyQkRpUHgxRmRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgEIIAMF
ACoBCCcDBQAqAQjQMA0GCSqGSIb3DQEBCwUAA4IBAQAjXarbosU1535FnG0bgQIh
pEQxFdHE4c9fTmHFOKFuVL0OVoShPSROcgp/FJEI5pZ8UXWg5G1hnWJi5xozwFSU
U5Gy1LhrOkwCDbnabSZHXJuJdzwzFtKiC5etmwA87Tpf8EyY4n2qn9DdzCmOSn7L
JUXGzyupe5y5RgrQvDNv5okACjbt25W9LUmpN1sXhUb2rVN+7KGd27C0rw6iTcH1
ESfK5JoVeFsisL1uXAhXnyO6WeocuCHANN5QOps9Ax5N9KWDM9waf/dEw5LWwMya
mR+ifiaFpDjn9Ho2NSkDFQrSe/7HU0R4e6kPyuaCFKamjdmnPh662yn1BKlKSwdR
-----END CERTIFICATE-----
Generated at Tue Apr 8 13:26:10 2025 by rpki-client