Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3bRlb473qetL01yR5-ftaQnvOIU.roa
File: 3bRlb473qetL01yR5-ftaQnvOIU.roa (raw, json)
Hash identifier: FbpWQ+1isdFve8W3QwCnUVNmUFBVHSi14prC6k220AU=
Subject key identifier: DD:B4:65:6F:8E:F7:A9:EB:4B:D3:5C:91:E7:E7:ED:69:09:EF:38:85
Certificate issuer: /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial: 018F49EE2C39459B1D6D9695BE59C0923E5E
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3bRlb473qetL01yR5-ftaQnvOIU.roa
Signing time: Sun 05 May 2024 18:04:56 +0000
ROA not before: Sun 05 May 2024 18:04:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128
2001:67c:64:ffff:0:18f:49ed:90cd/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:49:ee:2c:39:45:9b:1d:6d:96:95:be:59:c0:92:3e:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Validity
Not Before: May 5 18:04:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ddb4656f8ef7a9eb4bd35c91e7e7ed6909ef3885
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:cd:64:6c:7d:9d:61:a8:51:63:89:78:48:59:
28:98:03:31:cc:81:d2:aa:7c:5e:93:f9:b0:4b:5b:
3a:88:51:5c:ab:54:04:14:a0:06:57:19:24:38:19:
52:da:98:18:ad:95:74:89:4c:46:02:ee:b8:c7:b7:
cb:21:6d:72:b2:16:72:b2:5b:dc:ce:dc:d6:a7:02:
6e:25:25:ce:44:6f:fd:66:f7:3d:14:3a:d4:03:74:
d4:22:f5:a5:54:0a:13:8c:e7:72:82:c3:c8:e9:bc:
08:96:76:10:d8:0d:16:fd:b9:03:15:5a:35:a5:84:
c8:49:e2:32:46:af:7e:7d:26:74:eb:f5:2c:1a:ff:
a5:a6:4b:5f:3f:a5:26:77:c8:9f:b9:d0:66:5b:69:
80:5c:71:76:c4:6e:ed:2b:84:4d:3c:93:00:1a:0a:
cb:70:24:a8:e2:34:a1:55:e9:47:4d:30:c5:80:c0:
b5:98:b0:c3:7e:4f:aa:27:a7:f6:d6:42:77:60:27:
a2:14:dd:3f:c5:42:ee:a3:69:ca:a3:a0:0e:f6:54:
12:f3:4c:bf:5b:3f:15:63:33:47:1e:73:22:02:36:
d8:3e:6c:5e:49:46:48:2f:b4:c4:34:fe:3b:bf:d3:
e8:cd:f8:bc:c9:be:0f:88:83:94:f4:b1:51:db:b0:
75:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:B4:65:6F:8E:F7:A9:EB:4B:D3:5C:91:E7:E7:ED:69:09:EF:38:85
X509v3 Authority Key Identifier:
keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3bRlb473qetL01yR5-ftaQnvOIU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
a1:1e:53:d7:20:5d:99:ca:17:4f:42:c9:0e:fb:2b:e6:01:dd:
2b:d6:9e:b2:ba:59:c4:2c:54:52:03:8a:17:4f:b0:a8:9a:a8:
10:da:bf:9f:c9:69:6b:8c:86:f3:3b:6c:c0:39:0a:2c:69:1c:
fb:b7:6a:fb:75:19:4e:b9:ed:9a:d6:d9:0f:51:9e:6c:ab:2f:
54:d5:d3:23:de:8c:4b:59:24:86:5c:18:e5:52:a2:b1:21:26:
fa:fe:c9:d8:0c:42:ca:7b:79:7e:4b:e1:56:cd:95:73:76:d1:
b9:5f:13:e2:76:21:7a:ce:a4:20:f0:62:51:dd:35:92:51:d9:
f3:cf:0a:cd:28:2f:93:b7:a1:27:3e:4f:78:07:9f:c5:8c:4a:
8f:f9:d8:d9:e3:3c:13:f2:ee:2e:d6:8e:32:95:43:c7:d5:e8:
82:c6:e5:63:a8:87:f0:f0:70:8b:c7:0f:69:3e:f4:99:2a:60:
3b:ba:f4:67:fd:7d:8d:55:80:99:4e:6c:0d:ec:ca:cd:e6:d2:
0b:47:ac:ab:64:e8:39:73:58:3b:87:37:e7:ff:c9:23:25:81:
99:31:00:06:af:91:f3:74:d3:a1:72:99:d8:a1:0c:91:e6:b5:
8e:57:bb:a7:9b:3c:9b:f9:95:04:c2:cd:61:d6:e8:c7:f8:1e:
7a:2c:46:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY9J7iw5RZsdbZaVvlnAkj5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTA1MTgwNDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGI0NjU2ZjhlZjdhOWViNGJkMzVjOTFlN2U3ZWQ2OTA5ZWYzODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss1kbH2dYahRY4l4SFkomAMxzIHS
qnxek/mwS1s6iFFcq1QEFKAGVxkkOBlS2pgYrZV0iUxGAu64x7fLIW1yshZyslvc
ztzWpwJuJSXORG/9Zvc9FDrUA3TUIvWlVAoTjOdygsPI6bwIlnYQ2A0W/bkDFVo1
pYTISeIyRq9+fSZ06/UsGv+lpktfP6Umd8ifudBmW2mAXHF2xG7tK4RNPJMAGgrL
cCSo4jShVelHTTDFgMC1mLDDfk+qJ6f21kJ3YCeiFN0/xULuo2nKo6AO9lQS80y/
Wz8VYzNHHnMiAjbYPmxeSUZIL7TENP47v9Pozfi8yb4PiIOU9LFR27B1MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN20ZW+O96nrS9Nckefn7WkJ7ziFMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvM2JSbGI0NzNxZXRMMDF5UjUtZnRhUW52T0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKEeU9cgXZnKF09CyQ77
K+YB3SvWnrK6WcQsVFIDihdPsKiaqBDav5/JaWuMhvM7bMA5CixpHPu3avt1GU65
7ZrW2Q9RnmyrL1TV0yPejEtZJIZcGOVSorEhJvr+ydgMQsp7eX5L4VbNlXN20blf
E+J2IXrOpCDwYlHdNZJR2fPPCs0oL5O3oSc+T3gHn8WMSo/52NnjPBPy7i7WjjKV
Q8fV6ILG5WOoh/DwcIvHD2k+9JkqYDu69Gf9fY1VgJlObA3sys3m0gtHrKtk6Dlz
WDuHN+f/ySMlgZkxAAavkfN006FymdihDJHmtY5Xu6ebPJv5lQTCzWHW6Mf4Hnos
Rqw=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:55:14 2025 by rpki-client