Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3qKZvbo_BbEFK3_bbRXbI-z1PQs.roa
File: 3qKZvbo_BbEFK3_bbRXbI-z1PQs.roa (raw, json)
Hash identifier: b5576tq7ypZyyQpgjLpvD5pmoVVrJmgEgKXdIT8ag0E=
Subject key identifier: DE:A2:99:BD:BA:3F:05:B1:05:2B:7F:DB:6D:15:DB:23:EC:F5:3D:0B
Certificate issuer: /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial: 018F536593B919F422BFF1539BD293E9127E
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3qKZvbo_BbEFK3_bbRXbI-z1PQs.roa
Signing time: Tue 07 May 2024 14:11:56 +0000
ROA not before: Tue 07 May 2024 14:11:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:53:65:93:b9:19:f4:22:bf:f1:53:9b:d2:93:e9:12:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Validity
Not Before: May 7 14:11:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dea299bdba3f05b1052b7fdb6d15db23ecf53d0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:c1:8a:f0:c1:c8:bd:a9:d0:bd:6c:43:ae:9b:
11:d0:34:2f:c3:d2:17:96:24:9e:c1:12:e0:a5:85:
e7:c4:5f:21:1c:77:ce:93:34:7f:78:76:e2:f9:66:
75:95:70:4a:24:92:a9:23:2c:de:14:75:4a:1b:fa:
ad:30:3a:62:20:3f:f8:9e:7f:ca:f6:22:fe:fe:92:
82:9f:cd:58:04:84:11:15:47:1a:9f:f6:ae:e2:d0:
89:5c:9c:94:d4:07:42:63:8a:09:35:b0:79:26:73:
bf:88:f0:84:f5:ef:93:66:ca:c1:49:14:57:a9:ce:
f9:d7:ba:5a:2e:12:2e:c0:5a:7f:41:58:f2:81:0a:
a3:29:ee:9b:20:15:a0:19:a3:81:99:cb:59:05:0b:
22:fe:67:b7:9a:d4:aa:f8:d7:b4:fa:44:a5:08:ba:
cd:b1:62:b9:12:a6:b6:9f:9d:70:0e:ef:d8:1a:32:
c5:b2:c3:37:97:42:c6:2e:e8:eb:68:5b:f7:0b:ce:
bf:00:e9:56:2c:b5:16:4a:01:9a:b5:85:d5:f0:1c:
06:fa:b5:eb:c1:3d:43:d3:e7:a5:d1:b8:4d:e1:87:
55:81:60:fc:82:2b:e7:fa:8f:58:6f:7e:cc:09:23:
b8:55:fc:e6:f9:42:5a:e3:4a:a8:f7:20:af:40:45:
69:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:A2:99:BD:BA:3F:05:B1:05:2B:7F:DB:6D:15:DB:23:EC:F5:3D:0B
X509v3 Authority Key Identifier:
keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/3qKZvbo_BbEFK3_bbRXbI-z1PQs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
87:2f:88:55:5c:33:0a:e9:0c:7a:17:a3:b9:92:66:b9:6a:d6:
3d:3e:b5:bd:49:d0:98:2e:44:d7:1a:6e:5d:da:cb:4c:d7:ca:
fa:89:e3:9d:04:64:ac:6a:a0:46:5c:b6:be:21:b7:6c:82:52:
5a:6d:5b:19:78:19:6a:b6:1f:e7:53:81:a6:10:43:68:f0:29:
c1:ce:f9:c8:ac:b4:12:0c:9e:ff:93:f1:74:b2:21:ae:e1:d4:
ca:a2:5c:1a:9e:ee:19:35:37:0d:84:1b:03:e7:0f:4c:ad:0c:
91:5c:5a:cd:ae:20:3b:7a:18:5f:fb:e7:c8:5c:35:03:c6:02:
2b:ec:67:78:4d:14:f7:4f:5c:42:6c:3d:3c:de:a5:60:90:0a:
09:a5:c2:3f:25:16:8f:75:72:86:87:1d:4a:15:39:8b:01:46:
fa:f1:af:2a:6d:2b:46:83:f1:34:bd:c0:d7:7e:ea:48:7d:45:
f3:a7:db:d3:29:28:f1:b2:e5:06:14:f6:ca:11:c8:87:bf:df:
72:f0:c8:51:47:16:90:fa:21:b5:35:96:b7:74:8b:d0:b4:9a:
61:f4:d4:a6:be:d9:dd:25:5c:ac:05:7d:27:39:5f:a0:fa:52:
a3:ab:0b:34:31:8a:35:f8:6b:73:bf:b0:76:72:9a:3e:2f:3d:
cc:70:bb:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY9TZZO5GfQiv/FTm9KT6RJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTA3MTQxMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWEyOTliZGJhM2YwNWIxMDUyYjdmZGI2ZDE1ZGIyM2VjZjUzZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsGK8MHIvanQvWxDrpsR0DQvw9IX
liSewRLgpYXnxF8hHHfOkzR/eHbi+WZ1lXBKJJKpIyzeFHVKG/qtMDpiID/4nn/K
9iL+/pKCn81YBIQRFUcan/au4tCJXJyU1AdCY4oJNbB5JnO/iPCE9e+TZsrBSRRX
qc7517paLhIuwFp/QVjygQqjKe6bIBWgGaOBmctZBQsi/me3mtSq+Ne0+kSlCLrN
sWK5Eqa2n51wDu/YGjLFssM3l0LGLujraFv3C86/AOlWLLUWSgGatYXV8BwG+rXr
wT1D0+el0bhN4YdVgWD8givn+o9Yb37MCSO4Vfzm+UJa40qo9yCvQEVpaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN6imb26PwWxBSt/220V2yPs9T0LMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvM3FLWnZib19CYkVGSzNfYmJSWGJJLXoxUFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIcviFVcMwrpDHoXo7mS
Zrlq1j0+tb1J0JguRNcabl3ay0zXyvqJ450EZKxqoEZctr4ht2yCUlptWxl4GWq2
H+dTgaYQQ2jwKcHO+cistBIMnv+T8XSyIa7h1MqiXBqe7hk1Nw2EGwPnD0ytDJFc
Ws2uIDt6GF/758hcNQPGAivsZ3hNFPdPXEJsPTzepWCQCgmlwj8lFo91coaHHUoV
OYsBRvrxryptK0aD8TS9wNd+6kh9RfOn29MpKPGy5QYU9soRyIe/33LwyFFHFpD6
IbU1lrd0i9C0mmH01Ka+2d0lXKwFfSc5X6D6UqOrCzQxijX4a3O/sHZymj4vPcxw
u5Y=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:39:39 2025 by rpki-client