Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/ypQq0PDW3PSkPD15yNH1CqekgHk.roa
File: ypQq0PDW3PSkPD15yNH1CqekgHk.roa (raw, json)
Hash identifier: RGBnv7RJ4DFBK/wh+hvZlNmq+3hzbD6BuSzYZalqLo8=
Subject key identifier: CA:94:2A:D0:F0:D6:DC:F4:A4:3C:3D:79:C8:D1:F5:0A:A7:A4:80:79
Certificate issuer: /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial: 018F9E10FE710ABF6A8A2B0EEF9D8D5FF104
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/ypQq0PDW3PSkPD15yNH1CqekgHk.roa
Signing time: Wed 22 May 2024 02:11:04 +0000
ROA not before: Wed 22 May 2024 02:11:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18f:9689:3f54/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:9e:10:fe:71:0a:bf:6a:8a:2b:0e:ef:9d:8d:5f:f1:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Validity
Not Before: May 22 02:11:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ca942ad0f0d6dcf4a43c3d79c8d1f50aa7a48079
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:1d:35:8b:c1:ec:ef:21:06:9e:57:8e:92:86:
4a:35:a0:54:8e:a3:c4:e1:74:f8:97:8e:c9:85:0a:
49:e0:84:3c:3d:e5:3e:66:26:ed:a6:3c:1f:f2:8e:
f1:ef:92:86:4a:8d:a3:4a:71:06:3d:9f:fc:72:2a:
91:40:26:68:d7:ff:8d:e8:a2:34:de:1a:2d:58:77:
ef:46:46:b2:7c:6d:28:ce:f3:eb:bf:c9:a2:07:93:
1a:ef:f9:f8:c7:45:1b:23:9c:fe:19:a6:bb:be:ae:
15:ad:13:08:2c:3a:6e:fb:aa:1d:8e:93:20:dd:c0:
ca:89:cc:a9:5e:bc:01:e1:71:93:ce:dd:cd:d7:88:
b6:ee:ef:fd:55:64:ad:0d:fd:88:50:a6:83:6b:79:
20:ad:54:3c:c6:ab:54:f5:4c:fd:e0:36:81:a4:04:
4c:e1:8c:c2:7e:83:9c:70:3d:b1:c4:aa:bd:f6:7e:
6f:12:8b:83:50:d1:b7:fb:db:44:3e:8b:5c:b5:66:
39:7f:35:50:f0:15:8b:cd:e2:36:40:b6:0e:3b:34:
04:c5:f7:5f:d6:ab:53:42:70:c1:b6:13:a2:14:da:
53:be:a4:93:e1:9b:6f:f9:30:3d:13:67:06:b7:d7:
f4:02:03:c2:89:b8:9d:c8:7d:aa:62:fc:ae:19:69:
17:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:94:2A:D0:F0:D6:DC:F4:A4:3C:3D:79:C8:D1:F5:0A:A7:A4:80:79
X509v3 Authority Key Identifier:
keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/ypQq0PDW3PSkPD15yNH1CqekgHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
cf:90:cf:8a:18:97:1f:6c:97:c1:b9:c3:bd:24:f7:fb:33:f2:
67:39:6e:82:a7:33:6b:bd:cf:f7:97:ee:40:e4:90:c4:dd:7a:
79:c5:27:44:f2:3a:1f:5e:4d:74:d8:4f:6e:20:fc:54:a1:7a:
23:15:e6:69:68:df:bb:61:a1:21:81:2c:3a:a2:dd:f6:2e:16:
07:6b:8e:c3:31:b4:d4:c0:0a:c5:53:15:c5:b4:ca:4a:2b:e7:
e8:53:80:31:c3:d8:a5:58:d5:15:f7:d9:4a:39:3a:68:de:2a:
cf:da:7d:e0:6b:64:db:df:d9:7b:e9:a5:b6:12:63:1f:53:e7:
83:ef:0e:10:c9:4a:b8:5a:b0:be:d9:5d:8e:3b:b6:1a:cd:a6:
62:91:17:54:16:08:c5:23:e4:74:89:b4:f3:72:db:5b:ff:0b:
c3:38:7e:c5:da:89:c1:90:f6:61:2f:49:b0:d5:bc:d3:8b:8c:
32:03:5d:1c:0b:11:bb:3a:36:e0:40:70:05:5b:23:ff:73:89:
70:60:42:ee:f9:ae:6e:b6:37:53:f2:64:0e:de:8d:63:a0:d8:
f6:1b:53:06:f0:94:77:bc:f7:9e:79:47:2c:08:e6:3c:d8:0f:
f3:c2:52:53:bb:20:91:79:3d:b3:5f:49:72:e6:c3:71:54:0d:
02:16:43:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY+eEP5xCr9qiisO752NX/EEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNTIyMDIxMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTk0MmFkMGYwZDZkY2Y0YTQzYzNkNzljOGQxZjUwYWE3YTQ4MDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyh01i8Hs7yEGnleOkoZKNaBUjqPE
4XT4l47JhQpJ4IQ8PeU+Zibtpjwf8o7x75KGSo2jSnEGPZ/8ciqRQCZo1/+N6KI0
3hotWHfvRkayfG0ozvPrv8miB5Ma7/n4x0UbI5z+Gaa7vq4VrRMILDpu+6odjpMg
3cDKicypXrwB4XGTzt3N14i27u/9VWStDf2IUKaDa3kgrVQ8xqtU9Uz94DaBpARM
4YzCfoOccD2xxKq99n5vEouDUNG3+9tEPotctWY5fzVQ8BWLzeI2QLYOOzQExfdf
1qtTQnDBthOiFNpTvqST4Ztv+TA9E2cGt9f0AgPCibidyH2qYvyuGWkXaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMqUKtDw1tz0pDw9ecjR9QqnpIB5MB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEveXBRcTBQRFczUFNrUEQxNXlOSDFDcWVrZ0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAM+Qz4oYlx9sl8G5w70k
9/sz8mc5boKnM2u9z/eX7kDkkMTdennFJ0TyOh9eTXTYT24g/FSheiMV5mlo37th
oSGBLDqi3fYuFgdrjsMxtNTACsVTFcW0ykor5+hTgDHD2KVY1RX32Uo5OmjeKs/a
feBrZNvf2XvppbYSYx9T54PvDhDJSrhasL7ZXY47thrNpmKRF1QWCMUj5HSJtPNy
21v/C8M4fsXaicGQ9mEvSbDVvNOLjDIDXRwLEbs6NuBAcAVbI/9ziXBgQu75rm62
N1PyZA7ejWOg2PYbUwbwlHe89555RywI5jzYD/PCUlO7IJF5PbNfSXLmw3FUDQIW
Q3c=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:06:55 2025 by rpki-client