Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/iQxCTqJc23IztH0qMtXGhii78xc.roa
File: iQxCTqJc23IztH0qMtXGhii78xc.roa (raw, json)
Hash identifier: b/32KuHdgss/tEEpqliyL9nGxIGy3IsYTip4QREYlPc=
Subject key identifier: 89:0C:42:4E:A2:5C:DB:72:33:B4:7D:2A:32:D5:C6:86:28:BB:F3:17
Certificate issuer: /CN=b51841cdc9f63594dddc2ba59a40133182b579fa
Certificate serial: 019423D740C7BF4199A46778EA0B8B7014DE
Authority key identifier: B5:18:41:CD:C9:F6:35:94:DD:DC:2B:A5:9A:40:13:31:82:B5:79:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tRhBzcn2NZTd3CulmkATMYK1efo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/iQxCTqJc23IztH0qMtXGhii78xc.roa
Signing time: Wed 01 Jan 2025 21:48:16 +0000
ROA not before: Wed 01 Jan 2025 21:48:16 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31027
IP address blocks: 2001:67c:16a0::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d7:40:c7:bf:41:99:a4:67:78:ea:0b:8b:70:14:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b51841cdc9f63594dddc2ba59a40133182b579fa
Validity
Not Before: Jan 1 21:48:16 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=890c424ea25cdb7233b47d2a32d5c68628bbf317
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:d7:4e:25:97:7b:44:69:71:9e:ad:7b:8c:ec:
a1:87:b4:3a:85:ce:ca:ce:70:97:df:9b:06:04:a2:
60:9f:ad:42:0a:93:46:6e:8a:28:03:eb:15:37:89:
ed:79:86:00:fa:3a:e8:83:98:ff:1d:17:5a:bd:3c:
05:b3:2c:a5:9c:94:63:02:3c:95:df:68:1c:01:87:
7b:0d:00:ce:84:37:79:02:1a:0b:b2:70:c2:80:34:
8f:ad:a0:57:f2:d3:ac:a3:a5:e0:7c:81:c7:ac:48:
3f:8d:16:d1:81:d6:d5:40:d9:fe:7f:91:ca:cf:64:
9f:6b:26:a1:72:fc:5c:d0:ba:98:fa:d1:86:0d:ba:
31:96:05:a2:4b:51:4b:7e:af:6d:0c:2a:98:8a:d2:
e2:c5:92:c9:05:d1:d0:aa:ef:77:63:3a:65:de:a6:
ca:70:ee:3e:36:a2:2b:38:27:6d:a6:d2:84:68:1a:
82:dd:78:92:52:ad:90:37:cd:89:21:29:eb:f9:cb:
58:ee:86:bc:82:0e:c1:a5:4f:a0:1b:47:a4:61:c5:
2a:b3:d0:ef:74:d9:7c:e2:aa:ab:fa:f1:0c:56:4a:
41:f6:b1:69:f3:dd:26:3a:b9:c0:f7:86:f6:7e:25:
87:45:fc:22:ff:bd:52:81:90:bb:56:25:15:fd:9f:
e0:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:0C:42:4E:A2:5C:DB:72:33:B4:7D:2A:32:D5:C6:86:28:BB:F3:17
X509v3 Authority Key Identifier:
keyid:B5:18:41:CD:C9:F6:35:94:DD:DC:2B:A5:9A:40:13:31:82:B5:79:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tRhBzcn2NZTd3CulmkATMYK1efo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/iQxCTqJc23IztH0qMtXGhii78xc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/f0af61-8ccc-4a3b-9010-6910f399d38f/1/tRhBzcn2NZTd3CulmkATMYK1efo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:16a0::/48
Signature Algorithm: sha256WithRSAEncryption
ba:46:53:22:4b:6c:ed:27:95:60:9a:84:91:07:79:d8:4d:f6:
1a:ce:0e:f1:cb:2c:6d:a5:36:18:7d:19:f3:97:5d:38:ac:6c:
06:58:b4:24:9a:bb:2f:d3:23:62:59:2a:f5:47:b8:fe:c1:23:
70:83:2d:d1:08:57:70:e0:2a:04:80:1c:2d:43:cc:1a:2a:b1:
5f:1a:aa:c8:17:ac:20:aa:72:dd:30:32:34:3d:5b:88:10:1e:
8e:0c:86:0d:52:c1:ea:35:f1:10:63:19:2f:1e:d1:5c:3d:90:
01:91:6e:64:d5:11:28:f8:97:4d:5c:be:96:5b:01:f8:f1:88:
0a:4d:4a:55:2d:be:4e:e5:58:20:0c:a4:b1:5a:26:9e:e1:f6:
3f:c7:0f:af:b4:aa:b8:f8:e5:81:2c:4d:30:9e:11:81:55:ea:
ff:17:e3:6d:49:9b:90:44:b2:e6:f8:22:8f:05:2a:42:0a:8f:
bf:35:e2:8f:21:52:e6:75:9e:e7:43:cf:ab:6c:a2:c9:97:5f:
54:9e:a5:e7:13:88:16:f3:fa:e4:d2:d3:b3:5c:d7:b3:b7:4c:
72:96:3f:14:75:69:0b:1d:7a:08:41:37:8e:c6:27:2b:3e:d0:
b1:82:ec:d6:66:b6:4c:c5:15:5e:49:ad:ea:ee:bf:2d:ff:01:
b6:6b:cd:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQj10DHv0GZpGd46guLcBTeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MTg0MWNkYzlmNjM1OTRkZGRjMmJhNTlhNDAxMzMxODJi
NTc5ZmEwHhcNMjUwMTAxMjE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTBjNDI0ZWEyNWNkYjcyMzNiNDdkMmEzMmQ1YzY4NjI4YmJmMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltdOJZd7RGlxnq17jOyhh7Q6hc7K
znCX35sGBKJgn61CCpNGboooA+sVN4nteYYA+jrog5j/HRdavTwFsyylnJRjAjyV
32gcAYd7DQDOhDd5AhoLsnDCgDSPraBX8tOso6XgfIHHrEg/jRbRgdbVQNn+f5HK
z2Sfayahcvxc0LqY+tGGDboxlgWiS1FLfq9tDCqYitLixZLJBdHQqu93Yzpl3qbK
cO4+NqIrOCdtptKEaBqC3XiSUq2QN82JISnr+ctY7oa8gg7BpU+gG0ekYcUqs9Dv
dNl84qqr+vEMVkpB9rFp890mOrnA94b2fiWHRfwi/71SgZC7ViUV/Z/gOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIkMQk6iXNtyM7R9KjLVxoYou/MXMB8GA1UdIwQY
MBaAFLUYQc3J9jWU3dwrpZpAEzGCtXn6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFJoQnpjbjJOWlRkM0N1bG1rQVRNWUsxZWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9mMGFmNjEtOGNjYy00YTNiLTkwMTAt
NjkxMGYzOTlkMzhmLzEvaVF4Q1RxSmMyM0l6dEgwcU10WEdoaWk3OHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9mMGFmNjEtOGNjYy00YTNiLTkwMTAtNjkxMGYzOTlkMzhm
LzEvdFJoQnpjbjJOWlRkM0N1bG1rQVRNWUsxZWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBag
MA0GCSqGSIb3DQEBCwUAA4IBAQC6RlMiS2ztJ5VgmoSRB3nYTfYazg7xyyxtpTYY
fRnzl104rGwGWLQkmrsv0yNiWSr1R7j+wSNwgy3RCFdw4CoEgBwtQ8waKrFfGqrI
F6wgqnLdMDI0PVuIEB6ODIYNUsHqNfEQYxkvHtFcPZABkW5k1REo+JdNXL6WWwH4
8YgKTUpVLb5O5VggDKSxWiae4fY/xw+vtKq4+OWBLE0wnhGBVer/F+NtSZuQRLLm
+CKPBSpCCo+/NeKPIVLmdZ7nQ8+rbKLJl19UnqXnE4gW8/rk0tOzXNezt0xylj8U
dWkLHXoIQTeOxicrPtCxguzWZrZMxRVeSa3q7r8t/wG2a838
-----END CERTIFICATE-----
Generated at Tue Apr 8 21:21:56 2025 by rpki-client