Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AqfdL2FBRfdn37CiuPijJct4GM0.roa
File: AqfdL2FBRfdn37CiuPijJct4GM0.roa (raw, json)
Hash identifier: cTyx7pMaawnZ78F7xT5u6UiSFc/7Doa0MAxxTaJsTOs=
Subject key identifier: 02:A7:DD:2F:61:41:45:F7:67:DF:B0:A2:B8:F8:A3:25:CB:78:18:CD
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 018577F2D831A5861C6275963DFC4F8C9C0F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AqfdL2FBRfdn37CiuPijJct4GM0.roa
Signing time: Tue 03 Jan 2023 14:04:41 +0000
ROA not before: Tue 03 Jan 2023 14:04:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:185:77f2:6f5a/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:185:3dcc:d8f/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:77:f2:d8:31:a5:86:1c:62:75:96:3d:fc:4f:8c:9c:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Jan 3 14:04:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=02a7dd2f614145f767dfb0a2b8f8a325cb7818cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:3e:13:b7:1b:2b:19:60:2b:1e:aa:cc:95:67:
b9:e7:17:6e:8d:d5:be:c0:e3:4c:21:44:05:52:c0:
22:4b:ff:06:d1:b9:7a:4f:b7:22:2d:3f:a4:a9:b7:
dd:b3:18:1f:3b:e8:85:fe:38:e5:97:ef:90:bc:24:
c9:73:a9:96:1b:87:1f:d7:d0:1e:f9:14:d8:f0:51:
db:df:90:c5:68:ad:d6:82:88:3b:f6:60:07:a0:2b:
83:87:9d:b3:f1:37:3f:f6:48:45:5a:5d:c0:6c:70:
5c:a2:f2:6a:d7:ba:6b:47:d5:2b:84:a7:75:79:c7:
05:53:05:27:71:86:01:e0:0c:b3:27:cc:64:34:f8:
b4:ae:3d:93:49:35:65:07:d5:57:9c:ec:9a:cd:79:
c4:66:47:e7:70:28:45:a7:67:9e:ae:7e:d5:8d:e7:
7c:0e:ed:59:3e:40:cd:48:59:84:29:22:be:00:1b:
4d:c6:87:dc:38:94:db:c6:c1:33:99:12:15:ed:c0:
55:d5:bb:e4:94:5b:6b:4b:69:fc:19:d5:c8:ca:fd:
d9:5d:a3:70:60:fa:b4:9b:ad:2a:08:e5:50:6d:3b:
b1:3a:a0:1f:c6:32:1e:d8:18:79:34:d3:9d:16:91:
b7:c7:b3:95:bd:ac:91:75:e8:e4:ff:b9:3b:6d:56:
f6:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:A7:DD:2F:61:41:45:F7:67:DF:B0:A2:B8:F8:A3:25:CB:78:18:CD
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AqfdL2FBRfdn37CiuPijJct4GM0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
34:a2:93:48:d0:8f:f7:b8:83:e5:79:cc:38:80:2b:e9:a5:64:
36:0e:7f:93:28:ab:03:5c:4a:dd:22:11:04:f4:35:44:44:33:
9e:d5:95:57:27:a2:26:b6:cb:ef:f4:4b:23:b7:4d:df:84:e5:
a1:c6:73:f7:7f:d6:88:5c:73:dd:6c:4a:10:7a:e2:ef:f7:ff:
c4:6d:6c:0d:27:f5:5b:98:ba:30:e8:67:8f:3e:a5:61:70:9d:
8f:7b:18:57:c6:11:82:ce:36:b6:04:34:bc:5c:89:e6:23:be:
83:30:85:a2:51:e9:63:76:35:6d:02:96:63:0e:48:d2:62:78:
01:30:d4:f7:95:0f:f2:10:a8:87:fe:05:ea:99:dc:28:ba:be:
39:16:01:f4:cd:af:3b:21:74:86:72:f4:6e:25:10:f9:c4:9a:
2d:52:f0:1b:72:55:22:66:86:7e:ec:d0:cd:63:4c:d0:7d:7b:
9c:1d:47:ad:ad:de:d0:e9:b7:15:ca:27:bb:99:32:4e:da:9e:
f8:17:02:af:78:b1:4c:78:4c:c6:35:df:d3:7f:72:e3:e8:f9:
cf:61:3e:e7:07:65:9f:a2:18:4b:62:d4:65:7c:d5:02:40:b9:
ca:eb:89:70:e3:b9:55:f7:0b:b5:a1:1a:4e:13:f7:46:24:83:
49:4e:f2:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYV38tgxpYYcYnWWPfxPjJwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMTAzMTQwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmE3ZGQyZjYxNDE0NWY3NjdkZmIwYTJiOGY4YTMyNWNiNzgxOGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhj4TtxsrGWArHqrMlWe55xdujdW+
wONMIUQFUsAiS/8G0bl6T7ciLT+kqbfdsxgfO+iF/jjll++QvCTJc6mWG4cf19Ae
+RTY8FHb35DFaK3Wgog79mAHoCuDh52z8Tc/9khFWl3AbHBcovJq17prR9UrhKd1
eccFUwUncYYB4AyzJ8xkNPi0rj2TSTVlB9VXnOyazXnEZkfncChFp2eern7Vjed8
Du1ZPkDNSFmEKSK+ABtNxofcOJTbxsEzmRIV7cBV1bvklFtrS2n8GdXIyv3ZXaNw
YPq0m60qCOVQbTuxOqAfxjIe2Bh5NNOdFpG3x7OVvayRdejk/7k7bVb2kQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAKn3S9hQUX3Z9+worj4oyXLeBjNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQXFmZEwyRkJSZmRuMzdDaXVQaWpKY3Q0R00wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADSik0jQj/e4g+V5zDiA
K+mlZDYOf5MoqwNcSt0iEQT0NUREM57VlVcnoia2y+/0SyO3Td+E5aHGc/d/1ohc
c91sShB64u/3/8RtbA0n9VuYujDoZ48+pWFwnY97GFfGEYLONrYENLxcieYjvoMw
haJR6WN2NW0ClmMOSNJieAEw1PeVD/IQqIf+BeqZ3Ci6vjkWAfTNrzshdIZy9G4l
EPnEmi1S8BtyVSJmhn7s0M1jTNB9e5wdR62t3tDptxXKJ7uZMk7anvgXAq94sUx4
TMY139N/cuPo+c9hPucHZZ+iGEti1GV81QJAucrriXDjuVX3C7WhGk4T90Ykg0lO
8l0=
-----END CERTIFICATE-----
Generated at Mon Jun 9 00:08:08 2025 by rpki-client