Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Ocl119OTf1Lx03Vvm8nmttrmepQ.roa
File: Ocl119OTf1Lx03Vvm8nmttrmepQ.roa (raw, json)
Hash identifier: g0q2drdzHJqoJJXx5w7B2ASMEt5YTm92+D4x7MUWHTM=
Subject key identifier: 39:C9:75:D7:D3:93:7F:52:F1:D3:75:6F:9B:C9:E6:B6:DA:E6:7A:94
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 0189D2760C879CF0D44DA8849473D457A5C2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Ocl119OTf1Lx03Vvm8nmttrmepQ.roa
Signing time: Tue 08 Aug 2023 00:04:59 +0000
ROA not before: Tue 08 Aug 2023 00:04:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
2001:67c:64:ffff:0:189:d276:27f/128 maxlen: 128
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d2:76:0c:87:9c:f0:d4:4d:a8:84:94:73:d4:57:a5:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Aug 8 00:04:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=39c975d7d3937f52f1d3756f9bc9e6b6dae67a94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:78:ae:63:18:e3:45:35:96:52:be:97:aa:38:
98:72:77:2b:1d:c4:a1:25:cb:5e:c8:00:20:e7:fd:
3f:bd:92:5c:32:7d:41:be:f6:75:94:af:6a:00:7e:
0d:80:2b:90:5e:fe:cf:f2:36:1c:b5:27:77:8c:db:
6a:bd:7d:d8:f9:ab:ef:de:c2:87:45:c7:e3:dd:9b:
79:ce:ad:08:41:49:b7:b7:94:51:9c:16:37:94:e2:
1e:cd:9e:99:1c:49:6d:4a:07:f2:80:5a:34:50:47:
2c:26:2c:f0:86:51:1d:2c:dc:fb:c7:3b:50:3e:1c:
55:15:89:eb:02:47:92:19:df:b6:11:01:75:0b:64:
af:e2:97:c0:e0:68:fe:a0:29:ea:65:3c:2a:75:0e:
10:86:ca:5d:82:3e:e5:47:58:39:ce:06:58:e6:36:
b2:35:2b:06:62:03:28:8d:c9:77:62:c6:89:84:04:
56:19:ca:aa:3e:ea:d9:c7:eb:5e:4e:40:6e:c9:b4:
cf:52:d7:d6:3e:5d:0f:96:b3:2e:69:aa:f8:2f:eb:
e9:03:0b:da:22:35:1b:3b:4d:0f:9e:71:d4:10:41:
b6:85:b0:28:ac:be:98:37:09:45:08:4f:d9:b1:8a:
1b:46:11:ca:d8:71:2c:c9:5b:36:d0:7b:a5:c7:33:
34:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:C9:75:D7:D3:93:7F:52:F1:D3:75:6F:9B:C9:E6:B6:DA:E6:7A:94
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Ocl119OTf1Lx03Vvm8nmttrmepQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
b1:e4:71:ef:68:7c:15:f5:d0:db:54:85:e2:a0:07:e7:99:8d:
d8:f0:83:8c:53:65:e5:99:b9:ab:6b:e8:27:61:62:2e:38:e3:
62:4a:9c:9a:8b:64:71:35:40:4d:da:6e:17:53:e7:8e:e5:a0:
f8:aa:c4:7c:c5:2a:75:23:70:bb:f6:d3:bc:30:dc:96:4c:01:
83:14:e4:a3:db:97:37:5e:db:87:d8:b7:c7:cd:35:9c:d5:12:
c7:82:7f:96:71:1c:f7:4f:6c:5f:ea:66:41:29:eb:02:fb:47:
84:d1:a4:22:36:54:d8:46:42:27:27:81:27:38:75:08:d3:82:
f2:85:f2:b5:3c:48:71:f9:a6:60:05:7c:7a:eb:5f:0d:22:b2:
6b:b0:53:9d:6f:7c:af:55:e3:f5:19:bb:da:d3:a8:94:b6:1d:
1a:88:20:61:9f:c1:1b:fe:3c:01:89:a6:d7:07:e9:dc:81:b7:
8e:11:ca:4d:56:ab:15:f2:d8:46:ac:33:fa:72:b5:b9:bd:49:
30:2f:c4:cd:8a:dd:52:8a:1c:d3:65:67:5b:45:69:88:de:55:
db:24:2e:3e:df:d7:df:08:a4:7a:57:f9:4b:05:be:11:59:74:
2c:3a:cd:fb:4d:a7:b4:b0:bc:05:40:fd:96:d9:64:f0:be:97:
93:a4:c5:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYnSdgyHnPDUTaiElHPUV6XCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODA4MDAwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWM5NzVkN2QzOTM3ZjUyZjFkMzc1NmY5YmM5ZTZiNmRhZTY3YTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3iuYxjjRTWWUr6XqjiYcncrHcSh
JcteyAAg5/0/vZJcMn1BvvZ1lK9qAH4NgCuQXv7P8jYctSd3jNtqvX3Y+avv3sKH
Rcfj3Zt5zq0IQUm3t5RRnBY3lOIezZ6ZHEltSgfygFo0UEcsJizwhlEdLNz7xztQ
PhxVFYnrAkeSGd+2EQF1C2Sv4pfA4Gj+oCnqZTwqdQ4Qhspdgj7lR1g5zgZY5jay
NSsGYgMojcl3YsaJhARWGcqqPurZx+teTkBuybTPUtfWPl0PlrMuaar4L+vpAwva
IjUbO00PnnHUEEG2hbAorL6YNwlFCE/ZsYobRhHK2HEsyVs20HulxzM0qwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDnJddfTk39S8dN1b5vJ5rba5nqUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT2NsMTE5T1RmMUx4MDNWdm04bm10dHJtZXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALHkce9ofBX10NtUheKg
B+eZjdjwg4xTZeWZuatr6CdhYi4442JKnJqLZHE1QE3abhdT547loPiqxHzFKnUj
cLv207ww3JZMAYMU5KPblzde24fYt8fNNZzVEseCf5ZxHPdPbF/qZkEp6wL7R4TR
pCI2VNhGQicngSc4dQjTgvKF8rU8SHH5pmAFfHrrXw0ismuwU51vfK9V4/UZu9rT
qJS2HRqIIGGfwRv+PAGJptcH6dyBt44Ryk1WqxXy2EasM/pytbm9STAvxM2K3VKK
HNNlZ1tFaYjeVdskLj7f198IpHpX+UsFvhFZdCw6zftNp7SwvAVA/ZbZZPC+l5Ok
xTU=
-----END CERTIFICATE-----
Generated at Tue Jun 10 14:37:35 2025 by rpki-client