Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa
File: QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa (raw, json)
Hash identifier: gbsYBItj8qfhmv5cHh4rMJUDkkXtkEnaHSQi/AXAf3Y=
Subject key identifier: 41:1C:B3:37:4E:CE:8E:BF:30:07:7A:D5:08:78:50:30:F3:BB:E1:3B
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 01866EEDB527A0739877E79663A415C1A381
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa
Signing time: Mon 20 Feb 2023 13:05:17 +0000
ROA not before: Mon 20 Feb 2023 13:05:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:186:6eec:fa44/128 maxlen: 128
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:6e:ed:b5:27:a0:73:98:77:e7:96:63:a4:15:c1:a3:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Feb 20 13:05:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=411cb3374ece8ebf30077ad508785030f3bbe13b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:46:ae:45:7f:89:80:09:a2:05:3b:30:bb:c6:
06:e5:64:78:ee:c1:6e:d8:21:37:ed:82:52:04:3a:
45:6e:14:ee:d3:79:eb:bf:cd:7d:e5:45:6d:ad:50:
b4:fe:65:71:35:89:ea:ac:bb:29:9c:61:67:26:91:
5b:2f:1b:7b:50:ef:10:98:ff:68:cd:f4:26:ca:84:
28:b1:26:47:bd:76:5e:a9:38:2f:f8:e0:76:d4:18:
38:45:ad:6f:fd:2e:67:7d:35:e6:0e:71:8c:d9:a9:
51:ba:41:88:95:9c:bc:de:b0:e6:d2:87:d7:70:7d:
4d:d0:7a:0b:6e:11:7b:0d:21:ef:c5:3c:ac:71:61:
6a:82:30:88:bb:4f:a7:0c:63:27:72:5a:3d:5d:ba:
d4:22:7d:16:b3:e7:1b:ac:b2:73:96:1e:53:e9:ce:
94:c6:0f:a9:5a:be:42:71:34:d6:0a:be:4b:8f:f0:
12:aa:16:16:24:7d:a4:55:f7:5b:30:84:e2:b7:fb:
f6:76:a0:f5:db:21:ec:59:e1:80:56:66:b1:5c:6e:
1d:87:be:41:bb:45:34:80:46:57:34:48:11:64:8f:
13:89:0b:2b:47:4c:71:38:87:c0:e9:87:5d:63:59:
e9:20:45:3e:88:ea:89:d4:2c:1f:1a:8a:20:fa:83:
63:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:1C:B3:37:4E:CE:8E:BF:30:07:7A:D5:08:78:50:30:F3:BB:E1:3B
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QRyzN07Ojr8wB3rVCHhQMPO74Ts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
2a:c4:32:59:8e:ab:a1:b3:5f:50:2c:07:ed:c1:b2:ca:80:57:
e4:f3:34:50:1e:5c:46:30:e9:0f:d1:49:71:2f:66:a9:df:31:
56:58:ce:29:11:b2:21:be:b3:3a:94:c9:9e:0f:6d:1e:2f:7c:
ab:3c:f9:f8:9b:58:60:63:6d:b7:f1:30:93:d2:36:ec:57:b5:
1b:77:43:31:de:10:44:91:e2:27:57:5c:29:fc:66:4b:4b:8a:
3d:b8:80:10:79:7a:8e:f2:42:a2:75:66:58:6c:51:25:d5:18:
6b:91:cd:35:b4:72:ad:9f:90:72:8e:59:58:8d:bf:bb:3c:7d:
fb:7a:bc:cb:27:16:d1:c8:bf:3b:0d:e2:50:be:22:bc:6e:e2:
48:52:58:fe:e8:fc:5a:9e:a3:18:b3:78:4e:da:00:cf:80:c1:
45:ee:2f:98:96:e6:0e:3c:ff:a9:fc:d7:76:36:32:53:86:47:
4f:6d:75:99:12:e3:3e:45:d3:d6:46:98:85:5d:7b:7a:ed:81:
b6:ce:34:64:77:65:49:aa:8c:4d:07:a7:42:4c:bc:3f:d7:14:
f1:ac:a2:99:fb:6f:b8:d0:05:f4:06:61:00:93:8f:2f:7d:c8:
27:3c:11:e6:6f:83:a6:8e:54:3b:43:93:8e:1f:fb:c4:0d:12:
8c:97:4d:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZu7bUnoHOYd+eWY6QVwaOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjIwMTMwNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTFjYjMzNzRlY2U4ZWJmMzAwNzdhZDUwODc4NTAzMGYzYmJlMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEauRX+JgAmiBTswu8YG5WR47sFu
2CE37YJSBDpFbhTu03nrv8195UVtrVC0/mVxNYnqrLspnGFnJpFbLxt7UO8QmP9o
zfQmyoQosSZHvXZeqTgv+OB21Bg4Ra1v/S5nfTXmDnGM2alRukGIlZy83rDm0ofX
cH1N0HoLbhF7DSHvxTyscWFqgjCIu0+nDGMnclo9XbrUIn0Ws+cbrLJzlh5T6c6U
xg+pWr5CcTTWCr5Lj/ASqhYWJH2kVfdbMITit/v2dqD12yHsWeGAVmaxXG4dh75B
u0U0gEZXNEgRZI8TiQsrR0xxOIfA6YddY1npIEU+iOqJ1CwfGoog+oNjVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEEcszdOzo6/MAd61Qh4UDDzu+E7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUVJ5ek4wN09qcjh3QjNyVkNIaFFNUE83NFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACrEMlmOq6GzX1AsB+3B
ssqAV+TzNFAeXEYw6Q/RSXEvZqnfMVZYzikRsiG+szqUyZ4PbR4vfKs8+fibWGBj
bbfxMJPSNuxXtRt3QzHeEESR4idXXCn8ZktLij24gBB5eo7yQqJ1ZlhsUSXVGGuR
zTW0cq2fkHKOWViNv7s8fft6vMsnFtHIvzsN4lC+Irxu4khSWP7o/FqeoxizeE7a
AM+AwUXuL5iW5g48/6n813Y2MlOGR09tdZkS4z5F09ZGmIVde3rtgbbONGR3ZUmq
jE0Hp0JMvD/XFPGsopn7b7jQBfQGYQCTjy99yCc8EeZvg6aOVDtDk44f+8QNEoyX
TcA=
-----END CERTIFICATE-----
Generated at Wed Jun 11 05:55:36 2025 by rpki-client