Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/1-Q_3C_LId9sz6ZU0X7UL6z0IST8.roa
File: 1-Q_3C_LId9sz6ZU0X7UL6z0IST8.roa (raw, json)
Hash identifier: fIqSwGI0YGYGStHm4NIVrsklDlqo2FHLHtn3fPeC3yg=
Subject key identifier: F9:0F:F7:0B:F2:C8:77:DB:33:E9:95:34:5F:B5:0B:EB:3D:08:49:3F
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018D68055496E9A8089C16979D645F3C42B1
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/1-Q_3C_LId9sz6ZU0X7UL6z0IST8.roa
Signing time: Fri 02 Feb 2024 04:13:16 +0000
ROA not before: Fri 02 Feb 2024 04:13:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:4013:c01e/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:68:05:54:96:e9:a8:08:9c:16:97:9d:64:5f:3c:42:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Feb 2 04:13:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f90ff70bf2c877db33e995345fb50beb3d08493f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:10:6d:ca:e7:08:16:94:41:87:19:ec:68:67:
62:55:3e:0c:e0:92:a3:c3:ef:e6:03:40:3e:ee:a4:
95:d2:63:d6:59:cc:80:12:29:cd:d2:3a:22:ba:7f:
03:07:45:c1:24:37:ca:4c:e4:6d:4b:a7:89:d3:9c:
2e:ef:85:f0:1c:7f:bc:d3:01:a7:76:f7:ee:ba:6b:
5e:db:83:b4:59:3a:cb:72:a0:ee:aa:b0:61:0e:e9:
a8:30:79:b3:51:af:d1:fb:23:e3:e7:84:8b:fd:49:
0b:6b:b0:e8:08:17:55:84:b2:fa:92:ab:87:e5:81:
1b:ed:ad:68:c6:0a:20:9a:cd:36:f8:5f:09:ec:25:
24:41:95:7d:d5:ae:6b:e7:4f:2b:16:23:30:34:df:
70:46:1e:06:4a:5c:a7:ec:28:72:f9:fd:a5:c5:51:
cc:ee:88:3d:b7:94:13:5c:82:c9:c4:77:3a:14:87:
1c:99:04:77:ef:a1:fb:85:b4:b9:a8:34:2b:8b:b9:
49:c5:9e:f8:7d:0a:fa:fc:d3:70:8a:4d:53:bb:6f:
37:7a:c6:da:f0:b9:f9:8c:71:dc:bd:94:5e:c0:23:
d4:73:d8:a6:5e:4d:7a:e3:f9:de:b6:04:7d:b1:88:
dc:7a:2d:c3:5d:e5:a8:cd:31:81:e1:a1:d6:34:84:
20:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:0F:F7:0B:F2:C8:77:DB:33:E9:95:34:5F:B5:0B:EB:3D:08:49:3F
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/1-Q_3C_LId9sz6ZU0X7UL6z0IST8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
23:ca:d5:20:6f:67:bf:86:10:ef:fe:c8:e3:d4:7e:cb:df:bf:
23:be:c4:f3:a8:ea:9f:56:13:ec:88:c4:25:e7:86:d4:73:1a:
84:cf:5e:e8:e5:23:87:d0:e9:8f:92:af:a2:ce:dc:ad:5a:4b:
53:18:59:9f:3e:02:92:2e:3c:f4:17:bc:54:8a:99:43:99:42:
5f:69:07:0b:a4:11:63:6a:02:3d:be:a0:fd:54:36:71:36:08:
74:c6:e5:17:5a:a9:f1:24:85:d1:ad:04:3c:d1:85:f2:aa:01:
2a:11:52:c8:37:76:e0:bd:a3:e8:bd:34:0c:f4:e0:bd:2b:d0:
b5:ea:79:61:09:8d:86:7a:f5:0c:38:c7:96:36:2f:3a:96:52:
d3:74:6a:8f:ca:d0:27:84:98:ac:b0:73:f8:47:ef:97:85:09:
dd:49:7e:bd:e3:f8:4b:57:54:92:7f:b9:1b:b2:fa:d9:d0:1a:
aa:d4:52:30:1f:5f:fd:1a:7e:21:5c:93:7e:73:1a:9e:c4:92:
4c:b0:1c:49:57:3f:65:8f:7f:c1:f7:42:ed:39:f0:fe:36:7a:
6b:a8:66:4e:ae:41:ec:f4:18:5c:25:c5:9a:d1:3f:5f:fe:59:
3e:ac:17:98:59:53:eb:db:b0:9a:b3:94:94:d3:79:00:e2:05:
94:27:bc:02
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY1oBVSW6agInBaXnWRfPEKxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjAyMDQxMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTBmZjcwYmYyYzg3N2RiMzNlOTk1MzQ1ZmI1MGJlYjNkMDg0OTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhBtyucIFpRBhxnsaGdiVT4M4JKj
w+/mA0A+7qSV0mPWWcyAEinN0joiun8DB0XBJDfKTORtS6eJ05wu74XwHH+80wGn
dvfuumte24O0WTrLcqDuqrBhDumoMHmzUa/R+yPj54SL/UkLa7DoCBdVhLL6kquH
5YEb7a1oxgogms02+F8J7CUkQZV91a5r508rFiMwNN9wRh4GSlyn7Chy+f2lxVHM
7og9t5QTXILJxHc6FIccmQR376H7hbS5qDQri7lJxZ74fQr6/NNwik1Tu283esba
8Ln5jHHcvZRewCPUc9imXk164/netgR9sYjcei3DXeWozTGB4aHWNIQg/wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPkP9wvyyHfbM+mVNF+1C+s9CEk/MB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvMS1RXzNDX0xJZDlzejZaVTBYN1VMNnowSVNUOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvZTA1MjBkLTliYTYtNDFhMy04Zjg3LWM1Mzk3OWQ2NmNh
NS8xLzA3UGFQc3VLZlVNOTQ0TTRabnMxNW8zM1A0dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQAjytUgb2e/hhDv/sjj
1H7L378jvsTzqOqfVhPsiMQl54bUcxqEz17o5SOH0OmPkq+iztytWktTGFmfPgKS
Ljz0F7xUiplDmUJfaQcLpBFjagI9vqD9VDZxNgh0xuUXWqnxJIXRrQQ80YXyqgEq
EVLIN3bgvaPovTQM9OC9K9C16nlhCY2GevUMOMeWNi86llLTdGqPytAnhJissHP4
R++XhQndSX694/hLV1SSf7kbsvrZ0Bqq1FIwH1/9Gn4hXJN+cxqexJJMsBxJVz9l
j3/B90LtOfD+NnprqGZOrkHs9BhcJcWa0T9f/lk+rBeYWVPr27Cas5SU03kA4gWU
J7wC
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:19 2025 by rpki-client