Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/3heptGAsv_kPEYO5OXL64wXz1eQ.roa
File: 3heptGAsv_kPEYO5OXL64wXz1eQ.roa (raw, json)
Hash identifier: g0Pg6JXZCpOfrS7bj1Bi/nlKVeZcp0FTzxSDh0xag9g=
Subject key identifier: DE:17:A9:B4:60:2C:BF:F9:0F:11:83:B9:39:72:FA:E3:05:F3:D5:E4
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018D3E2E822ACBF38B7D44E705FCB6DD8834
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/3heptGAsv_kPEYO5OXL64wXz1eQ.roa
Signing time: Thu 25 Jan 2024 01:14:11 +0000
ROA not before: Thu 25 Jan 2024 01:14:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3e:2e:82:2a:cb:f3:8b:7d:44:e7:05:fc:b6:dd:88:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Jan 25 01:14:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=de17a9b4602cbff90f1183b93972fae305f3d5e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:a2:05:30:9c:59:58:ab:40:9b:6f:b5:45:b0:
dc:89:be:c8:67:e5:bb:a7:7f:ef:aa:cd:c6:13:3e:
82:ab:9f:bb:b9:54:27:5b:2e:13:ef:76:9a:7d:6a:
01:c2:4b:76:63:17:8c:28:f4:40:39:46:79:c2:0c:
c2:f3:0e:00:df:ea:3c:c2:4d:4d:05:3f:61:ed:b8:
d2:98:13:0a:96:c3:c9:63:7b:f2:11:5b:a6:50:34:
6f:62:db:c1:09:62:04:b8:80:f7:dd:e5:39:b9:78:
57:c0:09:9e:0d:2f:ee:61:d4:63:00:e1:69:a4:19:
3b:93:37:f0:ab:e9:13:76:74:65:c9:58:ff:e8:57:
b3:1c:f9:26:99:76:14:a8:e7:2a:e7:54:ba:6e:19:
d6:b8:82:d4:c8:48:48:58:d3:55:d9:1d:17:29:0c:
75:72:04:d3:be:3e:16:67:17:92:9a:8b:b7:76:fd:
7d:2a:f3:5d:93:07:2a:5a:c6:25:db:37:68:d5:bf:
1a:cc:aa:f1:3a:cd:5a:b5:6a:15:7a:62:c2:e4:23:
70:ba:eb:aa:66:a7:bb:b5:c0:62:b5:29:92:ff:1e:
fd:12:72:59:37:e5:f3:93:1b:e8:9e:f8:83:0f:2b:
91:19:ab:d7:ca:cc:c5:fe:3c:99:31:de:96:95:e4:
f2:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:17:A9:B4:60:2C:BF:F9:0F:11:83:B9:39:72:FA:E3:05:F3:D5:E4
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/3heptGAsv_kPEYO5OXL64wXz1eQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
9e:16:2a:23:7d:da:35:54:8b:15:a4:72:c3:b1:87:bf:4f:8a:
21:94:dd:b6:ac:d3:82:6b:3d:cc:9c:75:9c:3c:18:6e:c4:fc:
f7:eb:18:04:71:0d:61:59:fb:9b:67:88:f2:b8:37:e8:0e:50:
97:3d:97:81:9c:5a:fe:71:92:67:07:fe:3c:73:4f:0c:f8:af:
f0:b3:33:4f:6c:1a:3d:89:02:95:2e:39:31:14:34:f1:19:79:
d1:20:09:88:46:55:87:06:30:d3:fa:98:ef:c4:c0:e6:fa:bc:
9b:a1:00:df:a0:85:4c:29:87:5e:cc:a2:ae:87:e7:e9:94:78:
b0:cf:56:a4:91:1b:10:4d:87:41:92:cc:66:47:57:25:c5:5b:
37:87:c8:63:27:5b:7f:4b:ed:b9:81:59:02:4d:ae:5e:e0:21:
33:05:0e:0c:a2:92:a7:c3:03:c9:86:84:f1:9d:64:b3:bd:c9:
bd:9d:7d:f5:30:4e:21:65:9f:6b:ae:03:75:28:b2:07:08:20:
9a:ff:31:5f:1c:9f:5a:8e:d4:f0:f7:7d:d2:65:55:4c:8d:ce:
7c:63:f8:50:4c:96:2e:70:c6:f0:a3:48:5e:b8:81:53:6f:74:
6b:69:c6:6b:87:e2:b7:f7:49:d1:79:a9:55:e7:fb:87:45:8c:
41:40:da:12
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY0+LoIqy/OLfUTnBfy23Yg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMTI1MDExNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTE3YTliNDYwMmNiZmY5MGYxMTgzYjkzOTcyZmFlMzA1ZjNkNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6IFMJxZWKtAm2+1RbDcib7IZ+W7
p3/vqs3GEz6Cq5+7uVQnWy4T73aafWoBwkt2YxeMKPRAOUZ5wgzC8w4A3+o8wk1N
BT9h7bjSmBMKlsPJY3vyEVumUDRvYtvBCWIEuID33eU5uXhXwAmeDS/uYdRjAOFp
pBk7kzfwq+kTdnRlyVj/6FezHPkmmXYUqOcq51S6bhnWuILUyEhIWNNV2R0XKQx1
cgTTvj4WZxeSmou3dv19KvNdkwcqWsYl2zdo1b8azKrxOs1atWoVemLC5CNwuuuq
Zqe7tcBitSmS/x79EnJZN+XzkxvonviDDyuRGavXyszF/jyZMd6WleTycwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN4XqbRgLL/5DxGDuTly+uMF89XkMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvM2hlcHRHQXN2X2tQRVlPNU9YTDY0d1h6MWVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ4WKiN92jVUixWkcsOx
h79PiiGU3bas04JrPcycdZw8GG7E/PfrGARxDWFZ+5tniPK4N+gOUJc9l4GcWv5x
kmcH/jxzTwz4r/CzM09sGj2JApUuOTEUNPEZedEgCYhGVYcGMNP6mO/EwOb6vJuh
AN+ghUwph17Moq6H5+mUeLDPVqSRGxBNh0GSzGZHVyXFWzeHyGMnW39L7bmBWQJN
rl7gITMFDgyikqfDA8mGhPGdZLO9yb2dffUwTiFln2uuA3UosgcIIJr/MV8cn1qO
1PD3fdJlVUyNznxj+FBMli5wxvCjSF64gVNvdGtpxmuH4rf3SdF5qVXn+4dFjEFA
2hI=
-----END CERTIFICATE-----
Generated at Mon Jun 9 12:40:53 2025 by rpki-client