Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/DGrYTeWgnsaQ_1-V7pPCibsdOEI.roa
File: DGrYTeWgnsaQ_1-V7pPCibsdOEI.roa (raw, json)
Hash identifier: NZ5+mytCIxS6UjDluEdwkv/WWd0tBrVxmONme7aHLGw=
Subject key identifier: 0C:6A:D8:4D:E5:A0:9E:C6:90:FF:5F:95:EE:93:C2:89:BB:1D:38:42
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018E97A6F4BB816DBC49EA3B38B89472C98F
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/DGrYTeWgnsaQ_1-V7pPCibsdOEI.roa
Signing time: Mon 01 Apr 2024 03:14:45 +0000
ROA not before: Mon 01 Apr 2024 03:14:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
2001:67c:64:ffff:0:18d:e84f:370a/128 maxlen: 128
2001:67c:64:ffff:0:18e:76c8:d5da/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:97:a6:f4:bb:81:6d:bc:49:ea:3b:38:b8:94:72:c9:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Apr 1 03:14:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0c6ad84de5a09ec690ff5f95ee93c289bb1d3842
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:3e:8d:25:38:d1:8a:0c:d5:9b:00:69:78:0b:
ec:91:c8:3d:f2:2b:83:9e:32:ff:9f:6f:34:17:6d:
08:8c:92:6d:70:82:4d:fa:47:e1:cc:09:b9:b6:06:
94:97:38:a2:27:b4:16:6d:45:e5:3c:09:08:56:57:
4d:45:b0:64:42:4d:2f:a6:3b:73:9c:36:96:68:10:
5d:67:75:4a:ae:c8:75:b9:a9:98:fa:0d:9c:e6:66:
fc:de:56:cf:b0:dc:5e:e0:e0:9b:00:71:0e:e0:1a:
67:38:c0:83:6b:d6:8f:25:d7:bc:e0:e7:16:54:a1:
40:f9:26:b7:0d:56:61:c4:9c:36:f7:d2:ea:16:3d:
34:82:2c:07:93:9a:ad:67:98:28:a5:d0:83:68:79:
63:50:4e:27:7e:27:8a:32:b2:b2:ec:63:3e:3e:6f:
cc:f6:e3:ee:d5:f9:5b:dc:e0:0d:19:e3:9d:9f:53:
3b:de:b6:63:a6:51:7f:27:fb:3e:57:e3:89:11:e2:
0e:a7:fd:54:72:72:08:be:f1:c3:8d:8e:df:1d:b2:
2c:bb:16:32:64:3d:0d:ff:69:27:84:5c:33:54:17:
47:7f:cb:01:7b:5a:a2:3d:da:be:6e:54:8b:7d:80:
9f:7f:e1:d0:1d:b2:50:62:e9:57:b9:2c:bb:df:70:
1b:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:6A:D8:4D:E5:A0:9E:C6:90:FF:5F:95:EE:93:C2:89:BB:1D:38:42
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/DGrYTeWgnsaQ_1-V7pPCibsdOEI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
97:81:b2:ed:0b:fc:31:92:e7:55:18:35:e7:ec:92:fd:28:15:
5b:2a:36:14:d3:89:df:ff:1d:e2:de:9b:83:72:dd:b4:fe:6b:
5d:7f:06:83:3f:d8:ac:70:87:2b:46:f2:04:0f:c7:6b:c4:58:
aa:27:01:dc:c6:93:00:f1:63:f6:66:20:c2:2e:ed:cb:11:d8:
3a:9a:5a:06:09:e8:85:23:70:06:fc:b8:0e:5d:2a:2c:f6:10:
86:07:e0:f4:81:6e:bb:80:ae:5d:16:bb:0c:11:0b:15:d4:ae:
05:3d:9e:d6:99:32:d9:49:07:72:91:03:9c:cb:55:9e:97:11:
90:e4:81:4e:49:81:d6:95:6c:4a:44:e4:71:04:63:bd:21:81:
17:7e:3c:35:45:4f:45:d2:f3:32:6d:35:f4:3b:bd:8c:c1:36:
b3:6a:5c:5d:11:4a:48:cd:3a:12:19:81:4f:14:ff:79:62:c4:
82:15:51:e5:3d:3a:7f:c8:8f:73:f6:a3:8c:67:fd:10:d1:79:
34:37:eb:80:f2:d9:f3:49:24:1f:b8:37:63:ad:2c:81:c4:e5:
35:ac:ce:65:c8:5c:44:d7:b3:f5:0c:42:65:3d:65:70:1a:21:
d8:95:b9:c9:17:a8:5b:44:ec:95:0c:e3:6e:88:00:f6:61:a4:
dd:2e:02:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY6XpvS7gW28Seo7OLiUcsmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwNDAxMDMxNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzZhZDg0ZGU1YTA5ZWM2OTBmZjVmOTVlZTkzYzI4OWJiMWQzODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT6NJTjRigzVmwBpeAvskcg98iuD
njL/n280F20IjJJtcIJN+kfhzAm5tgaUlziiJ7QWbUXlPAkIVldNRbBkQk0vpjtz
nDaWaBBdZ3VKrsh1uamY+g2c5mb83lbPsNxe4OCbAHEO4BpnOMCDa9aPJde84OcW
VKFA+Sa3DVZhxJw299LqFj00giwHk5qtZ5gopdCDaHljUE4nfieKMrKy7GM+Pm/M
9uPu1flb3OANGeOdn1M73rZjplF/J/s+V+OJEeIOp/1UcnIIvvHDjY7fHbIsuxYy
ZD0N/2knhFwzVBdHf8sBe1qiPdq+blSLfYCff+HQHbJQYulXuSy733AbiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAxq2E3loJ7GkP9fle6Twom7HThCMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvREdyWVRlV2duc2FRXzEtVjdwUENpYnNkT0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJeBsu0L/DGS51UYNefs
kv0oFVsqNhTTid//HeLem4Ny3bT+a11/BoM/2KxwhytG8gQPx2vEWKonAdzGkwDx
Y/ZmIMIu7csR2DqaWgYJ6IUjcAb8uA5dKiz2EIYH4PSBbruArl0WuwwRCxXUrgU9
ntaZMtlJB3KRA5zLVZ6XEZDkgU5JgdaVbEpE5HEEY70hgRd+PDVFT0XS8zJtNfQ7
vYzBNrNqXF0RSkjNOhIZgU8U/3lixIIVUeU9On/Ij3P2o4xn/RDReTQ364Dy2fNJ
JB+4N2OtLIHE5TWszmXIXETXs/UMQmU9ZXAaIdiVuckXqFtE7JUM426IAPZhpN0u
Ajo=
-----END CERTIFICATE-----
Generated at Sat Apr 19 17:51:44 2025 by rpki-client