Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/Kghkwknf5WjqXj3WQijlklbqaac.roa
File: Kghkwknf5WjqXj3WQijlklbqaac.roa (raw, json)
Hash identifier: 1o6FesL8NPGSA9Tctps23NtSJ/TmhVQaBK/A4RNOWPs=
Subject key identifier: 2A:08:64:C2:49:DF:E5:68:EA:5E:3D:D6:42:28:E5:92:56:EA:69:A7
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018D943B12776A6697E5307BD9CE5B111719
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/Kghkwknf5WjqXj3WQijlklbqaac.roa
Signing time: Sat 10 Feb 2024 18:15:15 +0000
ROA not before: Sat 10 Feb 2024 18:15:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:4013:c01e/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:94:3b:12:77:6a:66:97:e5:30:7b:d9:ce:5b:11:17:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Feb 10 18:15:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2a0864c249dfe568ea5e3dd64228e59256ea69a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:a9:14:be:a4:cb:a7:8b:c6:c5:04:77:25:15:
5f:3a:4b:99:e7:27:ad:6b:5d:e4:15:54:f5:7d:eb:
b1:fa:d1:d1:fa:91:ad:7e:48:03:7a:41:a5:43:72:
de:08:02:21:19:8a:d1:d7:dd:a7:e1:fe:3d:8f:4f:
67:f8:98:35:dc:8e:04:b6:d2:f1:36:8a:1b:31:91:
da:65:cc:90:ae:3d:17:d4:6c:97:68:26:36:5a:18:
af:c2:15:1a:1c:fe:8b:99:a2:30:5b:a1:94:bb:3b:
89:fd:f1:b6:06:f5:9b:6e:97:fc:10:e5:98:00:f4:
eb:f7:2a:47:0c:31:28:9b:55:5c:0d:88:38:ed:dd:
df:47:e7:19:9d:b3:dc:9c:47:8a:99:67:bf:7d:58:
8e:72:7c:e0:82:7d:bc:1e:41:a5:a7:df:6d:c5:8a:
c0:e7:43:fb:cc:16:e8:ae:a8:df:a0:df:22:ea:bd:
04:ea:21:9c:4f:57:d9:66:ed:43:c3:87:6c:b4:3f:
d3:25:b1:10:1f:57:3f:f9:85:cf:d0:dd:88:68:8a:
48:94:0c:03:f8:f9:a0:e2:55:83:33:1e:05:80:05:
b3:36:34:48:a5:5d:f1:3d:ce:c4:86:6b:9a:21:09:
d9:3a:b5:e9:92:ab:8f:12:3d:e3:9f:53:2a:96:ce:
f1:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:08:64:C2:49:DF:E5:68:EA:5E:3D:D6:42:28:E5:92:56:EA:69:A7
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/Kghkwknf5WjqXj3WQijlklbqaac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
1b:b0:4d:28:1c:17:0c:8e:82:da:f4:b4:bd:d7:0c:70:10:41:
b4:ee:73:c5:9e:2c:b6:1d:fa:c1:bc:2a:d2:42:01:7c:f3:22:
0f:68:ec:e3:5c:52:8f:04:55:9c:6a:48:00:05:1d:08:a4:1b:
63:6b:c1:ef:1c:07:62:fd:b9:8d:f0:82:0a:83:6c:70:b7:85:
29:c8:66:b2:2c:f3:8f:d8:e4:bf:0b:05:48:ee:c8:fb:7b:f7:
60:0e:c2:be:69:b6:03:7e:c8:17:76:60:0c:28:4f:01:4b:bc:
a3:44:e0:3a:aa:9f:7c:1c:35:70:ea:99:43:12:74:1a:7d:1d:
3d:24:35:43:2b:65:11:92:e1:cd:a9:96:9c:03:46:9b:e7:d6:
d1:7d:9e:8b:84:1d:69:4e:84:47:04:54:f1:bf:ca:4c:0c:eb:
19:d3:ef:08:1a:24:60:39:e8:50:b1:bb:17:95:5f:22:69:a7:
27:c6:e4:87:43:3d:3b:46:5e:46:1d:03:4d:9f:eb:47:c0:d0:
fe:b9:d7:e3:4a:2c:12:c9:06:b9:7c:10:e3:7d:af:1d:96:bd:
a7:67:f0:2a:6f:1e:c2:97:97:e9:db:31:4b:a8:55:bb:d8:4d:
40:79:a9:78:23:66:1d:fc:36:4b:c8:00:b9:14:51:d6:e7:54:
0b:a7:f5:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2UOxJ3amaX5TB72c5bERcZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjEwMTgxNTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTA4NjRjMjQ5ZGZlNTY4ZWE1ZTNkZDY0MjI4ZTU5MjU2ZWE2OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2KkUvqTLp4vGxQR3JRVfOkuZ5yet
a13kFVT1feux+tHR+pGtfkgDekGlQ3LeCAIhGYrR192n4f49j09n+Jg13I4EttLx
NoobMZHaZcyQrj0X1GyXaCY2WhivwhUaHP6LmaIwW6GUuzuJ/fG2BvWbbpf8EOWY
APTr9ypHDDEom1VcDYg47d3fR+cZnbPcnEeKmWe/fViOcnzggn28HkGlp99txYrA
50P7zBborqjfoN8i6r0E6iGcT1fZZu1Dw4dstD/TJbEQH1c/+YXP0N2IaIpIlAwD
+Pmg4lWDMx4FgAWzNjRIpV3xPc7EhmuaIQnZOrXpkquPEj3jn1Mqls7x0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCoIZMJJ3+Vo6l491kIo5ZJW6mmnMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvS2doa3drbmY1V2pxWGozV1FpamxrbGJxYWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABuwTSgcFwyOgtr0tL3X
DHAQQbTuc8WeLLYd+sG8KtJCAXzzIg9o7ONcUo8EVZxqSAAFHQikG2Nrwe8cB2L9
uY3wggqDbHC3hSnIZrIs84/Y5L8LBUjuyPt792AOwr5ptgN+yBd2YAwoTwFLvKNE
4Dqqn3wcNXDqmUMSdBp9HT0kNUMrZRGS4c2plpwDRpvn1tF9nouEHWlOhEcEVPG/
ykwM6xnT7wgaJGA56FCxuxeVXyJppyfG5IdDPTtGXkYdA02f60fA0P651+NKLBLJ
Brl8EON9rx2Wvadn8CpvHsKXl+nbMUuoVbvYTUB5qXgjZh38NkvIALkUUdbnVAun
9dM=
-----END CERTIFICATE-----
Generated at Sun Apr 20 18:09:56 2025 by rpki-client