Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/NXXbnOPxYyU7TLs2065fB3Xudq4.roa
File: NXXbnOPxYyU7TLs2065fB3Xudq4.roa (raw, json)
Hash identifier: IlbGVLH1bnUYECCQ+RZBLgVUkSnGYQ7wDBhwF/PSm0U=
Subject key identifier: 35:75:DB:9C:E3:F1:63:25:3B:4C:BB:36:D3:AE:5F:07:75:EE:76:AE
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018DF159282C2B0316522B56A46868BCBD2F
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/NXXbnOPxYyU7TLs2065fB3Xudq4.roa
Signing time: Wed 28 Feb 2024 20:12:48 +0000
ROA not before: Wed 28 Feb 2024 20:12:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
2001:67c:64:ffff:0:18d:e84f:370a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f1:59:28:2c:2b:03:16:52:2b:56:a4:68:68:bc:bd:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Feb 28 20:12:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3575db9ce3f163253b4cbb36d3ae5f0775ee76ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:f6:98:bb:cf:a7:e1:1a:65:5f:bb:d5:6f:ce:
de:d7:70:43:84:f3:77:9b:87:77:34:f1:f5:10:04:
7c:76:71:0f:94:64:a0:f8:6f:a5:37:90:9e:5f:df:
b3:81:cf:63:85:49:0c:0c:4c:b0:f5:73:0e:21:3a:
46:34:6c:59:65:cc:84:bc:f3:2f:1d:d9:c6:c6:ea:
13:a4:ee:bb:53:09:3a:51:1d:b7:ac:7a:3f:f5:c1:
52:54:7d:6e:a4:64:b1:fa:55:08:f4:5c:d6:3f:bd:
46:8c:51:6b:48:8d:75:63:b6:81:e1:17:9e:44:bf:
d6:38:3b:a2:f6:de:40:be:b1:ed:07:a2:a9:6e:a7:
da:22:35:01:dd:d5:b6:56:b0:7e:31:5b:59:1a:31:
a1:9b:4c:95:4f:1a:53:94:61:84:13:3f:56:80:7c:
12:75:5b:a2:65:31:52:e4:d4:b7:7c:d2:47:bb:e7:
01:fa:68:37:e2:55:f1:50:cb:6b:49:28:b5:7e:98:
be:27:bf:47:bd:a1:4b:04:af:f1:f1:9a:50:5a:8d:
d7:88:7a:03:51:e1:2f:50:86:d8:94:29:b0:ac:ab:
5b:73:d2:f9:ce:7a:82:fb:8d:4c:f4:64:65:fa:07:
cd:11:45:c5:60:a9:c1:b3:5a:76:54:fb:c9:6f:fa:
a0:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:75:DB:9C:E3:F1:63:25:3B:4C:BB:36:D3:AE:5F:07:75:EE:76:AE
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/NXXbnOPxYyU7TLs2065fB3Xudq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
5d:73:4f:9a:ba:10:55:8f:67:9d:b2:56:19:89:a8:01:49:d1:
53:dd:ae:44:9c:22:6b:07:93:5a:79:4c:2e:aa:57:6b:2b:ff:
ba:53:a6:06:9f:90:6a:57:20:f9:19:f1:bd:bf:19:63:89:c9:
7c:b7:84:cf:f7:f5:37:04:5d:e1:16:27:36:07:ad:d2:69:33:
3a:67:b1:90:a9:b1:62:8e:ae:e3:aa:aa:05:4f:98:68:9e:2b:
30:c3:f6:0b:9f:3e:6b:72:70:a0:de:53:43:41:dc:89:e1:f8:
c0:70:a6:71:21:c6:5a:bb:06:a3:6a:87:77:e5:41:44:45:9e:
a4:4c:96:3b:42:d7:c5:34:6f:1a:44:76:40:dd:f1:f0:cf:f0:
92:ed:75:a4:ae:96:9b:81:db:23:f2:b0:f3:a9:2e:dd:c0:28:
b6:e6:29:b8:b4:0f:bf:37:12:da:23:07:52:d5:ee:b7:42:c6:
24:63:6c:3e:b0:5d:91:10:c4:29:75:37:4b:d6:6c:61:e6:6e:
62:e9:1e:ae:5f:47:cc:05:35:d1:f5:19:48:47:d7:4f:c7:da:
60:05:7e:c5:2c:48:12:16:be:5b:68:03:64:a1:4c:26:ef:9f:
d9:6d:fa:c1:b9:26:86:83:60:f4:69:33:70:1a:5c:8f:08:84:
2c:a0:91:ba
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY3xWSgsKwMWUitWpGhovL0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjI4MjAxMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTc1ZGI5Y2UzZjE2MzI1M2I0Y2JiMzZkM2FlNWYwNzc1ZWU3NmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvaYu8+n4RplX7vVb87e13BDhPN3
m4d3NPH1EAR8dnEPlGSg+G+lN5CeX9+zgc9jhUkMDEyw9XMOITpGNGxZZcyEvPMv
HdnGxuoTpO67Uwk6UR23rHo/9cFSVH1upGSx+lUI9FzWP71GjFFrSI11Y7aB4Ree
RL/WODui9t5AvrHtB6KpbqfaIjUB3dW2VrB+MVtZGjGhm0yVTxpTlGGEEz9WgHwS
dVuiZTFS5NS3fNJHu+cB+mg34lXxUMtrSSi1fpi+J79HvaFLBK/x8ZpQWo3XiHoD
UeEvUIbYlCmwrKtbc9L5znqC+41M9GRl+gfNEUXFYKnBs1p2VPvJb/qgxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDV125zj8WMlO0y7NtOuXwd17nauMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvTlhYYm5PUHhZeVU3VExzMjA2NWZCM1h1ZHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAF1zT5q6EFWPZ52yVhmJ
qAFJ0VPdrkScImsHk1p5TC6qV2sr/7pTpgafkGpXIPkZ8b2/GWOJyXy3hM/39TcE
XeEWJzYHrdJpMzpnsZCpsWKOruOqqgVPmGieKzDD9gufPmtycKDeU0NB3Inh+MBw
pnEhxlq7BqNqh3flQURFnqRMljtC18U0bxpEdkDd8fDP8JLtdaSulpuB2yPysPOp
Lt3AKLbmKbi0D783EtojB1LV7rdCxiRjbD6wXZEQxCl1N0vWbGHmbmLpHq5fR8wF
NdH1GUhH10/H2mAFfsUsSBIWvltoA2ShTCbvn9lt+sG5JoaDYPRpM3AaXI8IhCyg
kbo=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:15:14 2025 by rpki-client