Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/QX4gcD12lgltKFbhk8Nw5mIlvlQ.roa
File: QX4gcD12lgltKFbhk8Nw5mIlvlQ.roa (raw, json)
Hash identifier: 3CrWKYW8ZXfYyatE1PnihHZAqQnAvGICtmAew4GIonY=
Subject key identifier: 41:7E:20:70:3D:76:96:09:6D:28:56:E1:93:C3:70:E6:62:25:BE:54
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018D4D6855380C8F26DB07944E279019C843
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/QX4gcD12lgltKFbhk8Nw5mIlvlQ.roa
Signing time: Sun 28 Jan 2024 00:11:39 +0000
ROA not before: Sun 28 Jan 2024 00:11:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:4013:c01e/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:4d:68:55:38:0c:8f:26:db:07:94:4e:27:90:19:c8:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Jan 28 00:11:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=417e20703d7696096d2856e193c370e66225be54
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:a0:5b:40:a1:aa:64:d1:6c:59:8e:8d:b1:71:
cd:67:4f:ba:c6:b1:9a:55:db:46:ae:3e:14:8b:87:
fa:bb:3b:45:ed:12:92:dd:dc:9a:5b:a4:7f:b5:17:
ae:a8:32:6e:c8:dd:e3:ba:b7:26:d7:6b:fa:52:03:
90:e0:f1:57:bc:fd:00:ee:f8:ba:33:25:c6:9a:dd:
50:fa:88:78:a9:1e:40:d6:7a:5f:d8:58:14:1b:85:
b1:3b:15:7e:b3:23:00:8a:65:57:1f:8e:5b:4b:12:
2c:4a:6e:d2:db:33:d7:e6:36:46:41:59:1d:ef:81:
68:fa:a1:ee:fc:cf:48:35:bf:87:5e:00:e5:2b:66:
a3:8b:6a:4d:71:ce:f8:b4:fb:f5:cd:a4:c0:f8:d8:
3d:2b:5c:01:1b:57:f5:29:44:33:7e:9a:a5:80:dd:
09:70:06:30:43:fe:81:82:11:ac:02:97:91:ff:95:
72:9e:5f:23:d5:bd:28:57:9e:59:0e:bf:37:1f:fa:
11:b6:f4:f7:c1:1c:ba:7d:e4:e5:0c:b0:eb:b3:94:
20:dd:60:83:41:c5:63:ba:54:84:eb:5b:14:68:30:
c9:c5:eb:2f:1d:67:8c:f4:c3:75:fd:d5:ce:fc:af:
5f:cc:ec:e7:4c:fb:55:08:62:46:3d:48:bd:eb:13:
49:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:7E:20:70:3D:76:96:09:6D:28:56:E1:93:C3:70:E6:62:25:BE:54
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/QX4gcD12lgltKFbhk8Nw5mIlvlQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
09:86:1b:8c:07:6b:4a:a4:d4:3a:00:9e:6a:fa:a0:9b:24:af:
c2:a8:46:86:ef:69:d6:46:a3:19:b4:2d:0b:2e:21:85:25:8f:
6b:2a:24:43:93:6a:5f:a3:cd:90:29:18:ac:56:22:c8:a2:77:
1d:58:a2:81:3c:03:88:8a:a2:6f:5e:a0:4f:60:85:83:b7:90:
ff:35:5d:bb:e8:8c:0f:c2:f4:86:cc:9b:d6:41:29:b4:ef:bf:
8b:75:be:d5:c4:93:18:da:b0:8f:94:b4:4d:2c:6a:b9:33:5e:
11:ab:0e:7b:7b:a0:17:6f:63:5f:eb:8c:47:d2:fb:5b:22:0b:
00:af:b9:b7:d8:f4:cf:40:f3:c0:93:44:1f:bd:e7:b5:fd:c9:
55:61:4c:77:d9:e6:1c:93:ca:16:b4:d3:28:52:ad:ac:13:4c:
74:53:08:c5:19:28:01:9e:87:da:75:15:32:9a:a9:74:13:8c:
ca:e1:a1:41:54:e3:12:58:64:02:a4:b0:9b:f2:4e:be:8e:cd:
3c:0d:1d:0a:43:f9:03:a8:84:88:61:9a:b7:e8:17:30:8c:79:
b9:3f:8f:99:a6:88:9d:8b:0c:f7:e0:ae:84:55:0c:9e:b2:77:
36:24:d1:ec:ee:bb:ca:d0:74:53:a4:36:27:e9:69:02:77:63:
85:c5:16:da
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY1NaFU4DI8m2weUTieQGchDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMTI4MDAxMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTdlMjA3MDNkNzY5NjA5NmQyODU2ZTE5M2MzNzBlNjYyMjViZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6BbQKGqZNFsWY6NsXHNZ0+6xrGa
VdtGrj4Ui4f6uztF7RKS3dyaW6R/tReuqDJuyN3jurcm12v6UgOQ4PFXvP0A7vi6
MyXGmt1Q+oh4qR5A1npf2FgUG4WxOxV+syMAimVXH45bSxIsSm7S2zPX5jZGQVkd
74Fo+qHu/M9INb+HXgDlK2aji2pNcc74tPv1zaTA+Ng9K1wBG1f1KUQzfpqlgN0J
cAYwQ/6BghGsApeR/5Vynl8j1b0oV55ZDr83H/oRtvT3wRy6feTlDLDrs5Qg3WCD
QcVjulSE61sUaDDJxesvHWeM9MN1/dXO/K9fzOznTPtVCGJGPUi96xNJ4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEF+IHA9dpYJbShW4ZPDcOZiJb5UMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvUVg0Z2NEMTJsZ2x0S0ZiaGs4Tnc1bUlsdmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAmGG4wHa0qk1DoAnmr6
oJskr8KoRobvadZGoxm0LQsuIYUlj2sqJEOTal+jzZApGKxWIsiidx1YooE8A4iK
om9eoE9ghYO3kP81XbvojA/C9IbMm9ZBKbTvv4t1vtXEkxjasI+UtE0sarkzXhGr
Dnt7oBdvY1/rjEfS+1siCwCvubfY9M9A88CTRB+957X9yVVhTHfZ5hyTyha00yhS
rawTTHRTCMUZKAGeh9p1FTKaqXQTjMrhoUFU4xJYZAKksJvyTr6OzTwNHQpD+QOo
hIhhmrfoFzCMebk/j5mmiJ2LDPfgroRVDJ6ydzYk0ezuu8rQdFOkNifpaQJ3Y4XF
Fto=
-----END CERTIFICATE-----
Generated at Sun Apr 20 22:45:56 2025 by rpki-client