Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/ghqn-muCNVsTQMhe42efDdZIXCw.roa
File: ghqn-muCNVsTQMhe42efDdZIXCw.roa (raw, json)
Hash identifier: GNaFb23tSl5sz4ubS7G255aWbdcdj7wdpPO4oDMVYik=
Subject key identifier: 82:1A:A7:FA:6B:82:35:5B:13:40:C8:5E:E3:67:9F:0D:D6:48:5C:2C
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018CD19BA7E66B49686CF75C2E8DEE9C31DB
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/ghqn-muCNVsTQMhe42efDdZIXCw.roa
Signing time: Wed 03 Jan 2024 23:14:48 +0000
ROA not before: Wed 03 Jan 2024 23:14:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:d1:9b:a7:e6:6b:49:68:6c:f7:5c:2e:8d:ee:9c:31:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Jan 3 23:14:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=821aa7fa6b82355b1340c85ee3679f0dd6485c2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:e3:3f:61:7a:cb:d9:f6:42:12:81:ee:72:97:
a7:85:6e:71:8d:23:dd:43:c4:97:ed:7f:6d:23:0c:
65:c4:b3:06:41:bf:60:4a:1c:ef:9d:6a:01:ba:a2:
c1:b2:b1:c9:a2:e0:06:9c:4a:7c:ef:c4:a7:5e:5a:
0c:a0:dc:d0:03:16:07:7e:45:93:ee:d6:6f:59:e9:
31:bd:76:63:43:b9:c2:0b:52:56:df:a6:e2:a8:ca:
10:af:b8:67:b5:1e:36:78:e8:a6:6e:bb:8b:26:d5:
8b:4a:20:59:0b:8f:c5:d0:da:3c:58:95:b3:d0:95:
1f:a4:6d:e2:16:42:af:df:41:4f:a5:b0:72:20:f4:
dd:0b:1f:4a:91:f1:58:30:a5:54:a3:81:57:50:b4:
a0:7a:d4:85:6d:a5:79:ea:63:d2:a5:09:3d:19:1c:
71:73:ba:4c:d9:96:84:7f:84:10:dc:73:b5:3e:14:
5d:78:6f:6d:05:54:b6:6a:8e:77:17:99:bd:5b:ed:
90:c1:7d:34:17:e8:bf:3c:66:aa:7e:21:0b:d1:3c:
c2:fc:ed:20:89:3d:66:f7:79:a0:84:46:11:c5:65:
14:47:0c:40:c0:e6:7d:51:b4:8d:b6:aa:ec:c3:6e:
67:e3:27:26:34:00:21:f6:46:00:fe:7c:c0:b1:35:
9b:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:1A:A7:FA:6B:82:35:5B:13:40:C8:5E:E3:67:9F:0D:D6:48:5C:2C
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/ghqn-muCNVsTQMhe42efDdZIXCw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
26:79:23:bb:d9:9e:e9:f6:7b:50:43:aa:be:0b:33:22:7d:2c:
7d:74:10:34:36:45:57:3c:a3:5a:1b:64:83:18:c0:35:02:11:
74:82:c1:97:ac:54:13:e5:0b:98:98:78:70:52:44:1e:44:b5:
17:25:b0:39:86:a1:20:fb:2f:ae:58:07:ad:f8:fc:1c:d4:94:
61:41:00:67:b9:b5:90:ab:f1:34:90:5b:e8:b7:e9:ef:80:9b:
bc:ad:2f:8c:34:02:2d:4d:83:27:1e:24:99:a1:cc:35:36:d7:
16:5a:13:ca:16:35:e5:5e:81:63:71:15:97:cf:c2:33:df:b7:
44:28:56:8e:c2:22:79:a7:58:30:14:c3:42:0a:af:5b:6c:83:
1a:57:89:78:9c:42:32:96:12:5a:6c:27:47:e3:f1:a9:f0:0f:
2f:c6:36:f8:62:ac:c6:0d:fe:8e:00:83:3e:71:55:ab:7e:4e:
96:f2:2a:36:90:3f:23:38:6a:a0:a1:ec:48:b1:b9:39:c7:c2:
12:9a:72:71:4c:ac:6a:f4:30:f1:e3:35:bc:4e:89:84:ed:d6:
48:dc:77:9a:be:c1:41:30:49:ad:3f:27:0f:8f:e4:04:0e:b5:
77:de:cd:19:c9:37:e7:3a:7d:1f:f9:ae:6a:81:b2:b2:d4:b4:
77:b0:a2:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzRm6fma0lobPdcLo3unDHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMTAzMjMxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjFhYTdmYTZiODIzNTViMTM0MGM4NWVlMzY3OWYwZGQ2NDg1YzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeM/YXrL2fZCEoHucpenhW5xjSPd
Q8SX7X9tIwxlxLMGQb9gShzvnWoBuqLBsrHJouAGnEp878SnXloMoNzQAxYHfkWT
7tZvWekxvXZjQ7nCC1JW36biqMoQr7hntR42eOimbruLJtWLSiBZC4/F0No8WJWz
0JUfpG3iFkKv30FPpbByIPTdCx9KkfFYMKVUo4FXULSgetSFbaV56mPSpQk9GRxx
c7pM2ZaEf4QQ3HO1PhRdeG9tBVS2ao53F5m9W+2QwX00F+i/PGaqfiEL0TzC/O0g
iT1m93mghEYRxWUURwxAwOZ9UbSNtqrsw25n4ycmNAAh9kYA/nzAsTWbZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIIap/prgjVbE0DIXuNnnw3WSFwsMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvZ2hxbi1tdUNOVnNUUU1oZTQyZWZEZFpJWEN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACZ5I7vZnun2e1BDqr4L
MyJ9LH10EDQ2RVc8o1obZIMYwDUCEXSCwZesVBPlC5iYeHBSRB5EtRclsDmGoSD7
L65YB634/BzUlGFBAGe5tZCr8TSQW+i36e+Am7ytL4w0Ai1NgyceJJmhzDU21xZa
E8oWNeVegWNxFZfPwjPft0QoVo7CInmnWDAUw0IKr1tsgxpXiXicQjKWElpsJ0fj
8anwDy/GNvhirMYN/o4Agz5xVat+TpbyKjaQPyM4aqCh7EixuTnHwhKacnFMrGr0
MPHjNbxOiYTt1kjcd5q+wUEwSa0/Jw+P5AQOtXfezRnJN+c6fR/5rmqBsrLUtHew
opo=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:23:45 2025 by rpki-client