Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/pAFCOPXKHNrX8t8wKwk6ZPq-QBM.roa
File: pAFCOPXKHNrX8t8wKwk6ZPq-QBM.roa (raw, json)
Hash identifier: ziyS8ZGeC+HUd9AsHUfAHtT7TpIxki558l7XjkCTURQ=
Subject key identifier: A4:01:42:38:F5:CA:1C:DA:D7:F2:DF:30:2B:09:3A:64:FA:BE:40:13
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018E29F81D325845B88D83002BFB111A0B9F
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/pAFCOPXKHNrX8t8wKwk6ZPq-QBM.roa
Signing time: Sun 10 Mar 2024 20:05:10 +0000
ROA not before: Sun 10 Mar 2024 20:05:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
2001:67c:64:ffff:0:18d:e84f:370a/128 maxlen: 128
2001:67c:64:ffff:0:18e:29f7:34cd/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:29:f8:1d:32:58:45:b8:8d:83:00:2b:fb:11:1a:0b:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Mar 10 20:05:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a4014238f5ca1cdad7f2df302b093a64fabe4013
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:ee:3d:4d:e1:39:d5:fd:7b:1b:9e:d5:38:60:
11:e6:ad:aa:37:53:72:4e:f1:6c:6d:fc:ff:f0:6b:
38:b6:4d:1a:c2:47:be:0f:e6:e0:d6:54:2e:c6:c2:
4e:9c:4b:16:4f:13:ce:15:eb:e9:48:ac:d0:25:f5:
5a:9e:56:af:07:f7:52:0f:f0:1d:00:ba:75:df:b6:
1a:6c:99:a9:43:5b:9f:fc:b6:61:39:4a:f6:60:54:
e5:e8:3d:0f:22:c6:fa:9f:f1:45:ae:0e:ea:f4:87:
c2:9e:86:f1:6c:8e:04:48:a7:14:88:d6:aa:a4:88:
d9:fd:b7:4c:61:13:33:e2:73:f9:49:18:88:22:d5:
9f:86:15:09:3a:81:8d:66:29:19:72:c0:94:1f:2d:
3e:bf:55:d6:da:28:79:ec:92:ec:c2:65:e2:07:be:
af:88:02:c0:01:7f:e1:ad:69:13:bb:49:22:ef:70:
b1:38:9b:38:62:8e:ed:a7:08:bd:c9:10:b8:66:b3:
f6:85:85:5a:06:ea:78:d0:1f:da:48:72:3c:38:40:
80:cc:41:9d:14:4d:e0:7b:15:dd:e5:1f:25:a8:19:
4d:1a:77:d0:79:98:b0:50:bd:4c:dc:64:38:c0:d7:
f6:61:af:4e:db:52:3a:fc:31:1a:bb:5b:2d:82:24:
34:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:01:42:38:F5:CA:1C:DA:D7:F2:DF:30:2B:09:3A:64:FA:BE:40:13
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/pAFCOPXKHNrX8t8wKwk6ZPq-QBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
11:74:7e:c0:8c:c2:fb:f4:12:2a:20:33:9f:52:80:f1:31:aa:
35:da:33:3e:4c:b3:69:83:df:51:0c:49:63:18:63:b8:d0:5b:
42:54:4d:96:b8:9d:15:b1:da:fd:4c:58:93:20:54:0d:8b:8a:
7d:5a:cd:9b:80:78:99:06:3c:7d:56:7b:88:90:57:7f:52:54:
ff:4c:9d:f1:a1:5c:47:da:dd:b1:79:10:d4:78:22:e1:94:d6:
79:40:0c:7b:6c:8a:9d:f7:1d:53:4c:fa:64:62:a5:0f:de:aa:
a4:14:c7:21:de:86:bb:20:25:08:93:8b:38:25:94:11:57:59:
09:1d:7f:9d:89:29:b9:f7:28:f3:30:d6:6e:e3:0b:c6:1d:cd:
d9:de:74:99:47:7e:cd:2b:9b:4c:ca:29:60:15:e1:35:60:72:
48:8f:4a:fa:c9:df:82:42:a2:4e:10:4a:77:33:87:c7:71:66:
99:92:c5:74:cc:57:53:38:ea:56:c2:52:58:e7:db:8b:be:eb:
10:e5:00:59:dc:0f:c4:7d:5e:fd:9a:d0:9e:c0:2e:ee:b6:87:
33:a1:39:a0:0a:a9:b4:f3:32:82:cb:f1:95:58:ae:a4:3b:55:
36:b5:04:03:20:76:d6:66:04:14:d6:2e:c7:18:46:2a:80:8c:
be:8e:36:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY4p+B0yWEW4jYMAK/sRGgufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMzEwMjAwNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDAxNDIzOGY1Y2ExY2RhZDdmMmRmMzAyYjA5M2E2NGZhYmU0MDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO49TeE51f17G57VOGAR5q2qN1Ny
TvFsbfz/8Gs4tk0awke+D+bg1lQuxsJOnEsWTxPOFevpSKzQJfVanlavB/dSD/Ad
ALp137YabJmpQ1uf/LZhOUr2YFTl6D0PIsb6n/FFrg7q9IfCnobxbI4ESKcUiNaq
pIjZ/bdMYRMz4nP5SRiIItWfhhUJOoGNZikZcsCUHy0+v1XW2ih57JLswmXiB76v
iALAAX/hrWkTu0ki73CxOJs4Yo7tpwi9yRC4ZrP2hYVaBup40B/aSHI8OECAzEGd
FE3gexXd5R8lqBlNGnfQeZiwUL1M3GQ4wNf2Ya9O21I6/DEau1stgiQ00QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKQBQjj1yhza1/LfMCsJOmT6vkATMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvcEFGQ09QWEtITnJYOHQ4d0t3azZaUHEtUUJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABF0fsCMwvv0EiogM59S
gPExqjXaMz5Ms2mD31EMSWMYY7jQW0JUTZa4nRWx2v1MWJMgVA2Lin1azZuAeJkG
PH1We4iQV39SVP9MnfGhXEfa3bF5ENR4IuGU1nlADHtsip33HVNM+mRipQ/eqqQU
xyHehrsgJQiTizgllBFXWQkdf52JKbn3KPMw1m7jC8YdzdnedJlHfs0rm0zKKWAV
4TVgckiPSvrJ34JCok4QSnczh8dxZpmSxXTMV1M46lbCUljn24u+6xDlAFncD8R9
Xv2a0J7ALu62hzOhOaAKqbTzMoLL8ZVYrqQ7VTa1BAMgdtZmBBTWLscYRiqAjL6O
NnY=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:16:09 2025 by rpki-client