Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5nqxC7A7VWUBVs0r3zLWKySSpZw.roa
File: 5nqxC7A7VWUBVs0r3zLWKySSpZw.roa (raw, json)
Hash identifier: oSbgKMayem8dhWuqFwFcm+hfVmFqv84dvQxSfajMOMQ=
Subject key identifier: E6:7A:B1:0B:B0:3B:55:65:01:56:CD:2B:DF:32:D6:2B:24:92:A5:9C
Certificate issuer: /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial: 018CC3B6AA696C78457C397CAB5D7306604D
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5nqxC7A7VWUBVs0r3zLWKySSpZw.roa
Signing time: Mon 01 Jan 2024 06:29:37 +0000
ROA not before: Mon 01 Jan 2024 06:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1136
IP address blocks: 2a07:3502:10e0::/48 maxlen: 48
2a07:3500:1ac0::/48 maxlen: 48
2a07:3500:1bc0::/48 maxlen: 48
2a07:3500:1b48::/48 maxlen: 48
2a07:3500:1020::/48 maxlen: 48
2a07:3500:1c00::/48 maxlen: 48
2a07:3500:1b30::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:aa:69:6c:78:45:7c:39:7c:ab:5d:73:06:60:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
Validity
Not Before: Jan 1 06:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e67ab10bb03b55650156cd2bdf32d62b2492a59c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:73:c6:34:8f:23:5f:cd:1b:8b:5f:b9:3e:b0:
bd:0d:3b:96:3a:12:9d:88:11:06:20:ad:c0:1e:b0:
a6:8a:b8:cb:08:57:de:f1:78:6b:61:d9:73:b0:44:
3e:84:89:23:e1:cd:4c:a7:cb:b1:f7:9b:8b:06:c6:
2b:59:ec:e8:b5:29:fe:53:b5:b9:92:a8:e3:90:6d:
20:5e:1b:a4:f4:68:4f:1b:27:70:86:07:56:f5:c7:
71:6e:e0:86:cb:4f:c6:fe:ae:48:1b:9a:f6:fd:af:
84:be:e1:15:b0:52:db:80:1a:9e:a8:ee:16:c0:ca:
e7:d0:42:09:e7:08:4d:93:42:d8:be:0e:34:43:8c:
7e:c5:64:1f:b6:0c:7f:12:f3:b3:27:67:eb:4b:5e:
42:c8:0f:10:c3:78:45:4f:58:86:58:3e:b7:ed:22:
38:51:91:9b:e4:da:bd:e3:3c:62:ba:54:35:b3:fd:
25:ce:dc:d6:4c:9d:a9:2f:ec:27:4f:ca:45:36:3d:
cc:25:57:f9:f5:8c:70:46:ea:65:04:b5:cc:35:0e:
92:33:1a:28:85:85:11:ce:0f:c6:33:36:d9:95:78:
ad:7f:af:4b:78:79:37:50:ae:af:b6:d9:33:38:eb:
da:5c:78:1b:73:9a:c0:1b:12:3d:1b:d2:45:17:ad:
fc:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:7A:B1:0B:B0:3B:55:65:01:56:CD:2B:DF:32:D6:2B:24:92:A5:9C
X509v3 Authority Key Identifier:
keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/5nqxC7A7VWUBVs0r3zLWKySSpZw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:3500:1020::/48
2a07:3500:1ac0::/48
2a07:3500:1b30::/48
2a07:3500:1b48::/48
2a07:3500:1bc0::/48
2a07:3500:1c00::/48
2a07:3502:10e0::/48
Signature Algorithm: sha256WithRSAEncryption
62:f8:22:88:c6:49:98:d3:b9:4c:ff:14:49:2e:22:25:a2:8c:
15:af:9e:90:d5:89:da:48:9f:79:27:a3:86:52:50:61:a2:e0:
c2:41:ec:73:65:bf:43:52:d0:83:b9:32:0b:97:97:52:18:2d:
44:c2:25:82:d9:8c:49:df:12:4d:a9:22:8c:8d:40:99:fd:38:
82:62:6d:1d:c8:bb:4e:1f:3f:87:e6:34:aa:91:5c:50:1f:ae:
82:ed:f7:ce:29:6b:5e:a7:b8:2c:fb:b9:ae:4e:4e:e0:0a:55:
63:d4:92:52:f9:8f:0f:c4:da:47:b4:72:f2:bd:39:2e:6d:3c:
fc:b3:32:fe:8a:3c:09:93:d9:cc:43:73:0c:29:d1:8b:05:c1:
ec:1c:39:56:43:8b:3f:07:a9:4d:84:7b:ef:ff:6c:56:a5:a0:
96:8b:01:bb:7b:8a:19:b2:a6:00:b2:dd:09:c3:00:80:3d:8c:
a5:19:9b:af:11:20:5b:1b:4f:b7:50:d3:23:b4:fd:bd:e9:ea:
ca:c8:b3:48:c7:6e:2e:e5:c7:a1:0b:4c:2d:5d:e7:05:1b:09:
8e:4e:d8:72:89:91:c6:a1:53:d1:b7:26:2d:ca:3a:61:3f:5d:
3e:73:2a:15:79:bb:a0:b4:f0:08:d5:c6:1c:48:e2:1d:4f:98:
f8:f2:91:52
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzDtqppbHhFfDl8q11zBmBNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjQwMTAxMDYyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdhYjEwYmIwM2I1NTY1MDE1NmNkMmJkZjMyZDYyYjI0OTJhNTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHPGNI8jX80bi1+5PrC9DTuWOhKd
iBEGIK3AHrCmirjLCFfe8XhrYdlzsEQ+hIkj4c1Mp8ux95uLBsYrWezotSn+U7W5
kqjjkG0gXhuk9GhPGydwhgdW9cdxbuCGy0/G/q5IG5r2/a+EvuEVsFLbgBqeqO4W
wMrn0EIJ5whNk0LYvg40Q4x+xWQftgx/EvOzJ2frS15CyA8Qw3hFT1iGWD637SI4
UZGb5Nq94zxiulQ1s/0lztzWTJ2pL+wnT8pFNj3MJVf59YxwRuplBLXMNQ6SMxoo
hYURzg/GMzbZlXitf69LeHk3UK6vttkzOOvaXHgbc5rAGxI9G9JFF6383wIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFOZ6sQuwO1VlAVbNK98y1iskkqWcMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvNW5xeEM3QTdWV1VCVnMwcjN6TFdLeVNTcFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzBFBAIAAjA/AwcAKgc1ABAg
AwcAKgc1ABrAAwcAKgc1ABswAwcAKgc1ABtIAwcAKgc1ABvAAwcAKgc1ABwAAwcA
Kgc1AhDgMA0GCSqGSIb3DQEBCwUAA4IBAQBi+CKIxkmY07lM/xRJLiIloowVr56Q
1YnaSJ95J6OGUlBhouDCQexzZb9DUtCDuTILl5dSGC1EwiWC2YxJ3xJNqSKMjUCZ
/TiCYm0dyLtOHz+H5jSqkVxQH66C7ffOKWtep7gs+7muTk7gClVj1JJS+Y8PxNpH
tHLyvTkubTz8szL+ijwJk9nMQ3MMKdGLBcHsHDlWQ4s/B6lNhHvv/2xWpaCWiwG7
e4oZsqYAst0JwwCAPYylGZuvESBbG0+3UNMjtP296erKyLNIx24u5cehC0wtXecF
GwmOTthyiZHGoVPRtyYtyjphP10+cyoVebugtPAI1cYcSOIdT5j48pFS
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:45:58 2025 by rpki-client