Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/JT2qZ5BHEi9UKPEHL0FaDnKws-g.roa
File: JT2qZ5BHEi9UKPEHL0FaDnKws-g.roa (raw, json)
Hash identifier: BeAnEkmr5c4MUSqN5FvKTOo3Qo/oWQmR9ulZzMlIBnY=
Subject key identifier: 25:3D:AA:67:90:47:12:2F:54:28:F1:07:2F:41:5A:0E:72:B0:B3:E8
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018A7FDD1EC5D2773B381A335B6CD7A6366B
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/JT2qZ5BHEi9UKPEHL0FaDnKws-g.roa
Signing time: Sun 10 Sep 2023 16:11:52 +0000
ROA not before: Sun 10 Sep 2023 16:11:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:7f:dd:1e:c5:d2:77:3b:38:1a:33:5b:6c:d7:a6:36:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 10 16:11:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=253daa679047122f5428f1072f415a0e72b0b3e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:68:f2:59:f8:2d:6c:91:1d:cc:90:06:41:09:
ff:f2:f3:6e:fa:2d:a0:22:8a:f2:69:f0:70:c4:d3:
5c:54:9a:85:f6:2f:d0:fe:f2:fb:37:b9:ea:dd:be:
a4:f5:2e:b5:1a:80:a6:cd:5b:c4:a2:4a:89:36:0f:
e3:11:d0:e2:b0:79:92:54:57:d6:4b:06:82:7f:6c:
82:a9:00:7c:ed:de:2f:a7:5d:74:28:a2:d4:07:b1:
fd:20:44:24:08:47:9f:4f:be:cd:81:2a:8c:fa:54:
a3:c6:dd:b2:aa:8c:21:af:bf:e5:17:74:0d:99:f5:
78:d8:79:b3:ef:75:75:e3:9e:cc:3a:76:20:a0:3f:
90:8d:07:14:99:65:6e:75:07:0a:d4:e7:97:97:bd:
f1:25:a6:bd:e9:9e:ec:08:4b:b7:66:cf:0c:09:27:
21:bc:c4:fe:20:1a:68:a3:62:41:56:82:c6:a4:62:
e9:e1:a7:66:c5:f3:f0:b1:3b:17:7c:ad:55:05:51:
ec:bb:91:a7:42:e9:08:0f:18:b4:88:5c:1d:ae:db:
f7:ae:86:1b:85:06:6f:64:d3:bf:94:5f:87:c8:52:
84:41:f0:01:4f:ae:d1:3c:a6:91:48:b5:b4:36:bf:
a8:e1:4f:7a:1d:99:fb:46:ae:10:f7:c3:33:bc:34:
d1:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:3D:AA:67:90:47:12:2F:54:28:F1:07:2F:41:5A:0E:72:B0:B3:E8
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/JT2qZ5BHEi9UKPEHL0FaDnKws-g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
4c:4e:2a:a2:63:bd:97:dd:85:a9:c1:df:2b:df:22:f5:d8:8c:
00:c6:07:d4:6e:61:4f:f6:b1:d3:0d:f8:29:b5:56:4e:1f:c3:
2e:99:c1:6a:83:7f:b7:a0:0b:a5:69:e5:87:48:d5:72:d9:8b:
98:b9:fa:26:59:89:bd:77:ae:85:7d:f9:76:83:53:95:5f:69:
46:b1:f5:7c:bb:85:b8:c3:c9:95:b4:df:d9:00:a8:75:cf:c5:
80:14:a1:c5:91:9f:aa:45:28:a1:06:06:8b:b3:ac:c7:3f:1e:
ee:c8:f4:fb:65:f1:bd:7f:49:07:9a:db:f1:7f:4e:40:69:3e:
6c:9b:7b:7f:5b:b8:61:d7:c2:be:0b:46:04:b1:23:06:cb:b0:
37:ec:27:ed:16:9a:04:e1:60:74:dd:38:b1:7b:67:6a:4a:9e:
ca:e5:71:36:21:38:f1:07:be:75:5d:ee:5b:1e:f1:05:e4:33:
0b:46:7d:16:3b:f7:b1:80:e1:ec:ef:35:02:d4:b7:ba:34:c6:
17:55:c2:dc:73:8d:4c:30:28:d6:cb:9c:fc:51:2c:c3:1d:60:
4e:e2:57:53:02:e4:55:83:9b:d6:52:78:24:6f:a2:22:ea:f3:
f3:9d:68:88:f3:71:bc:5e:7b:b0:c1:4f:31:e2:ba:3b:ee:12:
1f:04:2e:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYp/3R7F0nc7OBozW2zXpjZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTEwMTYxMTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTNkYWE2NzkwNDcxMjJmNTQyOGYxMDcyZjQxNWEwZTcyYjBiM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GjyWfgtbJEdzJAGQQn/8vNu+i2g
IoryafBwxNNcVJqF9i/Q/vL7N7nq3b6k9S61GoCmzVvEokqJNg/jEdDisHmSVFfW
SwaCf2yCqQB87d4vp110KKLUB7H9IEQkCEefT77NgSqM+lSjxt2yqowhr7/lF3QN
mfV42Hmz73V1457MOnYgoD+QjQcUmWVudQcK1OeXl73xJaa96Z7sCEu3Zs8MCSch
vMT+IBpoo2JBVoLGpGLp4admxfPwsTsXfK1VBVHsu5GnQukIDxi0iFwdrtv3roYb
hQZvZNO/lF+HyFKEQfABT67RPKaRSLW0Nr+o4U96HZn7Rq4Q98MzvDTRQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCU9qmeQRxIvVCjxBy9BWg5ysLPoMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvSlQycVo1QkhFaTlVS1BFSEwwRmFEbkt3cy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAExOKqJjvZfdhanB3yvf
IvXYjADGB9RuYU/2sdMN+Cm1Vk4fwy6ZwWqDf7egC6Vp5YdI1XLZi5i5+iZZib13
roV9+XaDU5VfaUax9Xy7hbjDyZW039kAqHXPxYAUocWRn6pFKKEGBouzrMc/Hu7I
9Ptl8b1/SQea2/F/TkBpPmybe39buGHXwr4LRgSxIwbLsDfsJ+0WmgThYHTdOLF7
Z2pKnsrlcTYhOPEHvnVd7lse8QXkMwtGfRY797GA4ezvNQLUt7o0xhdVwtxzjUww
KNbLnPxRLMMdYE7iV1MC5FWDm9ZSeCRvoiLq8/OdaIjzcbxee7DBTzHiujvuEh8E
Lts=
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:47:22 2025 by rpki-client