Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/hY_1oLfCa7cgMISFRsi_S8EfQRQ.roa
File: hY_1oLfCa7cgMISFRsi_S8EfQRQ.roa (raw, json)
Hash identifier: SUKv2phhhN58rTh8qPlYO8zAIpqY+XLNCPJpqPvgO58=
Subject key identifier: 85:8F:F5:A0:B7:C2:6B:B7:20:30:84:85:46:C8:BF:4B:C1:1F:41:14
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018AA41A1FC4CB727E29BB4DBF1A693C5C7C
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/hY_1oLfCa7cgMISFRsi_S8EfQRQ.roa
Signing time: Sun 17 Sep 2023 17:04:50 +0000
ROA not before: Sun 17 Sep 2023 17:04:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18a:837b:f9c7/128 maxlen: 128
2001:67c:64:ffff:0:18a:a419:937b/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:a4:1a:1f:c4:cb:72:7e:29:bb:4d:bf:1a:69:3c:5c:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 17 17:04:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=858ff5a0b7c26bb72030848546c8bf4bc11f4114
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:c6:a0:e8:c8:90:4a:90:e7:9b:77:8e:58:66:
6f:3e:01:c2:b2:c9:9d:c0:82:fe:d8:f4:6e:f6:d9:
f4:81:c1:a6:bf:c6:7e:91:65:79:12:57:97:31:c5:
9f:60:51:f1:7f:d9:00:eb:40:56:fb:fb:71:10:61:
ec:08:1b:09:e0:2b:8b:20:9e:50:0a:f1:2d:38:a7:
cb:a0:db:3b:f2:bd:cf:6a:eb:90:ea:51:71:29:63:
1b:81:64:1a:82:5d:87:08:9b:f2:a8:e8:de:8e:6b:
d9:bf:94:e9:b0:45:b7:f1:7d:31:6c:d3:f8:63:82:
64:fb:b6:09:df:39:99:1f:bd:05:98:b1:1f:bf:43:
63:54:c3:30:7b:47:19:cb:6a:71:c9:4e:99:5a:5b:
06:42:54:f7:d8:9b:6e:c2:4a:18:d8:53:70:ba:fe:
1e:ac:d4:bb:b9:64:bd:24:2f:c3:87:b2:25:07:3f:
f2:24:14:1c:29:1a:93:6d:6a:17:32:91:ec:41:3f:
25:2b:f3:26:6f:e6:08:0d:bd:b3:56:c3:0f:18:08:
2f:a1:f5:41:3e:05:e8:37:fc:25:55:10:3a:74:77:
7f:99:66:2e:e8:73:52:19:5d:c9:f7:c9:5b:7f:c1:
36:41:ee:b9:c3:75:25:f3:76:50:26:0b:6d:93:4d:
b6:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:8F:F5:A0:B7:C2:6B:B7:20:30:84:85:46:C8:BF:4B:C1:1F:41:14
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/hY_1oLfCa7cgMISFRsi_S8EfQRQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
64:77:cf:2e:1a:96:b7:f0:01:4e:16:4d:bc:d8:81:ec:fc:51:
e9:b0:f7:0d:af:53:86:1e:fb:bd:11:ae:fa:66:79:47:df:ad:
e8:e0:61:7d:72:c2:78:e2:f8:bb:76:e5:de:6a:67:c8:74:08:
99:aa:34:fc:68:7e:db:12:31:1c:31:9d:7f:1c:67:ad:63:62:
b9:c7:5b:da:72:c2:47:f5:f7:67:a7:f5:26:2e:2b:e8:19:62:
8c:00:eb:c3:f7:a5:3e:e8:f0:17:ab:08:eb:a7:3d:fb:1d:e5:
e6:e8:08:f8:85:01:4f:39:12:3a:05:24:7b:91:6f:bc:ae:88:
90:fe:f0:53:e1:85:ab:07:61:84:4a:1a:64:54:b4:ba:fa:a2:
53:05:54:ed:51:b4:c3:65:7e:43:be:ce:77:3a:3e:91:42:ec:
e4:c0:d2:09:02:30:2e:97:71:85:84:be:84:df:0e:4b:37:86:
dc:91:1b:57:35:22:7e:de:2e:e0:17:9b:94:e4:54:a3:f8:3e:
d0:48:33:7f:ad:ad:a6:05:71:d7:29:a3:58:3b:8d:05:a2:48:
e9:ea:eb:cf:79:ee:e1:b8:c0:aa:dc:f9:f1:4f:81:92:5e:08:
b1:f5:e4:ca:3c:e8:0e:61:08:ed:f6:34:80:82:39:ae:3a:17:
56:68:dc:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYqkGh/Ey3J+KbtNvxppPFx8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTE3MTcwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NThmZjVhMGI3YzI2YmI3MjAzMDg0ODU0NmM4YmY0YmMxMWY0MTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcag6MiQSpDnm3eOWGZvPgHCssmd
wIL+2PRu9tn0gcGmv8Z+kWV5EleXMcWfYFHxf9kA60BW+/txEGHsCBsJ4CuLIJ5Q
CvEtOKfLoNs78r3PauuQ6lFxKWMbgWQagl2HCJvyqOjejmvZv5TpsEW38X0xbNP4
Y4Jk+7YJ3zmZH70FmLEfv0NjVMMwe0cZy2pxyU6ZWlsGQlT32JtuwkoY2FNwuv4e
rNS7uWS9JC/Dh7IlBz/yJBQcKRqTbWoXMpHsQT8lK/Mmb+YIDb2zVsMPGAgvofVB
PgXoN/wlVRA6dHd/mWYu6HNSGV3J98lbf8E2Qe65w3Ul83ZQJgttk022rwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIWP9aC3wmu3IDCEhUbIv0vBH0EUMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvaFlfMW9MZkNhN2NnTUlTRlJzaV9TOEVmUVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGR3zy4alrfwAU4WTbzY
gez8Uemw9w2vU4Ye+70RrvpmeUffrejgYX1ywnji+Lt25d5qZ8h0CJmqNPxoftsS
MRwxnX8cZ61jYrnHW9pywkf192en9SYuK+gZYowA68P3pT7o8BerCOunPfsd5ebo
CPiFAU85EjoFJHuRb7yuiJD+8FPhhasHYYRKGmRUtLr6olMFVO1RtMNlfkO+znc6
PpFC7OTA0gkCMC6XcYWEvoTfDks3htyRG1c1In7eLuAXm5TkVKP4PtBIM3+traYF
cdcpo1g7jQWiSOnq68957uG4wKrc+fFPgZJeCLH15Mo86A5hCO32NICCOa46F1Zo
3Jo=
-----END CERTIFICATE-----
Generated at Mon Apr 21 11:02:29 2025 by rpki-client