Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3b0OhWMRDZFhgTAztM5Z9-b8HA4.roa
File: 3b0OhWMRDZFhgTAztM5Z9-b8HA4.roa (raw, json)
Hash identifier: 8JHKVakB3XGR1NNSzeyIhnGEzVgvxdUHVaXAdAX5P7c=
Subject key identifier: DD:BD:0E:85:63:11:0D:91:61:81:30:33:B4:CE:59:F7:E6:FC:1C:0E
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 0186B9A5915FFDAD9ECDF2DDE2C66679631B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3b0OhWMRDZFhgTAztM5Z9-b8HA4.roa
Signing time: Tue 07 Mar 2023 01:18:00 +0000
ROA not before: Tue 07 Mar 2023 01:18:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b9:a5:91:5f:fd:ad:9e:cd:f2:dd:e2:c6:66:79:63:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Mar 7 01:18:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ddbd0e8563110d9161813033b4ce59f7e6fc1c0e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:8e:1b:01:09:0c:ba:65:fd:b2:1a:4e:29:88:
03:14:e6:5b:44:cd:95:4b:a0:dd:16:43:45:9d:b5:
67:9b:f7:ae:75:cc:96:89:4c:f5:c4:e7:f4:ab:e8:
2e:f8:55:96:35:e1:d6:40:dd:75:ce:03:3c:1a:38:
36:38:a3:3c:96:60:54:f1:26:2a:d6:be:2f:d3:a5:
c7:ef:4f:53:e4:77:5c:c2:5d:49:27:61:a4:fe:41:
9b:97:21:16:57:06:25:4f:ea:d9:d5:ed:65:63:6e:
c2:99:ec:53:e7:85:f9:cb:41:a6:26:da:e5:e2:1e:
69:70:02:dd:cd:f5:d2:84:a8:3e:6a:c9:0b:9d:87:
b4:36:e1:c1:09:fc:7d:a7:2b:f8:39:ae:c6:e3:bd:
4f:a7:87:78:0b:6a:e8:06:b3:c2:ff:8d:75:a5:93:
a1:bd:00:9b:26:3b:c7:1c:d4:50:4f:f7:46:05:63:
9b:b9:ae:02:31:1d:62:83:4a:5d:36:1d:65:93:2a:
b6:9c:4f:97:1e:e2:e7:cf:99:12:96:d9:30:97:2e:
08:34:4c:f7:be:f6:be:24:e6:41:e4:a9:b7:7f:80:
9d:12:50:4e:66:5b:c7:19:ff:c2:bd:9b:02:17:1a:
7d:aa:50:d8:36:30:8e:03:58:ba:63:5d:35:52:32:
1f:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:BD:0E:85:63:11:0D:91:61:81:30:33:B4:CE:59:F7:E6:FC:1C:0E
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3b0OhWMRDZFhgTAztM5Z9-b8HA4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
6b:a1:2a:98:d1:e6:6d:d8:5f:f6:c1:03:ba:9d:c7:64:68:8c:
14:6d:63:fc:36:85:67:e5:55:e4:7a:d3:e2:cc:18:ca:dc:c4:
9d:11:e2:a6:ef:b6:70:c4:96:48:74:c4:9a:1b:f6:24:95:6a:
aa:43:8d:77:12:d2:52:34:fd:eb:be:37:e5:7c:37:51:db:36:
a3:4b:61:a9:34:aa:fe:ea:61:6d:f4:76:bf:51:9e:04:71:3a:
c4:8d:b1:11:bb:d8:db:a5:7f:0e:14:bd:14:ba:5f:8d:b7:09:
61:75:d7:56:49:fa:3e:56:80:69:ff:ed:31:e2:a2:57:f0:6f:
20:06:41:56:6b:17:f7:7d:f9:2f:b1:74:34:26:e7:7c:c3:f4:
91:2c:2e:ed:9e:f0:53:41:f2:50:f9:37:55:88:1a:3d:27:06:
1d:e0:f4:4b:db:a6:74:5b:39:ff:24:d2:43:59:cc:8d:83:b9:
6b:3c:e5:cf:b9:24:4c:d1:fe:83:c1:78:b1:53:77:ea:59:dd:
a0:74:ba:8c:c2:ff:89:88:48:b3:15:17:fe:ed:a3:6e:d3:7f:
d6:67:e5:21:48:ae:b0:ef:b4:19:c6:92:d0:d9:14:d8:bc:39:
1b:ab:53:25:5d:b8:33:a3:44:2e:7e:cb:06:86:2b:41:bd:e6:
13:39:41:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa5pZFf/a2ezfLd4sZmeWMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MDExODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJkMGU4NTYzMTEwZDkxNjE4MTMwMzNiNGNlNTlmN2U2ZmMxYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAko4bAQkMumX9shpOKYgDFOZbRM2V
S6DdFkNFnbVnm/eudcyWiUz1xOf0q+gu+FWWNeHWQN11zgM8Gjg2OKM8lmBU8SYq
1r4v06XH709T5Hdcwl1JJ2Gk/kGblyEWVwYlT+rZ1e1lY27CmexT54X5y0GmJtrl
4h5pcALdzfXShKg+askLnYe0NuHBCfx9pyv4Oa7G471Pp4d4C2roBrPC/411pZOh
vQCbJjvHHNRQT/dGBWObua4CMR1ig0pdNh1lkyq2nE+XHuLnz5kSltkwly4INEz3
vva+JOZB5Km3f4CdElBOZlvHGf/CvZsCFxp9qlDYNjCOA1i6Y101UjIfmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN29DoVjEQ2RYYEwM7TOWffm/BwOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM2IwT2hXTVJEWkZoZ1RBenRNNVo5LWI4SEE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGuhKpjR5m3YX/bBA7qd
x2RojBRtY/w2hWflVeR60+LMGMrcxJ0R4qbvtnDElkh0xJob9iSVaqpDjXcS0lI0
/eu+N+V8N1HbNqNLYak0qv7qYW30dr9RngRxOsSNsRG72Nulfw4UvRS6X423CWF1
11ZJ+j5WgGn/7THiolfwbyAGQVZrF/d9+S+xdDQm53zD9JEsLu2e8FNB8lD5N1WI
Gj0nBh3g9EvbpnRbOf8k0kNZzI2DuWs85c+5JEzR/oPBeLFTd+pZ3aB0uozC/4mI
SLMVF/7to27Tf9Zn5SFIrrDvtBnGktDZFNi8ORurUyVduDOjRC5+ywaGK0G95hM5
QaU=
-----END CERTIFICATE-----
Generated at Thu May 1 18:44:53 2025 by rpki-client