Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NfsXR1qnKirUtzFvVg1EYxRloiA.roa
File: NfsXR1qnKirUtzFvVg1EYxRloiA.roa (raw, json)
Hash identifier: kAQmpvKCQbZ02uTR5bXg8MFN93jNPXK306k9noQ4UOA=
Subject key identifier: 35:FB:17:47:5A:A7:2A:2A:D4:B7:31:6F:56:0D:44:63:14:65:A2:20
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 0184F023FA2CEFE8F72970A1BE5F1883BD3D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NfsXR1qnKirUtzFvVg1EYxRloiA.roa
Signing time: Thu 08 Dec 2022 05:10:00 +0000
ROA not before: Thu 08 Dec 2022 05:10:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:f0:23:fa:2c:ef:e8:f7:29:70:a1:be:5f:18:83:bd:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Dec 8 05:10:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=35fb17475aa72a2ad4b7316f560d44631465a220
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:fa:45:52:7b:51:9e:b8:43:ee:41:98:fe:37:
0c:5e:59:4c:ad:d2:54:5b:f1:ed:a4:63:85:5d:b2:
7f:64:77:3b:6b:89:11:11:b6:9f:79:ff:22:53:98:
d6:51:2b:41:05:b5:08:8c:21:6d:cc:b7:b6:33:f3:
8e:07:7a:38:58:10:df:96:82:4a:65:19:20:ce:7c:
e9:ed:f2:8d:0b:40:79:24:00:8f:00:4e:40:eb:7b:
50:4d:e5:41:fd:6c:04:64:ad:af:86:ef:e2:4e:82:
28:a6:e5:ab:73:4a:cf:9d:66:eb:12:05:f2:75:2d:
4a:0d:80:0a:03:02:0f:90:41:9a:ae:6d:e6:80:68:
4c:91:b8:06:c7:7e:3e:2a:dd:f0:de:89:05:d4:51:
71:22:41:6b:08:56:03:f3:fb:d8:a3:24:cf:dc:12:
70:72:1d:79:50:ab:44:8e:8f:7e:69:e6:fb:b1:bd:
98:2b:71:af:87:d4:81:91:16:20:df:f2:10:71:7c:
0c:fe:68:90:e8:fe:29:7a:3d:3f:a9:65:23:b7:62:
7f:10:cc:84:33:cc:9a:25:2b:1c:30:09:1b:e9:ca:
f5:fc:b3:48:53:b6:99:1f:30:87:83:81:30:12:b1:
28:ab:1e:02:86:2e:b1:f5:f4:c7:80:20:19:d4:78:
ac:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:FB:17:47:5A:A7:2A:2A:D4:B7:31:6F:56:0D:44:63:14:65:A2:20
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NfsXR1qnKirUtzFvVg1EYxRloiA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
aa:be:2d:a2:72:02:7b:09:10:d4:34:21:f8:e9:f0:e6:40:3d:
48:2a:74:a5:a3:4f:24:68:85:06:bc:42:e4:0d:63:c6:13:bc:
c8:97:ce:8d:c2:13:af:fc:76:36:1d:0f:56:a1:73:81:11:46:
97:e4:2b:39:da:0f:e3:cf:55:a2:5f:81:ca:a3:a8:d9:2b:75:
97:1b:9e:cf:72:09:c3:ee:4f:11:22:05:4b:73:50:59:bb:ea:
a5:a8:8a:78:ea:08:7d:57:18:2b:67:08:3d:f3:d3:e4:5b:8f:
24:d1:82:fd:88:b6:e0:31:8f:77:cd:a7:b9:08:ec:76:4b:a3:
9b:82:d5:d3:eb:93:d0:5b:3b:34:ac:49:ee:83:0e:74:1f:e6:
4c:38:cc:2b:ce:7b:40:71:8f:8d:72:36:8f:dc:f9:06:da:5e:
bb:5d:a4:ad:5d:c2:2d:7c:cf:fb:19:8f:e3:a3:02:78:3a:7b:
23:32:d6:99:86:68:ae:4b:64:55:c9:bd:e8:09:a5:20:c4:e0:
dc:ff:8b:e2:02:e6:0b:e7:8d:a9:e8:a9:37:fb:74:70:f9:3e:
54:6a:34:d7:e5:70:89:1e:e1:79:f7:e1:a2:e3:b4:08:5e:87:
e6:d0:35:58:ad:cc:1b:f0:e0:34:c0:73:66:35:58:81:d0:32:
6c:55:94:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYTwI/os7+j3KXChvl8Yg709MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjIxMjA4MDUxMDAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZiMTc0NzVhYTcyYTJhZDRiNzMxNmY1NjBkNDQ2MzE0NjVhMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/pFUntRnrhD7kGY/jcMXllMrdJU
W/HtpGOFXbJ/ZHc7a4kREbafef8iU5jWUStBBbUIjCFtzLe2M/OOB3o4WBDfloJK
ZRkgznzp7fKNC0B5JACPAE5A63tQTeVB/WwEZK2vhu/iToIopuWrc0rPnWbrEgXy
dS1KDYAKAwIPkEGarm3mgGhMkbgGx34+Kt3w3okF1FFxIkFrCFYD8/vYoyTP3BJw
ch15UKtEjo9+aeb7sb2YK3Gvh9SBkRYg3/IQcXwM/miQ6P4pej0/qWUjt2J/EMyE
M8yaJSscMAkb6cr1/LNIU7aZHzCHg4EwErEoqx4Chi6x9fTHgCAZ1HisWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDX7F0dapyoq1Lcxb1YNRGMUZaIgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTmZzWFIxcW5LaXJVdHpGdlZnMUVZeFJsb2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKq+LaJyAnsJENQ0Ifjp
8OZAPUgqdKWjTyRohQa8QuQNY8YTvMiXzo3CE6/8djYdD1ahc4ERRpfkKznaD+PP
VaJfgcqjqNkrdZcbns9yCcPuTxEiBUtzUFm76qWoinjqCH1XGCtnCD3z0+RbjyTR
gv2ItuAxj3fNp7kI7HZLo5uC1dPrk9BbOzSsSe6DDnQf5kw4zCvOe0Bxj41yNo/c
+QbaXrtdpK1dwi18z/sZj+OjAng6eyMy1pmGaK5LZFXJvegJpSDE4Nz/i+IC5gvn
janoqTf7dHD5PlRqNNflcIke4Xn34aLjtAheh+bQNVitzBvw4DTAc2Y1WIHQMmxV
lM4=
-----END CERTIFICATE-----
Generated at Wed Apr 30 18:23:53 2025 by rpki-client