Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PNqUFma9OBSG6yAKcZix42VBf10.roa
File: PNqUFma9OBSG6yAKcZix42VBf10.roa (raw, json)
Hash identifier: AHoiYqcA64XC1+kwZjVxZKCvYka7TSBIXKGkA3OTtPY=
Subject key identifier: 3C:DA:94:16:66:BD:38:14:86:EB:20:0A:71:98:B1:E3:65:41:7F:5D
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 01865ACA5E9B1D11C8E25106C4647BB93558
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PNqUFma9OBSG6yAKcZix42VBf10.roa
Signing time: Thu 16 Feb 2023 15:14:17 +0000
ROA not before: Thu 16 Feb 2023 15:14:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:5a:ca:5e:9b:1d:11:c8:e2:51:06:c4:64:7b:b9:35:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Feb 16 15:14:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3cda941666bd381486eb200a7198b1e365417f5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:db:b4:10:f2:28:34:3f:63:f2:b2:94:cb:db:
63:29:ee:52:9f:72:e3:5e:d6:f3:93:cd:9a:b1:39:
ed:45:c9:6d:b4:2a:20:83:46:25:35:04:70:f5:52:
55:4d:05:51:80:08:a6:56:f1:63:a7:f1:bb:7f:15:
6d:8d:5b:ef:e7:2d:a1:8c:38:d0:a5:f4:e0:e6:c2:
d4:8d:2d:af:be:5b:83:1c:97:fa:30:a4:b4:af:5d:
6e:3b:76:bd:aa:13:fe:3a:68:84:fa:48:c1:03:68:
8e:99:1a:29:df:35:23:47:e1:df:cb:5d:69:cd:37:
69:74:a2:5d:a8:ad:cb:f3:c5:e5:0c:33:0e:93:3c:
40:b7:e3:46:62:9d:b0:7a:a5:4b:1e:04:fb:7d:bd:
fb:47:15:83:eb:2e:67:48:78:0b:cb:a8:44:c2:15:
9a:ae:1e:80:b0:34:4d:69:85:1c:a4:d4:65:29:c5:
42:d4:2f:d5:5d:18:c7:5f:7b:24:d9:71:3c:ad:d7:
ab:44:3d:76:28:27:fa:1d:21:84:9c:3b:84:35:6b:
74:e7:50:cd:b7:df:37:5c:e6:c0:b1:6a:4f:10:cd:
14:94:4f:bf:b3:c3:8d:ee:1b:a6:52:54:ab:7d:09:
d8:95:7f:34:7c:ac:02:0e:c8:f4:9c:95:b0:6d:d6:
af:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:DA:94:16:66:BD:38:14:86:EB:20:0A:71:98:B1:E3:65:41:7F:5D
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PNqUFma9OBSG6yAKcZix42VBf10.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
2a:c0:e0:ea:85:f6:99:ea:38:14:6f:97:f1:a3:a9:67:fe:1f:
34:84:05:62:92:c9:3c:38:9d:34:ca:aa:f8:ff:5f:98:0d:33:
43:62:fa:df:96:8a:47:a2:1f:c4:67:39:81:64:3a:40:c6:14:
2f:8b:cc:a6:31:41:e8:07:b4:c9:a6:f9:1b:ab:eb:44:c2:15:
e8:c5:6e:49:d6:d7:82:ac:8b:28:75:80:0c:71:cb:ac:97:0b:
2f:e7:35:ee:1a:01:15:9b:8c:15:2c:e1:87:bb:c9:b2:e8:ec:
4c:b2:83:42:40:d0:eb:59:cb:78:3a:b5:b0:23:c0:70:60:68:
6b:33:13:c2:f9:12:72:27:45:b2:83:dc:63:27:c2:76:1a:03:
6c:09:8e:ba:77:ec:1f:4d:dc:24:c4:9a:bb:b7:0e:3e:2d:7d:
89:53:30:0e:d7:4b:69:9b:0d:d1:31:25:01:d8:c1:92:dd:76:
81:c8:b5:16:13:cc:94:e0:ce:a9:6e:1f:e1:d5:8d:87:d5:bf:
fc:61:82:0d:87:ed:32:74:c4:a5:83:a0:2f:91:56:2a:8c:23:
57:1b:f5:90:51:e9:c0:73:63:6d:4a:36:a2:d9:82:e2:4b:3d:
e5:f6:e9:98:be:2d:8e:70:3a:be:99:b1:f9:21:d4:fd:9d:35:
e7:99:91:df
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYZayl6bHRHI4lEGxGR7uTVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMjE2MTUxNDE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RhOTQxNjY2YmQzODE0ODZlYjIwMGE3MTk4YjFlMzY1NDE3ZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9u0EPIoND9j8rKUy9tjKe5Sn3Lj
Xtbzk82asTntRclttCogg0YlNQRw9VJVTQVRgAimVvFjp/G7fxVtjVvv5y2hjDjQ
pfTg5sLUjS2vvluDHJf6MKS0r11uO3a9qhP+OmiE+kjBA2iOmRop3zUjR+Hfy11p
zTdpdKJdqK3L88XlDDMOkzxAt+NGYp2weqVLHgT7fb37RxWD6y5nSHgLy6hEwhWa
rh6AsDRNaYUcpNRlKcVC1C/VXRjHX3sk2XE8rderRD12KCf6HSGEnDuENWt051DN
t983XObAsWpPEM0UlE+/s8ON7humUlSrfQnYlX80fKwCDsj0nJWwbdav8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDzalBZmvTgUhusgCnGYseNlQX9dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUE5xVUZtYTlPQlNHNnlBS2NaaXg0MlZCZjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACrA4OqF9pnqOBRvl/Gj
qWf+HzSEBWKSyTw4nTTKqvj/X5gNM0Ni+t+WikeiH8RnOYFkOkDGFC+LzKYxQegH
tMmm+Rur60TCFejFbknW14Ksiyh1gAxxy6yXCy/nNe4aARWbjBUs4Ye7ybLo7Eyy
g0JA0OtZy3g6tbAjwHBgaGszE8L5EnInRbKD3GMnwnYaA2wJjrp37B9N3CTEmru3
Dj4tfYlTMA7XS2mbDdExJQHYwZLddoHItRYTzJTgzqluH+HVjYfVv/xhgg2H7TJ0
xKWDoC+RViqMI1cb9ZBR6cBzY21KNqLZguJLPeX26Zi+LY5wOr6Zsfkh1P2dNeeZ
kd8=
-----END CERTIFICATE-----
Generated at Thu May 1 07:23:30 2025 by rpki-client