Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Z3TnLlw_sqVWIedKFBTipApxpA8.roa
File: Z3TnLlw_sqVWIedKFBTipApxpA8.roa (raw, json)
Hash identifier: LrzEKx0+lAVdnj+203fuethZdXRKXPwfakSGaKy1x+c=
Subject key identifier: 67:74:E7:2E:5C:3F:B2:A5:56:21:E7:4A:14:14:E2:A4:0A:71:A4:0F
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 018A1C54A7CC604F54EBC091BB0FEBB78E0E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Z3TnLlw_sqVWIedKFBTipApxpA8.roa
Signing time: Tue 22 Aug 2023 08:20:24 +0000
ROA not before: Tue 22 Aug 2023 08:20:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:178d:7ed9/128 maxlen: 128
2001:67c:64:ffff:0:189:a0e4:5c7d/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:1c:54:a7:cc:60:4f:54:eb:c0:91:bb:0f:eb:b7:8e:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Aug 22 08:20:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6774e72e5c3fb2a55621e74a1414e2a40a71a40f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:6b:da:ec:58:c1:fd:5c:9a:e1:02:4b:1d:49:
60:3d:b0:56:48:df:51:01:a2:fd:8d:21:7c:4f:b5:
df:cf:de:1f:12:f5:2a:fd:0e:00:d8:73:00:5b:a5:
df:78:7c:04:5f:4f:1a:79:74:3a:95:3f:30:de:fc:
5c:c1:b5:d0:83:3a:75:06:9d:b5:23:84:46:48:01:
c7:0a:e4:f9:ba:82:d1:13:e3:c0:3c:23:e2:9b:5c:
d5:53:44:3e:e5:28:81:55:31:79:95:7c:82:f8:01:
37:5d:8a:2f:51:ea:4a:a3:20:f7:41:6f:ce:73:3d:
0b:8a:0e:1a:78:2a:29:77:9a:7f:3b:17:53:a4:0d:
18:3e:6d:5d:5b:1d:bf:b4:05:e1:77:78:c4:12:37:
f4:5f:c7:bd:05:82:92:9c:2c:1d:75:73:a6:08:a7:
71:06:e6:73:df:fc:01:64:b2:51:e1:43:94:06:cc:
8d:60:05:b7:26:b4:04:0b:65:5a:bd:47:fc:4b:1c:
44:00:8d:c4:cf:7c:46:ce:71:0f:de:fb:24:9e:84:
c1:20:c0:ef:a8:45:8b:2c:80:c8:81:d2:87:9e:0f:
a8:28:08:bc:ef:93:ea:e5:d0:73:de:fe:8e:b0:99:
c0:f0:82:2e:a2:c2:68:91:62:48:69:66:1b:e8:09:
73:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:74:E7:2E:5C:3F:B2:A5:56:21:E7:4A:14:14:E2:A4:0A:71:A4:0F
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Z3TnLlw_sqVWIedKFBTipApxpA8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
98:e6:0c:1d:b4:85:9d:77:62:89:63:da:f1:77:e6:34:aa:dd:
3d:21:b4:da:11:9d:79:e2:0e:82:cf:0a:de:9c:64:10:5f:47:
0e:a3:18:d7:5e:02:7a:81:aa:74:dc:e2:28:4c:5f:24:af:97:
80:cc:33:8a:5a:ea:67:bc:02:98:03:a4:3d:f2:7d:f1:6b:4d:
9b:6c:73:ba:6e:64:11:d7:b2:b3:0f:c8:92:bf:91:e0:00:3c:
d0:fc:b7:61:86:75:3c:93:fc:fb:17:de:e6:83:38:9f:68:2a:
8f:5a:0c:7b:da:f7:db:07:4c:78:32:e4:07:dc:42:0b:00:37:
6f:55:b1:b2:50:2f:9e:10:71:cf:d5:43:88:bb:82:e3:a5:35:
08:49:7d:3a:ac:a9:05:9f:c8:ee:65:1c:88:cd:75:fb:c2:1e:
09:ed:f4:45:02:af:1a:a8:a7:e6:11:53:2f:f7:11:de:3b:0a:
a6:f5:df:9f:a5:0c:78:c5:a5:fc:c0:a9:f4:c3:47:59:51:d1:
36:36:da:aa:4d:d0:2f:c1:e5:35:2d:8b:41:4c:7f:ce:9d:af:
76:f3:44:bc:42:b7:89:41:64:2b:37:25:e6:71:f3:f7:f1:ec:
21:6b:22:ff:43:3a:b1:33:8e:72:d0:de:99:6c:5a:61:c6:dc:
95:dd:14:04
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYocVKfMYE9U68CRuw/rt44OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwODIyMDgyMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzc0ZTcyZTVjM2ZiMmE1NTYyMWU3NGExNDE0ZTJhNDBhNzFhNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2va7FjB/Vya4QJLHUlgPbBWSN9R
AaL9jSF8T7Xfz94fEvUq/Q4A2HMAW6XfeHwEX08aeXQ6lT8w3vxcwbXQgzp1Bp21
I4RGSAHHCuT5uoLRE+PAPCPim1zVU0Q+5SiBVTF5lXyC+AE3XYovUepKoyD3QW/O
cz0Lig4aeCopd5p/OxdTpA0YPm1dWx2/tAXhd3jEEjf0X8e9BYKSnCwddXOmCKdx
BuZz3/wBZLJR4UOUBsyNYAW3JrQEC2VavUf8SxxEAI3Ez3xGznEP3vsknoTBIMDv
qEWLLIDIgdKHng+oKAi875Pq5dBz3v6OsJnA8IIuosJokWJIaWYb6AlzEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGd05y5cP7KlViHnShQU4qQKcaQPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWjNUbkxsd19zcVZXSWVkS0ZCVGlwQXB4cEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJjmDB20hZ13Yolj2vF3
5jSq3T0htNoRnXniDoLPCt6cZBBfRw6jGNdeAnqBqnTc4ihMXySvl4DMM4pa6me8
ApgDpD3yffFrTZtsc7puZBHXsrMPyJK/keAAPND8t2GGdTyT/PsX3uaDOJ9oKo9a
DHva99sHTHgy5AfcQgsAN29VsbJQL54Qcc/VQ4i7guOlNQhJfTqsqQWfyO5lHIjN
dfvCHgnt9EUCrxqop+YRUy/3Ed47Cqb135+lDHjFpfzAqfTDR1lR0TY22qpN0C/B
5TUti0FMf86dr3bzRLxCt4lBZCs3JeZx8/fx7CFrIv9DOrEzjnLQ3plsWmHG3JXd
FAQ=
-----END CERTIFICATE-----
Generated at Wed Apr 30 17:39:25 2025 by rpki-client