Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aG2uZqOJActsEymOpRylfLoSw3o.roa
File: aG2uZqOJActsEymOpRylfLoSw3o.roa (raw, json)
Hash identifier: NB/YruV0NyEOkT+V+yFLBB2qGIgbPWpuXskmRNiFR9k=
Subject key identifier: 68:6D:AE:66:A3:89:01:CB:6C:13:29:8E:A5:1C:A5:7C:BA:12:C3:7A
Certificate issuer: /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial: 0186A9EFA6B798A0BBC4DB42B1326462FE4C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aG2uZqOJActsEymOpRylfLoSw3o.roa
Signing time: Sat 04 Mar 2023 00:05:00 +0000
ROA not before: Sat 04 Mar 2023 00:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
2001:67c:64:ffff:0:186:a9ee:dcf1/128 maxlen: 128
2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a9:ef:a6:b7:98:a0:bb:c4:db:42:b1:32:64:62:fe:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
Validity
Not Before: Mar 4 00:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=686dae66a38901cb6c13298ea51ca57cba12c37a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:17:f4:4b:e5:64:3d:b4:a4:fa:57:0a:a7:aa:
69:c5:eb:57:74:60:c9:03:ec:16:5c:8f:d4:4c:24:
66:d7:33:bb:3d:d2:8c:03:2e:f6:a4:a0:5f:66:44:
ef:a5:a3:38:4d:c2:8d:38:a8:61:10:19:78:d4:0c:
36:18:83:9b:d4:b0:84:4a:91:0e:48:50:70:ad:02:
65:14:32:c5:a7:48:34:12:a7:83:f1:00:c6:3f:57:
34:d8:c0:c1:38:eb:5d:0b:d1:78:58:30:c1:16:3c:
d8:ee:5b:fa:f1:34:5f:23:d6:5a:f5:8a:88:0f:43:
4b:0a:0c:2c:f0:a6:53:07:5e:d1:27:8d:66:f1:fd:
a4:c1:ec:95:60:d7:03:e8:42:52:5a:5d:a5:15:ba:
a9:83:36:cf:06:42:5f:ad:6b:10:8a:f7:3b:59:9c:
3a:44:84:06:6d:bf:0b:04:94:36:27:5a:95:47:e7:
8a:c2:94:35:f5:64:8a:d5:0c:5d:c5:b5:5d:f5:01:
61:17:ac:15:4a:f0:47:eb:41:96:5b:88:5f:57:c0:
da:75:e5:f9:dc:16:8f:dd:17:fb:9a:d5:01:5b:57:
ae:39:e7:fb:80:63:dd:b2:15:ee:98:5b:0d:ce:54:
3f:d6:c2:37:cc:f2:fd:a0:07:50:ac:ad:f0:4a:9e:
4c:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:6D:AE:66:A3:89:01:CB:6C:13:29:8E:A5:1C:A5:7C:BA:12:C3:7A
X509v3 Authority Key Identifier:
keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aG2uZqOJActsEymOpRylfLoSw3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
81:06:67:30:e5:15:36:4a:5f:5a:eb:d0:4f:dc:6d:9d:48:f4:
f1:50:de:4e:a2:8d:26:61:a2:1f:1f:8d:7e:09:73:a4:a2:05:
7b:84:6b:5e:95:97:a9:b1:c3:fd:01:73:b9:6e:82:1d:2c:c2:
54:e0:d0:34:97:54:68:ba:75:b0:b4:df:cd:33:7a:de:24:31:
12:f1:a9:86:2f:2d:04:1a:cf:e8:a0:b4:fc:f4:d3:56:30:e7:
9b:05:56:67:4a:28:bc:d9:7e:c6:30:d0:60:77:0a:dd:8b:34:
c3:9e:41:97:71:db:3c:c0:8d:35:6e:4c:07:9d:59:0a:b9:cc:
e2:8e:e2:c4:44:a5:95:84:f6:18:b7:38:4a:01:0f:65:6a:e0:
1f:90:86:b5:6c:5e:ab:7e:72:c9:94:25:f2:24:e0:67:58:8c:
21:0f:1a:64:5b:69:c4:5d:0a:7e:6e:8c:55:b9:0b:56:f6:85:
81:10:23:0c:19:39:51:4b:66:1c:de:6d:db:d8:44:85:d1:7b:
1f:51:ec:32:31:a4:9f:04:a4:3e:de:0f:0e:64:1f:47:65:54:
a8:49:f1:10:89:7b:ee:de:cf:90:13:f9:23:f6:1f:2d:56:52:
a7:50:c9:97:68:c4:84:79:3c:1a:28:68:2f:46:b6:d0:dd:1b:
5a:41:65:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYap76a3mKC7xNtCsTJkYv5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MDAwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZkYWU2NmEzODkwMWNiNmMxMzI5OGVhNTFjYTU3Y2JhMTJjMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBf0S+VkPbSk+lcKp6ppxetXdGDJ
A+wWXI/UTCRm1zO7PdKMAy72pKBfZkTvpaM4TcKNOKhhEBl41Aw2GIOb1LCESpEO
SFBwrQJlFDLFp0g0EqeD8QDGP1c02MDBOOtdC9F4WDDBFjzY7lv68TRfI9Za9YqI
D0NLCgws8KZTB17RJ41m8f2kweyVYNcD6EJSWl2lFbqpgzbPBkJfrWsQivc7WZw6
RIQGbb8LBJQ2J1qVR+eKwpQ19WSK1QxdxbVd9QFhF6wVSvBH60GWW4hfV8DadeX5
3BaP3Rf7mtUBW1euOef7gGPdshXumFsNzlQ/1sI3zPL9oAdQrK3wSp5MyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGhtrmajiQHLbBMpjqUcpXy6EsN6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYUcydVpxT0pBY3RzRXltT3BSeWxmTG9TdzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIEGZzDlFTZKX1rr0E/c
bZ1I9PFQ3k6ijSZhoh8fjX4Jc6SiBXuEa16Vl6mxw/0Bc7lugh0swlTg0DSXVGi6
dbC0380zet4kMRLxqYYvLQQaz+igtPz001Yw55sFVmdKKLzZfsYw0GB3Ct2LNMOe
QZdx2zzAjTVuTAedWQq5zOKO4sREpZWE9hi3OEoBD2Vq4B+QhrVsXqt+csmUJfIk
4GdYjCEPGmRbacRdCn5ujFW5C1b2hYEQIwwZOVFLZhzebdvYRIXRex9R7DIxpJ8E
pD7eDw5kH0dlVKhJ8RCJe+7ez5AT+SP2Hy1WUqdQyZdoxIR5PBooaC9GttDdG1pB
ZTE=
-----END CERTIFICATE-----
Generated at Wed Apr 30 17:39:41 2025 by rpki-client