Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/1-hCv94f4RSmkuJmGQiB6Do_7cDw.roa
File: 1-hCv94f4RSmkuJmGQiB6Do_7cDw.roa (raw, json)
Hash identifier: UA1/18C66F1BEVGyYnabOErmOO9X9u30rFMNBsdQMqc=
Subject key identifier: FA:10:AF:F7:87:F8:45:29:A4:B8:99:86:42:20:7A:0E:8F:FB:70:3C
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018DDF88E942AF314AF78A4A9CCF977CE77D
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/1-hCv94f4RSmkuJmGQiB6Do_7cDw.roa
Signing time: Sun 25 Feb 2024 09:11:48 +0000
ROA not before: Sun 25 Feb 2024 09:11:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18d:c109:b478/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:df:88:e9:42:af:31:4a:f7:8a:4a:9c:cf:97:7c:e7:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Feb 25 09:11:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fa10aff787f84529a4b8998642207a0e8ffb703c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:0d:16:25:98:b8:ed:e3:a2:9a:ee:56:1b:e6:
97:0c:f8:a7:78:8b:e1:fc:5a:c2:76:bd:f7:ea:56:
27:97:bc:ab:fe:5c:dc:35:cd:44:65:e3:8d:c7:f1:
01:db:df:00:a8:fc:01:b6:99:5d:e7:83:bb:ba:10:
ee:5f:a2:58:50:19:43:00:10:1b:cf:a4:9c:17:19:
65:e2:04:1b:bd:8d:64:86:72:4b:5e:3f:6c:47:f1:
d5:77:03:da:0e:8c:36:eb:0e:b9:79:48:cb:be:3a:
52:91:65:64:1d:67:ae:b7:cd:89:ee:62:19:33:c5:
bc:fa:c0:6f:7b:56:f4:db:27:0f:3d:02:dc:b3:9d:
68:a8:60:4d:e1:5c:fc:9c:2d:7d:29:e1:19:f1:3a:
30:5b:8e:98:b9:86:ff:ec:d6:0a:61:50:85:a8:63:
7e:d1:ab:7c:d8:66:69:e2:57:4d:f3:cf:87:ea:53:
30:b3:41:0e:50:23:e8:75:af:62:d7:7d:46:bc:3f:
78:25:fb:28:e9:f0:ee:64:7d:75:ea:d7:d8:84:d7:
d8:3a:50:c5:1a:56:d3:e1:d2:35:87:92:ee:04:1f:
fb:75:4c:8e:1e:68:82:33:88:bb:d9:1b:67:5c:c8:
a8:ca:f5:96:c7:1c:c6:23:6f:2e:b6:48:23:cf:96:
bd:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:10:AF:F7:87:F8:45:29:A4:B8:99:86:42:20:7A:0E:8F:FB:70:3C
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/1-hCv94f4RSmkuJmGQiB6Do_7cDw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
2f:e6:e7:b4:92:f1:83:b1:d1:7e:44:d4:38:e5:17:89:1e:81:
3a:36:39:64:7b:9e:7e:64:4b:6b:ba:71:1c:3e:ae:71:fc:17:
69:02:8d:e8:3f:f1:1e:f4:2e:4b:15:33:bd:ca:31:fd:3a:0f:
35:0f:7b:00:2a:bc:38:51:2c:b5:f7:3d:3f:64:c1:d0:eb:fb:
57:2f:16:07:72:70:5e:72:da:32:87:f8:3f:56:e0:23:ab:31:
b6:09:6e:85:67:4d:ab:a6:8a:57:3e:68:f4:ea:30:56:62:9b:
ce:0b:1e:87:ae:8c:e7:0d:85:7e:58:42:e0:dd:bd:19:e9:47:
2d:e2:a7:3d:40:97:cc:94:9a:38:eb:13:60:48:eb:09:2e:8a:
47:a0:7b:b9:31:14:13:13:91:96:81:ab:c1:0f:14:9d:af:f8:
6b:4d:36:73:25:4a:24:9e:49:8f:12:8b:23:e6:72:ef:6c:e2:
37:8b:84:d1:6e:29:91:55:d4:b7:3a:4b:6c:ad:cb:8d:f1:e3:
8d:91:31:d8:17:de:8a:ef:de:d9:2d:49:9e:fd:1a:d6:5e:e0:
4c:9e:ad:ae:9a:1a:2f:2a:fc:b1:55:f5:46:07:11:2f:ec:10:
30:a9:a6:6b:b5:c2:49:1b:74:6a:50:0c:26:78:84:e3:c3:7b:
14:68:29:52
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY3fiOlCrzFK94pKnM+XfOd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjQwMjI1MDkxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTEwYWZmNzg3Zjg0NTI5YTRiODk5ODY0MjIwN2EwZThmZmI3MDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAig0WJZi47eOimu5WG+aXDPineIvh
/FrCdr336lYnl7yr/lzcNc1EZeONx/EB298AqPwBtpld54O7uhDuX6JYUBlDABAb
z6ScFxll4gQbvY1khnJLXj9sR/HVdwPaDow26w65eUjLvjpSkWVkHWeut82J7mIZ
M8W8+sBve1b02ycPPQLcs51oqGBN4Vz8nC19KeEZ8TowW46YuYb/7NYKYVCFqGN+
0at82GZp4ldN88+H6lMws0EOUCPoda9i131GvD94Jfso6fDuZH116tfYhNfYOlDF
GlbT4dI1h5LuBB/7dUyOHmiCM4i72RtnXMioyvWWxxzGI28utkgjz5a9TwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPoQr/eH+EUppLiZhkIgeg6P+3A8MB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEvMS1oQ3Y5NGY0UlNta3VKbUdRaUI2RG9fN2NEdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvZTA1MjBkLTliYTYtNDFhMy04Zjg3LWM1Mzk3OWQ2NmNh
NS8xLzA3UGFQc3VLZlVNOTQ0TTRabnMxNW8zM1A0dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQAv5ue0kvGDsdF+RNQ4
5ReJHoE6Njlke55+ZEtrunEcPq5x/BdpAo3oP/Ee9C5LFTO9yjH9Og81D3sAKrw4
USy19z0/ZMHQ6/tXLxYHcnBectoyh/g/VuAjqzG2CW6FZ02rpopXPmj06jBWYpvO
Cx6HroznDYV+WELg3b0Z6Uct4qc9QJfMlJo46xNgSOsJLopHoHu5MRQTE5GWgavB
DxSdr/hrTTZzJUoknkmPEosj5nLvbOI3i4TRbimRVdS3OktsrcuN8eONkTHYF96K
797ZLUme/RrWXuBMnq2umhovKvyxVfVGBxEv7BAwqaZrtcJJG3RqUAwmeITjw3sU
aClS
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:32:09 2025 by rpki-client