Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/xoFp4T9tF64nd6Sx89tFfxzhsF8.roa
File: xoFp4T9tF64nd6Sx89tFfxzhsF8.roa (raw, json)
Hash identifier: qqpMn2xxK56uX1kgWykBY0Ca/kQTYGsfRwzzHZa2E1U=
Subject key identifier: C6:81:69:E1:3F:6D:17:AE:27:77:A4:B1:F3:DB:45:7F:1C:E1:B0:5F
Certificate issuer: /CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Certificate serial: 018CBFFA41587F933B4290AA6F8F9B082801
Authority key identifier: D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/xoFp4T9tF64nd6Sx89tFfxzhsF8.roa
Signing time: Sun 31 Dec 2023 13:04:58 +0000
ROA not before: Sun 31 Dec 2023 13:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18c:bff9:a3ad/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:bf:fa:41:58:7f:93:3b:42:90:aa:6f:8f:9b:08:28:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3b3da3ecb8a7d433de38338667b35e68df73f8c
Validity
Not Before: Dec 31 13:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c68169e13f6d17ae2777a4b1f3db457f1ce1b05f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:e4:4c:6d:b4:a8:ef:34:82:dc:04:4d:d5:a8:
b0:bd:c5:e0:9f:30:12:11:a9:bc:e2:39:9c:a8:c1:
29:c2:85:5e:02:bb:8f:97:e9:fd:45:22:1b:5f:f7:
73:6b:41:2b:70:d9:c4:f7:dd:5d:20:b8:a3:23:4d:
8b:c7:29:5c:50:96:78:0d:78:ae:91:d9:64:2e:f1:
4a:fc:62:17:55:eb:5b:6c:bc:38:64:c6:3f:82:c0:
02:d6:54:b1:20:13:2a:a6:3d:95:c1:d0:4a:65:59:
23:d3:57:36:66:f7:71:8b:a5:7a:dd:c3:b5:f3:cc:
e8:20:9b:a0:86:44:86:1f:e5:b1:07:ed:a9:8c:ef:
b5:a4:ce:f9:a8:04:2a:49:a9:73:f4:4b:c5:62:16:
eb:5f:37:81:2f:91:b1:02:fb:e2:53:34:bc:64:2a:
da:31:1d:eb:94:93:41:e4:47:83:8e:04:a4:30:8c:
94:8c:d1:09:95:5e:61:54:0d:6f:53:c1:36:80:21:
25:55:2d:a4:54:ed:13:8c:cd:e1:09:49:8a:91:23:
58:6e:10:b8:12:49:05:bb:a7:97:af:89:09:5b:1b:
75:fb:cb:90:69:e5:91:7a:c7:3e:9f:5a:b0:6d:57:
c2:20:06:1a:b2:c1:27:0d:7b:8e:00:ad:56:fa:a1:
43:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:81:69:E1:3F:6D:17:AE:27:77:A4:B1:F3:DB:45:7F:1C:E1:B0:5F
X509v3 Authority Key Identifier:
keyid:D3:B3:DA:3E:CB:8A:7D:43:3D:E3:83:38:66:7B:35:E6:8D:F7:3F:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/07PaPsuKfUM944M4Zns15o33P4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/xoFp4T9tF64nd6Sx89tFfxzhsF8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/e0520d-9ba6-41a3-8f87-c53979d66ca5/1/07PaPsuKfUM944M4Zns15o33P4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
4b:85:31:12:a6:e3:b3:fb:1b:43:56:6c:91:4e:53:31:82:8b:
00:9b:9f:07:56:d1:87:3f:f9:a0:42:50:31:e6:2c:ca:30:ee:
07:4b:4d:68:00:a3:4c:ba:ab:cb:34:da:13:e4:15:f5:1f:34:
73:23:a2:13:33:46:fe:73:c6:6f:8f:cd:88:6e:e0:e0:39:b8:
73:28:f9:5a:f8:be:4b:84:9c:bb:4d:66:59:ab:48:9f:0c:ee:
90:25:da:b0:d5:75:e4:94:43:33:63:0a:65:5b:1f:a6:b3:71:
01:15:db:65:ce:4d:6f:4f:b5:21:35:4c:bb:cf:e4:53:0e:60:
31:36:6f:f4:12:34:25:a8:5f:38:d6:d8:00:17:cb:d4:05:1b:
59:4e:e8:e8:ae:25:d8:12:45:31:b3:1f:3a:47:d2:37:5e:5f:
36:d9:b8:16:95:2c:f9:e9:79:70:4a:f6:c8:f3:11:46:63:7a:
8d:5e:52:9b:f3:6a:2f:77:2e:c4:66:fb:8a:85:69:ab:93:b7:
d7:d4:19:8e:3e:f3:79:e2:08:50:1c:08:9a:6c:0c:44:f3:69:
8c:15:aa:b0:e0:bd:75:c4:5f:eb:68:85:54:b1:40:38:e2:11:
c6:6a:c9:e7:23:ce:1b:2a:15:35:77:f9:af:18:0d:67:cf:fd:
74:a3:3f:f2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYy/+kFYf5M7QpCqb4+bCCgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYjNkYTNlY2I4YTdkNDMzZGUzODMzODY2N2IzNWU2OGRm
NzNmOGMwHhcNMjMxMjMxMTMwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjgxNjllMTNmNmQxN2FlMjc3N2E0YjFmM2RiNDU3ZjFjZTFiMDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+RMbbSo7zSC3ARN1aiwvcXgnzAS
Eam84jmcqMEpwoVeAruPl+n9RSIbX/dza0ErcNnE991dILijI02LxylcUJZ4DXiu
kdlkLvFK/GIXVetbbLw4ZMY/gsAC1lSxIBMqpj2VwdBKZVkj01c2Zvdxi6V63cO1
88zoIJughkSGH+WxB+2pjO+1pM75qAQqSalz9EvFYhbrXzeBL5GxAvviUzS8ZCra
MR3rlJNB5EeDjgSkMIyUjNEJlV5hVA1vU8E2gCElVS2kVO0TjM3hCUmKkSNYbhC4
EkkFu6eXr4kJWxt1+8uQaeWResc+n1qwbVfCIAYassEnDXuOAK1W+qFD+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMaBaeE/bReuJ3eksfPbRX8c4bBfMB8GA1UdIwQY
MBaAFNOz2j7Lin1DPeODOGZ7NeaN9z+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODct
YzUzOTc5ZDY2Y2E1LzEveG9GcDRUOXRGNjRuZDZTeDg5dEZmeHpoc0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9lMDUyMGQtOWJhNi00MWEzLThmODctYzUzOTc5ZDY2Y2E1
LzEvMDdQYVBzdUtmVU05NDRNNFpuczE1bzMzUDR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEuFMRKm47P7G0NWbJFO
UzGCiwCbnwdW0Yc/+aBCUDHmLMow7gdLTWgAo0y6q8s02hPkFfUfNHMjohMzRv5z
xm+PzYhu4OA5uHMo+Vr4vkuEnLtNZlmrSJ8M7pAl2rDVdeSUQzNjCmVbH6azcQEV
22XOTW9PtSE1TLvP5FMOYDE2b/QSNCWoXzjW2AAXy9QFG1lO6OiuJdgSRTGzHzpH
0jdeXzbZuBaVLPnpeXBK9sjzEUZjeo1eUpvzai93LsRm+4qFaauTt9fUGY4+83ni
CFAcCJpsDETzaYwVqrDgvXXEX+tohVSxQDjiEcZqyecjzhsqFTV3+a8YDWfP/XSj
P/I=
-----END CERTIFICATE-----
Generated at Sat Jun 7 23:15:43 2025 by rpki-client