Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/NdHqOALrLTK6vrDGS1KBAzXV8dM.roa
File: NdHqOALrLTK6vrDGS1KBAzXV8dM.roa (raw, json)
Hash identifier: WPFvaC/jMn7ypih9vJmqGpfFVUDd85yA5jOak8hMC5I=
Subject key identifier: 35:D1:EA:38:02:EB:2D:32:BA:BE:B0:C6:4B:52:81:03:35:D5:F1:D3
Certificate issuer: /CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Certificate serial: 018A84FD093EF3D07ACAB03B417148687F01
Authority key identifier: AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/NdHqOALrLTK6vrDGS1KBAzXV8dM.roa
Signing time: Mon 11 Sep 2023 16:04:50 +0000
ROA not before: Mon 11 Sep 2023 16:04:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18a:837b:f9c7/128 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18a:84fc:a624/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:84:fd:09:3e:f3:d0:7a:ca:b0:3b:41:71:48:68:7f:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa1f14c850745a7c312ea2eb0be03052e4967275
Validity
Not Before: Sep 11 16:04:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35d1ea3802eb2d32babeb0c64b52810335d5f1d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:8b:78:67:3e:ea:4b:e1:3c:c8:e8:2d:21:71:
a1:2e:96:d7:b2:6f:b1:b3:6a:97:66:91:72:84:76:
fd:cb:62:fb:09:b8:6e:c7:43:81:02:e5:de:bf:e1:
0d:a7:b2:43:66:41:f5:78:bc:9d:b7:d2:4f:4a:e4:
b6:5d:85:01:7d:e0:39:37:e0:ca:b8:26:6a:06:03:
04:55:e6:0b:b4:fc:5b:a0:fa:e5:fd:08:4a:64:bb:
6d:f1:d5:04:61:72:83:92:f5:b4:c4:31:e5:af:77:
a4:e7:64:46:4a:89:48:ef:f3:ed:46:4c:72:6b:38:
ae:86:05:74:c3:d5:7f:68:97:77:28:b4:f1:31:84:
27:3b:3d:8b:ba:3b:2c:90:b1:b6:b1:24:46:38:5e:
39:77:03:20:ff:fe:71:bc:c5:49:68:2e:af:6a:59:
82:b3:a1:6e:d1:03:54:3e:92:8d:68:44:36:7a:a3:
84:2a:42:61:8d:eb:52:42:1f:3d:3a:4f:8f:44:5e:
8a:a9:fd:94:ed:d9:27:e9:7b:a4:97:ce:a5:0a:cd:
94:6c:39:8d:30:ec:e9:26:b8:44:a1:2d:7b:e1:d5:
05:02:f6:47:09:09:9a:aa:ac:70:79:71:fe:f3:15:
e9:65:2b:52:7d:5a:29:47:57:87:dd:85:d8:0d:1c:
8e:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:D1:EA:38:02:EB:2D:32:BA:BE:B0:C6:4B:52:81:03:35:D5:F1:D3
X509v3 Authority Key Identifier:
keyid:AA:1F:14:C8:50:74:5A:7C:31:2E:A2:EB:0B:E0:30:52:E4:96:72:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh8UyFB0WnwxLqLrC-AwUuSWcnU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/NdHqOALrLTK6vrDGS1KBAzXV8dM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/8bf9c5-1d22-439e-b0bd-83fcd225482a/1/qh8UyFB0WnwxLqLrC-AwUuSWcnU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
87:ad:f7:06:5a:a5:70:e8:25:7c:cc:6b:05:c7:55:3e:3f:bc:
87:50:6b:bc:db:0f:e0:23:81:6d:ae:aa:0f:34:22:6c:fb:55:
4d:33:d7:40:33:ef:e4:46:f7:4a:1a:66:de:6c:16:de:d3:22:
cb:9c:72:96:23:96:6a:40:28:d2:14:9c:27:d0:cd:99:26:9b:
91:30:f7:51:34:ba:c0:63:8b:4e:81:de:c5:55:15:68:bb:43:
20:ac:d7:23:27:28:ad:8f:04:7e:dd:de:e8:8e:5c:b9:83:2e:
0d:fd:df:46:fb:cd:f2:ba:a8:0f:d1:7b:7d:0a:4e:14:35:bf:
a6:bf:d2:f2:7b:17:fa:91:26:6b:57:02:32:41:af:3e:70:ce:
30:60:14:97:5b:5e:92:ca:84:c1:90:44:bb:a4:a2:c1:98:ff:
85:1f:c5:d8:91:47:39:ad:f5:13:59:8f:77:89:8a:a1:a0:cd:
c3:10:8b:21:63:34:53:c3:82:8f:5b:59:86:72:e9:83:89:94:
7c:fb:4b:1d:a4:10:28:84:b0:95:a2:dc:70:d5:e2:96:a0:3c:
d4:38:2b:da:69:64:21:e7:13:e6:02:7d:ba:d4:6a:a7:e2:db:
c4:2e:90:38:ce:32:37:da:10:03:4b:16:2b:b3:30:d9:9e:26:
1c:aa:8f:e6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYqE/Qk+89B6yrA7QXFIaH8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWYxNGM4NTA3NDVhN2MzMTJlYTJlYjBiZTAzMDUyZTQ5
NjcyNzUwHhcNMjMwOTExMTYwNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQxZWEzODAyZWIyZDMyYmFiZWIwYzY0YjUyODEwMzM1ZDVmMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYt4Zz7qS+E8yOgtIXGhLpbXsm+x
s2qXZpFyhHb9y2L7Cbhux0OBAuXev+ENp7JDZkH1eLydt9JPSuS2XYUBfeA5N+DK
uCZqBgMEVeYLtPxboPrl/QhKZLtt8dUEYXKDkvW0xDHlr3ek52RGSolI7/PtRkxy
aziuhgV0w9V/aJd3KLTxMYQnOz2LujsskLG2sSRGOF45dwMg//5xvMVJaC6valmC
s6Fu0QNUPpKNaEQ2eqOEKkJhjetSQh89Ok+PRF6Kqf2U7dkn6Xukl86lCs2UbDmN
MOzpJrhEoS174dUFAvZHCQmaqqxweXH+8xXpZStSfVopR1eH3YXYDRyO1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDXR6jgC6y0yur6wxktSgQM11fHTMB8GA1UdIwQY
MBaAFKofFMhQdFp8MS6i6wvgMFLklnJ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQt
ODNmY2QyMjU0ODJhLzEvTmRIcU9BTHJMVEs2dnJER1MxS0JBelhWOGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi84YmY5YzUtMWQyMi00MzllLWIwYmQtODNmY2QyMjU0ODJh
LzEvcWg4VXlGQjBXbnd4THFMckMtQXdVdVNXY25VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIet9wZapXDoJXzMawXH
VT4/vIdQa7zbD+AjgW2uqg80Imz7VU0z10Az7+RG90oaZt5sFt7TIsuccpYjlmpA
KNIUnCfQzZkmm5Ew91E0usBji06B3sVVFWi7QyCs1yMnKK2PBH7d3uiOXLmDLg39
30b7zfK6qA/Re30KThQ1v6a/0vJ7F/qRJmtXAjJBrz5wzjBgFJdbXpLKhMGQRLuk
osGY/4UfxdiRRzmt9RNZj3eJiqGgzcMQiyFjNFPDgo9bWYZy6YOJlHz7Sx2kECiE
sJWi3HDV4pagPNQ4K9ppZCHnE+YCfbrUaqfi28QukDjOMjfaEANLFiuzMNmeJhyq
j+Y=
-----END CERTIFICATE-----
Generated at Mon Jun 16 14:51:11 2025 by rpki-client