Route Origin Authorization
$ rpki-client -vvf rsync.krill.nlnetlabs.nl/repo/nlnetlabs/0/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
File: 3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa (raw, json)
Hash identifier: Or0D39uTICQMGVW7AoiHxJZQwiyoZ2NdLV1Dzi/0pCs=
Subject key identifier: DD:2C:31:CC:FB:2F:66:4B:A9:0A:F5:30:72:8A:03:BC:D9:67:7D:EF
Certificate issuer: /CN=be74d3bba33a0916f10207854a8fc2b7d4a828d4
Certificate serial: 72414DB1CE87F21C18A273A285BAAAE4B35BEF49
Authority key identifier: BE:74:D3:BB:A3:3A:09:16:F1:02:07:85:4A:8F:C2:B7:D4:A8:28:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vnTTu6M6CRbxAgeFSo_Ct9SoKNQ.cer
Subject info access: rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/0/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
Signing time: Mon 10 Jun 2024 10:25:07 +0000
ROA not before: Mon 10 Jun 2024 10:20:07 +0000
ROA not after: Mon 09 Jun 2025 10:25:07 +0000
asID: 211321
IP address blocks: 185.49.143.0/24 maxlen: 24
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:41:4d:b1:ce:87:f2:1c:18:a2:73:a2:85:ba:aa:e4:b3:5b:ef:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be74d3bba33a0916f10207854a8fc2b7d4a828d4
Validity
Not Before: Jun 10 10:20:07 2024 GMT
Not After : Jun 9 10:25:07 2025 GMT
Subject: CN=DD2C31CCFB2F664BA90AF530728A03BCD9677DEF
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:b0:e8:41:15:98:c5:7e:f3:2b:8b:15:fb:f2:
c4:1f:5c:c1:ff:66:73:f2:1e:76:1d:99:ea:b6:b6:
94:fa:59:25:04:97:d8:8f:bc:1b:8a:cc:fe:f9:53:
43:4a:95:41:a7:0c:0e:cc:ed:63:16:c1:06:f7:ed:
02:b2:62:54:70:f3:4f:43:9c:86:6c:42:ac:e2:6b:
a0:a9:ca:7d:25:ea:42:eb:16:20:7b:5c:50:a4:a1:
eb:b4:13:5c:90:91:00:85:89:e9:4e:b4:60:77:e3:
c2:08:ca:3a:93:70:7d:48:f9:fa:df:0e:ac:7b:c8:
f7:cc:82:88:00:eb:f5:1d:9c:39:ad:0f:6d:f5:fc:
93:2c:2c:8a:cc:be:bf:61:ff:85:9c:5a:9c:6f:07:
e7:48:7d:29:53:6f:7e:23:5c:77:42:fa:e4:f8:ad:
f4:45:c4:fb:c9:a6:e9:9c:50:21:af:b4:48:3c:c1:
5b:39:5e:57:8d:d3:32:78:6c:ff:40:16:0d:7f:0f:
6d:ab:97:61:0c:86:37:73:49:b4:b2:a1:3d:9d:ae:
57:3c:3f:31:8e:c1:21:84:3d:cd:b3:1a:bf:c1:9f:
07:cd:98:02:76:18:2c:d2:d1:bd:1f:11:86:be:73:
d7:e9:45:54:d2:80:d5:40:aa:48:bd:15:c0:d2:10:
df:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:2C:31:CC:FB:2F:66:4B:A9:0A:F5:30:72:8A:03:BC:D9:67:7D:EF
X509v3 Authority Key Identifier:
keyid:BE:74:D3:BB:A3:3A:09:16:F1:02:07:85:4A:8F:C2:B7:D4:A8:28:D4
X509v3 Key Usage: critical
Digital Signature
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/0/BE74D3BBA33A0916F10207854A8FC2B7D4A828D4.crl
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vnTTu6M6CRbxAgeFSo_Ct9SoKNQ.cer
Subject Information Access:
Signed Object - URI:rsync://rsync.krill.nlnetlabs.nl/repo/nlnetlabs/0/3138352e34392e3134332e302f32342d3234203d3e20323131333231.roa
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.49.143.0/24
Signature Algorithm: sha256WithRSAEncryption
65:65:a4:b2:36:57:93:5b:10:78:e8:df:57:56:c2:07:ae:15:
ec:d9:82:88:d5:0f:cc:88:34:d3:97:d6:ea:ed:94:82:48:39:
6f:47:b8:64:45:c1:09:28:ba:c3:29:72:8e:c9:c4:cd:e8:08:
f2:a4:28:14:ab:d4:79:28:55:ac:22:25:56:b1:fe:9d:71:a9:
0f:c5:40:7e:fe:5d:7e:19:74:4e:7a:ef:c4:b8:ab:1f:ca:35:
13:d7:40:bf:67:c9:e9:3b:d2:ce:f8:85:fa:27:96:32:a4:55:
69:fc:b6:0a:0e:5f:3c:0d:ec:0d:52:9c:0e:ab:c2:47:da:ec:
76:a9:7a:b9:00:93:c8:50:2a:ec:ce:df:d1:88:c1:c1:4c:c2:
4d:8a:a5:68:fc:e3:58:00:e6:14:54:c6:8f:ff:85:9a:7d:36:
07:98:bf:6b:fa:b3:30:ee:7a:67:b9:d0:91:88:b0:51:d0:d7:
f4:1b:f2:96:86:80:e0:e2:2d:8e:01:57:d6:f5:ec:d2:9d:50:
89:58:fa:02:93:3c:e9:c9:14:10:cd:49:6e:2b:5c:eb:58:39:
de:99:19:66:50:f8:77:21:76:22:8d:58:22:5b:d3:4f:31:76:
4e:6d:44:23:7f:85:f4:bf:67:30:80:7c:3d:93:c1:b3:38:4c:
18:0c:56:c7
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUckFNsc6H8hwYonOihbqq5LNb70kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYmU3NGQzYmJhMzNhMDkxNmYxMDIwNzg1NGE4ZmMyYjdk
NGE4MjhkNDAeFw0yNDA2MTAxMDIwMDdaFw0yNTA2MDkxMDI1MDdaMDMxMTAvBgNV
BAMTKEREMkMzMUNDRkIyRjY2NEJBOTBBRjUzMDcyOEEwM0JDRDk2NzdERUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCsOhBFZjFfvMrixX78sQfXMH/
ZnPyHnYdmeq2tpT6WSUEl9iPvBuKzP75U0NKlUGnDA7M7WMWwQb37QKyYlRw809D
nIZsQqzia6Cpyn0l6kLrFiB7XFCkoeu0E1yQkQCFielOtGB348IIyjqTcH1I+frf
Dqx7yPfMgogA6/UdnDmtD231/JMsLIrMvr9h/4WcWpxvB+dIfSlTb34jXHdC+uT4
rfRFxPvJpumcUCGvtEg8wVs5XleN0zJ4bP9AFg1/D22rl2EMhjdzSbSyoT2drlc8
PzGOwSGEPc2zGr/BnwfNmAJ2GCzS0b0fEYa+c9fpRVTSgNVAqki9FcDSEN/fAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQU3SwxzPsvZkupCvUwcooDvNlnfe8wHwYDVR0j
BBgwFoAUvnTTu6M6CRbxAgeFSo/Ct9SoKNQwDgYDVR0PAQH/BAQDAgeAMG8GA1Ud
HwRoMGYwZKBioGCGXnJzeW5jOi8vcnN5bmMua3JpbGwubmxuZXRsYWJzLm5sL3Jl
cG8vbmxuZXRsYWJzLzAvQkU3NEQzQkJBMzNBMDkxNkYxMDIwNzg1NEE4RkMyQjdE
NEE4MjhENC5jcmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzov
L3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3ZuVFR1Nk02Q1JieEFn
ZUZTb19DdDlTb0tOUS5jZXIwgYoGCCsGAQUFBwELBH4wfDB6BggrBgEFBQcwC4Zu
cnN5bmM6Ly9yc3luYy5rcmlsbC5ubG5ldGxhYnMubmwvcmVwby9ubG5ldGxhYnMv
MC8zMTM4MzUyZTM0MzkyZTMxMzQzMzJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMy
MzEzMTMzMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEALkxjzANBgkqhkiG9w0BAQsFAAOCAQEAZWWk
sjZXk1sQeOjfV1bCB64V7NmCiNUPzIg005fW6u2Ugkg5b0e4ZEXBCSi6wylyjsnE
zegI8qQoFKvUeShVrCIlVrH+nXGpD8VAfv5dfhl0TnrvxLirH8o1E9dAv2fJ6TvS
zviF+ieWMqRVafy2Cg5fPA3sDVKcDqvCR9rsdql6uQCTyFAq7M7f0YjBwUzCTYql
aPzjWADmFFTGj/+Fmn02B5i/a/qzMO56Z7nQkYiwUdDX9BvyloaA4OItjgFX1vXs
0p1QiVj6ApM86ckUEM1Jbitc61g53pkZZlD4dyF2Io1YIlvTTzF2Tm1EI3+F9L9n
MIB8PZPBszhMGAxWxw==
-----END CERTIFICATE-----
Generated at Sun Jun 15 23:55:29 2025 by rpki-client