Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/HSFfRHkCPR7vPNZF6-KkJlYlhOU.roa
File: HSFfRHkCPR7vPNZF6-KkJlYlhOU.roa (raw, json)
Hash identifier: bK16OF+WATgod8aZ3InEuuqBRYOcl5XDo/g86yj494w=
Subject key identifier: 1D:21:5F:44:79:02:3D:1E:EF:3C:D6:45:EB:E2:A4:26:56:25:84:E5
Certificate issuer: /CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Certificate serial: 018F17EF59B8A07F1E0A9ABB0F751B3B46DD
Authority key identifier: B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/HSFfRHkCPR7vPNZF6-KkJlYlhOU.roa
Signing time: Fri 26 Apr 2024 01:05:12 +0000
ROA not before: Fri 26 Apr 2024 01:05:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64:ffff:0:18f:543:9e41/128 maxlen: 128
2001:67c:64:ffff:0:18f:17ee:78b9/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:17:ef:59:b8:a0:7f:1e:0a:9a:bb:0f:75:1b:3b:46:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b2bec41bd2f3b179de09514306530bd3fbac707b
Validity
Not Before: Apr 26 01:05:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1d215f4479023d1eef3cd645ebe2a426562584e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:f3:31:2b:fe:0d:91:ac:41:8b:4a:9b:91:00:
88:0b:3a:c3:1c:93:70:97:1e:4b:50:dc:5b:b1:64:
44:92:57:03:67:be:1f:83:8f:41:65:37:c4:45:17:
4a:c8:47:9e:d1:ea:9a:28:be:14:09:1e:3d:db:2b:
18:18:45:3b:08:8b:37:86:1b:76:4c:f1:c2:38:4d:
8c:c1:c8:37:99:b9:83:8a:0f:5f:05:f3:33:d8:1b:
d2:35:db:18:a6:df:3b:f2:0f:24:1f:b5:92:16:d5:
77:91:93:08:a2:31:c3:69:ec:b2:7e:25:1f:d0:7b:
e0:57:83:e1:05:df:b0:0e:e6:8f:ee:2b:ac:e3:b2:
98:13:26:52:d5:52:88:0a:1d:bf:49:55:d0:a5:fb:
ef:7a:86:4f:20:db:66:fd:07:45:4c:c0:93:1b:97:
b7:ee:b1:00:62:c3:63:7a:ed:72:20:d8:62:11:28:
d2:e8:80:4e:0d:8e:a3:8b:cd:43:5f:74:10:1d:ee:
a6:57:1a:f8:1d:0a:9c:6d:7c:a6:35:0c:3f:c8:3b:
40:59:57:d1:8b:aa:2b:e6:62:13:cf:7c:15:66:ce:
bd:ce:3e:9a:86:5d:36:c5:97:28:62:9e:23:4e:1f:
1c:af:3e:27:ac:90:70:54:c1:0a:92:4b:a3:ef:17:
ea:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:21:5F:44:79:02:3D:1E:EF:3C:D6:45:EB:E2:A4:26:56:25:84:E5
X509v3 Authority Key Identifier:
keyid:B2:BE:C4:1B:D2:F3:B1:79:DE:09:51:43:06:53:0B:D3:FB:AC:70:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sr7EG9LzsXneCVFDBlML0_uscHs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/HSFfRHkCPR7vPNZF6-KkJlYlhOU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/d89025-d6f3-4891-9d86-d12f039db2c9/1/sr7EG9LzsXneCVFDBlML0_uscHs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64:ffff:0:18f:543:9e41/128
2001:67c:64:ffff:0:18f:17ee:78b9/128
Signature Algorithm: sha256WithRSAEncryption
ae:ed:32:8a:cd:ee:e1:4f:46:d3:c9:31:fe:54:c0:0f:4e:5c:
a2:aa:d3:96:c0:d5:ac:90:55:44:8b:16:d9:84:85:2c:4f:8f:
d7:07:30:32:6f:60:93:3f:44:cd:a8:7c:9a:8c:6b:3a:12:ca:
62:95:2f:57:b1:31:89:bf:6c:74:50:9d:ce:25:ed:0a:5a:2b:
17:42:8a:74:33:a6:2c:ce:cf:ad:be:05:ec:2b:0c:4a:98:05:
ca:b3:a6:95:25:d2:2d:ef:cd:7e:67:33:36:07:1b:a6:40:92:
91:3d:ee:ab:e3:dd:16:57:c8:04:da:4d:06:c5:c9:ae:a4:2e:
73:cc:2e:a4:1c:c6:b4:8b:5f:89:1e:cb:6b:b9:3e:83:c0:71:
8e:fd:31:09:e5:e3:db:a1:38:03:18:db:c0:47:52:b3:ea:42:
f2:4f:ab:83:8d:55:c5:77:d3:6b:1f:f6:2d:81:e4:1e:92:d1:
db:90:43:d2:34:6a:21:1d:d5:d2:46:40:2e:bf:67:57:04:c4:
5a:ee:ba:3d:78:c4:d5:57:7c:a4:0b:8c:d9:64:98:90:13:f9:
7a:3a:31:f4:bc:9e:6d:6e:4a:5b:16:e3:39:2c:54:3e:a8:23:
d2:4b:59:62:0e:bc:52:77:8f:56:05:f7:ac:43:4b:75:d2:b5:
af:d1:35:e6
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAY8X71m4oH8eCpq7D3UbO0bdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyYmVjNDFiZDJmM2IxNzlkZTA5NTE0MzA2NTMwYmQzZmJh
YzcwN2IwHhcNMjQwNDI2MDEwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDIxNWY0NDc5MDIzZDFlZWYzY2Q2NDVlYmUyYTQyNjU2MjU4NGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/MxK/4NkaxBi0qbkQCICzrDHJNw
lx5LUNxbsWREklcDZ74fg49BZTfERRdKyEee0eqaKL4UCR492ysYGEU7CIs3hht2
TPHCOE2Mwcg3mbmDig9fBfMz2BvSNdsYpt878g8kH7WSFtV3kZMIojHDaeyyfiUf
0HvgV4PhBd+wDuaP7ius47KYEyZS1VKICh2/SVXQpfvveoZPINtm/QdFTMCTG5e3
7rEAYsNjeu1yINhiESjS6IBODY6ji81DX3QQHe6mVxr4HQqcbXymNQw/yDtAWVfR
i6or5mITz3wVZs69zj6ahl02xZcoYp4jTh8crz4nrJBwVMEKkkuj7xfqcQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFB0hX0R5Aj0e7zzWRevipCZWJYTlMB8GA1UdIwQY
MBaAFLK+xBvS87F53glRQwZTC9P7rHB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYt
ZDEyZjAzOWRiMmM5LzEvSFNGZlJIa0NQUjd2UE5aRjYtS2tKbFlsaE9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9kODkwMjUtZDZmMy00ODkxLTlkODYtZDEyZjAzOWRiMmM5
LzEvc3I3RUc5THpzWG5lQ1ZGREJsTUwwX3VzY0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAMBAIAATAGAwQDwQAYMCwE
AgACMCYDEQAgAQZ8AGT//wAAAY8FQ55BAxEAIAEGfABk//8AAAGPF+54uTANBgkq
hkiG9w0BAQsFAAOCAQEAru0yis3u4U9G08kx/lTAD05coqrTlsDVrJBVRIsW2YSF
LE+P1wcwMm9gkz9Ezah8moxrOhLKYpUvV7Exib9sdFCdziXtClorF0KKdDOmLM7P
rb4F7CsMSpgFyrOmlSXSLe/NfmczNgcbpkCSkT3uq+PdFlfIBNpNBsXJrqQuc8wu
pBzGtItfiR7La7k+g8Bxjv0xCeXj26E4AxjbwEdSs+pC8k+rg41VxXfTax/2LYHk
HpLR25BD0jRqIR3V0kZALr9nVwTEWu66PXjE1Vd8pAuM2WSYkBP5ejox9LyebW5K
WxbjOSxUPqgj0ktZYg68UnePVgX3rENLddK1r9E15g==
-----END CERTIFICATE-----
Generated at Sat May 10 09:58:17 2025 by rpki-client