Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/NrNabLF5ATZag0cfrGBDBXL5wu8.roa
File: NrNabLF5ATZag0cfrGBDBXL5wu8.roa (raw, json)
Hash identifier: DFZxmWEhOHLiI07w0kcLie8Dlm50gmvTEFeGHl6gkMo=
Subject key identifier: 36:B3:5A:6C:B1:79:01:36:5A:83:47:1F:AC:60:43:05:72:F9:C2:EF
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018BEAB8CD477F818BBBBA870D68D01F1B13
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/NrNabLF5ATZag0cfrGBDBXL5wu8.roa
Signing time: Mon 20 Nov 2023 03:14:21 +0000
ROA not before: Mon 20 Nov 2023 03:14:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/96 maxlen: 128
2001:67c:64::/48 maxlen: 48
2001:67c:64:ffff:0:18b:caf2:ca7a/128 maxlen: 128
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ea:b8:cd:47:7f:81:8b:bb:ba:87:0d:68:d0:1f:1b:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Nov 20 03:14:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=36b35a6cb17901365a83471fac60430572f9c2ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:2c:af:31:eb:82:64:9f:ee:78:24:2e:4a:c2:
d1:2f:1f:c9:79:4c:64:07:29:63:10:ff:81:1d:89:
b9:f2:20:51:92:50:b4:96:f9:c6:12:3b:f1:49:7a:
6f:ec:25:94:f9:b8:2a:31:62:72:8a:db:76:de:e1:
ff:a3:f8:6b:e8:a6:51:5c:c3:e0:9f:fa:a3:d8:e1:
be:b4:1f:fd:0c:ae:82:6f:22:6f:1c:ef:55:4c:46:
2c:73:71:cc:fc:0b:23:0d:38:40:e2:0e:4b:0c:5c:
e1:9f:0f:dc:bb:d2:71:8f:f0:5e:b5:88:b0:64:87:
94:77:dd:e6:a5:f6:2c:81:a4:f1:bf:22:9d:4a:5e:
34:ed:82:b8:40:1e:b8:f7:df:09:a2:b3:95:63:5b:
a9:93:61:40:99:a0:6e:32:bd:d0:02:e0:e5:fb:c5:
ef:b9:4c:ca:cb:10:36:5b:80:1a:84:9a:10:19:cc:
62:5f:83:06:7a:d4:49:d9:ca:c8:7c:0d:88:65:ca:
87:63:f4:be:b0:e3:95:1c:a6:fd:ef:46:b0:82:75:
d5:01:18:2f:52:47:ee:5c:df:ef:e8:d7:47:be:bd:
d4:b3:86:c1:1e:39:ea:4f:b8:5f:73:26:fd:1b:bb:
13:49:62:e1:86:dd:f2:09:2a:0e:4b:c4:1c:d7:70:
55:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:B3:5A:6C:B1:79:01:36:5A:83:47:1F:AC:60:43:05:72:F9:C2:EF
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/NrNabLF5ATZag0cfrGBDBXL5wu8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
38:dd:96:f6:a0:37:40:cf:d2:a8:04:60:54:d7:2c:94:98:02:
a9:2d:a3:70:3f:b2:0b:8b:65:09:07:fe:b4:9b:2b:80:e4:80:
a6:de:59:9c:40:20:be:8a:90:d6:90:2e:10:7d:b8:5d:7a:a5:
b3:ee:cf:af:cb:e2:26:70:d5:e8:5d:3c:ef:31:4b:13:f3:b2:
cc:c5:24:a0:36:51:aa:6b:f7:d3:0a:76:43:4f:48:e2:89:4f:
8e:d7:d0:92:b2:76:00:79:5c:58:0d:14:e9:78:e9:41:06:ac:
78:06:b3:1b:25:44:41:c5:7f:7e:5a:22:f7:fe:97:16:8d:6d:
a7:f4:8f:55:e6:d4:86:22:65:bd:44:e5:75:c0:d8:ad:93:45:
b4:5e:4a:a9:1b:e5:c9:76:d3:a3:c4:e5:a5:e2:fd:7c:d9:e7:
3e:1c:2d:63:d3:50:83:2c:05:47:77:32:be:1e:33:64:9f:15:
fa:c4:80:ea:87:6c:51:86:47:c4:ed:ff:83:31:a2:9e:c2:7f:
1f:db:75:12:44:31:1f:e3:68:af:49:07:0a:17:66:ec:a2:24:
cb:a9:cf:84:1e:30:90:41:f4:93:98:19:98:e3:76:60:54:d8:
dc:6f:85:e1:d2:d5:10:85:d8:f6:79:9d:4d:92:8d:10:dd:c1:
5f:35:51:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYvquM1Hf4GLu7qHDWjQHxsTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMTIwMDMxNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmIzNWE2Y2IxNzkwMTM2NWE4MzQ3MWZhYzYwNDMwNTcyZjljMmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCyvMeuCZJ/ueCQuSsLRLx/JeUxk
ByljEP+BHYm58iBRklC0lvnGEjvxSXpv7CWU+bgqMWJyitt23uH/o/hr6KZRXMPg
n/qj2OG+tB/9DK6CbyJvHO9VTEYsc3HM/AsjDThA4g5LDFzhnw/cu9Jxj/BetYiw
ZIeUd93mpfYsgaTxvyKdSl407YK4QB64998JorOVY1upk2FAmaBuMr3QAuDl+8Xv
uUzKyxA2W4AahJoQGcxiX4MGetRJ2crIfA2IZcqHY/S+sOOVHKb970awgnXVARgv
UkfuXN/v6NdHvr3Us4bBHjnqT7hfcyb9G7sTSWLhht3yCSoOS8Qc13BVGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDazWmyxeQE2WoNHH6xgQwVy+cLvMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvTnJOYWJMRjVBVFphZzBjZnJHQkRCWEw1d3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADjdlvagN0DP0qgEYFTX
LJSYAqkto3A/sguLZQkH/rSbK4DkgKbeWZxAIL6KkNaQLhB9uF16pbPuz6/L4iZw
1ehdPO8xSxPzsszFJKA2Uapr99MKdkNPSOKJT47X0JKydgB5XFgNFOl46UEGrHgG
sxslREHFf35aIvf+lxaNbaf0j1Xm1IYiZb1E5XXA2K2TRbReSqkb5cl206PE5aXi
/XzZ5z4cLWPTUIMsBUd3Mr4eM2SfFfrEgOqHbFGGR8Tt/4Mxop7Cfx/bdRJEMR/j
aK9JBwoXZuyiJMupz4QeMJBB9JOYGZjjdmBU2NxvheHS1RCF2PZ5nU2SjRDdwV81
UYc=
-----END CERTIFICATE-----
Generated at Wed May 14 02:02:40 2025 by rpki-client