Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/9b973d-1f2f-4c77-9dd0-1f732046b74c/1/ZqG9ZXQwlRQgv2SuPLTOJwS07bA.roa
File: ZqG9ZXQwlRQgv2SuPLTOJwS07bA.roa (raw, json)
Hash identifier: JZgT3iIXQIZJHifSbhHNXa/qOoNcRciphxipRif7+Xc=
Subject key identifier: 66:A1:BD:65:74:30:95:14:20:BF:64:AE:3C:B4:CE:27:04:B4:ED:B0
Certificate issuer: /CN=df46d49cc34767f8d024aff295ad6a932e7915e0
Certificate serial: 019423D6A93B3526C348AF5307E01821B88C
Authority key identifier: DF:46:D4:9C:C3:47:67:F8:D0:24:AF:F2:95:AD:6A:93:2E:79:15:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/30bUnMNHZ_jQJK_yla1qky55FeA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/73/9b973d-1f2f-4c77-9dd0-1f732046b74c/1/ZqG9ZXQwlRQgv2SuPLTOJwS07bA.roa
Signing time: Wed 01 Jan 2025 21:47:38 +0000
ROA not before: Wed 01 Jan 2025 21:47:38 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 60557
IP address blocks: 2001:678:ce4::/48 maxlen: 48
2001:678:ce8::/48 maxlen: 48
2001:678:cec::/48 maxlen: 48
2001:678:cf0::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:d6:a9:3b:35:26:c3:48:af:53:07:e0:18:21:b8:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df46d49cc34767f8d024aff295ad6a932e7915e0
Validity
Not Before: Jan 1 21:47:38 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=66a1bd657430951420bf64ae3cb4ce2704b4edb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:4d:6c:64:78:ff:ca:96:80:24:3d:20:6b:e2:
24:14:18:b8:fe:7a:31:8c:cd:a4:c1:45:88:ca:89:
dd:e8:15:4b:b2:5b:46:7c:70:3b:22:c1:f0:01:30:
28:24:68:aa:75:9f:5e:a7:32:e7:8f:d4:6e:51:6a:
39:bb:e3:9e:74:60:91:62:e6:a9:99:31:a0:7c:a8:
ae:89:ae:9c:5e:31:c7:f2:9f:7d:03:fc:c8:52:36:
f6:3d:79:29:ee:72:e8:0f:8d:e0:7d:f7:fd:82:aa:
d8:5b:df:62:07:84:ae:b8:fd:e5:9f:2e:31:b7:6c:
2a:02:80:fe:6a:d2:11:3e:b1:50:c3:76:da:6e:e6:
86:86:2e:57:d0:ac:76:f0:6b:29:1e:07:89:26:71:
a5:db:29:64:f1:4a:1f:17:5e:72:3b:7c:b7:ad:d8:
f2:b3:59:ee:29:a2:db:10:38:18:33:0a:ef:a5:4c:
8d:a0:84:fa:19:a4:f6:02:13:66:0d:fb:04:22:0e:
0f:2f:d4:b3:d5:d4:37:c3:9f:69:ac:84:c9:d6:be:
68:7f:1d:5f:4d:5d:7f:41:c4:77:16:f0:9e:4e:14:
67:d5:f4:59:11:5f:a0:7c:a3:c1:3c:25:b9:96:4d:
9d:7e:e9:ad:3e:72:cc:4a:f3:4e:0d:9c:0a:91:5a:
83:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:A1:BD:65:74:30:95:14:20:BF:64:AE:3C:B4:CE:27:04:B4:ED:B0
X509v3 Authority Key Identifier:
keyid:DF:46:D4:9C:C3:47:67:F8:D0:24:AF:F2:95:AD:6A:93:2E:79:15:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/30bUnMNHZ_jQJK_yla1qky55FeA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9b973d-1f2f-4c77-9dd0-1f732046b74c/1/ZqG9ZXQwlRQgv2SuPLTOJwS07bA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9b973d-1f2f-4c77-9dd0-1f732046b74c/1/30bUnMNHZ_jQJK_yla1qky55FeA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:ce4::/48
2001:678:ce8::/48
2001:678:cec::/48
2001:678:cf0::/48
Signature Algorithm: sha256WithRSAEncryption
30:ad:03:40:69:ab:91:77:1c:1a:d9:c8:fc:d9:59:e2:0a:ed:
d1:20:1b:12:6e:56:db:9c:33:c2:dd:67:d9:c3:90:8a:c0:bf:
1e:7b:97:0f:ab:7c:fb:38:54:1d:77:a2:36:8e:58:51:8c:2c:
01:8f:cc:52:d1:8e:82:cf:55:26:b3:2f:51:47:b2:01:d8:03:
d0:8a:32:6a:c1:01:3b:a7:83:80:15:3a:b9:8a:0e:a1:01:3c:
9b:0d:ac:0b:1f:d1:4e:a8:c8:82:c5:28:b8:35:8a:55:ef:8f:
d0:c3:b3:bc:52:c6:ed:1c:67:65:46:30:94:36:cc:0c:9a:cf:
d8:b1:85:ca:c8:9f:92:38:24:94:dd:b7:8e:d5:fb:2a:41:86:
58:7e:5e:9c:d3:d1:ba:2a:45:27:6b:4d:48:19:fc:95:6b:98:
18:51:79:cd:12:bf:b5:ca:ea:56:c6:8c:e9:11:3b:79:4c:a7:
9d:e3:ed:93:71:9b:8e:ab:6b:12:ef:04:e9:43:50:d1:ff:08:
0c:c6:3b:9d:ec:2a:f9:1e:08:e5:80:78:f6:6c:36:6c:f9:58:
12:c2:75:1d:bb:c9:18:b0:00:01:e8:36:f0:3f:bf:6e:32:3c:
60:90:7e:4f:7a:7b:e5:96:dc:45:81:1a:17:ed:87:d9:0b:4a:
a1:29:92:b7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZQj1qk7NSbDSK9TB+AYIbiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNDZkNDljYzM0NzY3ZjhkMDI0YWZmMjk1YWQ2YTkzMmU3
OTE1ZTAwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmExYmQ2NTc0MzA5NTE0MjBiZjY0YWUzY2I0Y2UyNzA0YjRlZGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU1sZHj/ypaAJD0ga+IkFBi4/nox
jM2kwUWIyond6BVLsltGfHA7IsHwATAoJGiqdZ9epzLnj9RuUWo5u+OedGCRYuap
mTGgfKiuia6cXjHH8p99A/zIUjb2PXkp7nLoD43gfff9gqrYW99iB4SuuP3lny4x
t2wqAoD+atIRPrFQw3babuaGhi5X0Kx28GspHgeJJnGl2ylk8UofF15yO3y3rdjy
s1nuKaLbEDgYMwrvpUyNoIT6GaT2AhNmDfsEIg4PL9Sz1dQ3w59prITJ1r5ofx1f
TV1/QcR3FvCeThRn1fRZEV+gfKPBPCW5lk2dfumtPnLMSvNODZwKkVqDMQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGahvWV0MJUUIL9krjy0zicEtO2wMB8GA1UdIwQY
MBaAFN9G1JzDR2f40CSv8pWtapMueRXgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzBiVW5NTkhaX2pRSktfeWxhMXFreTU1RmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My85Yjk3M2QtMWYyZi00Yzc3LTlkZDAt
MWY3MzIwNDZiNzRjLzEvWnFHOVpYUXdsUlFndjJTdVBMVE9Kd1MwN2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My85Yjk3M2QtMWYyZi00Yzc3LTlkZDAtMWY3MzIwNDZiNzRj
LzEvMzBiVW5NTkhaX2pRSktfeWxhMXFreTU1RmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAAjAkAwcAIAEGeAzk
AwcAIAEGeAzoAwcAIAEGeAzsAwcAIAEGeAzwMA0GCSqGSIb3DQEBCwUAA4IBAQAw
rQNAaauRdxwa2cj82VniCu3RIBsSblbbnDPC3WfZw5CKwL8ee5cPq3z7OFQdd6I2
jlhRjCwBj8xS0Y6Cz1Umsy9RR7IB2APQijJqwQE7p4OAFTq5ig6hATybDawLH9FO
qMiCxSi4NYpV74/Qw7O8UsbtHGdlRjCUNswMms/YsYXKyJ+SOCSU3beO1fsqQYZY
fl6c09G6KkUna01IGfyVa5gYUXnNEr+1yupWxozpETt5TKed4+2TcZuOq2sS7wTp
Q1DR/wgMxjud7Cr5HgjlgHj2bDZs+VgSwnUdu8kYsAAB6DbwP79uMjxgkH5Penvl
ltxFgRoX7YfZC0qhKZK3
-----END CERTIFICATE-----
Generated at Thu Apr 24 22:35:59 2025 by rpki-client