Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/2kMB6iEP3-9JouKBSoa5M5K0Qh0.roa
File: 2kMB6iEP3-9JouKBSoa5M5K0Qh0.roa (raw, json)
Hash identifier: RTDSd0dzR07l5Q1Jc2JMW8m7t87SbptOsurlBRpKiO4=
Subject key identifier: DA:43:01:EA:21:0F:DF:EF:49:A2:E2:81:4A:86:B9:33:92:B4:42:1D
Certificate issuer: /CN=43039a68130f19631e1527946e1e127db1e8f9d9
Certificate serial: 018AEFA89F1EFA7A3AD7ABE7871D6234E8C7
Authority key identifier: 43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/2kMB6iEP3-9JouKBSoa5M5K0Qh0.roa
Signing time: Mon 02 Oct 2023 09:11:59 +0000
ROA not before: Mon 02 Oct 2023 09:11:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2121
IP address blocks: 193.0.24.0/21 maxlen: 21
2001:67c:64::/48 maxlen: 48
Validation: Failed, unable to get local issuer certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ef:a8:9f:1e:fa:7a:3a:d7:ab:e7:87:1d:62:34:e8:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43039a68130f19631e1527946e1e127db1e8f9d9
Validity
Not Before: Oct 2 09:11:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=da4301ea210fdfef49a2e2814a86b93392b4421d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:89:a1:28:8d:dc:b5:69:4e:87:96:1a:7f:9d:
f7:5b:0b:c1:64:d6:c8:50:02:8f:2a:44:99:49:c9:
6c:77:d5:85:9a:6f:57:00:48:c8:eb:e4:37:16:a4:
9e:5b:66:b4:39:cf:ec:d8:76:fc:7a:0c:e0:a7:06:
e1:cd:18:86:72:41:52:7b:63:dc:68:24:37:b1:82:
fc:0c:56:9f:54:21:fa:e3:b5:f4:63:72:a3:1a:02:
b2:4e:56:85:8e:24:6e:74:5f:d3:70:bd:44:01:bf:
0f:82:51:9d:f6:e0:59:de:20:06:c3:23:43:e6:3d:
22:e9:3a:e6:4a:f2:b8:da:c4:32:9d:4d:e1:47:08:
6c:70:1d:62:d5:2d:3f:21:d5:d9:fa:3d:83:ac:ff:
3c:f1:7e:66:37:04:16:57:96:8f:04:a6:81:1a:02:
35:d6:ca:76:92:f3:64:45:11:97:02:30:16:b9:d9:
33:45:f0:55:a3:7c:3d:a1:b1:ac:99:ba:60:5d:d9:
30:2e:e6:08:86:91:ee:16:62:7c:3a:c7:a0:27:32:
98:f6:83:3c:9b:70:e7:43:15:c8:c7:10:c1:56:10:
bf:55:72:14:d9:4c:66:49:34:b1:c7:cb:24:e0:0d:
cf:68:3a:53:6f:db:ba:3a:4f:8a:ce:7d:e8:48:ba:
7a:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:43:01:EA:21:0F:DF:EF:49:A2:E2:81:4A:86:B9:33:92:B4:42:1D
X509v3 Authority Key Identifier:
keyid:43:03:9A:68:13:0F:19:63:1E:15:27:94:6E:1E:12:7D:B1:E8:F9:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwOaaBMPGWMeFSeUbh4SfbHo-dk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/2kMB6iEP3-9JouKBSoa5M5K0Qh0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f60178-991a-4261-96a0-dd5c300be54e/1/QwOaaBMPGWMeFSeUbh4SfbHo-dk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.0.24.0/21
IPv6:
2001:67c:64::/48
Signature Algorithm: sha256WithRSAEncryption
98:4b:3d:af:2b:4a:19:69:fe:cd:c7:bd:bb:cd:78:73:9a:43:
e4:49:dd:e6:e2:02:f1:3d:83:52:00:84:24:a9:8b:70:c7:41:
bd:aa:81:83:9a:96:8e:61:b1:b6:f2:fb:1e:83:55:96:70:35:
09:51:00:d3:fc:dd:8e:ee:70:c9:aa:44:4a:86:00:b2:5c:34:
cf:8c:62:6f:a2:84:9b:44:b7:43:1f:51:57:3b:ef:d9:50:1d:
58:3b:f9:90:26:b7:34:c1:4a:be:74:17:ec:35:d2:b8:60:92:
fa:2a:71:b5:b0:6c:c3:8e:50:df:f0:d9:b6:04:ae:a1:fe:c3:
a2:bb:0d:9e:fd:f2:fe:ca:ab:2e:d7:03:d7:91:ee:a6:09:c1:
a9:86:42:f1:4d:e8:8f:29:f7:9d:e6:85:ea:88:91:04:2e:78:
f6:15:b4:04:79:be:ae:11:fe:0a:5c:ae:63:40:4a:fe:1e:9c:
49:40:0d:00:77:c3:68:67:c7:e8:dd:9d:22:b3:4b:a1:1e:e9:
d7:d3:06:44:16:af:7f:a6:b9:07:18:81:2b:eb:16:55:d3:c1:
41:f6:63:de:85:b7:1c:00:02:62:96:fd:47:f5:c0:d7:7e:17:
41:8a:f6:47:5f:5b:43:1c:5a:7d:db:e3:a1:34:68:df:8a:6d:
c6:64:46:96
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYrvqJ8e+no616vnhx1iNOjHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDM5YTY4MTMwZjE5NjMxZTE1Mjc5NDZlMWUxMjdkYjFl
OGY5ZDkwHhcNMjMxMDAyMDkxMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTQzMDFlYTIxMGZkZmVmNDlhMmUyODE0YTg2YjkzMzkyYjQ0MjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlImhKI3ctWlOh5Yaf533WwvBZNbI
UAKPKkSZSclsd9WFmm9XAEjI6+Q3FqSeW2a0Oc/s2Hb8egzgpwbhzRiGckFSe2Pc
aCQ3sYL8DFafVCH647X0Y3KjGgKyTlaFjiRudF/TcL1EAb8PglGd9uBZ3iAGwyND
5j0i6TrmSvK42sQynU3hRwhscB1i1S0/IdXZ+j2DrP888X5mNwQWV5aPBKaBGgI1
1sp2kvNkRRGXAjAWudkzRfBVo3w9obGsmbpgXdkwLuYIhpHuFmJ8OsegJzKY9oM8
m3DnQxXIxxDBVhC/VXIU2UxmSTSxx8sk4A3PaDpTb9u6Ok+Kzn3oSLp6bwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNpDAeohD9/vSaLigUqGuTOStEIdMB8GA1UdIwQY
MBaAFEMDmmgTDxljHhUnlG4eEn2x6PnZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAt
ZGQ1YzMwMGJlNTRlLzEvMmtNQjZpRVAzLTlKb3VLQlNvYTVNNUswUWgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNjAxNzgtOTkxYS00MjYxLTk2YTAtZGQ1YzMwMGJlNTRl
LzEvUXdPYWFCTVBHV01lRlNlVWJoNFNmYkhvLWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJhLPa8rShlp/s3HvbvN
eHOaQ+RJ3ebiAvE9g1IAhCSpi3DHQb2qgYOalo5hsbby+x6DVZZwNQlRANP83Y7u
cMmqREqGALJcNM+MYm+ihJtEt0MfUVc779lQHVg7+ZAmtzTBSr50F+w10rhgkvoq
cbWwbMOOUN/w2bYErqH+w6K7DZ798v7Kqy7XA9eR7qYJwamGQvFN6I8p953mheqI
kQQuePYVtAR5vq4R/gpcrmNASv4enElADQB3w2hnx+jdnSKzS6Ee6dfTBkQWr3+m
uQcYgSvrFlXTwUH2Y96FtxwAAmKW/Uf1wNd+F0GK9kdfW0McWn3b46E0aN+KbcZk
RpY=
-----END CERTIFICATE-----
Generated at Sun May 11 10:36:24 2025 by rpki-client